XADM: How to Use Userdump to Monitor the Information Store for Exceptions (264124)
The information in this article applies to:
- Microsoft Exchange 2000 Server
- Microsoft Exchange Server 4.0
- Microsoft Exchange Server 5.0
- Microsoft Exchange Server 5.5
This article was previously published under Q264124 IMPORTANT: This article contains information about modifying the registry. Before you
modify the registry, make sure to back it up and make sure that you understand how to restore
the registry if a problem occurs. For information about how to back up, restore, and edit the
registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
SUMMARY
By default, Drwtsn32.exe is invoked by the operating system (Microsoft Windows NT or Microsoft Windows 2000) to capture unhandled user mode exceptions. This behavior can be altered by installing advanced debuggers (like Windbg.exe or Cdb.exe) but can always be reset by running the following at the command line:
C:\>drwtsn32 -i
It may become necessary, under the recommendations of Microsoft Product Support Services, to specify an alternate default user mode exception handling mechanism. In cases where multiple processes stop responding simultaneously and multiple invocations of Drwtsn32.exe are overwriting needed data contained in user dumps, or if Drwtsn32.exe is having difficulty identifying certain modules loaded in the process address space typically identified as mod#.dll (where # is a number), Userdump.exe can be used to monitor individual processes for exceptions and create user dumps for each process or provide more thorough interrogation of the system to provide module identification.
Userdump.exe can be installed as part of the Platform Software Developers Kit (SDK), Windows debuggers, or as a stand-alone application. You can download the Userdump.exe utility as part of the OEM Support Tools package.
The following file is available for download from the Microsoft Download Center:
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
MORE INFORMATION
The download contains the full Windows debugger package, and can easily be installed on any computer that is running Windows NT or Windows 2000, which will present the user with an icon for User Dump Setup in the Debugging Tools group. WARNING: Installing the Windows debuggers package may alter the default user mode exception handler, and drwtsn32 may need to be reregistered as the default using the command line.
c:\>drwtsn32 -i
Although this article is a brief description that focuses primarily on monitoring the information store (Store.exe), it applies to the directory (Dsamain.exe) as well as any other user mode process. More detailed documentation is in the userdocs.doc file, which is located in the default directory "C:\Program Files\Debuggers\bin\kanalyze" after installation.
The only question you are asked during setup is whether you want to install or remove the utility. The option to remove is available only if setup determines that Userdump is currently installed. After you confirm your choice, files are added or removed, and services are installed or removed as appropriate. Setup offers to open Control Panel to allow advanced configuration. Note that a fresh installation of Userdump does not require you to restart the computer. However if it is already installed on a computer, removing it or reinstalling (that is, upgrading) may require you to restart the computer.
The last action in the setup routine asks if you would like to open Control Panel to configure Userdump. You can answer yes to this or you can configure Userdump at a later time. You must have administrator privileges to do so.
After the Process Dump tool is started, you are presented with two tabs: Exception Monitoring and Hot Keys. To configure Userdump to handle exceptions in the information store, simply click the New button on the Exception Monitoring tab. Type store.exe (or the image name of any process you wish to monitor) in the resulting dialog box and click OK. There is some overhead associated with using the Exception Monitor to handle a process, but this is negligible for most users.
Userdump creates user dump files named with the prefix of the image name and the file extension replaced with dmp (so Store.exe would produce a Store.dmp file). These dump files are created by default in the Winnt directory. You can override the target directory by creating the following registry key: WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may
require you to reinstall your operating system. Microsoft cannot guarantee that you can solve
problems that result from using Registry Editor incorrectly. Use Registry Editor at your own
risk. - Start Registry Editor (Regedt32.exe).
- Locate the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\udmpsvc\Parameters
- On the Edit menu, click Add Value, and then add the following registry value:
Value Name: DumpPath Data Type: REG_SZ Value: Fully-qualified path to a local directory - Quit Registry Editor.
The value is expected to be a fully-qualified Win32 path to a local directory, which must already exist. Remote directories will not work, even if a drive letter is redirected to a remote share point.
Userdump is quite versatile and can be invoked from the command line.
For additional information, click the article number below
to view the article in the Microsoft Knowledge Base:
250509 XADM: How to Use Userdump.exe to Capture the State of the Information Store
It also has several uses including: - Process self-dumping. Userdump supports a feature whereby an application can cause itself to be dumped, for example, in an exception handler block or a top-level unhandled exception filter.
- Hot-Key Process Snapshot. A single keystroke can be associated with an image binary and can trigger a dump similar to the command line noted above.
For additional information about on drwtsn32 and its configuration, click the article numbers below
to view the articles in the Microsoft Knowledge Base:
188296 How to Disable Dr. Watson for Windows NT
Modification Type: | Minor | Last Reviewed: | 4/25/2005 |
---|
Keywords: | kbdownload kbinfo KB264124 kbAudITPRO |
---|
|