Whenever you experience a process crashing in Microsoft Windows, it is often useful to collect a full memory dump of the crashing process. Per default, mini-dumps are created whenever a KACE Agent process should crash for some reason. These mini-dump contain useful information about the crash but sometimes it is necessary to receive the full memory dump in order to investigate the issue further. We highly recommend to whitelist the KACE program and data directories as well as mark KACE agent related processes as trustworthy. Please refer for whitelisting to the following article:
Memory dump analysis are required to identify the root cause of issues where processes are crashing. It is sometimes impossible to identify the root cause and in most of the cases it may take a lot of time to identify the cause/problem.
Option 1 - Windows Error Reporting (WER)
NOTE: At least Microsoft Windows Vista/2008 required!
What you need are the below green highlighted values in the registry, basically 3 values in the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
NOTE: If the LocalDumps key does not exist, go ahead and create it!
The path where the dump files are to be stored. If you do not use the default path, then make sure that the folder contains ACLs that allow the crashing process to write data to the folder.
For service crashes, the dump is written to service specific profile folders depending on the service account used. For example, the profile folder for System services is %WINDIR%\System32\Config\SystemProfile. For Network and Local Services, the folder is %WINDIR%\ServiceProfiles.
The maximum number of dump files in the folder. When the maximum value is exceeded, the oldest dump file in the folder will be replaced with the new dump file.
Specify one of the following dump types:
· 0: Custom dump
· 1: Mini dump
· 2: Full dump
Collecting User-Mode Dumps
Option 2 - ADPlus.vbs/ADPlus.exe
NOTE: Support Microsoft Windows XP/2003 if needed.
For all supported Operating Systems, obtain the ADPlus program from the appropriate Microsoft Windows Debugging Tools sometimes contained in the SDK. It is not required to install the full SDK and you may deselect everything during the setup process apart from Debugging Tools for Windows.
Standalone Debugging Tools for Windows (WinDbg)
Once the Debugging Tools for Windows have been installed, open an elevated command prompt and navigate to the "C:\Program Files\Debugging Tools for Windows (x64)" directory, depending on release/architecture. To attach ADPlus to i.e. the AMPAgent.exe process, run the following command:
ADPlus.exe -crash -pn AMPAgent.exe -o C:\Dumps
NOTE: You need to have the dump output directory created in advance!
As shown in the above screenshot, the ADPLus program has been attached to the AMPAgent.exe process. To test for successfull dump creation, feel free to kill the AMPAgent.exe process using i.e. the Task Manager in Microsoft Windows. You should see similar data in the C:\Dumps directory as follows (during a crash the same should happen):
How to use ADPlus.vbs to troubleshoot "hangs" and "crashes"
No matter which option works for you best, please ZIP the data about the crashing process and attach it to your Service request for further investigation by technical support. Please note that dump analysis are not performed quickly and it may take some time until a cause has been found. Solutions are not guarenteed to arrive quickly and a downgrade of the KACE Agent should be considered if this allows the feature to work.