When you have a computer that is frozen but not crashing, you might need to have an analysis done on a DMP file produced while the machine is in its hung state.

You may want to use the CTRL+SCROLL LOCK+SCROLL LOCK keyboard shortcut to generate a crash dump file. This shortcut may be useful in debugging a problem that causes a VM to stop responding or crash.
However, sometimes this standard method does not work. It turns out there is another, even lower level method available to generate a Windows crash dump from a VM: by using a Non-Maskable Interrupt (NMI).

 

---

Instructions

Use the MSFT KB 927069 at:

http://support.microsoft.com/kb/927069

Set this key first before Windows will be able to generate a dump file on an NMI:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl

Right-click CrashControl, point to New, and then click DWORD Value.  Type NMICrashDump, and then press ENTER. Right-click NMICrashDump, and then click Modify. In the Value data box, type 1, and then click OK.

Restart the computer.

Then use the VMware KB 1009187 at:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009187

This method is known to work on ESXi 5.x/5.5  To send the NMI to the VM. You will need a terminal session on the ESX host running the VM.

First run the following to get the world ID for the VM you intend to crash:

esxcli vm process list

Then run the following to immediately crash the VM, double check what you type for the world ID. You should see a blue screen and some mention of the dump file being saved:

vmdumper <world id> nmi

Now look for the dump file in either C:\Windows\memory.dmp or C:\Windows\minidump\some_file.dmp