How to capture a manual dump of the wspsrv.exe process on TMG 2010?

Recently I received a question from a TMG Admin saying that can’t install DebuDiag on Windows Server 2008 since it is not supported and therefore don’t know how to catch a user mode dump of the wspsrv.exe process on TMG 2010. The good news is that with Windows Server 2008 the task of getting a manual dump of a process is even easier since it doesn’t need any additional tool; this capability is built in on the system. Just open Task Manager, go to Processes tab, highlight the wspsrv.exe process, right click on it and choose Create Dump File.


Easy isn’t it?

Having a dump of the wspsrv.exe process using this approach can be useful for the following scenarios:

  • Firewall Service stops answering and you have to restart it in order to go back in production.
  • Firewall Service hangs on “Starting” or “Stopping” state.
  • Firewall Service is consuming a high amount of CPU or memory.

Comments (4)

  1. vikram says:

    Thank you so much and it is very useful information.

  2. Priyanka says:

    Thank you..!!

  3. mike says:

    Does creating a dump file cause the process to stop?

  4. By using this method it shouldn't stop the process, unless a debugger is attached to the process then it might crash the service. But assuming there is nothing attached, it should work without interruption.