Windows Explored

Everyday Windows Desktop Support, Advanced Troubleshooting & Other OS Tidbits

Posts Tagged ‘Crash’

« Previous Entries

Crashing Terminal Session with Latest Citrix Receiver

Posted by William Diaz on August 17, 2012


After installing the latest Citrix Receiver 3.3, one of our techs began to experience crashes of their terminal sessions after about 1-2 minutes. I connected to my lab and installed the latest Citrix Receiver and was able to reproduce. In my case, the following error was generated: “WFICA32.EXE – Application Error. The exception Breakpoint. A breakpoint has been reached…”

CitrixReceiverErr

An error may not always be produced, though, on the desktop. If you examine the Windows Event Viewer > Application logs you should see some type of error, either in the Visual C++ Runtime 2005 or in the actual Citrix module where the fault is being encountered in. For example:

Faulting application wfica32.exe, version 13.1.201.3, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x0001574d.

 

Faulting application wfica32.exe, version 13.3.0.55, faulting module vd3dn.dll, version 13.3.0.55, fault address 0×00001021

 

After a little research, the most common culprit seems to be caused by printers that the workstation (XP SP3) cannot resolve to. These often have a status of “Unable to connect” and\or “Printer not found on server”:

image

After removing the offline printers on both the lab and the tech’s workstation, the issue went away. That being said, it might be more practical to downgrade to an earlier version of the Citrix Receiver. It’s not uncommon for network printers to be taken offline in large enterprises or decommissioned. Worse, imagine mobile users who will show all network printers as unable to connect when outside the network and trying to connect remotely to their virtual desktops. This seems specific to only Windows XP clients.

_______________________________________________________________________________________________________________

Update

I ran into this again today issue where this was happening on a user workstation even after the disconnected printers were removed. Crash dumps pointed to hpcui6dn.dll. Using the Windows local print server on the workstation, we could see that the print driver belonged to one the disconnected printers. Apparently, an “orphaned” print driver could cause the problem as well. Resolving was a simple matter of stopping and restarting the print spooler and from the local print server properties selecting Remove for the printer driver that was no longer connected.

Application exception occurred:
        App: C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE (pid=6104)
        When: 12/26/2012 @ 10:57:07.919
        Exception number: c0000005 (access violation)

FAULT ->35257cb2 c4b3029b1db1  les esi,[ebx+0xb11d9b02] ds:0023:b130883a=????????????
        35257cb8 758e             jnz     hpcui6dn+0x157c48 (35257c48)
        35257cba b0f7             mov     al,0xf7
        35257cbc 4f               dec     edi
        35257cbd ad               lodsd
        35257cbe c3               ret
        35257cbf b0b6             mov     al,0xb6
        35257cc1 b9d8812742       mov     ecx,0x422781d8
        35257cc6 852c83           test    [ebx+eax*4],ebp
        35257cc9 3aab84ce5fa5     cmp     ch,[ebx+0xa55fce84]
        35257ccf 5c               pop     esp

*—-> Stack Back Trace <—-*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr  Args to Child             
0012ec39 cf351cdd 1c932e1e 90069193 ff3531b3 hpcui6dn+0x157cb2
140012ec 00000000 00000000 00000000 00000000 0xcf351cdd

Posted in Troubleshooting | Tagged: | 2 Comments »

Help! Everything Is Crashing

Posted by William Diaz on July 25, 2012


This is an XP workstation so likely the post-mortem default debugger is capturing the exception. I UNC-navigate to \\computername\Documents and Settings\All Users\Application Data\Microsoft\DrWatson. I grab both the drwtsn32.log and user.dmp files. They have recent time stamps of the day before which means that they were likely created as a result of the issue the user was experiencing. I start by examining the log file, starting from the bottom working my way up. The user’s initial complaint was the IE was crashing when going to various websites. I expected to find iexplore.exe process crashing in the log. A few searches in the text file later, I find IE crashing on that day:

Application exception occurred:
        App: C:\Program Files\Internet Explorer\iexplore.exe (pid=6828)
        When: 7/24/2012 @ 11:28:13.701
        Exception number: c0000005 (access violation)

Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , , , | Leave a Comment »

Get Last Error

Posted by William Diaz on July 14, 2012


Often times when doing some basic crash or hang analysis on a program, !analyze –v is not going to cut it because the heuristics engine is not going to reveal an interesting stack. Or maybe I don’t know what I’m looking for. Or maybe I don’t know advanced WinDbg debug techniques. Or … whatever. I define an “interesting” stack is one that contains unexpected components. If I don’t see it, I usually move on to some other techniques.

One of the things I try when a dump has nothing to offer me is to just take a look at the last error thrown. To do this, simply employ the get last error command, !gle. For example, an Outlook crash (which can be notoriously difficult to analyze even for the advanced Windbg enthusiast) I was asked to examine where the !analyze –v heuristics engine wasn’t telling me anything meaningful (at least to me) and where !gle might help:

Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , | Leave a Comment »

When RDP “Disconnects”, It Might Be Crashing

Posted by William Diaz on June 18, 2012


It was reported by a local office technician that over the course of a few days several users were connecting to a site over the web that used Remote Desktop Connection to connect a remote desktop/terminal services session. Shortly after connecting, users complained the their session was being disconnected. The issue was initially troubleshot as possibly a local setting in the OS, such as the IE proxy or maybe the TMG firewall client, but switching to different proxy made no difference. It was then assumed that perhaps our network work was part of the problem. Port issue? Not likely, ports 443 and 3389 are too common and since the users were able to connect initially, this could be eliminated as the cause. Last, the remote site technical support was contacted and asked at what point inactive sessions were being dropped. The answer to that was 1 hour and so this, too, was eliminated as the cause.

Eventually, the issue made it my way, and the first thing I thought was that this was not specifically a “disconnect”. When I think disconnect, I’m thinking along the lines of excessive packet loss or corruption between the client and the server which results in a dropped connection. Another cause for a disconnected application could be that the client app or one of its components that handles the connection is crashing. To confirm my suspicion, I asked the local tech to provide me the name of one of the affected workstations. All the affected workstation were running Windows XP, which meant that if the RDP client was crashing, the post mortem debugger might be capturing this. I navigated across the network to \\computername\c$\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson and saw a recent drwtsn32.log and user dump.

Read the rest of this entry »

Posted in Troubleshooting | Tagged: | Leave a Comment »

The Case of the Rebooting Workstation

Posted by William Diaz on June 1, 2012


This was initially described as a log off each time the user opened Outlook. This was the first time I heard of Outlook logging someone off their system when it was opened. This sparked my curiosity, of course, so I asked the techs working on this to leave it alone until I had a chance to look after hours. I started by connecting remotely to the Windows Event Viewer for the problem workstation to see if anything obvious stood out. After about a minute, the MMC console became hung and I could no longer browse events. I thought maybe the workstation became disconnected from the network, so I waited and tried again a few minutes later. I resumed browsing the event logs … only to get disconnected again. Logging in via RDP or VNC was also a no go, as I was getting disconnected after about 2 minutes, barely enough time to get pass the initial desktop and application loading and analyze what was happening. My next approach was to query the workstation for all the running processes via PsList from SysInternals (using the Front End for PsTools); maybe something might stand out and allude to what was happening:

image

Read the rest of this entry »

Posted in Troubleshooting, Troubleshooting Tools | Tagged: , , , , | 2 Comments »

Wife.exe Crash Troubleshooting

Posted by William Diaz on May 18, 2012


Not all issues I troubleshoot are at work. Sometimes I might be sitting at home and then this somewhat buggy application starts up. It’s a random occurrence and trying to resolve its problems can be very taxing. The main reason for this is I don’t have the source code and trying to reverse-engineer it is nearly impossible because it’s data structures are not logical. But maybe we can look at its crash dump and find out what’s happening.

Looking at the dump:

Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , | 2 Comments »

The Case of the Runtime Error (or Check Your Time Zones & DST Settings)

Posted by William Diaz on May 7, 2012


One of our helpdesk technician’s in a remote office reached out to me recently and asked me to assist with an application that suddenly started crashing on him with the following error: “Microsoft Visual C++ Runtime Library. Runtime Error! This application has requested the Runtime to terminate it in an unusual way…”
image

Posted in Troubleshooting, Troubleshooting Tools | Tagged: , , , | Leave a Comment »

Troubleshooting a “Hard Hang”

Posted by William Diaz on May 7, 2012


I recently put together a quad core system from parts my brother was retiring from his home system. Soon after getting everything up and running, the new system would sometimes hard hang while working via VPN. A hard hang is when the OS becomes completely unresponsive but is still running. I had earlier prepared myself for the next instance of this encounter by enabling CrashOnCtrlScroll in the Windows registry so that the next time it happened I could manually crash the system from the keyboard and examine the memory dump with WinDbg for signs of the responsible culprit. You can read about how to enable this option in this earlier blog Forcing a System Crash on an Unresponsive PC.

Upon opening a kernel dump, the analyze –v command is a clickable hyperlink1.

Posted in Troubleshooting | Tagged: , , , | Leave a Comment »

More Process Crash Troubleshooting

Posted by William Diaz on March 2, 2012


A user called in and requested one of our technicians to assist in removing some annoying autorun applications. Upon opening the Control Panel and going to Add or Remove Programs in Windows XP, the rundll32.exe process was crashing. The same applied for any process that required a CPL to run:
image
I was asked to assist and started by going to C:\Documents and Settings\username\Application Data\Microsoft\ Dr Watson. I opened the drwtsn32.log and scrolled to the bottom, confirming that some error in rundll32.exe was being encountered: Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , | Leave a Comment »

Unraveling and Resolving An Outlook Crash with Process Monitor

Posted by William Diaz on March 2, 2012


While trying to import documents into our document management system via Outlook, Outlook would just abruptly close on the user. I started the initial troubleshooting by disabling a couple 3rd party add-ins in HKLM and HKCU\Software\Microsoft\Office\Outlook\Addins that were not part of the normal image. This can be done by modifying the load behavior of the add-in (see this MSDN article for details), but this had no effect on correcting the behavior. I thought about capturing a crash dump of Outlook but decided to not waste any time there because, at this point, with the add-ins disabled, I likely was not going to see anything but the document management modules in the dump.

Instead, I turned to Process Monitor; perhaps it might reveal what Outlook was doing just before it crashed and give me some important clues. I set a filter to monitor only outlook.exe, dragged an item into the document management space in Outlook and waited for it to crash after clicking Save. Afterwards, I scrolled to end of the log, working my way up. I also added a filter to only include registry activity and then process and thread activity so I could quickly see where Outlook was crashing: Read the rest of this entry »

Posted in Office, Troubleshooting | Tagged: , , | Leave a Comment »

« Previous Entries
 
Follow

Get every new post delivered to your Inbox.