Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Log & Event Manager (LEM) > Gather Kernel Dump Information

Gather Kernel Dump Information

Table of contents
No headers

LEM employs a minifilter driver for the File Integrity Monitor (FIM) connector which has the possiblity of causing a Blue Screen of Death (BSOD).  Solarwinds support is looking for logs and information to identify the reason.

 

If you have already saved the Kernel Dump file and rebooted the Windows computer, the dump should be located in:

C:\Windows\Memory.dmp

Zip up dump for easier upload.

 

Otherwise here is a procedure to gather the Kernel Dump.

  1.  Boot your computer in Safe Mode.
  2.  Right-click My Computer and select Properties.
  3.  Go the Advanced Tab and select Startup and Recovery Settings.
  4. Under the System Failure panel select Kernel Memory Dump from the drop-down list and clear the Automatically Restart checkbox.
  5. Restart Windows in Normal Mode.
  6. Once your system crashes, boot back into Safe Mode.
  7. Locate the crash dump file ( typically C:\Windows\Memory.dmp), zip it up,  and upload it to one of the following:
    - Leapfile:
           - Open a browser to http://solarwinds.leapfile.com
           - Click on the link labeled Secure Upload, and enter support@solarwinds.net in  Recipient Email box.
           - Enter your name, email address, case number in the subject, and a brief message.
           - Click the link for Select files to send (Regular Upload), and reply to email to let us know the file is ready.
    - https://mft.solarwinds.com.

 

 

Also from the agent, please grab the following logs:
        - run the script:  collectLogs.bat --> lemAgentLogs.cab   (collect the cab file)
        - C:\ProgramData\SolarWinds\LEM\FIMLogs\     (zip up the entire directory)
        - C:\windows\syswow64\ContegoSPOP\tools\FIMfiledirectory.xml      (zip up this file)
        - Windows event logs   (application & system, exported/saved along with the "english language" option & file)
        - screenshots of registry:
             HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SWFsFltr\Parameters
             HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SWFsFltr\

 

 

Support will also typically ask for the following information:
    - date/time of BSOD
    - LEM version
    - agent version
    - total number of agents, & total number of agents experiencing a BSOD.
    - Windows version, and if currently patched.
    - applications & software installed on this agent (helps us understand if a software conflict may be reason)

LEM now employs a minifilter driver for the FIM (File Integrity Monitor) connector which has the possiblity of causing a Blue Screen of Death (BSOD). 

If this should happen, the only information that is needed is the kernel dump. The following instructions show you how to gather the kernel dump information.

1.       Boot your computer up in Safe Mode.

2.       Right-click My Computer and select Properties.

3.       Go the Advanced Tab and select Startup and Recovery Settings.
 File:/C:\Users\DANAE~1.ARC\AppData\Local\Temp\msohtmlclip1\01\clip_image001.png

4.       Under the System Failure panel select Kernel Memory Dump  from the drop-down list and uncheck Automatically Restart checkbox.

5.       Restart Windows in Normal Mode

6.       Once you hit the crash, boot back into safe mode

 

LEM now employs a minifilter driver for the FIM (File Integrity Monitor) connector which has the possiblity of causing a Blue Screen of Death (BSOD). 

If this should happen, the only information that is needed is the kernel dump. The following instructions show you how to gather the kernel dump information.

1.       Boot your computer up in Safe Mode.

2.       Right-click My Computer and select Properties.

3.       Go the Advanced Tab and select Startup and Recovery Settings.
 File:/C:\Users\DANAE~1.ARC\AppData\Local\Temp\msohtmlclip1\01\clip_image001.png

4.       Under the System Failure panel select Kernel Memory Dump  from the drop-down list and uncheck Automatically Restart checkbox.

5.       Restart Windows in Normal Mode

6.       Once you hit the crash, boot back into safe mode

7.       Locate the crash dump fle and upload it to https://mft.solarwinds.com

 

7.       Locate the crash dump fle and upload it to https://mft.solarwinds.com

Last modified

Tags

Classifications

Public