Home » Windows » Help Desk Processes » [solved] how to force generate a windows memory dump if you are having windows login issues

[solved] how to force generate a windows memory dump if you are having windows login issues

Windows memory dump is used to troubleshoot windows login issue either pre-logon or after logon. 

You have to force generate a dump when  you can not login to the windows screen, the memory dump can be very useful and provide good details on the issues you may be having.

There are also other ways to tap the traffic since you can not get past the login screen. one way would be to buy a hardware tap and run the network cable thru the tap which will then capture all the packets and Wireshark can be used for the analyses of the captured packets.

below are the steps step by step

  1. set the registry key value for the below to 1

2. Ensure that the page file resides on the %systemdrive% (C drive).

3. The size of the page file should be equivalent to (size of RAM + 300 MB).

 

4. Go to the System Properties (right click on ‘my computer’ -> properties). Click on the advanced tab. Click on the ‘settings’ button under ‘Startup and recovery’.

5. Automatic restart should be disable, both from OS (like in screen shot below) as well as in the BIOS (ASR).

6. Ensure that ‘Complete memory dump’ is selected in the drop down menu under ‘write debugging information’

7. If the ‘Complete memory dump’ option is not visible in the drop down menu then make the following change in the registry:

8. Go to HKLM\System\CurrentControlSet\Control\CrashControl -> Modify the value of CrashDumpEnabled to ‘1’.

9. You will need to have a PS2 keyboard or a USB keyboard directly connected to the server to be able to generate a dump using the keyboard when the server becomes completely unresponsive.

10. Make the following registry changes if you have USB Keyboard directly connected to the server

11. Go to HKLM\System\CurrentControlSet\Services\kbdhid\parameters

  1. On the Edit menu, click Add Value, and then add the following registry entry:

2.Name : CrashOnCtrlScroll

3. Data Type : REG_DWORD

4 .Value : 1

12. If you try to collect an NMI dump file, you have to create the NMICrashDump registry entry. To enable this feature, follow these steps:

1.Start Registry Editor.

2.Locate and then click the following registry subkey:

3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl

4 .On the Edit menu, click Add Value, and then add the following registry entry:

Name : NMICrashDump

Data Type : REG_DWORD

Value : 1

Forcing a memory dump with keyboard:

In Order to take the dump press right control and tap Scroll lock twice and below is the screenshot of what you should see on the screen

HTH

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*