Configuring your systems for full crash dumps is extremely useful, especially in VDI / SBC environments where a number of core layers make up the users desktop.
To simplify the process, decisions around the page file and enabling the various crash dump methods I wrote the following powershell function to cover all these bases.
This powershell function is system managed page file aware, allows you to configure the pagefile by a multiple of physical ram and also allows you to configure either Crash on Ctrl Scroll lock, or NMI Crash dumps all in one place.You can also specify system recovery options on the command line to tell the system what to do in the event of a crash.
As this is quite a large function, I’ve included help test for reference. Below you will find some examples of how to use this function:
enable-completememorydump
This command will enable complete memory dumps using the system specified pagefile if possible.
enable-completememorydump -setpagefilesize -pagefilelocation “c:pagefile1.sys” -multiple 2 -forcerestart
This command forces the pagefile to be Ram * 2, sets the page file location to a new file (pagefile1.sys) and forces a restart on completion.
enable-completememorydump -setpagefilesize -forcerestart
This command forces the pagefile to be Ram * 1.5 (the default) and forces a restart on completion.
enable-completememorydump -setpagefilesize -forcerestart -CrashOnCtrlScroll -NMICrashdump
This command forces the pagefile to be Ram * 1.5 (the default), enables crash on ctrlscroll and nmicrashdumps and forces a restart on completion.
enable-completememorydump -RebootafterCrash:$false -OverwriteExistingDebugFile:$false
This command enables complete memory dumps, but specifies not to restart after a crash dump, or overwrite an existing dump file.
Below you can see an example of the command line and expected output:
Click the link below to get a copy of the full function.
[sourcecode language=”PowerShell”]
<#
.SYNOPSIS
Enables Complete Memory dumps during a Bug Check
.DESCRIPTION
This command will size the page file if neccessary and configure Complete memory dumps
.PARAMETER SetPageFileSize
Tells the command whether you wish to set the page file size during the operation. This may be needed on systems where the pagefile is set to system managed
.PARAMETER ForceRestart
Tells the command whether to force restart after configuring the system correctly.
.PARAMETER PagefileLocation
This is an optional parameter if you wish to specify the location of the pagefile during the operation. Use with the SetPageFileSize switch.
.PARAMETER Multiple
This is an optional parameter if you wish to specify by what portion to caculate the pagefile size vs physical RAM. By default this option is 1.5
.PARAMETER NMICrashdump
Enables NMI Crashdumps as per: http://support.microsoft.com/kb/927069
.PARAMETER CrashOnCtrlScroll
Enables Crashdumps when [CTRl] + [Scroll lock] + [Scroll lock] is pressed, as per: http://support.microsoft.com/kb/244139
.PARAMETER RebootAfterCrash
Enables Specifies whether the system should reboot after a crashdump (enabled by default)
.PARAMETER Overwriteexistingdebugfile
Enables Specifies whether the system should overwrite a debug file if it already exists (enabled by default)
.PARAMETER SendAdminAlert
Enables Specifies whether the system should send an administrative alert (enabled by default)
.PARAMETER DumpFileLocation
Enables Specifies where the system should write the dump file (c:memory.dmp by default)
.EXAMPLE
PS C:> enable-completememorydump
This command will enable complete memory dumps using the system specified pagefile if possible.
.EXAMPLE
PS C:> enable-completememorydump -setpagefilesize -pagefilelocation "c:pagefile1.sys" -multiple 2 -forcerestart
This command forces the pagefile to be Ram * 2, sets the page file location to a new file (pagefile1.sys) and forces a restart on completion.
.EXAMPLE
PS C:> enable-completememorydump -setpagefilesize -forcerestart
This command forces the pagefile to be Ram * 1.5 (the default) and forces a restart on completion.
.EXAMPLE
PS C:> enable-completememorydump -setpagefilesize -forcerestart -CrashOnCtrlScroll -NMICrashdump
This command forces the pagefile to be Ram * 1.5 (the default), enables crash on ctrlscroll and nmicrashdumps and forces a restart on completion.
.EXAMPLE
PS C:> enable-completememorydump -RebootafterCrash:$false -OverwriteExistingDebugFile:$false
This command enables complete memory dumps, but specifies not to restart after a crash dump, or overwrite an existing dump file.
.INPUTS
Strings and switches.
.OUTPUTS
Page file settings.
.NOTEStest
http://www.andrewmorgan.ie
.LINK
na
#>
function enable-completememorydump{
param(
[switch]$RebootafterCrash=$True,
[switch]$OverwriteExistingDebugFile=$True,
[switch]$SendAdminAlert=$true,
[switch]$SetPageFileSize=$false,
[string]$Multiple="",
[switch]$NMICrashdump=$false,
[switch]$CrashOnCtrlScroll=$false,
[string]$dumpfilelocation="c:Memory.dmp",
[string]$PageFileLocation="C:Pagefile.sys",
[switch]$forcerestart=$false
)
#Checking Current Pagefile Configuration:
$CurrentPageFileConfig = (get-itemproperty "HKLM:SYSTEMCurrentControlSetControlSession ManagerMemory Management").pagingfiles
#Calculating Current Physical RAM:
$PhysicalRam = [system.math]::round(((gwmi win32_computersystem).totalphysicalmemory /1024) /1024)
#stopping, warning and handling if pagefile configuration is system managed
if ($CurrentPagefileconfig -eq "?:Pagefile.sys"){
$IsPageFileSystemManaged=$true
}#endif (check for system managed page file)
#pagefile isnt system managed
Else{
$CurrentPagefilelocation = $CurrentPageFileConfig[0].split("")[0]
$CurrentPagefileInitialSize = $CurrentPagefileConfig[0].split(" ")[1]
$CurrentPagefileMaximumSize = $CurrentPagefileConfig[0].split(" ")[2]
#check for legacy page file settings
if ($CurrentPagefileMaximumSize -eq "0"){
$IsPageFileSystemManaged=$true
}#end if
}#end else
if ($ispagefilesystemmanaged -eq $true)
{if ($SetPageFileSize -ne $true){
write-warning "The Pagefile is currently system managed, this can have adverse effects on the full system dump if the Pagefile is less than the ammount of Phyiscal memory available to the system. Use the -SetPageFileSize command to manually manage the Pagefile. No changes have been made."
break}
}#end if (check for system managed page file)
if ($SetPageFileSize -eq $true){
#Checking for multiple integer
if ($multiple -eq ""){
write-host "No Multiple specified for pagefile size, using the default 1.5 calculation, this will set a page file of ram * 1.5"
$Multiple=1.5}
#try here
$NewPageFileSize=[system.math]::round($PhysicalRAM * $multiple)
set-itemproperty "HKLM:SYSTEMCurrentControlSetControlSession ManagerMemory Management" -name pagingfiles -value "$Pagefilelocation $NewPagefilesize $NewPagefilesize"
Write-warning "The Pagefile has been configured, a restart is neccessary to apply changes to the Pagefile size"
}#end if for set pagefile size
#Setpage file is not specified, checking to ensure current settings can take a full memory dump:
Else{
if ($CurrentPageFileInitialSize -lt ($PhysicalRAM) + 2) {
write-warning "The current Initial Pagefile Size is not large enough to capture a full memory dump, try using the -setpagefilesize switch to size the page file appropriately"
Break}
}#end else (Check of initial size)
#Configuring Complete dumps, with options:
Get-WmiObject win32_osrecoveryconfiguration -EnableAllPrivileges | Set-WmiInstance -Arguments @{DebugInfoType=1} | out-null
Get-WmiObject win32_osrecoveryconfiguration -EnableAllPrivileges | Set-WmiInstance -Arguments @{AutoReboot=$RebootafterCrash.tobool()} | out-null
Get-WmiObject win32_osrecoveryconfiguration -EnableAllPrivileges | Set-WmiInstance -Arguments @{OverwriteExistingDebugFile=$OverwriteExistingDebugFile.tobool()} | out-null
Get-WmiObject win32_osrecoveryconfiguration -EnableAllPrivileges | Set-WmiInstance -Arguments @{DebugFilePath=$dumpfilelocation} | out-null
Get-WmiObject win32_osrecoveryconfiguration -EnableAllPrivileges | Set-WmiInstance -Arguments @{SendAdminAlert=$SendAdminAlert.tobool()} | out-null
#pulling new configuration to be returned at end of function
$NewPagefileconfig = (get-itemproperty "HKLM:SYSTEMCurrentControlSetControlSession ManagerMemory Management").pagingfiles
if ($NMICrashdump -eq $true){
if (!(test-path "HKLM:SYSTEMCurrentControlSetControlCrashControl")){
new-item -path "HKLM:SYSTEMCurrentControlSetControlCrashControl" -itemtype Directory -force | out-null}
#write-host "enabling NMI crashing"
set-itemproperty "HKLM:SYSTEMCurrentControlSetControlCrashControl" -name NMICrashDump -Type DWORD -value 1
}
if ($CrashOnCtrlScroll -eq $true){
#write-host "enabling ctrl scroll crashing"
#usb keyboards
if (!(test-path "HKLM:SystemCurrentControlSetServiceskbdhidParameters")){
new-item -path "HKLM:SystemCurrentControlSetServiceskbdhidParameters" -itemtype Directory -force | out-null}
set-itemproperty "HKLM:SystemCurrentControlSetServiceskbdhidParameters" -name CrashOnCtrlScroll -Type DWORD -value 1
#ps2 keyboards
if (!(test-path "HKLM:SystemCurrentControlSetServicesi8042prtParameters")){
new-item -path "HKLM:SystemCurrentControlSetServiceskbdhid" -itemtype Directory -force | out-null}
set-itemproperty "HKLM:SystemCurrentControlSetServicesi8042prtParameters" -name CrashOnCtrlScroll -Type DWORD -value 1
}
#Forcing a restart if wanted:
if ($forcerestart -eq $true)
{restart-computer
}#end restart if
return $NewPagefileconfig
}#end function
[/sourcecode]
Pingback: Fix Memory Dump Group Policy Errors - Windows XP, Vista & Windows 7, 8