How to Configure Memory Dumps on Windows Server 2022

In this article, we’ll explain how to configure memory dumps on Windows Server 2022, though the process will be similar for other versions of Windows.

A memory dump, also known as a “core dump” or “crash dump” is a file that contains what was stored in the RAM before a system failure or any other given point. The system creates this file automatically when something goes wrong, but it’s also possible to generate one manually.

There are many different options when creating a memory dump and, depending on your settings, it may contain all of the memory, part of it, or just information related to a specific process. As a result, just as the size of your RAM can vary significantly, so too can the size of the dump file.

In any case, memory dumps can be extremely useful when something goes wrong as they can be analysed by the sysadmin to work out why the system failed and what to do about it.

In fact, memory dump files tend to be used a lot in digital forensics.

 

How to Configure Memory Dumps on Windows Server 2022

Before you get started…

To successfully complete this tutorial, you will need the following:

 

Configuring Memory Dumps

The first thing you need to do is check what your current memory dump settings are. Once you’ve done that, you can modify them to suit your needs.

To do this, log on to the server as an administrator and open the Control Panel. The quickest way to do this is to simply type “Control Panel” (1) in the search bar and click on the app in the results (2).

Open the Control Panel
Open the Control Panel

Next, click on System (3).

Click on System in the Control Panel
Click on System in the Control Panel

Then, on the right-hand side of the next screen, click on “Advanced system settings” (4).

Click on Advanced system settings
Click on Advanced system settings

At this point, a new window will appear. Click on the “Advanced” tab (5) and then, under Start-up and Recovery”, click on Settings… (6).

Click on "Settings..." in the Start-up and Recovery section
Click on “Settings…” in the Start-up and Recovery section

Next, the Start-up and Recovery window will open, showing a range of different options.

Here, you should leave the “Time to display list of operating systems” (7) and “Automatically restart” (8) checkboxes both ticked.

Under “Write debugging information”, you will need to choose what type of memory dump you wish to generate (10). The available options are:

  • None.
  • Small memory dump (256 KB).
  • Kernel memory dump.
  • Automatic memory dump.
  • Active memory dump.

NOTE: If you’d like to learn more about these options, we’ve provided an explanation of each one at the end of this article.

We recommend using “Kernel memory dump” (9).

Below, you’ll see the Dump file field where you can set the name of the file that will be created. By default, this is set to “%SystemRoot%\MEMORY.DMP” (11).

Lastly, you need to decide what you want to do with existing memory dumps (12). For example, you can choose to delete them when you run out of disk space by unticking the option “Disable automatic deletion of memory dumps when disk space is low”. You can also decide to overwrite existing dumps by ticking the “Overwrite any existing file” checkbox.

Selecting the Start-up and Recovery options for your machine
Selecting the Start-up and Recovery options for your machine

Once you’ve made all your choices click on OK, and you will need to restart the server for the changes to take effect.

NOTE: In the Dump file field, “MEMORY.DMP” corresponds to the filename with the extension .dmp and “%SystemRoot%” is a system variable that, in this case, refers to “C:\Windows\”.

Illustration that %SystemRoot% refers to the Windows folder
Illustration that %SystemRoot% refers to the Windows folder

Congratulations, you have now configured your memory dump settings!

 

Explanation of “Write debugging information” Options

Just now, we mentioned the “Write debugging information” options but we didn’t provide any further details. So, here’s a quick description of each one:

  • None: If you select this, no memory dump will be generated.
  • Small memory dump (256 KB): This records the smallest set of useful information to help you troubleshoot the problem. To use this option, you’ll need a paging file of at least 2MB on the boot volume, as well as a version of Windows Server from this millennium (WS2K or later), which isn’t asking a lot really.
  • This dump file stores the following:
    • The Stop message and its parameters and other data.
    • A list of drivers loaded on the system.
    • The processor context (PRCB) for the processor that stopped.
    • The EPROCESS for the process that stopped.
    • The ETHREAD for the thread that stopped.
    • The kernel-mode call stack for the thread that stopped.
  • Kernel memory dump: This records only the kernel memory, which speeds up the process of recording information when the machine stops unexpectedly. To use this option, you’ll need a paging file big enough to accommodate the kernel memory. This tends to be between 150 MB and 2 GB. This file won’t include any unallocated memory or memory allocated to user-mode programs. However, it will save memory allocated to the kernel, hardware abstraction layer (HAL) and kernel-mode drivers.
  • Automatic memory dump: Stores all the contents of the system memory when the machine stops unexpectedly. This may contain data from processes that were running when the memory dump is generated. For this option, the paging file will need to be on the boot volume and be big enough to hold all the physical RAM plus 1 MB more. So, for example, if you have 16 GB of RAM, the paging file will need to be 16 GB + 1 MB.
  • Active memory dump: This only records the memory active when the machine stops. This dump is only partial, but it’s relatively quick.

 

Summary

In this tutorial, you’ve learnt how to configure memory dumps on Windows Server 2022 using the Windows graphic interface. This way, if you have an unexpected system failure, you will have valuable information to help you troubleshoot the problem (depending on your settings).

Today, we’ve just looked at the basic configuration options, but in the future, we’ll go into more detail about how to extract and analyse dumps as well.

If you have any problems following this tutorial, don’t hesitate to contact us so we can help you out.

Thanks for reading!

Categorias:Servidores