Summary
In some cases, a full memory dump is required to determine the root cause of server slowdowns and performance problems.
This article describes how to obtain a full memory dump on a running server.
For the servers with a lot of memory installed, collecting a full dump is a time-consuming process, so limiting the amount of RAM on the host may be considered, although a server restart is required in this case.
Resolution path depends on possibility to access http://msdl.microsoft.com from the affected server.
The node has access to the Internet
Download and install the latest dbg32.zip or dbg64.zip Windows Debugging toolkit, depending on your server architecture.
Download LiveKD tool from Sysinternals.com.
Open the command prompt as Administrator and change the directory to the folder to which you downloaded LiveKD.exe.
Launch LiveKD and press 'y' to download the symbols (access to http://msdl.microsoft.com is required):
C:\>livekd.exe LiveKd v5.31 - Execute kd/windbg on a live system Sysinternals - www.sysinternals.com Copyright (C) 2000-2013 Mark Russinovich and Ken Johnson Symbols are not configured. Would you like LiveKd to set the _NT_SYMBOL_PATH directory to reference the Microsoft symbol server so that symbols can be obtained automatically? (y/n) y Enter the folder to which symbols download (default is c:\symbols): Launching C:\program files\Debugging Tools for Windows (x64)\kd.exe: Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\livekd.dmp] Kernel Complete Dump File: Full address space is available Comment: 'LiveKD live system view' Symbol search path is: srv*C:\symbols *http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Product: Server, suite: TerminalServer DataCenter SingleUserTS Built by: 7601.19018.amd64fre.win7sp1_gdr.150928-1507 Machine Name: Kernel base = 0xfffff800`01615000 PsLoadedModuleList = 0xfffff800`0185c730 Debug session time: Wed Feb 3 04:04:30.297 2016 (UTC + 3:00) System Uptime: 0 days 0:06:59.608 Loading Kernel Symbols ............................................................... .......... Loading User Symbols ............ Loading unloaded module list ...... 0: kd>Trigger the dump generation when it is needed:
0: kd> .dump /f C:\memory.dmp Please consider including the "/b" option to compress the dump file in a CAB. Disk space required could be cut by around 75%. Creating C:\memory.dmp - Full kernel dump Percent written 0 Percent written 1 ................. Percent written 99 Dump successfully written 0: kd>- Before uploading the dump to the file exchange share, compress it using any archiving software.
The node does not have access to the Internet
Download and install the latest dbg32.zip or dbg64.zip Windows Debugging toolkit, depending on your server architecture, on two machines — the one where a memory dump is to be collected (server without Internet access), and a PC with the access to http://msdl.microsoft.com (client with the Internet access).
Copy ntoskrnl.exe, kernel32.dll and ntdll.dll from C:\Windows\system32 on the server to the client, for example, to C:\debug.
Go to the client and download the symbols manually:
C:\Program Files\Debugging Tools for Windows (x64)>symchk.exe /if C:\debug\* /s srv*C:\debug*http://msdl.microsoft.com/download/symbols SYMCHK: FAILED files = 0 SYMCHK: PASSED + IGNORED files = 3Copy downloaded .pdb files from C:\debug to the server without Internet access, for example, to C:\symbols.
Download LiveKD tool from Sysinternals.com on the server.
Open the command prompt as Administrator and change the directory to the folder to which you downloaded LiveKD.exe.
Launch LiveKD, press 'y', and type the path to manually downloaded symbols (C:\symbols):
C:\>livekd.exe LiveKd v5.31 - Execute kd/windbg on a live system Sysinternals - www.sysinternals.com Copyright (C) 2000-2013 Mark Russinovich and Ken Johnson Symbols are not configured. Would you like LiveKd to set the _NT_SYMBOL_PATH directory to reference the Microsoft symbol server so that symbols can be obtained automatically? (y/n) y Enter the folder to which symbols download (default is c:\symbols): C:\symbols Launching C:\program files\Debugging Tools for Windows (x64)\kd.exe: Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\livekd.dmp] Kernel Complete Dump File: Full address space is available Comment: 'LiveKD live system view' Symbol search path is: srv*C:\symbols *http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Product: Server, suite: TerminalServer DataCenter SingleUserTS Built by: 7601.19018.amd64fre.win7sp1_gdr.150928-1507 Machine Name: Kernel base = 0xfffff800`01615000 PsLoadedModuleList = 0xfffff800`0185c730 Debug session time: Wed Feb 3 04:04:30.297 2016 (UTC + 3:00) System Uptime: 0 days 0:06:59.608 Loading Kernel Symbols ............................................................... Loading User Symbols ............ Loading unloaded module list ...... 0: kd>Trigger the dump generation when it is needed:
0: kd> .dump /f C:\memory.dmp Please consider including the "/b" option to compress the dump file in a CAB. Disk space required could be cut by around 75%. Creating C:\memory.dmp - Full kernel dump Percent written 0 Percent written 1 ................. Percent written 99 Dump successfully written 0: kd>- Before uploading the dump to the file exchange share, compress it using any archiving software.