Starting with Windows Vista (including Windows 7, 2008, etc.) a feature called Windows Error reporting is enabled by default and takes dumps of all application crashes. You can use this feature first and if it doesn't report any crashes you can use Debug Diagnostic Tool. In my case Windows Error reporting wasn't catching anything.
To download the Debug Diagnostic 1.2 tool go to http://www.microsoft.com/download/en/details.aspx?id=26798. Before you install the .msi make sure you remove all previous versions.
To Configure Debug Diagnostic:
- If the crashing process is w3wp.exe, disable Health Monitoring with the following steps (you can avoid the below steps if you don’t want to disable the health monitoring but with Health Monitoring ON, we may get some false positives and issue may happen at a later time)
- Open IIS Manager and expand Application Pools
- Right-click the Application Pool and choose Recycling.
- Under the Edit Application Pool Recycling settings, uncheck all the recycling settings and click Next and then click on Finish.
- Right click the application pool and click on Advanced Settings.
- Under the Process Model section change the Ping Enabled to false and configure Idle Time-out (minutes) to 0
- Under the Rapid-Fail Protection section, change Enabled to False
- Click OK
- Recycle the application pool for these settings to take effect
- Create a Crash Rule in Debug Diagnostic 1.2 with the following steps:
- Open DebugDiag (Start -> Programs -> Debug Diagnostic Tool 1.2)
- Select "Crash" and click Next
- If the crashing process is w3wp.exe then choose the option A specific IIS application pool and click Next and choose the application pool that is crashing from the list and click Next. (Note: The Application pool list may be empty if the IIS 6 Metabase Compatibility is not installed. In such a case you can always type the name of the application pool and click Next)
- If the crashing process is not w3wp.exe then choose the option A specific process and click Next and choose the process name from the list and click Next.
- Click Next in Advanced Configuration (Optional), click on Breakpoints and then click on Add Breakpoint
- Choose NTDLL!ZwTerminateProcess from the list and change the Action Type to Full User Dump and Action Limit to 5 and click on Ok. Once you hit OK, the window should look like this.
- Click on Save and Close
- Click Next for "Rule Name". The "Userdump Location" can be changed here.
- Select "Activate the rule now" and click Finish
- Notice the Status is Active. The Userdump Count will increase each time a dump file is created.
- Wait for the issue to happen...