Defrag Tools: #19 - WinDbg - OCA

Play Defrag Tools: #19 - WinDbg - OCA

The Discussion

  • User profile image

    Hi Folks,

    Great work indeed.

    We have one question.

    We are having exchange server 2003 environment and we have faced number of time version bucket problems and NPP problem due to some corrupted items with user mailbox on the store on the server, we are taking the dumps using the procdump and attach for high version bucket and collect which only MS can analyze.
    So will you be able to provide us the steps to analyze the dumps and find out which user mailbox item is causing the issue?

    Thanks in advance.


  • User profile image

    [01:00] "Send to Microsoft" does go somewhere!

    Why does this fail very often in Windows 8? I often get the message that conneting to WER failed.

    [12:09] OCA 'Solutions'

    at Vista time frame this was much more useful. You got messages that the bugs are fixed in next Build which was released on connect. Since Win7 the solution are mostly wrong or misleading.

    [28:02] Bugcheck 0x133 - DPC_WATCHDOG_VIOLATION

    Why is the released hotfix KB2789962, to increase the Timespam before this bugcheck is raised, not installable on Windows 8 (only Server 2012)? I can see in the metadata that it checks for the Server-Package Sad

    [31:06] Bugcheck 0x144 - BUGCODE_USB3_DRIVER

    I've seen this often in my VMware VM. But the strange thing is, that action center thinks it is a graphic issue.

  • User profile image

    Send to Microsoft: I'm not aware of any outages to explain it.  Are you using Windows 8 or Windows 7 network device drivers?

    Solutions: The solutions are only going to be super accurate for issues that have been looked at by a human being. The odds mean that you get a generic answer more than not.  If you have an example, feel free to share it and I'll look in to the bucket's state.

    Bugcheck 0x133: With KB2789962, we recognised that certain (edge) server workloads justify continual DPC activity - usually due to disk and network DPCs. It isn't broadly released as generally, server and client workloads won't have DPCs (and ISRs) scheduled continually.

    Bugcheck 0x144: Share the dump with us (email me at - it could be that the VMware video driver is USB based.

  • User profile image

    @Pravin: You need to have private symbols to easily get to the name, path, etc. of the mailbox folder. You might be lucky and get a name using dpa and dpu. This is one of those cases where you should engage Microsoft Support and looked in to the issue at depth.

    (Fun fact: Graham and I both worked in Exchange Support before we moved to Windows Support years later)

  • User profile image

    Hi Andrew,

    Thanks for the reply.

    I know you are escalation engineer for exchange server as i have read some of the unexplained series articles by mark and the dump analysis and solutions provided by you.

    Currently we are engaging Microsoft for the dump analysis but i like to resolve problem like Version bucket which usually occur because of some corrupted item.

    so if you take a session (in Defrag Tools sessions) to analyze and resolve this kind of problems that could be great. also if you can provide step by step guide that could be awesome.

    Thanks in Advance,

  • User profile image

    My machine is no longer opening the correct architecture windbg (x64 vs x86) when I double click a dump file. The x64 version opens arbitrarily now. It was working as demonstrated by Andrew. However after setting procdump as JIT debugger that functionality went away. Is there a registry entry I should look into?

    How can I correct this?

    Thanks is advance you guys are awesome!

    OBTW please bring Graham back for more Demos!!

  • User profile image


    Thanks for your serie, I've improved my crash analysis skill a lot a since I've started watching it!

    Our software (win32/C++) does not have a huge installed base, but we still try to improve it by using error reports from Even if we don't have a huge number of entries reported, navigating the website is very slow and also managing reports (like determining new reported from older one, or if new CAB has been added to an existing report) is a very painfull process.

    I don't know how you are able to handle 100'000 of reports, but I'd guess : not through the web interface Smiley

    Any plan to improve on this area?

    Also, I'd like to hear about managing error report from a third-party point-of-view. Maybe next time you invite Graham McIntyre, you may ask him what he think about it!


    [EDIT: I've found more information on the following Q&A page from the WER team: ]


Add Your 2 Cents