Blue Screen in Windows - Tip #2

-

Blue Screen in Windows

Many of us might face blue screen issue in the operating system whether in desktop or server but no one interested to know what was the root cause of this blue screen due to we consider it as a bug in windows components or exception error in the operation system, we just reboot desktop/server then the OS will start working properly.

 The reason for having Blue screen actually is someone within windows Kernal trying to call windows Kernal "Kebugcheckex routine" and passing below 4 parameters in "Kebugcheckex routine" as following:
VOID  KeBugCheckEx(
  _In_ ULONG     BugCheckCode,
  _In_ ULONG_PTR BugCheckParameter1,
  _In_ ULONG_PTR BugCheckParameter2,
  _In_ ULONG_PTR BugCheckParameter3,
  _In_ ULONG_PTR BugCheckParameter4
);

 https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/wdm/nf-wdm-kebugcheckex


And as per Microsoft analysis of the root causes of crashes indicates the following:

 70 percent are caused by third-party driver code
10 percent are caused by hardware issues
5 percent are caused by Microsoft code
15 percent have unknown causes (because the memory is too corrupted to analyze)

 All these four-points have interacted with Kebugcheckex routine which led to Blue screen issue. When Blue screen occurs the dump file will be created but keep in mind that dump file "Kernal Memory dump" related to blue Screen will be created in paging file if paging file configures in OS partition, no other partition, so consider configuring paging file always in C drive.
Location of dump file as following :

 C:\Windows\Minidump
Try to copy this file to another location but don't move it :) 

 or

 C:\Windows\MEMORY.DMP
Minidump files may contain much less information than a full dump file.

 You can customize the location of dump file by right click on Computer > Click on advanced system setting  > Advanced tap > Setting (Startup and recovery).

 There are many tools to read dump files you can install and use WinDbg is a powerful tool or  Dump Check Utility (Dumpchk.exe) or BlueScreenView (Portable tool). If you installed WinDbg, you will have Debugging help which will have all single reasons for the blue screen issue, you will find all the reasons under "Bug check code reference" part.

 Be careful when you are sharing Dump file with other (support, consultant...etc) it will contain all information, process, credentials...etc for your server/System.

Comments

Post a Comment

Popular posts from this blog

How to Configure Azure MFA with Exchange Server 2013 and ADFS 2012 R2

-
Image
How to Configure Azure MFA with Exchange Server 2013 and ADFS 2012 R2 How to Configure Azure MFA with Exchange Server Introduction : I was struggling to configure Azure MFA and Exchange without to use ADFS due to Exchange doesn't have Page to type text, the only phone call will work, eventually I decided to use ADFS due to this is only the way to have MFA (OTP) with Exchange. This is a quick guide to configure Azure MFA with Exchange & ADFS In this article I will demonstrate how you will apply MFA with Exchange server which has configured to use ADFS authentication, nowadays security of any organization is mandatory especially if they have applications have published externally. MFA comes to add the additional layer of security for these applications and will make organization a tad bit secure than the traditional static password. I believe Azure MFA has most of the capabilities of MFA that any organization might be looking for. If we will talk abou...
Read more

How to exclude certain users from MFA in ADFS 3.0

-
Image
Although we do not recommend exclude any users from 2FA, but some organizations have their justifications for excluding certain users from MFA. In ADFS 3.0 (Win Server 2012 R2) doesn't have GUI to apply such policy and you need to amend on claims rule by power-shell, but it's available in Win server 2016 and later as GUI. Let assume that you applied MFA by adding group "domain users" in the edit authentication policy. You need to exclude specific users from MFA, create another security group then add required users, then apply the below custom rule : 1 :  Get the SID of domain users "S-1-5-21domain-513" and EX_MFA group. 2 : $MFAEX = 'exists([Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "domain users' SID"]) && NOT exists([Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "EX_MFA's SID"]) => issue (Type = "http://sche...
Read more