Archive: How to Set the NT Symbolic Debugger as a Default Windows Postmortem Debugger

  • CTX105888
  • Created On  Apr 21, 2005
  • Updated On  Mar 10, 2012
  • 3 found this helpful
  • Article
  • Topic : Other
This article is no longer maintained, its content refers to a discontinued product and may be out of date. Refer to the Discontinued Product Lifecycle or Active Citrix Product pages for more information on support schedules.


This article describes how to set the NT Symbolic Debugger (NTSD) as the default Windows postmortem debugger.


Capturing a user dump inside a terminal session, or for services that do not interact with the desktop might fail if Dr. Watson, or the version of NTSD included with Windows, is configured as the default debugger.


Caution! This procedure requires you to edit the registry. Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Back up the registry before you edit it.

The NTSD is a part of the Windows installation. Set NTSD as the default debugger using the following steps:

Create a folder where the dump will be stored and give it full control permissions for users or remote desktop users. Here c:\TEMP folder is used as an example.

Set the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger


ntsd -p %ld -e %ld -g -c ".dump /f /u c:\TEMP\new.dmp; q"

On 64-bit Windows you must also change the Wow6432Node registry hive to be able to save dumps from 32-bit processes:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug

Whenever there is an exception inside a session, a dump is stored in the TEMP folder. A unique prefix is added to the dump name, for example:


Note: On some operating systems such as Windows 2003, Windows XP and later you can use the /ma switch instead of the /f switch to save additional debugging information such as handle data and thread time information. This requires the installation of Debugging Tools for Windows as the /ma switch is only supported with the version of NTSD available with these tools. Additionally, services running under accounts with minimal privileges such as Network Service may not have the rights required to launch a debugger, unless the –noio option is specified:

C:\Program Files\Debugging Tools for Windows\ntsd -noio -p %ld -e %ld -g -c ".dump /ma /u c:\TEMP\new.dmp; q"

(Assuming Debugging Tools for Windows is installed in C:\Program Files)

Debugging Tools for Windows download page:

The -noio option is available with the version of NTSD included in Windows 2003 but it fails to create dumps for some services, such as the Citrix XTE Server service, running under Network Service. Use the version of NTSD available from the Debugging Tools for Windows version 6.4 or later.

If the dump is still not generated, try to enable detailed process tracking in your local security policy then look for process creation events in the security event log to see if the postmortem debugger is launched.

To test whether NTSD is set up correctly, use the TestDefaultDebugger tool from CTX111901 – TestWER (Test Windows Error Reporting).

More Information

CTX118614 – How to Use Windows Error Reporting (WER) to capture Application Crash Dumps (User Dumps) on Windows Server 2008, Windows Vista, and Windows 7

Share your comments or find out more about this topic

Citrix Forums


| Terms of Use | Privacy | Governance