How to capture a manual dump of the wspsrv.exe process on TMG 2010?

Recently I received a question from a TMG Admin saying that can’t install DebuDiag on Windows Server 2008 since it is not supported and therefore don’t know how to catch a user mode dump of the wspsrv.exe process on TMG 2010. The good news is that with Windows Server 2008 the task of getting a manual dump of a process is even easier since it doesn’t need any additional tool; this capability is built in on the system. Just open Task Manager, go to Processes tab, highlight the wspsrv.exe process, right click on it and choose Create Dump File.

Easy isn’t it?

Having a dump of the wspsrv.exe process using this approach can be useful for the following scenarios:

• Firewall Service stops answering and you have to restart it in order to go back in production.
• Firewall Service hangs on “Starting” or “Stopping” state.
• Firewall Service is consuming a high amount of CPU or memory.

Comments

• Anonymous
  July 13, 2011
  Thank you so much and it is very useful information.

• Anonymous
  May 19, 2013
  Thank you..!!

• Anonymous
  November 04, 2013
  Does creating a dump file cause the process to stop?

• Anonymous
  November 07, 2013
  By using this method it shouldn't stop the process, unless a debugger is attached to the process then it might crash the service. But assuming there is nothing attached, it should work without interruption.