{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 戒情不戒烟 的问题《Procdump Error writing dump file: 0x80070005 Error》','https://www.manongdao.com/q-535981.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Recently we have had issues when trying to capture a memory dump for various IIS application pools on a 2012 R2 server. I've tried using task manager, but it generates an error, as well as using procdump in an Administrative console:
PS C:\Users\_______\Downloads> procdump -mA 31016
ProcDump v7.1 - Writes process dump files
Copyright (C) 2009-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
With contributions from Andrew Richards
[19:59:22] Dump 1 initiated: C:\Users\____\Downloads\w3wp.exe_161008_195922.dmp
[19:59:25] Dump 1 writing: Estimated dump file size is 29278 MB.
[20:01:15] Dump 1 error: Error writing dump file: 0x80070005
Error 0x80070005 (-2147024891): Access is denied.
[20:01:15] Waiting for dump to complete...
[20:01:17] Dump count not reached.
I have tried various combinations of -ma and -mA and -64 and procdump64 but they all have the same Access is denied error for worker processes using over ~16GB of memory.
I also tried adding -r to reflect/clone the process as recommended by How to: Take a Memory Dump of an ASP.NET Application Pool Quickly but still get the same error message as above.
Update: So by default IIS application pools will be recycled if they do not respond to ongoing internal ping requests within 90 seconds. You can see this in the advanced settings:
And the error message occurs after about 90 seconds, so likely that is the cause of the issue.
So what is happening is procdump suspends the worker process which prevents it from responding to the internal pings, even when using the -r reflect/clone option. And if writing the memory to the dump file takes longer than 90 seconds then IIS will recycle the worker, causing the old process to be terminated. Procdump then returns an "Access Denied" or "Only part of a ReadProcessMemory or WriteProcessMemory request was completed" error message, because the memory it was trying to read is no longer allocated and the process no longer exists.
To work around this issue you can use Resouce Monitor, Process Explorer or PsSuspend to also suspend the
svchost.exe -k iissvcsprocess so that it cannot interrupt the procdump process. The following PowerShell script can be run in an Admin console to create a memory dump of the w3wp process with the largest working set:The output should look something like this:
I have no idea what other issues suspending the iissvcs process might create, so it may be best to run
iisresetafter the memory dump is created.