Troubleshooting process

This post hopefully will provide a few initial steps to get started finding out what is wrong when your app "isn't working as expected".  I've been hanging out in the newsgroups lately and it kind of surprised me the same thing about trying to find out "whats wrong".  Sometimes getting started is the hardest part.  Here is a list of tools and sites I use to begin the "troubleshooting process".  The assumption I am making you are in a position of writing code or a systems administrator charged with trying to solve the problem. (Whatever that maybe)

1) – First thing to do, look in any log files available – (Event logs,  IIS Logs, SQL Logs, or custom log files from the application. ) Run utilities from Sysinternals (Filemon + Regmon), use these tools to collect evidence when the problem happens.  Here is some links for further info.

'Windows Event Logs (Application, Security, System)
Look in the event logs to see if any errors are present.  collect the Event ID, Source and any messages.

*Windows Auditing settings* – This goes with looking in the event logs.  Make sure some type of auditing is on so errors are logged.

'Filemon – Review files in real time to find out what is being accessed and if any 'access denied' messages occur.  Run Filemon when the error is happening and save the log file, review for problems.

'Regmon – Review the registry in real time to find out what is being accessed and if any keys are getting 'access denied' messages. Run Regmon when the error is happening and save the log file, review for problems.

'Process Explorer – view what processes are in-use along with DLLS's and much more.

'Open a command prompt and run 'gpresult'.  This will show you what 'machine' and 'user' polices are being applied. This mainly applies when your machine is in an Active Directory environment.  If your machine is a stand-along box.  Review the 'local security policy'.

2) After you have collected a list of errors, various messages and event ids.  Use these sites to look for answers or links to articles about your issue. I wager a good portion of the time you'll find the solution or an article about your issue.

3) I *strongly* recommend watch this webcast by Mark Russinovich.  (Thanks to Scott Forsyth from  (blog is here – ) for pointing this out.  Mark is the co-founder of Sysinternals and could make a case for him being the #1 guru on the Internet.  This was recorded at Teched 2006.  Without the tools he has provided, it would make every Windows Administrator's job a lot harder.

Advanced tools to examine dump files.

'WinDBG and windows debugging tools

'IIS Diagnostics Toolkit

'IIS Crash/Hang Agent and IIS Dump

Yes, I even list notepad as an advanced troubleshooting tool.  You need a text editor to view the log files.   It is not VI but it'll do.

'Document that explains Windows Internals and troubleshooting. 109 pages great info

MISC: These are articles and links I found useful for various specifc tasks and products.  If you have one, let me know.  🙂

Active Directory – Turn on AD logging to find out what machine or process is locking out users.

SQL Profiler – Are you having a problem with your SQL queries? See your queries in action and how long they are taking to execute.

Network Monitor – I use this a lot when debugging. 


How to use Network Monitor to capture network traffic;en-us;812953

ISA Server 2000 / 2004

Exchange 2000 / 2003

DNS Related issues

Check VB6 DLL for "Retained in memory" and "Unattended Execution" settings.

SMS 2003 issues

Hope this helps.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s