If you've determined that the server was rebooted without cleanly shutting down first, and you've found a dump file, you may be able to gather more information about what caused the reboot by analyzing the dump file.
Here are some steps you can take to analyze the dump file:
Install the Debugging Tools for Windows: If you haven't already, install the Debugging Tools for Windows on the server. You can download them from the Microsoft website.
Open the dump file: Once you have the Debugging Tools installed, open a command prompt and navigate to the folder where the dump file is located. Then, use the following command to open the dump file in the Windows Debugger:
windbg -y srv*path-to-symbol-files* -i imagepath -z *dump-file-name*
Replace path-to-symbol-files
with the path to your symbol files (if you have them), imagepath
with the path to your image files, and dump-file-name
with the name of your dump file.
Analyze the dump file: Once the dump file is open in the Windows Debugger, you can analyze it to try to determine what caused the reboot. Start by running the !analyze -v
command, which will provide you with a detailed analysis of the crash.
If the analysis doesn't provide enough information, you can use other commands to drill down further into the dump file. Some useful commands include lm
, which lists the loaded modules, and kb
, which provides a stack trace.
You can also use the !analyze -v
command to get more information about any drivers that are implicated in the crash. The analysis may suggest that a particular driver caused the crash.
Investigate the driver: If the analysis suggests that a driver caused the crash, investigate that driver. Look for any known issues with that driver, and check for any updates or patches that may be available.