Debugging Windows Crashes

Sometimes computers crash and many issues that cause crashes can be fixed by a simple update.  This is why it’s important to check for Windows updates often and if something should go wrong check for Firmware updates.

Sometimes updates don’t work and more information about the crash is needed;  there are many different steps involved in debugging a crashing machine. A first quick step is to use a tool such as WhoCrashed from which you can simple click the ‘Analyze’ button. However, this doesn’t always work and some crashes require hard work to find the solution.

Below is the simple option of using Windows logs;  these might not catch the more complex issues but will give you a greater understanding of what is happening which may lead you to a solution.

First go to ‘Computer’, right click and ‘Manage.’

WindowsDebug1
This will bring up a machine that will allow you to view the events which have occurred on the machine. Below is the ‘Administrative Events’, these are of greater importance than normal log entries but will require a google search to understand. This is a good place to start.

WindowsDebug2

In the above example the Errors and Warnings are a little varied so I Googled the source and Event Id (Application Hang Event ID 1002) and found it was caused by a an application not responding which started to respond shortly after, so nothing to worry about. Not all events are bad, some will show the system is working normally and not all of them need to be investigated, only if you are having an issue should you look into these.

If you are looking for an event in which the machine was turned off then the source text will read “Kernal-Power.”

There are plenty of common events that occur that are nothing to worry about, they are just normal operations being logged, such as WMI Event 10, this is logging an error made by Microsoft on all Windows 7 Pro installation DVD’s where the DVD is no longer connected so the WMI path doesn’t exist. For Windows Server there will always be logging of Terminal-Printers which aren’t connected, these are normal and show the system is working.

Normally 1 event won’t make much sense alone but when combined with the events around it a story unfolds. This is why it is important to view all logs rather than just the Warnings, Error’s or Critical’s. Below is all the ‘System’ logs, these include such entries as system ‘Up’ time (how long the system has been running) and entries every time a service (such as DVRServer or any number of Windows services) starts to run or stops running.

WindowsDebug3

You want to try and find Kernal-Power events and when they occurred; then view what happened in the minutes before. This will often point to a service that has an issue, a program crashing with a memory leak, Windows updates restarting the machine or failure to update the clock which is out of sync and causing other services to fail. It’s all about searching for the Source and Event ID and understanding what is the machine trying to do.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s