Online Crash Analysis

When the Dumprep utility executes, as a result of Savedump having configured it to start, it checks the same three values referenced by Savedump to see whether the system is configured to send an error report to Microsoft after rebooting from a crash. If it is, Dumprep generates an XML-formatted file containing a basic description of the system, including the operating system version, a list of drivers installed on the machine, and the list of Plug and Play drivers loaded on the system at the time of the crash. It then presents the dialog box shown in Figure 14-6 that asks the user whether he or she wants to send an error report to Microsoft. If the user chooses to send the error report, and unless overridden by group policies, Dumprep sends the XML file and minidump to http://watson.microsoft.com, which forwards the data to a server farm for automated analysis, described in the next section. Administrators can configure their systems using group policy to send the error data to an internal error-reporting network share to be later processed using the Microsoft Corporate Error Reporting (CER) Toolkit, which is available only to eligible Microsoft Software Assurance customers. (For more information, see http://www.microsoft.com/resources/satech/cer.)

The server farm's automated analysis uses the same analysis engine that the Microsoft kernel debuggers use when you load a crash dump file into them (described shortly). The analysis generates a bucket ID, which is a signature that identifies a particular crash type. The server farm queries a database using the bucket ID to see whether a resolution has been found for the crash, and it sends a URL back to Dumprep that refers it to the OCA Web site (http://oca.microsoft.com). Dumprep launches the Internet browser to open the page on the OCA Web site that reports the preliminary crash analysis. If a resolution is available, the page instructs the user where to obtain a hotfix, service pack, or third-party driver update; otherwise, the user is given the option of following the progress of the crash analysis via e-mail.

Sites that are not connected to the Internet or do not want crash dumps to be sent automatically to Microsoft can configure, using group policy, the error data to be stored on an internal error-reporting network share to be later processed using the Microsoft CER Toolkit mentioned earlier.