none
Arquivos do coletor de despejo de memoria. RRS feed

  • Pergunta

  • Alguém pode me ajudar com esse arquivo, o que ele diz?

    Obrigado,

    [11/30/2017 00:53:35 SERVIDOR  - From TS_Main.ps1 Line: 23]
    [DIAG_CTSMachineDumps] Diagnostic Execution Started. (Client engine: WTP)
    [12:53:36 AM SERVIDOR  - utils_CTS.ps1 - 1774] [ConfigExplorer] Starting Discovery Process in Background
    [12:53:36 AM SERVIDOR  - utils_CTS.ps1 - 1775] [RunExternalPSScript] Running External PowerShell Script: C:\Windows\TEMP\SDIAG_cb447a41-eae2-4983-9387-982cac964c93\run_discovery.ps1   (Background Execution) (Collect Files: False)

    [11/30/2017 00:53:36 SERVIDOR  - From utils_CTS.ps1 Line: 769]
    [BackgroundProcessCreate] Creating background process: [(Session: Default) Process: 'powershell.exe' - Arguments: '-command "& { $context = $ExecutionContext.GetType().GetField('_context','nonpublic,instance').GetValue($ExecutionContext); $authMgr = $context.GetType().GetField('_authorizationManager','nonpublic,instance'); $authMgr.SetValue($context, (New-Object System.Management.Automation.AuthorizationManager 'Microsoft.PowerShell')) ;C:\Windows\TEMP\SDIAG_cb447a41-eae2-4983-9387-982cac964c93\run_discovery.ps1 }"']
    [12:53:36 AM SERVIDOR  - utils_CTS.ps1 -  163] Set-MaxBackgroundProcesses called with NumberOfProcesses = 5
    [12:53:36 AM SERVIDOR  - utils_CTS.ps1 -  821] [BackgroundProcessCreate] Registering an event for process exit and attaching script block. ScriptBlock = 
    . .\utils_cts.ps1
    "[Utils_CTS] Running PostProcessingScriptBlock" | WriteTo-StdOut -ShortFormat
    Collect-DiscoveryFiles

    [11/30/2017 00:53:39 SERVIDOR  - From TS_MachineMemoryDumps.ps1 Line: 295]
    Dump file configuration:

    [11/30/2017 00:53:39 SERVIDOR  - From TS_MachineMemoryDumps.ps1 Line: 296]

    Name                           Value                                            
    ----                           -----                                            
    spaceavailable                 True                                             
    configrequired                 True                                             
    recent                         True                                             
    corrupt                        False                                            
    present                        True                                             
    [12:54:47 AM SERVIDOR  -  -    2] [Utils_CTS] Running PostProcessingScriptBlock
    [12:54:47 AM SERVIDOR  - utils_CTS.ps1 - 1735] [Collect-DiscoveryFiles] Discovery execution log could not be found at C:\Windows\TEMP\SDIAG_cb447a41-eae2-4983-9387-982cac964c93\SERVIDOR _DiscoveryExecutionLog.log
    [12:54:47 AM SERVIDOR  - utils_CTS.ps1 - 1740] [CollectFiles] Collecting File(s):

              Section    : Config Explorer Files
              Description: Config Explorer Discovery Report
              Files      : SERVIDOR _DiscoveryReport.xml
                         ----------------------------------
                         | [12:54:47 AM] SERVIDOR _DiscoveryReport.xml
                         ----------------------------------
    [12:54:48 AM SERVIDOR  - utils_CTS.ps1 - 1741] [CollectFiles] Collecting File(s):

              Section    : Config Explorer Files
              Description: Config Explorer Debug
              Files      : SERVIDOR _DiscoveryDebugLog.xml
                         ----------------------------------
                         [CollectFiles] SERVIDOR _DiscoveryDebugLog.xml: The system cannot find the file(s) specified
                         ----------------------------------
    [12:54:48 AM SERVIDOR  - TS_MachineMemoryDumps.ps1 -  452] [Run-DiagExpression]: Starting .\TS_DumpCollector.ps1 -MaxFileSize 1 -MaxFilesToCopy 10 -CopyMachineMemoryDump -CopyMachineMiniDumps
    [12:54:48 AM SERVIDOR  - TS_DumpCollector.ps1 -   57] [RunCMD] Running Command (Collect Files: True):

                          cscript.exe DumpCollector.VBS /GenerateScriptedDiagxmlAlerts /CopyMachineMemoryDump /CopyMachineMiniDumps /MaxSize:1 /MaxFiles:10 /cdbpath:C:\Windows\TEMP\SDIAG_cb447a41-eae2-4983-9387-982cac964c93\cdb.exe /debuginfo

    --[Stdout-Output]---------------------

    Microsoft (R) Windows Script Host Version 5.8
    Copyright (C) Microsoft Corporation. All rights reserved.


    Dump Collector Script
    Revision 4.7.16b
    2008-2010 Microsoft Corporation

    Command line arguments:
    -----------------------
       Copy Memory Dumps
       Copy Mini Machine Dumps
       Obtain Debugger information from dumps
       Debugger Path:
             C:\Windows\Temp\SDIAG_cb447a41-eae2-4983-9387-982cac964c93\cdb.exe
       Maximum number of files per collection: 10
       Maximum dump file size                : 1 MB
       Generate Scripted Diagnostic XML Alerts

    Creating SERVIDOR _DumpReport.txt...

    Memory dump report from : SERVIDOR 
    Local time : 11/30/2017 12:54:48 AM

     -- General Information
     -- Memory Information
     -- Windows Error Reporting Information
     -- Machine memory dump configuration information
     -- Pagefile Settings
     -- Machine memory dumps file information

    Memory Dump
    ------------
     --   File C:\Windows\MEMORY.DMP
        - File added to the Analyzer queue.

    Mini Dumps
    ----------
     -- File C:\Windows\Minidump\112917-20781-01.dmp


           [30/11/2017 00:54:49] - Compressing files to 'C:\Windows\Temp\SDIAG_cb447a41-eae2-4983-9387-982cac964c93\SERVIDOR _DMP_112917-20781-01.zip': 
                                     -> 112917-20781-01.dmp
           [30/11/2017 00:54:49] - Done.

        - File added to the Analyzer queue.
     -- File C:\Windows\Minidump\112817-19718-01.dmp


           [30/11/2017 00:54:49] - Compressing files to 'C:\Windows\Temp\SDIAG_cb447a41-eae2-4983-9387-982cac964c93\SERVIDOR _DMP_112817-19718-01.zip': 
                                     -> 112817-19718-01.dmp
           [30/11/2017 00:54:50] - Done.

        - File added to the Analyzer queue.
     -- File C:\Windows\Minidump\112817-22468-01.dmp


           [30/11/2017 00:54:50] - Compressing files to 'C:\Windows\Temp\SDIAG_cb447a41-eae2-4983-9387-982cac964c93\SERVIDOR _DMP_112817-22468-01.zip': 
                                     -> 112817-22468-01.dmp
           [30/11/2017 00:54:50] - Done.

        - File added to the Analyzer queue.
     -- File C:\Windows\Minidump\112717-20343-01.dmp


           [30/11/2017 00:54:50] - Compressing files to 'C:\Windows\Temp\SDIAG_cb447a41-eae2-4983-9387-982cac964c93\SERVIDOR _DMP_112717-20343-01.zip': 
                                     -> 112717-20343-01.dmp
           [30/11/2017 00:54:50] - Done.

        - File added to the Analyzer queue.
     -- File C:\Windows\Minidump\112517-20437-01.dmp


           [30/11/2017 00:54:51] - Compressing files to 'C:\Windows\Temp\SDIAG_cb447a41-eae2-4983-9387-982cac964c93\SERVIDOR _DMP_112517-20437-01.zip': 
                                     -> 112517-20437-01.dmp
           [30/11/2017 00:54:51] - Done.

        - File added to the Analyzer queue.
     -- File C:\Windows\Minidump\112417-25140-01.dmp
     -- File C:\Windows\Minidump\112417-19515-01.dmp
     -- File C:\Windows\Minidump\112417-24046-01.dmp
     -- File C:\Windows\Minidump\112317-22406-01.dmp
     -- File C:\Windows\Minidump\111417-20250-01.dmp
     -- File C:\Windows\Minidump\111417-29531-01.dmp

    TDR Dumps
    ----------
     -- TDR Dumps
     -- Status Folder C:\Windows\LiveKernelReports\WATCHDOG does not exist

    Windows Error Reporting Process User Dumps
    ------------------------------------------
     -- Windows Error Reporting User Dumps
     -- File C:\Users\Administrator\AppData\Local\CrashDumps\mmc.exe.6148.dmp
        - File added to the Analyzer queue.

    Windows Error Reporting Dumps
    -----------------------------
     -- Windows Error Reporting Events from past 30 days
        Analyzing file: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\Kernel_50_6546ec0e8ca65bdd48cd69f249a131479f7d_00000000_cab_0d208a6a\Report.wer
                 Event: Shut down unexpectedly (BlueScreen) Application: Windows
        Analyzing file: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportQueue\Kernel_50_f5c35da79edbb4b1b72318c9f3865c75074f6e0_00000000_cab_00e06695\Report.wer
                 Event: Shut down unexpectedly (BlueScreen) Application: Windows
        Analyzing file: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\Kernel_50_2dbb106f36c69fef257118a735ef3866a84ddb_00000000_cab_00e06608\Report.wer
                 Event: Shut down unexpectedly (BlueScreen) Application: Windows
        Analyzing file: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\Kernel_50_e37ec886353c2b324ba3b6e63318ccd2a913_00000000_cab_0fade3b4\Report.wer
                 Event: Shut down unexpectedly (BlueScreen) Application: Windows
        Analyzing file: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\Kernel_50_2c35e26d86efa3aa2b55d6168357656b822e_00000000_cab_1cd1c4b9\Report.wer
                 Event: Shut down unexpectedly (BlueScreen) Application: Windows
        Analyzing file: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\Kernel_50_ddd887ded784fdd64bf7d1202357676e88356880_00000000_cab_0e460872\Report.wer
                 Event: Shut down unexpectedly (BlueScreen) Application: Windows
        Analyzing file: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\Kernel_50_54f35aa97e479bdb6a21afad9faa97da54940_00000000_cab_129f1d41\Report.wer
                 Event: Shut down unexpectedly (BlueScreen) Application: Windows
        Analyzing file: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_a_e322843efaaa825ecf41189ab131038adce9fe6_00000000_cab_1035ca86\Report.wer
                 Event: Shut down unexpectedly (BlueScreen) Application: Windows
        Analyzing file: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\Kernel_50_b389d92e4a31e67efdb23d1ae4188a3d2e8171e0_00000000_cab_04940fb3\Report.wer
                 Event: Shut down unexpectedly (BlueScreen) Application: Windows
        Analyzing file: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_mmc.exe_ae88718656ea5772d18c1ca5d8ecc685df6eaa_433512da_14c36b17\Report.wer
                 Event: Stopped working (CLR20r3) Application: Microsoft Management Console
        Analyzing file: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_Microsoft Window_bd5996727e9ea1acda90841fa2c99a88df4fb9d6_00000000_cab_0d8db9bb\Report.wer
                 Event: Problem not fixed (ScriptedDiagFailure) Application: Diagnostics Troubleshooting Wizard
        Analyzing file: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\Kernel_50_dc461bccf275259ae21ba0e3a81b3848e99af0_00000000_cab_0f014be8\Report.wer
                 Event: Shut down unexpectedly (BlueScreen) Application: Windows
        Analyzing file: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\Kernel_50_87f7f9605c1c1147b697c589808bc23f9a868_00000000_cab_0858cf5c\Report.wer
                 Event: Shut down unexpectedly (BlueScreen) Application: Windows

    Analyzing memory dumps information
    ----------------------------------
     -- Opening C:\Windows\MEMORY.DMP in debugger...
        STOP Error: 00000050 (ffffe001`b5564000, 00000000`00000001, fffff800`eb4762d8, 00000000`00000000)
     -- Opening C:\Windows\Minidump\112917-20781-01.dmp in debugger...
        STOP Error: 00000050 (ffffe001`b5564000, 00000000`00000001, fffff800`eb4762d8, 00000000`00000000)
     -- Opening C:\Windows\Minidump\112817-19718-01.dmp in debugger...
        STOP Error: 00000050 (ffffe000`da7d1000, 00000000`00000001, fffff800`3dc762d8, 00000000`00000000)
     -- Opening C:\Windows\Minidump\112817-22468-01.dmp in debugger...
        STOP Error: 00000050 (ffffe001`812f5000, 00000000`00000001, fffff801`c03d62d8, 00000000`00000000)
     -- Opening C:\Windows\Minidump\112717-20343-01.dmp in debugger...
        STOP Error: 00000050 (ffffe000`b2a55000, 00000000`00000001, fffff801`e9da82d8, 00000000`00000000)
     -- Opening C:\Windows\Minidump\112517-20437-01.dmp in debugger...
        STOP Error: 00000050 (ffffe000`5c5929d6, 00000000`00000001, fffff801`a5a01c60, 00000000`00000000)
     -- Opening C:\Users\Administrator\AppData\Local\CrashDumps\mmc.exe.6148.dmp in debugger...
        User Mode Process: C:\Windows\System32\mmc.exe

    Building XSLT File...
    Building file: 'SERVIDOR _DumpReport.htm'
    Closing file : 'SERVIDOR _DumpReport.txt'
    Writing file : 'SERVIDOR _DumpReportAlerts.XML'
    Script completed in 37 seconds.

    ****** Script Finished ******
    --[Finished-Output]-------------------
    [12:55:25 AM SERVIDOR  - TS_DumpCollector.ps1 -   57] [RunCMD] Collecting Output Files... 
    [12:55:25 AM SERVIDOR  - TS_DumpCollector.ps1 -   57] [CollectFiles] Collecting File(s):

              Section    : Memory dump related information
              Description: Memory Dump Report
              Files      : SERVIDOR _DumpReport.htm SERVIDOR _DumpReport.txt
                         ----------------------------------
                         | [12:55:25 AM] SERVIDOR _DumpReport.htm
                         | [12:55:25 AM] SERVIDOR _DumpReport.txt
                         ----------------------------------
    [12:55:26 AM SERVIDOR  - TS_MachineMemoryDumps.ps1 -  452] [Run-DiagExpression]: Finished .\TS_DumpCollector.ps1 -MaxFileSize 1 -MaxFilesToCopy 10 -CopyMachineMemoryDump -CopyMachineMiniDumps
    [12:55:27 AM SERVIDOR  - utils_CTS.ps1 -   86] EndDataCollection called

    --[StandardError-Output]--------------
    --[EndOutput]-------------------------

    [11/30/2017 00:55:27 SERVIDOR  - From utils_CTS.ps1 Line: 726]
    [CollectBackgroundProcessesFiles] Deferred Stdout output from [powershell.exe -command "& { $context = $ExecutionContext.GetType().GetField('_context','nonpublic,instance').GetValue($ExecutionContext); $authMgr = $context.GetType().GetField('_authorizationManager','nonpublic,instance'); $authMgr.SetValue($context, (New-Object System.Management.Automation.AuthorizationManager 'Microsoft.PowerShell')) ;C:\Windows\TEMP\SDIAG_cb447a41-eae2-4983-9387-982cac964c93\run_discovery.ps1 }"] [Default] execution:
    --------------------------------------------------------------------------------

    [2017-11-30T00:53:39] [:2050]: [Starting Discovery]
    [2017-11-30T00:53:39] [:1804]: DiscoveryReport does not exist. Creating a new report
    [2017-11-30T00:53:39] [:2056]: [Starting Discovery] End Discovery
    [2017-11-30T00:53:39] [:310]: Status: [Informational] Preparing to run DiscoverySet [0ac3ddef-0adf-4876-a863-a15ac2ced3d8]
    [2017-11-30T00:53:39] [:310]: Status: [Informational] Obtaining Information about DiscoverySet OperatingSystemCore
    [2017-11-30T00:53:39] [:2030]: [Run-DiscoverySet] Starting DiscoverySet Execution for OperatingSystemCore [0ac3ddef-0adf-4876-a863-a15ac2ced3d8]
    [2017-11-30T00:53:40] [:1944]: [Run-DiscoveryFunction]: Starting FN_Class_BasicSysInfo
    [2017-11-30T00:53:41] [:1974]: [Run-DiscoveryFunction]: Finished FN_Class_BasicSysInfo
    [2017-11-30T00:53:47] [:2046]: [Run-DiscoverySet] Finished DiscoverySet Execution for OperatingSystemCore [0ac3ddef-0adf-4876-a863-a15ac2ced3d8]
    [2017-11-30T00:53:47] [:1996]: [Save-DiscoveryReport] Discovery report saved to C:\Windows\TEMP\SDIAG_cb447a41-eae2-4983-9387-982cac964c93\SERVIDOR _DiscoveryReport.xml

    --------------------------------------------------------------------------------
    [12:55:27 AM SERVIDOR  - utils_CTS.ps1 -  726] [CollectBackgroundProcessesFiles] Restoring number of max background process as process 4444 was started with SkipMaxParallelDiagCheck
    [12:55:27 AM SERVIDOR  - utils_CTS.ps1 -  163] Set-MaxBackgroundProcesses called with NumberOfProcesses = 4

      
    quinta-feira, 30 de novembro de 2017 04:22

Respostas

  • Este parece ser o DUMP Report correto, a formas de analisa-lo mas é bem complicado, recomendo abrir um chamado na Microsoft caso necessite da analise do dump.

    Mas o que ocorreu? Sua maquina "crashou" (tela azul) ou algum aplicativo MMC deu erro ao abrir ou fechou com algum erro?

    quinta-feira, 30 de novembro de 2017 12:31