How to trigger a memory dump from a Windows virtual machine
Article ID: CTX123177
Updated On:
Description
This article describes how to trigger and capture a memory dump from a Windows Virtual Machine (VM) running on a XenServer 8 or Citrix Hypervisor 8.2 CU1 host. Refer to the Microsoft KB article, Generate a kernel or complete crash dump for more information.
Troubleshooting unresponsive Windows VMs running on XenServer or Citrix Hypervisor can be difficult. In some cases, it is necessary to obtain a complete memory dump from the system and analyze it to find the root cause of an issue.
Instructions
To be able to capture a memory dump from a Windows VM running on XenServer 8 or Citrix Hypervisor 8.2 CU1, you must first configure the memory dump settings. For more information, see Enable memory dump setting.
By default, the complete memory dump option is disabled. You can enable the option if your computer has less than 2 GB of physical RAM. To enable the complete memory dump option, manually set the CrashDumpEnabled registry entry to 0x1 in the following registry sub-key and restart Windows:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl
Caution! Refer to the Disclaimer at the end of this article, before editing the registry.
There are two methods in which you can trigger a memory dump:
Method 1 - using the xe CLI (preferred)
It is possible to trigger the Blue Screen Of Death (BSOD) in the Windows VM from the host. Windows refers to the invalid address as Return Instruction Pointer (RIP) 0xf001. If the kernel processes this invalid address, it crashes the operating system, generating a blue screen STOP error.
- Open a text console (in XenCenter or by using SSH) to XenServer 8 or Citrix Hypervisor 8.2 CU1 where the VM is running.
- Get the domain ID from the VM from which you would like to collect a memory dump:
xe vm-param-get uuid=<vm_uuid> param-name=dom-id
- Use the domain ID obtained from the step 2 and run the following command:
# xl trigger <dom_id> nmi
e.g. # xl trigger 2 nmi
- The Windows VM displays the common blue error screen and starts to dump memory to its file system.
-
After restarting the Windows VM, verify if a memory file dump is created in the configured location.
Method 2 - using XenCenter
Considerations when using this method:
- This method requires additional registry settings such as CrashOnCtrlScroll under HKLM\System\CurrentControlSet\Services\i8042prt\Parameters.
- This method does not work remotely due to scan code mismatch (e.g., XenCenter on a published desktop session).
- This method does not work if the vCPU is hanging or the drivers encounter an issue.
Follow these steps to generate a Windows memory dump by using special keyboard shortcuts/sequences:
- The console keyboard shortcut bindings in XenCenter might interfere with the ability to send the shortcut key sequence to the VM. To confirm, go to Tools > Options > Console in XenCenter.
- Ensure that “Share clipboard contents with remote console” is selected.
- Ensure that “Left Alt” is selected for the “Release keyboard and mouse” option.
- Click OK.
- Trigger the memory dump:
You can use the following shortcut to trigger a memory dump:
Press the Ctrl key and Scroll Lock key twice (Ctrl+ScrLk+ScrLk).
XenServer and Citrix Hypervisor VMs present the keyboard device to Windows using a virtual PS/2 port. Therefore, the configuration changes required to enable the manual crash dump must be specifically implemented for PS/2 devices, which Windows reads in the registry as i8042 port.
Refer to the article, Forcing a System Crash from the Keyboard, which includes instructions for configuring Windows to crash manually using a PS/2 type keyboard.
Note: The DumpConfigurator.hta file or tool provides a single location to make all the settings necessary for obtaining a complete memory dump including the keyboard shortcut configuration.
Environment
Issue/Introduction
Additional Information
