This article describes how to set the NT Symbolic Debugger (NTSD) as the default Windows postmortem debugger.
Capturing a user dump inside a terminal session, or for services that do not interact with the desktop might fail if Dr. Watson, or the version of NTSD included with Windows, is configured as the default debugger.
Caution! This procedure requires you to edit the registry. Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Back up the registry before you edit it.
The NTSD is a part of the Windows installation. Set NTSD as the default debugger using the following steps:
Create a folder where the dump will be stored and give it full control permissions for users or remote desktop users. Here c:\TEMP folder is used as an example.
Set the following key:
ntsd -p %ld -e %ld -g -c ".dump /f /u c:\TEMP\new.dmp; q"
On 64-bit Windows you must also change the Wow6432Node registry hive to be able to save dumps from 32-bit processes:
Whenever there is an exception inside a session, a dump is stored in the TEMP folder. A unique prefix is added to the dump name, for example:
Note: On some operating systems such as Windows 2003, Windows XP and later you can use the /ma switch instead of the /f switch to save additional debugging information such as handle data and thread time information. This requires the installation of Debugging Tools for Windows as the /ma switch is only supported with the version of NTSD available with these tools. Additionally, services running under accounts with minimal privileges such as Network Service may not have the rights required to launch a debugger, unless the –noio option is specified:
C:\Program Files\Debugging Tools for Windows\ntsd -noio -p %ld -e %ld -g -c ".dump /ma /u c:\TEMP\new.dmp; q"
(Assuming Debugging Tools for Windows is installed in C:\Program Files)
Debugging Tools for Windows download page: http://www.microsoft.com/whdc/devtools/debugging/default.mspx
The -noio option is available with the version of NTSD included in Windows 2003 but it fails to create dumps for some services, such as the Citrix XTE Server service, running under Network Service. Use the version of NTSD available from the Debugging Tools for Windows version 6.4 or later.
If the dump is still not generated, try to enable detailed process tracking in your local security policy then look for process creation events in the security event log to see if the postmortem debugger is launched.
To test whether NTSD is set up correctly, use the TestDefaultDebugger tool from CTX111901 – TestWER (Test Windows Error Reporting).