What Killed the Windows Process? it comes in mind… Guys this is a big and taunting question for me, when I am working on Problem tickets as we need to get the permanent solution of these sort of issue and also need to provide the root cause analysis.

Once you identify a Root cause and you need to make sure you are also providing good and solid corrective action as well along with RCA.

I have seen there are some occasions where cross process termination taken place, where one affected process kills another process.

Analyzing and identifying these behavior is bit grim but yes there is an easy solution which is called “Silent Process Exit Monitoring” exists Windows 7/2008R2 and later OS’s.

 

There is a GUI utility called GFlags.exe which includes in Windows Debugging toolkit

Gflags01

Gflags02-What killed the Windows Process

What killed the Windows Process

And download from

Just before the quick steps Lets discuss about the GFlags a bit

GFlags (Global Flags Editor) gflags.exe, it enables and disables advance debugging, diagnostic and troubleshooting features. It is most often used to turn on indicators that other tools tracks, counts and logs.

New Features of GFlags

a)      Page heap verification. GFlags now includes the functions of PageHeap (pageheap.exe), a tool that enables heap allocation monitoring. PageHeap was included in previous versions of Windows.

b)      No reboot required for the Special Pool feature. On Windows Vista and later versions of Windows, you can enable, disable, and configure the Special Pool feature without restarting (“rebooting”) the computer. For information, see Special Pool.

c)       Object Reference Tracing. A new flag enables tracing of object referencing and object dereferencing in the kernel. This new feature of Windows detects when an object reference count is decremented too many times or not decremented even though an object is no longer used. This flag is supported only in Windows Vista and later versions of Windows.

d)      New dialog box design. The GFlags dialog box has tabbed pages for easier navigation.

 

For more info on GFlags Details

To enable the monitoring with the following quick steps

1) Run GFLAGS.EXE and select the Silent Process Exit tab.

Gflags Silent Process Exit - What killed the Windows Process

What killed the Windows Process

2) Type the name of the process that is exiting unexpectedly.

Gflags Process Name

What killed the Windows Process

3) Hit the TAB key on the keyboard to refresh the GUI.

4) Check the following boxes:

a. Enable Silent Exit Process Monitoring

Gflags Enable Silent Process Exit Monitorring

What killed the Windows Process

This enables the feature and tracks silent process exits in the application event log.

(Event ID: 3001)

b. Enable Notification

This optionally creates a balloon popup with the same information in the event log.

c. Ignore Self Exits

Gflags Enable Notofication and Ignore Self Exits

This prevents superfluous logging when the application exits gracefully, such as when File / Exit is selected from a menu.

5) Click OK to save the change and exit the GFLAGS tool.

Gflags03

What killed the Windows Process

Note : This will come to in affect once we click and apply as it not required any reboot of the Server

When another process forces termination of the monitored process, the offending process name is listed in a balloon popup and in the application event log. (If this option is selected)

Gflags04

newsletter-aik

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!