How To Use Event Viewer To Solve Errors

Guide Overview

The purpose of this guide is to teach you how to use the Event Viewer to find technical information on errors and crashes in your system. Please check the subsequent posts for updates to this guide - IE7 and non-BSOD errors in particular.

By default Windowswill log an event to the Event log when a system crashes. This tool can be used to find the Blue Screen of Death (BSOD) information if you didn't write it down. It's good for other crashes also. Here's a picture of a BSOD that I've annotated for your reference:

http://www.digital-forums.com/images/BSOD.jpg

FWIW - this is also referred to as a STOP 0xD1 error (shorthand for the long stuff), and also is referred to as a BugCheck Code (BCC). They all mean the same thing for our purposes here.

Tools Needed

• None

Windows Versions

• Windows NT
  Windows 2000
  Windows XP
  Windows 2003
  Windows Vista

Instructions

1. Go to Start, then to Control Panel, then to Administrative Tools, then to Event Viewer. Alternately, got to Start, then to Run, and type in "eventvwr.msc" (without the quotes) and press Enter. You'll see this:
   http://www.digital-forums.com/images/event1.jpg
2. When the Event Viewer window opens, you'll see 2 panes (see picture above). The pane on the left will contain the 3 categories of events (they are Application, Security, and System). The pane on the right will reflect the messages for the category that is selected on the left. They will be listed as Information, Warnings, or Errors. Errors are what will concern us here.
   http://www.digital-forums.com/spacer.png
3. Left click once on the Application category in the left hand pane - then check the right hand pane for errors. Locate an error (example in the System description below) that occurred around the time of the problem (there may or may not be one here depending on the type of error). Then, right click on it and select "Properties". The information in the resulting window may be able to be used by board members to help troubleshoot your problem. Here's an example of it:
   http://www.digital-forums.com/images/event2.jpg
4. Next, we'll do the same thing for the Security category. You'll left click on the Security category in the left hand pane, then will check for errors in the right hand pane. Locate an error (example in the System description below) that occurred around the time of the problem (there may or may not be one here depending on the type of error). Then, right click on it and select "Properties". The information in the resulting window may be able to be used by board members to help troubleshoot your problem. An example:
   http://www.digital-forums.com/images/event3.jpg
5. Now, we'll do the same thing for the System category. You'll left click on the System category in the left hand pane, then will check for errors in the right hand pane. An example:
   http://www.digital-forums.com/images/event4.jpg
6. 
   Locate an error that occurred around the time of the problem (there may or may not be one here depending on the type of error). Then, right click on it and select "Properties". The information in the window may be used by board members to help troubleshoot your problem. Here's an example:
   http://www.digital-forums.com/images/event5.jpg
7. Sometimes there will just be too many errors for you to pick just one out. In this case, generate a report using the "Action" menu item. Select "Export list" from the dropdown menu, and save it as a text file (that's the default). Then, open the text file by double clicking on it. Select the lines around the time that the error occurred by highlighting it with your cursor. Then, right click on the blue highlighting and select "Copy". Now, when you reply to your post, you can right click on the post and select "Paste" to insert the lines into your post. With this information, someone will be able to suggest which errors should be checked in detail.
   http://www.digital-forums.com/spacer.png
8. Lastly, a quick word about error messages. Often they will come in a format similar to this:
   STOP: 0x0000007B (0xEB82784C, 0xC0000034, 0x00000000, 0x00000000)
   These numbers are very important when diagnosing a problem with your system. They're written in hexadecimal notation, so they don't make much sense to most of us - but they do point to the errors and where they occur. Also, often a filename will be mentioned along with all these numbers. It's important so that we can tell where the error occurred (this isn't the same thing as what caused the error BTW)

Non-BSOD errors

This guide was originally written to help with BSOD issues. As such, I didn't include much information for troubleshooting other errors.

The procedure remains the same for non-BSOD events - the only thing that changes is what you're looking for.

For non-BSOD errors you won't just look for the BSOD error codes and filenames - you'll look for all the error information related to the problem.

You'll still look for errors that occur at or shortly before the actual error message on your screen - but will concentrate on all of the Categories (Application, Security, System, and Internet Explore (that's for the next post)).

It's important to get all of the information for the errors that caused this. Generally, you don't need the "Information" entries, and most times you won't need the "Warning" entries - but all of the "Error" entries are significant. For example, if there's an error in your network card, it may also affect your Internet Explorer - so there may be several error messages to pick from.

Internet Explorer Section

With the debut of Internet Explorer version 7, there's been a new category added to the Event Viewer just for Internet Explorer.

For now (I haven't used it a great deal), just consider it another location to look for errors. The errors can point us towards where the error is occurring.

Please remember that just because the error is occurring in Internet Explorer (iexplore.exe) doesn't mean that Internet Explorer is bad - it could be another program improperly accessing it that is causing the error. In other words, what causes the error isn't necessarily where the error occurs.

Other Sections

I've just recently found a Media Center section and one other section that I can't recall. These were on systems that we were repairing, and I didn't find any significant information in either of them.

Troubleshooting the BSOD with memory dumps
or How to Analyze Memory Dumps

This is an alternate method for finding out information about the crash. It's actually very simple to do.

1) Search your hard drive for files ending in .dmp or .mdmp

FWIW - if you get the "Do you want to send the error report" thingie from Microsoft - search for the .mdmp file before sending the report. Once the report is sent, the .mdmp file is usually deleted. Just save it to another location (like your desktop) and it'll be available when you need it.

2) When you find the files, go to this link and read the post there. Follow the directions exactly. http://www.digital-forums.com/showthread.php?t=355805

Be sure to enter the command !analyze -v in the box at the bottom of the debugger's window once the first analysis is done. This'll generate a more indepth analysis.

3) Copy the information and paste it to your next post. Someone will take a look at it and make some suggestions for you to try.

FYI - quite a few of the error messages will point to Windows system files. This DOES NOT mean that your Windows is corrupted. When an error occurs in a program, Windows captures that program's filename. BUT, this is just where the error occurred - not necessarily what caused it!

For example -

If your car's motor stops running - that's the error,
but if you've run out of gas - that's the cause of the error.