Collect traces of first-chance exceptions occurring in app

Published Mar 26 2021 06:14 AM 1,571 Views
Microsoft

The following two procedures guide on how to collect traces of exceptions when the application is not using a logging or telemetry solution - such as Application Insights - to record those exceptions. This post complements my article about how exceptions are handled and how to collect memory dumps to study them.

 

Both tools below - ProcDump and DebugDiag - work similarly: they can attach themselves as debuggers to a process, then monitor and log exceptions for that process. Optionally, these tools can collect a memory dump for the monitored process under certain conditions - such as when specific exceptions occur.

Both tools need administrative rights to be run.

DebugDiag is the preferred tool, since it automates some steps, adds more explicit context, and includes automated memory dump analysis capabilities too. While ProcDump will report exceptions occurring, DebugDiag will also collect thread call stack information.

 

Using the command-line ProcDump

 

ProcDump does not require installation. But one needs to be specific about the PID to which it is attaching. That PID needs to be determined prior to starting ProcDump. This may be tricky when the respective process is crashing and restarting frequently, with a different PID; such as when Asp.Net apps are causing their w3wp.exe to crash and restart.

 

  1. Download the tool and copy it on a disk folder, for example D:\Temp-Dumps\
    https://docs.microsoft.com/en-us/sysinternals/downloads/procdump
     
  2. Open an administrative console from where to run commands.
    Navigate to the disk folder above (D:\Temp-Dumps\).
     
  3. Find the process ID, the PID, of the IIS w3wp.exe worker process executing your application.
    Use the AppCmd IIS tool to list processes for application pools:
    D:\Temp-Dumps> C:\Windows\System32\InetSrv\appcmd.exe list wp
     
  4. Execute the following command to collect the traces:
    D:\Temp-Dumps> procdump.exe -accepteula -e 1 -f "" [PID]
    You may want to redirect the console output of ProcDump to a file, to persist the recording of the encountered exceptions:
    D:\Temp-Dumps> procdump.exe -accepteula -e 1 -f "" [PID] > Monitoring-log.txt
    Replace [PID] with the actual Process ID integer number identified at the step 2.
    Please make sure that there is enough disk space on the drive where dumps are collected. Each process dump will take space in the disk approximately the same size the process uses in memory (column Commit Size in Task Manager). For example, if the process’ memory usage is ~1 GB, then the size of a dump file will be around 1 GB.
     
  5. Start reproducing: issue requests from the client (browser?) that you know it would trigger exception(s); usually, HTTP response "500, Server-side processing error".
    Or simply wait or make requests to the IIS/Asp.Net app until the exception(s) occur(s).
    You should end up with a console output revealing the exceptions, or
    a .TXT log with them in the location where ProcDump.exe was saved (example: D:\Temp-Dumps\).

 

 

 

Using the UI tool DebugDiag, Debug Diagnostics Collection

 

DebugDiag requires installation, but it is able to determine itself the whatever process instance - PID - happens to execute for an application pool at some point in time; even when that process may occasionally crash, hence restart with different PID.

 

 

 

#1.

Download Debug Diagnostic and install it on IIS machine:

https://www.microsoft.com/en-us/download/details.aspx?id=49924 v2.2 (if 32-bit system)

https://www.microsoft.com/en-us/download/details.aspx?id=103453 v2.3.2 (only supports 64-bit OS)

 

 

 

#2.

Open Debug Diagnostic Collection.
If a wizard does not show up, click Add Rule.
 

Viorel-Alexandru_0-1616691775841.png

 

 

 

#3.

Choose Crash and click Next.

 

Viorel-Alexandru_1-1616691775856.png

 

 

 

#4.

Choose “A specific IIS web application pool” and Next.

 

Viorel-Alexandru_2-1616691775866.png

 

 

 

#5.

Select the application pool which runs the problematic application and then click Next.

 

Viorel-Alexandru_3-1616691775872.png

 

 

 

#6.

The Unconfigured First-Chance Exceptions are the unknown ones that we want to determine…
Let's Log Stack Trace for these; say the first 100 occurrences.
Lower the Maximum number of userdumps created by the rule to 1 (would only get a dump if we have a crash; but at this stage we're not after dumps).
Then click Next

 

Viorel-Alexandru_4-1616691775881.png

 

 

 

#7.

Configure the file location where the (potential) dump file(s) will be generated/written.
A dump would only be collected on crash, if it happens; otherwise, we should only have a text file as output: a monitoring log, where occurred first-chance exceptions are recorded.
Please make sure that there is enough disk space on the drive where dumps are collected. Each process dump will take space in the disk approximately the same size the process uses in memory (column Commit Size in Task Manager). For example, if the w3wp.exe process memory usage is ~2 GB, then the size of each dump file will be around 2 GB.
Please do not choose a disk in network/UNC; choose a local disk.

 

Viorel-Alexandru_5-1616691775894.png

 

 

 

#8.

Click Next and Finish by selecting to Activate the rule now.

 

Viorel-Alexandru_6-1616691775898.png

 

 

 

#9.

Unknown/Unconfigured first-chance exceptions will be recorded; therefore, revealed.

  • Look for a file like below, in the folder configured for the rule (where dumps would be saved):
    <processName>__<appPool>__PID__<PID>__Date__MM_DD_YYYY__Time_hh_mm_ss<AM|PM>__<ID>__Log.txt
  • Example:
    w3wp__SCEP__PID__10032__Date__07_20_2021__Time_11_03_39AM__492__Log.txt

If the application pool's w3wp.exe process would crash with an unhandled exception, we would also get a memory dump.

If dumps are generated: archive each dump file in its own ZIP and prepare to hand over to the support engineer; upload in a secure file transfer space.

 

 

 

Remember my article about how exceptions are handled and how to collect memory dumps to study them. We can double check if a crash occurred or not: read about w3wp.exe crashes.

 

 

 

Aside: Just in case you are wondering what I use to capture screenshots for illustrating my articles, check out this little ShareX application in Windows Store.

 

 

%3CLINGO-SUB%20id%3D%22lingo-sub-2235658%22%20slang%3D%22en-US%22%3ECollect%20traces%20of%20first-chance%20exceptions%20occurring%20in%20app%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2235658%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20following%20two%20procedures%20guide%20on%20how%20to%20collect%20traces%20of%20exceptions%20when%20the%20application%20is%20not%20using%20a%20logging%20or%20telemetry%20solution%20-%20such%20as%20Application%20Insights%20-%20to%20record%20those%20exceptions.%20This%20post%20complements%20%3CA%20title%3D%22About%20exceptions%20and%20capturing%20them%20with%20dumps%22%20href%3D%22https%3A%2F%2Flinqto.me%2Fdumps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Emy%20article%20about%20how%20exceptions%20are%20handled%20and%20how%20to%20collect%20memory%20dumps%20to%20study%20them%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBoth%20tools%20below%20-%20ProcDump%20and%20DebugDiag%20-%20work%20similarly%3A%20they%20can%20attach%20themselves%20as%20debuggers%20to%20a%20process%2C%20then%20monitor%20and%20log%20exceptions%20for%20that%20process.%20Optionally%2C%20these%20tools%20can%20collect%20a%20memory%20dump%20for%20the%20monitored%20process%20under%20certain%20conditions%20-%20such%20as%20when%20specific%20exceptions%20occur.%3C%2FP%3E%0A%3CP%3EBoth%20tools%20need%20administrative%20rights%20to%20be%20run.%3C%2FP%3E%0A%3CP%3EDebugDiag%20is%20the%20preferred%20tool%2C%20since%20it%20automates%20some%20steps%2C%20adds%20more%20explicit%20context%2C%20and%20includes%20automated%20memory%20dump%20analysis%20capabilities%20too.%20While%20ProcDump%20will%20report%20exceptions%20occurring%2C%20DebugDiag%20will%20also%20collect%20thread%20call%20stack%20information.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--497408105%22%20id%3D%22toc-hId--497348528%22%3EUsing%20the%20command-line%20ProcDump%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EProcDump%20does%20not%20require%20installation.%20But%20one%20needs%20to%20be%20specific%20about%20the%20PID%20to%20which%20it%20is%20attaching.%20That%20PID%20needs%20to%20be%20determined%20prior%20to%20starting%20ProcDump.%20This%20may%20be%20tricky%20when%20the%20respective%20process%20is%20crashing%20and%20restarting%20frequently%2C%20with%20a%20different%20PID%3B%20such%20as%20when%20Asp.Net%20apps%20are%20causing%20their%20w3wp.exe%20to%20crash%20and%20restart.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EDownload%20the%20tool%20and%20copy%20it%20on%20a%20disk%20folder%2C%20for%20example%20%3CSTRONG%3E%3CEM%3ED%3A%5CTemp-Dumps%5C%3C%2FEM%3E%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsysinternals%2Fdownloads%2Fprocdump%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CEM%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsysinternals%2Fdownloads%2Fprocdump%3C%2FEM%3E%3C%2FA%3E%3CBR%20%2F%3E%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3EOpen%20an%20administrative%20console%20from%20where%20to%20run%20commands.%3CBR%20%2F%3ENavigate%20to%20the%20disk%20folder%20above%20(%3CSTRONG%3E%3CEM%3ED%3A%5CTemp-Dumps%5C%3C%2FEM%3E%3C%2FSTRONG%3E).%3CBR%20%2F%3E%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3EFind%20the%20process%20ID%2C%20the%20%3CSTRONG%3EPID%3C%2FSTRONG%3E%2C%20of%20the%20IIS%20w3wp.exe%20worker%20process%20executing%20your%20application.%3CBR%20%2F%3EUse%20the%20AppCmd%20IIS%20tool%20to%20list%20processes%20for%20application%20pools%3A%3CPRE%3E%3CFONT%20color%3D%22%23339966%22%3E%3CFONT%20size%3D%223%22%3E%3CFONT%20color%3D%22%23999999%22%3ED%3A%5CTemp-Dumps%26gt%3B%3C%2FFONT%3E%3C%2FFONT%3E%20%3CSTRONG%3E%3CFONT%20size%3D%223%22%3EC%3A%5CWindows%5CSystem32%5CInetSrv%5Cappcmd.exe%20list%20wp%3C%2FFONT%3E%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FPRE%3E%0A%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3EExecute%20the%20following%20command%20to%20collect%20the%20traces%3A%3CPRE%3E%3CFONT%20size%3D%223%22%3E%3CFONT%20color%3D%22%23999999%22%3ED%3A%5CTemp-Dumps%26gt%3B%3C%2FFONT%3E%20%3CFONT%20color%3D%22%23339966%22%3E%3CSTRONG%3Eprocdump.exe%20-accepteula%20-e%201%20-f%20%22%22%20%5BPID%5D%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FFONT%3E%3C%2FPRE%3EYou%20may%20want%20to%20redirect%20the%20console%20output%20of%20ProcDump%20to%20a%20file%2C%20to%20persist%20the%20recording%20of%20the%20encountered%20exceptions%3A%3CBR%20%2F%3E%3CPRE%3E%3CFONT%20size%3D%223%22%3E%3CFONT%20color%3D%22%23999999%22%3ED%3A%5CTemp-Dumps%26gt%3B%3C%2FFONT%3E%20%3CFONT%20color%3D%22%23339966%22%3E%3CSTRONG%3Eprocdump.exe%20-accepteula%20-e%201%20-f%20%22%22%20%5BPID%5D%20%26gt%3B%20Monitoring-log.txt%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FFONT%3E%3C%2FPRE%3E%3CFONT%20size%3D%222%22%3E%3CEM%3EReplace%20%5BPID%5D%20with%20the%20actual%20Process%20ID%20integer%20number%20identified%20at%20the%20step%202.%3CBR%20%2F%3EPlease%20make%20sure%20that%20there%20is%20enough%20disk%20space%20on%20the%20drive%20where%20dumps%20are%20collected.%26nbsp%3BEach%20process%20dump%20will%20take%20space%20in%20the%20disk%20approximately%20the%20same%20size%20the%20process%20uses%20in%20memory%20(column%20Commit%20Size%20in%20Task%20Manager).%26nbsp%3BFor%20example%2C%20if%20the%20process%E2%80%99%20memory%20usage%20is%20~1%20GB%2C%20then%20the%20size%20of%20a%20dump%20file%20will%20be%20around%201%20GB.%3CBR%20%2F%3E%3C%2FEM%3E%3C%2FFONT%3E%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EStart%20reproducing%3C%2FSTRONG%3E%3A%20issue%20requests%20from%20the%20client%20(browser%3F)%20that%20you%20know%20it%20would%20trigger%20exception(s)%3B%20usually%2C%20HTTP%20response%20%22%3CEM%3E500%2C%20Server-side%20processing%20error%3C%2FEM%3E%22.%3CBR%20%2F%3E%3CSTRONG%3EOr%20simply%20wait%3C%2FSTRONG%3E%20or%20make%20requests%20to%20the%20IIS%2FAsp.Net%20app%20until%20the%20exception(s)%20occur(s).%3CBR%20%2F%3EYou%20should%20end%20up%20with%20a%20console%20output%20revealing%20the%20exceptions%2C%20or%3CBR%20%2F%3Ea%20.TXT%20log%20with%20them%20in%20the%20location%20where%20ProcDump.exe%20was%20saved%20(example%3A%20%3CSTRONG%3E%3CEM%3ED%3A%5CTemp-Dumps%5C%3C%2FEM%3E%3C%2FSTRONG%3E).%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1990104728%22%20id%3D%22toc-hId-1990164305%22%3EUsing%20the%20UI%20tool%20DebugDiag%2C%20Debug%20Diagnostics%20Collection%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDebugDiag%20requires%20installation%2C%20but%20it%20is%20able%20to%20determine%20itself%20the%20whatever%20process%20instance%20-%20PID%20-%20happens%20to%20execute%20for%20an%20application%20pool%20at%20some%20point%20in%20time%3B%20even%20when%20that%20process%20may%20occasionally%20crash%2C%20hence%20restart%20with%20different%20PID.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1614301094%22%20id%3D%22toc-hId--1614241517%22%3E%231.%3C%2FH3%3E%0A%3CP%3EDownload%20Debug%20Diagnostic%20and%20install%20it%20on%20IIS%20machine%3A%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D49924%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D49924%3C%2FA%3E%20v2.2%3CSPAN%3E%26nbsp%3B(if%2032-bit%20system)%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D103453%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D103453%3C%2FA%3E%20v2.3.2%20%3CSPAN%3E(only%20supports%2064-bit%20OS)%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-873211739%22%20id%3D%22toc-hId-873271316%22%3E%232.%3C%2FH3%3E%0A%3CP%3EOpen%20%3CSTRONG%3E%3CEM%3EDebug%20Diagnostic%20Collection%3C%2FEM%3E%3C%2FSTRONG%3E.%3CBR%20%2F%3EIf%20a%20wizard%20does%20not%20show%20up%2C%20click%20%3CSTRONG%3E%3CEM%3EAdd%20Rule%3C%2FEM%3E%3C%2FSTRONG%3E.%3CBR%20%2F%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Viorel-Alexandru_0-1616691775841.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267103iD08258BCECAFB32B%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Viorel-Alexandru_0-1616691775841.png%22%20alt%3D%22Viorel-Alexandru_0-1616691775841.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--934242724%22%20id%3D%22toc-hId--934183147%22%3E%233.%3C%2FH3%3E%0A%3CP%3EChoose%20%3CSTRONG%3E%3CEM%3ECrash%3C%2FEM%3E%3C%2FSTRONG%3E%20and%20click%20%3CSTRONG%3E%3CEM%3ENext%3C%2FEM%3E%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Viorel-Alexandru_1-1616691775856.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267104iF6173C5ADCAEA393%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Viorel-Alexandru_1-1616691775856.png%22%20alt%3D%22Viorel-Alexandru_1-1616691775856.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1553270109%22%20id%3D%22toc-hId-1553329686%22%3E%234.%3C%2FH3%3E%0A%3CP%3EChoose%20%E2%80%9C%3CSTRONG%3E%3CEM%3EA%20specific%20IIS%20web%20application%20pool%3C%2FEM%3E%3C%2FSTRONG%3E%E2%80%9D%20and%20%3CSTRONG%3E%3CEM%3ENext%3C%2FEM%3E%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Viorel-Alexandru_2-1616691775866.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267105iB4B84474506863FF%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Viorel-Alexandru_2-1616691775866.png%22%20alt%3D%22Viorel-Alexandru_2-1616691775866.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--254184354%22%20id%3D%22toc-hId--254124777%22%3E%235.%3C%2FH3%3E%0A%3CP%3ESelect%20the%20application%20pool%20which%20runs%20the%20problematic%20application%20and%20then%20click%20%3CSTRONG%3E%3CEM%3ENext%3C%2FEM%3E%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Viorel-Alexandru_3-1616691775872.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267107i523FFC801CF23ECD%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Viorel-Alexandru_3-1616691775872.png%22%20alt%3D%22Viorel-Alexandru_3-1616691775872.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--2061638817%22%20id%3D%22toc-hId--2061579240%22%3E%236.%3C%2FH3%3E%0A%3CP%3EThe%20%3CSTRONG%3E%3CEM%3EUnconfigured%20First-Chance%20Exceptions%3C%2FEM%3E%3C%2FSTRONG%3E%20are%20the%20unknown%20ones%20that%20we%20want%20to%20determine%E2%80%A6%3CBR%20%2F%3ELet's%20%3CSTRONG%3E%3CEM%3ELog%20Stack%20Trace%3C%2FEM%3E%3C%2FSTRONG%3E%20for%20these%3B%20say%20the%20first%20100%20occurrences.%3CBR%20%2F%3ELower%20the%20%3CSTRONG%3E%3CEM%3EMaximum%20number%20of%20userdumps%20created%20by%20the%20rule%3C%2FEM%3E%3C%2FSTRONG%3E%20to%201%20(would%20only%20get%20a%20dump%20%3CSTRONG%3Eif%3C%2FSTRONG%3E%20we%20have%20a%20crash%3B%20but%20at%20this%20stage%20we're%20not%20after%20dumps).%3CBR%20%2F%3EThen%20click%20%3CSTRONG%3E%3CEM%3ENext%3C%2FEM%3E%3C%2FSTRONG%3E%E2%80%A6%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Viorel-Alexandru_4-1616691775881.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267106iB7BB459B7BE1FE12%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Viorel-Alexandru_4-1616691775881.png%22%20alt%3D%22Viorel-Alexandru_4-1616691775881.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-425874016%22%20id%3D%22toc-hId-425933593%22%3E%237.%3C%2FH3%3E%0A%3CP%3EConfigure%20the%20file%20location%20where%20the%20(potential)%20dump%20file(s)%20will%20be%20generated%2Fwritten.%3CBR%20%2F%3EA%20dump%20would%20only%20be%20collected%20on%20crash%2C%20if%20it%20happens%3B%20otherwise%2C%20we%20should%20only%20have%20a%20text%20file%20as%20output%3A%20a%20monitoring%20log%2C%20where%20occurred%20first-chance%20exceptions%20are%20recorded.%3CBR%20%2F%3E%3CFONT%20size%3D%222%22%3E%3CEM%3EPlease%20make%20sure%20that%20there%20is%20enough%20disk%20space%20on%20the%20drive%20where%20dumps%20are%20collected.%26nbsp%3BEach%20process%20dump%20will%20take%20space%20in%20the%20disk%20approximately%20the%20same%20size%20the%20process%20uses%20in%20memory%20(column%20Commit%20Size%20in%20Task%20Manager).%26nbsp%3BFor%20example%2C%20if%20the%20w3wp.exe%20process%20memory%20usage%20is%20~2%20GB%2C%20then%20the%20size%20of%20each%20dump%20file%20will%20be%20around%202%20GB.%3C%2FEM%3E%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20color%3D%22%23FF6600%22%3EPlease%20do%20not%20choose%20a%20disk%20in%20network%2FUNC%3B%20choose%20a%20local%20disk%3C%2FFONT%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Viorel-Alexandru_5-1616691775894.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267108iDAEF16A07A0609DC%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Viorel-Alexandru_5-1616691775894.png%22%20alt%3D%22Viorel-Alexandru_5-1616691775894.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1381580447%22%20id%3D%22toc-hId--1381520870%22%3E%238.%3C%2FH3%3E%0A%3CP%3EClick%20%3CSTRONG%3E%3CEM%3ENext%3C%2FEM%3E%3C%2FSTRONG%3E%20and%20%3CSTRONG%3E%3CEM%3EFinish%3C%2FEM%3E%3C%2FSTRONG%3E%20by%20selecting%20to%20%3CSTRONG%3E%3CEM%3EActivate%20the%20rule%20now%3C%2FEM%3E%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Viorel-Alexandru_6-1616691775898.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267109i084AB393E072FCEC%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Viorel-Alexandru_6-1616691775898.png%22%20alt%3D%22Viorel-Alexandru_6-1616691775898.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-410768907%22%20id%3D%22toc-hId-410828484%22%3E%239.%3C%2FH3%3E%0A%3CP%3EUnknown%2FUnconfigured%20first-chance%20exceptions%20will%20be%20recorded%3B%20therefore%2C%20revealed.%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CFONT%20size%3D%222%22%3ELook%20for%20a%20file%20like%20below%2C%20in%20the%20folder%20configured%20for%20the%20rule%20(where%20dumps%20would%20be%20saved)%3A%3C%2FFONT%3E%3CBR%20%2F%3E%3CEM%3E%3CFONT%20size%3D%222%22%3E%3CPROCESSNAME%3E__%3CAPPPOOL%3E__PID__%3CPID%3E__Date__MM_DD_YYYY__Time_hh_mm_ss%3CAM%3E__%3CID%3E__%3CSTRONG%3ELog.txt%3C%2FSTRONG%3E%3C%2FID%3E%3C%2FAM%3E%3C%2FPID%3E%3C%2FAPPPOOL%3E%3C%2FPROCESSNAME%3E%3C%2FFONT%3E%3C%2FEM%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20size%3D%222%22%3EExample%3A%3CBR%20%2F%3E%3CEM%3Ew3wp__SCEP__PID__10032__Date__07_20_2021__Time_11_03_39AM__492__%3CSTRONG%3ELog.txt%3C%2FSTRONG%3E%3C%2FEM%3E%3CBR%20%2F%3E%3C%2FFONT%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EIf%20the%20application%20pool's%20w3wp.exe%20process%20would%20crash%20with%20an%20unhandled%20exception%2C%20we%20would%20also%20get%20a%20memory%20dump.%3C%2FP%3E%0A%3CP%3EIf%20dumps%20are%20generated%3A%20archive%20each%20dump%20file%20in%20its%20own%20ZIP%20and%20prepare%20to%20hand%20over%20to%20the%20support%20engineer%3B%20upload%20in%20a%20secure%20file%20transfer%20space.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ERemember%26nbsp%3B%3C%2FSPAN%3E%3CA%20title%3D%22About%20exceptions%20and%20capturing%20them%20with%20dumps%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fiis-support-blog%2Fabout-exceptions-and-capturing-them-with-dumps%2Fba-p%2F2234600%22%20target%3D%22_blank%22%3Emy%20article%20about%20how%20exceptions%20are%20handled%20and%20how%20to%20collect%20memory%20dumps%20to%20study%20them%3C%2FA%3E%3CSPAN%3E.%20We%20can%20double%20check%20if%20a%20crash%20occurred%20or%20not%3A%26nbsp%3B%3C%2FSPAN%3E%3CA%20title%3D%22HTTP%20response%20503%20Service%20Unavailable%20from%20IIS%3A%20one%20common%20generic%20cause%22%20href%3D%22https%3A%2F%2Flinqto.me%2Frapid-fail-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Eread%20about%20w3wp.exe%20crashes%3C%2FA%3E%3CSPAN%3E.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CFONT%20size%3D%222%22%3E%3CSTRONG%3E%3CEM%3EAside%3C%2FEM%3E%3C%2FSTRONG%3E%3CEM%3E%3A%20Just%20in%20case%20you%20are%20wondering%20what%20I%20use%20to%20capture%20screenshots%20for%20illustrating%20my%20articles%2C%20check%20out%20this%20little%26nbsp%3B%3C%2FEM%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fp%2Fsharex%2F9nblggh4z1sp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CEM%3EShareX%3C%2FEM%3E%3C%2FA%3E%3CEM%3E%26nbsp%3Bapplication%20in%20Windows%20Store.%3C%2FEM%3E%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2235658%22%20slang%3D%22en-US%22%3E%3CP%3EIllustrated%20steps%20to%20take%20when%20we%20want%20to%20see%20what%20kind%20of%20exceptions%20occur%20in%20a%20process%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Co-Authors
Version history
Last update:
‎Sep 20 2021 06:40 AM
Updated by: