By
Published
Mar 15 2019 02:56 PM
7,981
Views
First published on MSDN on May 18, 2015
The following enhancement is not specific to Failover Cluster or even Windows Server. However, it has significant advantages when you are troubleshooting and getting memory.dmp files from servers running Hyper-V.
Servers that are used as Hyper-V hosts tend to have a significant amount of RAM and a complete memory dump includes processor state as well as a dump of what is in RAM and this results in the dmp file for a Full Dump to be extremely large. On these Hyper-V
hosts, the parent partition is usually a small percentage of the overall RAM of the system, with the majority of the RAM allocated to Virtual Machines(VMs). It’s the parent partition memory that is interesting in debugging a bugcheck or other bluescreen and the VM
memory pages are not important for diagnosing most problems.
Windows Server 2016 introduces a dump type of “Active memory dump”, which filters out most memory pages allocated to VMs and therefore makes the memory.dmp much smaller and easier to save/copy.
As an example, I have a system with 16GB of RAM running Hyper-V and I initiated bluescreens with different crash dump settings to see what the resulting memory.dmp file size would be. I also tried “Active memory dump” with no VMs running and with 2 VMS taking up 8 of the 16GB of memory to see how effective it would be:
*The size of the Active Dump as compared to a complete dump will vary depending on the total host memory and what is running on the system.
In looking at the numbers in the table above, keep in mind that the Active Dump is larger than the kernel, but includes the usermode space of the parent partition, while being 10% of the size of the complete dump that would have normally been required to get the usermode space.
The new dump type can be chosen through the Startup and Recovery dialog as shown here:
The memory.dmp type can also be set through the registry under the following key. The change will not take effect until the system is restarted if changing it directly in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl\
Note: Information on setting memory dump types directly in the registry for previous versions can be found in a blog here .
To configure the Active memory.dmp there are 2 values that need to be set, both are REG_DWORD values.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl\ CrashDumpEnabled
The CrashDumpEnabled value needs to be 1, which is the same as a complete dump.
And
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl\ FilterPages.
The FilterPages value needs to be set to 1 .
Note: FilterPages value will not found under the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl\ key unless the GUI “Startup and Recovery” dialog is used to set the dump type
to “Active memory dump”, or you manually create and set the value.
If you would like to set this via Windows PowerShell, here is the flow and example:
Here is TXT version of what is showing above, to make it easier to copy/paste:
Get-ItemProperty –Path HKLM:\System\CurrentControlSet\Control\CrashControl –Name CrashDumpEnabled
Get-ItemProperty –Path HKLM:\System\CurrentControlSet\Control\CrashControl –Name FilterPages
Set-ItemProperty –Path HKLM:\System\CurrentControlSet\Control\CrashControl –Name CrashDumpEnabled –value 1
Set-ItemProperty –Path HKLM:\System\CurrentControlSet\Control\CrashControl –Name FilterPages –value 1
Active Dump
The following enhancement is not specific to Failover Cluster or even Windows Server. However, it has significant advantages when you are troubleshooting and getting memory.dmp files from servers running Hyper-V.
Memory Dump Enhancement – Active memory dump
Servers that are used as Hyper-V hosts tend to have a significant amount of RAM and a complete memory dump includes processor state as well as a dump of what is in RAM and this results in the dmp file for a Full Dump to be extremely large. On these Hyper-V
hosts, the parent partition is usually a small percentage of the overall RAM of the system, with the majority of the RAM allocated to Virtual Machines(VMs). It’s the parent partition memory that is interesting in debugging a bugcheck or other bluescreen and the VM
memory pages are not important for diagnosing most problems.
Windows Server 2016 introduces a dump type of “Active memory dump”, which filters out most memory pages allocated to VMs and therefore makes the memory.dmp much smaller and easier to save/copy.
As an example, I have a system with 16GB of RAM running Hyper-V and I initiated bluescreens with different crash dump settings to see what the resulting memory.dmp file size would be. I also tried “Active memory dump” with no VMs running and with 2 VMS taking up 8 of the 16GB of memory to see how effective it would be:
| Memory.dmp in KB | % Compared to Complete | |
|
Complete Dump: |
16,683,673 |
|
|
Active Dump (no VMs): |
1,586,493 |
10% |
|
Active Dump (VMs with 8GB RAM total): |
1,629,497 |
10% |
|
Kernel Dump (VMs with 8GB RAM total) |
582,261 |
3% |
|
Automatic Dump (VMs with 8GB RAM total) |
587,941 |
4% |
*The size of the Active Dump as compared to a complete dump will vary depending on the total host memory and what is running on the system.
In looking at the numbers in the table above, keep in mind that the Active Dump is larger than the kernel, but includes the usermode space of the parent partition, while being 10% of the size of the complete dump that would have normally been required to get the usermode space.
Configuration
The new dump type can be chosen through the Startup and Recovery dialog as shown here:
The memory.dmp type can also be set through the registry under the following key. The change will not take effect until the system is restarted if changing it directly in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl\
Note: Information on setting memory dump types directly in the registry for previous versions can be found in a blog here .
To configure the Active memory.dmp there are 2 values that need to be set, both are REG_DWORD values.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl\ CrashDumpEnabled
The CrashDumpEnabled value needs to be 1, which is the same as a complete dump.
And
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl\ FilterPages.
The FilterPages value needs to be set to 1 .
Note: FilterPages value will not found under the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl\ key unless the GUI “Startup and Recovery” dialog is used to set the dump type
to “Active memory dump”, or you manually create and set the value.
If you would like to set this via Windows PowerShell, here is the flow and example:
- Gets the value of CrashDumpEnabled
- Sets the value of CrashDumpEnabled to 1 (so effectively this is now set to Complete dump).
- Gets the value of FilterPages (note that there is an error because this value doesn’t exist yet).
- Sets the value of FilterPages to 1 (this changes it from Complete dump to Active dump)
- Gets the value of FilterPages to verify it was set correctly and exists now.
Here is TXT version of what is showing above, to make it easier to copy/paste:
Get-ItemProperty –Path HKLM:\System\CurrentControlSet\Control\CrashControl –Name CrashDumpEnabled
Get-ItemProperty –Path HKLM:\System\CurrentControlSet\Control\CrashControl –Name FilterPages
Set-ItemProperty –Path HKLM:\System\CurrentControlSet\Control\CrashControl –Name CrashDumpEnabled –value 1
Set-ItemProperty –Path HKLM:\System\CurrentControlSet\Control\CrashControl –Name FilterPages –value 1
3 Comments