Debugging with Windbg
Posted on May 15th, 2009
If you have crash dump files, the only real way to debug them is by using windbg. This can be installed as part of the Windows debugging tools for 32 bit or 64 bit.
The symbols paths need to be set correctly to correctly identify the relevant information. This can be done for Microsoft and Citrix symbols as their symbols paths are in the public domain. Other associated companies, such as Appsense, do not publicly release their symbols so you are unable to link to them. The entry in windbg needs to be set for the following to set the MS and Citrix symbols paths:
SRV*c:\symbols*http://ctxsym.citrix.com/symbols;SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
To open a crash dump file, select file | open crash dump
Select the file in question
After a few seconds the dump loads and the entry bar at the bottom of the window will become active. The following commands may be useful:
!analyze -v
Will show a verbose analysis of the dump file. The important information is at the end of the text that appears. The process that caused the fault will be listed along with the errors.
To get more information about the module use the following command:
lmv m “module name”
It is also possible to use windbg to force a dump of a running / crashing process.
File | Attach to process & Select the process
Chose to save the workspace
A white dialog box is then generated
In the command window of the debugger, enter the following:
.dump /ma c:\mydump.dmp
If I find any more public symbol paths, I will update this entry.
Tags: analyze, debug, debugger, dmp, dump, symbols, windbg, windows
Filed under Windows 2003 | No Comments »
Appsense CCA Agent debug logs
Posted on March 25th, 2009
To create debug logs for the Appsense CCA Agent set the following registry keys:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\AppSense Technologies\Communications Agent]
“DebugLevel”=dword:0000000a
“DebugFile”=”d:\\logs\\cca-log.txt”
This is useful for debugging any event uploads, package downloads and license issues.
Tags: Appsense, cca, debug, logs
Filed under Appsense | 2 Comments »
Troubleshooting the Windows logon process
Posted on August 19th, 2008
To troubleshoot the logon process, debug logging can be enabled. This is useful in a Citrix environment as the logon could be slow and the debug log file will show where the pauses occur during the logon.
Microsoft Technet article can be found here: Q221833
Use Registry Editor to add or to modify the following registry entry:
Subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Entry: UserEnvDebugLevel
Type: REG_DWORD
Value data: 10002 (Hexadecimal)UserEnvDebugLevel can have the following values:
NONE 0×00000000
NORMAL 0×00000001
VERBOSE 0×00000002
LOGFILE 0×00010000
DEBUGGER 0×00020000The default value is NORMAL|LOGFILE (0×00010001).
Note To disable logging, select NONE (0×00000000).
You can combine these values. For example, you can combine VERBOSE 0×00000002 and LOGFILE 0×00010000 to get 0×00010002. Therefore, if UserEnvDebugLevel is given a value of 0×00010002, LOGFILE and VERBOSE are both turned on. Combining these values is the same as using an OR statement.
0×00010000 OR 0×00000002 = 0×00010002Note If you set UserEnvDebugLevel to 0×00030002, the most verbose details are logged in the Userenv.log file.
The log file is written to the %Systemroot%\Debug\UserMode\Userenv.log file. If the Userenv.log file is larger than 300 KB, the file is renamed Userenv.bak, and a new Userenv.log file is created. This action occurs when a user logs on locally or by using Terminal Services, and the Winlogon process starts. However, because the size check only occurs when a user logs on, the Userenv.log file may grow beyond the 300 KB limit.
The 300 KB limit cannot be modified.
Summary
RegKey: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserEnvDebugLevel
For full debug logging set to: 30002
Log file: c:\windows\debug\UserMode\userenv.log
Tags: debug, environment, logon, user, UserEnvDebugLevel, Windows 2003
Filed under Windows 2003 | 2 Comments »