A user asked how they can get a BSOD report put into the Device Events of the computer it happened on, and also what parameters are available. A ControlUp member suggested the bug check code should be converted to Hex, and provided an example. They also recommended the user look into scripting, or upgrade to agent 2.13, which includes Windows Error Reporting. ControlUp 2.13 will provide UC&C improvements.
Read the entire ‘Investigating BSOD Reports with ControlUp’ thread below:
Is there a way to get a BSOD report put into the Device Events of the computer that it happened on? I have an alert already that looks for the event but it just says "hey event happened". I have to jump through other reports in order to find out which BSOD was reported, which there are about five different spots I have to find and filter through.
And, what kind of parameters are these? I know the bugcheck code needs converted to Hex… but the rest?
All or most bug checks have up to 4 parameters. I believe all of them should be considered hex values
As for your alert. Is the goal to get an email that basically says:
> Hey device lt-dennis had a bluescreen 0x26: CDFS_FILE_SYSTEM
Or something along those lines?
If I convert those values to Hex though, it doesn’t line up correctly with the parameters that are in the Microsoft documentation.
Like 309 – 0x135
The parameters from Microsoft are 1, 2, 3, and 4
But the database would be saying its -3FFFFFFB
Just doesn’t line up right?
And yes to what I’d like to see. That’d be awesome to get that kind of information directly on the device
Even better (feature req) would be if it could pull in the running processes at the time of the BSOD based on the logon session data.
so in your case those all look like parameters 1 through 3 are memory addresses. So 0xC000 0005 for the first, 0xC305 8E64 6040 for the 2nd, 0xF807 53F7 BA80 for the 3rd.
None of those parameters are all that useful to be honest unless you have the memory dump and a windows debugger to go along with it. Typically opening the memory dump in windbg and running analyze -v will take the parameters and find the culprit for you.
Bah, /facepalm… right, read the parameter page wrong.
Under pressure on an issue and not paying attention to all the details.
I can’t help you with the reporting. You’ll either have to open a user voice for that or go the scripting route. You could script all of that, depending on how advanced you’d want to go.
As far as I understand, agent 2.13 should collect data via windows error reporting (WER) instead of event logs and should contain more information. Hopefully including the cause as determined by Windows Error Reporting.
I am looking forward to 2.13 for UC&C improvements so hopefully this is another reason.
Appreciate the help. I was asked to diagnose a VIP user having BSODs using ControlUp yesterday and try to consider how our helpdesk could manage this too. Just a bit all over the place.
Continue reading and comment on the thread ‘Investigating BSOD Reports with ControlUp’. Not a member? Join Here!
Categories: All Archives, ControlUp Edge DX, ControlUp Scripts & Triggers