When I use windbg to read minidump files it says that "Kernel symbols
are WRONG. Please fix symbols to do analysis."
Then I set up the symbols path (the microsoft symbol server), and when I
try to get symbol files I get this message:"Unable to verify timestamp
for ntoskrnl.exe"
What does it mean and how can I correct this?
Thx!
You may get better responses in
microsoft.public.windbg
but...
that usually indicates that parts of ntoskrnl.exe was paged out at the
time of the crash, therefore didn't make into the tiny crash dump. That's
normal for minidumps.
For reliable analysis of crash dumps, make sure that
1. The BSODing machine and the windbg machine have exactly the same
hotfixes (ie. don't windbg a SP1 machine if you are going to use a SP2
machine). Ideally, you should run windbg on the crashing computer.
2. Ensure that there is a file called ntoskrnl.pdb located in the symbol
store, and that it correct.
To check if it is correct: copy ntoskrnl.exe into the same directory as
ntoskrnl.pdb, cd to that directory and run:
<windbg install path>\symchk.exe ntoskrnl.exe
3. If you haven't done so, add the symbol path to your System environment
variables.
4. If you can re-crash, use full crash dumps instead of minidumps.
If you are still getting errors (esp. after 4), then there may be a
serious (possibly terminal) problem with the machine.
--
------------------------------------------------------------------------
oshah [shexec32]
Control Panel -> System -> Advanced -> Error Reporting -> Choose Programs
-> Do not report errors for these programs:
Acrobat.exe
waol.exe
