Archive for the ‘Troubleshooting’ Category
Posted by William Diaz on June 1, 2012
This was initially described as a log off each time the user opened Outlook. This was the first time I heard of Outlook logging someone off their system when it was opened. This sparked my curiosity, of course, so I asked the techs working on this to leave it alone until I had a chance to look after hours. I started by connecting remotely to the Windows Event Viewer for the problem workstation to see if anything obvious stood out. After about a minute, the MMC console became hung and I could no longer browse events. I thought maybe the workstation became disconnected from the network, so I waited and tried again a few minutes later. I resumed browsing the event logs … only to get disconnected again. Logging in via RDP or VNC was also a no go, as I was getting disconnected after about 2 minutes, barely enough time to get pass the initial desktop and application loading and analyze what was happening. My next approach was to query the workstation for all the running processes via PsList from SysInternals (using the Front End for PsTools); maybe something might stand out and allude to what was happening:
Read the rest of this entry »
Posted in Troubleshooting, Troubleshooting Tools | Tagged: Autoruns, Crash, Dump, Malware, WinDbg | 2 Comments »
Posted by William Diaz on June 1, 2012
This mysterious issue arrived to me as an email from another technician. His caller wanted to know why an HTML linked image was not displaying in her Outlook message, instead displaying the red X. When I received the message, I could see the image. The obvious difference was that I was using Outlook 2010 & IE 9. The user and the technician were Outlook 2003 and IE 8. The difference between the two is that Outlook 2003 uses IE to render html content, whereas Outlook 2010 uses Word. Figuring the message content was privy to Outlook 2010, I wanted to open the image link in IE9. To get the image link, view the email as raw html by right-clicking an empty portion of the message and selecting View Source. You might need to scroll a bit depending upon how much html formatting there is but you can locate the image link by looking for src= like in the example below or the image extension:
Read the rest of this entry »
Posted in Troubleshooting | Tagged: Internet Explorer | Leave a Comment »
Posted by William Diaz on May 18, 2012
Not all issues I troubleshoot are at work. Sometimes I might be sitting at home and then this somewhat buggy application starts up. It’s a random occurrence and trying to resolve its problems can be very taxing. The main reason for this is I don’t have the source code and trying to reverse-engineer it is nearly impossible because it’s data structures are not logical. But maybe we can look at its crash dump and find out what’s happening.
Looking at the dump:
Read the rest of this entry »
Posted in Troubleshooting | Tagged: Crash, Dump, WinDbg | 2 Comments »
Posted by William Diaz on May 14, 2012
After logging onto my main home PC and opening IE, I noticed lag while repositioning the window around the screen. I opened the Task Manager, sorted by the CPU column and saw no single process reporting excessive usage:
Nor was the hard disk light blinking or solid. However, looking at the Performance tab revealed two of the CPU cores hovering around 100%:
Read the rest of this entry »
Posted in Troubleshooting, Troubleshooting Tools | Tagged: Performance | Leave a Comment »
Posted by William Diaz on May 10, 2012
A lot of vague networking issues on user workstations are sometimes troubleshot by running the netsh winsock reset catalog command, often without knowing what it does. When you run this command, you are resetting the layered service providers that come with Windows and removing all others that did not come with Windows. These “others” might be MS firewall clients, security proxies or 3rd party wireless communication apps that come with “Air Cards” used by mobile users.
In the environment that I work in, our workstations have the Microsoft Firewall Client or TMG client installed. You can directly see this as a layered service provider by opening msinfo32 and going to Components > Network > Protocol:
If you run netsh winsock reset you end up removing any LSPs that are not part of the Windows-Out-Of-The-Box installation. If your LSP application is self-aware, like in the case of the MS FWC or TMG client, you might notice a warning of some type:
This is a sign you need to run a repair or reinstall your LSP application (in this case, a repair of the FWC\TMG client is enough to fix and put the LSPs back in place).
The irony is that, if running netsh winsock reset resolved whatever mysterious networking issue you encountered, then you might have isolated the cause of the issue to a problem with the LSP application. I encountered this myself way back in my first blog post of the The Case of the Random Internet Explorer Crashes.
Posted in Troubleshooting | Tagged: Networking | 2 Comments »
Posted by William Diaz on May 7, 2012
One of our helpdesk technician’s in a remote office reached out to me recently and asked me to assist with an application that suddenly started crashing on him with the following error: “Microsoft Visual C++ Runtime Library. Runtime Error! This application has requested the Runtime to terminate it in an unusual way…”
Posted in Troubleshooting, Troubleshooting Tools | Tagged: Crash, Dump, Process Monitor, WinDbg | 1 Comment »
Posted by William Diaz on May 7, 2012
I recently put together a quad core system from parts my brother was retiring from his home system. Soon after getting everything up and running, the new system would sometimes hard hang while working via VPN. A hard hang is when the OS becomes completely unresponsive but is still running. I had earlier prepared myself for the next instance of this encounter by enabling CrashOnCtrlScroll in the Windows registry so that the next time it happened I could manually crash the system from the keyboard and examine the memory dump with WinDbg for signs of the responsible culprit. You can read about how to enable this option in this earlier blog Forcing a System Crash on an Unresponsive PC.
Upon opening a kernel dump, the analyze –v command is a clickable hyperlink1.
Posted in Troubleshooting | Tagged: Crash, Dump, Hang, WinDbg | 1 Comment »
Posted by William Diaz on May 1, 2012
The problem starts after the user has had their Windows profile recreated but continues to experience some Outlook performance issues. Each time she clicks the New button in Outlook to create a new message, there is a 5 to 10 second delay before the blank message opens. There is also a 10+ second delay after she clicks send and Outlook becomes unresponsive for that time. I connect to her and quickly look at the Office Outlook registry for any unapproved 3rd party add-ins and see nothing out of the ordinary. I decide to dump the Outlook process when the hang is encounter and turn to Process Explorer. This is a simple matter of right-clicking the process and choosing Create Dump when it is in an unresponsive state. Actually, I collect two dumps, the other with Procdump in hang mode. I do this to ensure that the dumps are consistent; if the dumps are not similar then I may need to collect more until a pattern emerges.
I copied the dumps to my workstation and opened them with WinDbg and run the !analyze –v –hang command. The stack for both dumps are similar. With the exception of the NRTExchn component (our DMS add-in for Outlook), these are all MS modules. Normally, this wouldn’t excite me but something stands out like a sore thumb as I move up the stack, the presence of msi.dll in the stack of the current examine thread.
Read the rest of this entry »
Posted in Office, Troubleshooting, Troubleshooting Tools | Tagged: Hang, Outlook, Process Explorer, Process Monitor, WinDbg | Leave a Comment »
Posted by William Diaz on April 2, 2012
From time to time we have often received complaints about this particular issue. I never really got a chance to troubleshoot beyond the standard “Clear IE cache” rhetoric1 that somehow is the magical non-solution to all IE woes. Well, alas, I finally encountered the issue on the lab PC and spent some time poking around. Here is what the problem looks like:
Read the rest of this entry »
Posted in Troubleshooting | Tagged: Internet Explorer | Leave a Comment »
Posted by William Diaz on April 2, 2012
One of the most common complaints your going to encounter in the desktop support role is when Outlook becomes unresponsive while a user is performing any random task in Outlook, whether it be switching between folders, going into a delegated mailbox, or sorting messages. Often, the knee-jerk reaction by the front line technical support is to assume something is wrong with Outlook and begin the gamut of what I term “blind-troubleshooting”. This usually involves running an range of scripted fixes (that is meant to address issues with some of our in-house or 3rd party add-ins), followed by a repair, reinstall, and/or creation of a new Outlook profile. Over the lifetime of this incident(s), the issue can drag out to several days because usually the issue cannot be reproduced immediately after the first fix, so each additional fix is tried at some point later when the user calls back. In some cases, this drags out for a couple weeks to where the user’s workstation is replaced or Windows profile is recreated.
And all to no avail.
Read the rest of this entry »
Posted in Troubleshooting, Troubleshooting Tools | Tagged: Hang, Outlook | Leave a Comment »
Windows Explored 