Both tools below - ProcDump and DebugDiag - work similarly: they can attach themselves as debuggers to a process, then monitor and log exceptions for that process. Optionally, these tools can collect a memory dump for the monitored process under certain conditions - such as when specific exceptions occur or on process crash.
Both tools need administrative rights to be run.
DebugDiag is the preferred tool, since it automates some steps, adds more explicit context, and includes automated memory dump analysis capabilities too.
Using the command-line ProcDump
ProcDump does not require installation. But one needs to be specific about the PID to which it is attaching. That PID needs to be determined prior to starting ProcDump. This may be tricky then the respective process is crashing and restarting frequently, with a different PID; such as when Asp.Net apps are causing their w3wp.exe to crash and restart. If the w3wp.exe is crashing very fast, then it is advisable to use the DebugDiag method.
Replace [PID] with the actual Process ID integer number identified at the step 2. Please make sure that there is enough disk space on the drive where dumps are collected. Each process dump will take space in the disk approximately the same size the process uses in memory (column Commit Size in Task Manager). For example, if the process’ memory usage is ~1 GB, then the size of a dump file will be around 1 GB.
Start reproducing the problem: issue a request from the client (browser) that you know it would trigger the exception/crash. Or simply wait or make requests to the IIS/Asp.Net app until the exception/crash occurs. You should end up with a memory dump file (.DMP) in the location where ProcDump.exe was saved (example: D:\Temp-Dumps\).
Compress the dump file(s) - .DMP - before uploading them to share for analysis.
Using the UI tool DebugDiag, Debug Diagnostics Collection
DebugDiag requires installation, but it is able to determine itself the whatever process instance - PID - happens to execute for an application pool at any point in time; even when that process may occasionally crash, hence restart with different PID. Data collected by DebugDiag is richer: along with the dump, we get a monitoring (txt) log with all other exceptions that occurred in the process.
Download Debug Diagnostic and install it on IIS machine:
Open Debug Diagnostic Collection. If a wizard does not show up, click Add Rule.
Choose Crash and click next.
Choose “A specific IIS web application pool” and Next.
Select the application pool which runs the problematic application and then click Next.
Lower the Maximum number of userdumps created by the rule to 3 (up to 5; there is no need to collect more).
Leave the Exceptions/Breakpoints/Events alone; don't add any.
Click Next and then configure the file location where the dump file(s) will be generated. Please make sure that there is enough disk space on the drive where dumps are collected. Each process dump will take space in the disk approximately the same size the process uses in memory (column Commit Size in Task Manager). For example, if the w3wp.exe process memory usage is ~2 GB, then the size of each dump file will be around 2 GB. Do not choose a disk in network/UNC; choose a local disk.
Click Next, select to Activate the rule now, and then Finish. When a second-chance crashing exception is logged, a dump file should be created in the user dump location selected above. Archive each dump file in its own ZIP and prepare to hand over to the support engineer; upload in a secure file transfer space.