While managing server infrastructure we may face server issues like server hang or crash. Most of the times when the server hangs, it will lead to server reboot where we will end up in no data for proper root cause analysis due to lack of enough logs or memory dump after reboot. In that case we have an option to create a memory dump for analysis to identify the root cause of the issue at the Virtual machine level using memory snapshot or VM suspend. This is useful in cases where customers do not want to force a crash or change Windows dump parameters and reboot the machine. This procedure can be done without interrupting the execution of the machine.
This article does not talk about suspend state. I have given steps for converting snapshot to dump file.
Steps:
1. Identify the problematic virtual machine machine and check if it hangs or crashed.
2. Login to vsphere client or vsphere webclient and take a memory snapshot of the machine.
3. Once you take a snapshot, you will see additional files in the virtual machine working directory (.vmsn and .vmem) which contains the memory contents of the guest OS at the time of the issue. This data is needed for OS vendors like Redhat or Microsoft for the analysis.
4. confirm the existence of the files and you may proceed to reboot and bring the server under production.
5. Next, we have to convert the snapshot to memory dump file (.dmp) and send it to vendor. This can be done using a tool vmss2core
What is vmss2core:
Vmss2core is a tool to convert VMware checkpoint state files into formats that third party debugger tools understand. It can handle both suspend (.vmss) and snapshot (.vmsn) checkpoint state files (hereafter referred to as a ‘vmss file’) as well as both monolithic and non-monolithic (separate .vmem file) encapsulation of checkpoint state data.
Features
The vmss2core tool can produce core dump files for the Windows debugger (WinDbg), Red Hat crash compatible core files, a physical memory view suitable for the Gnu debugger gdb, Solaris MDB (XXX), and Mac OS X formats. Debugging Virtual Machines with the Checkpoint to Core Tool provides the usage information for the vmss2core tool. Note: This last update has improved support for Win 8.1/Win2012 R2 vmss files.
How to use it:
After following the steps given above, now we have the file .vmem and .vmsn which will be converted to .dmp using vmss2core tool
- Copy the files .vmem and .vmsn to any windows machine.
- Download the tool vmss2core on that machine.
- Copy the vmss2core.exe utility to the same location as the snapshot files.
- Open a command line and navigate to the location of the snapshot files and execute the following command:
vmss2core.exe -W snapshot.vmsn [snapshot.vmem]
(this switch W is for Windows , it may vary depends on the OS for which you need to generate dump file)
Refer the guide for additional switches
https://www.vmware.com/pdf/snapshot2core_technote.pdf
If the snapshot file is from a Windows 8 or Windows Server 2012 VM, the command line is
vmss2core.exe -W8 snapshot.vmsn [snapshot.vmem]
Successful output should be a “memory.dmp” file suitable for use with WinDbg
Once you have the dmp file, it can be used for further analysis by vendor.
Reference: https://kb.vmware.com/s/article/2003941
Hope this article will help you !
Happy Learning!!!
No comments:
Post a Comment