Logo
programming4us
programming4us
programming4us
programming4us
 Home
programming4us
 XP
programming4us
 Windows Vista
programming4us
 Windows 7
programming4us
 Windows Azure
programming4us
 Windows Server
programming4us
 Windows Phone
 
Windows Vista

Maintaining Desktop Health : Understanding Windows Error Reporting (part 3) - Architecture of Windows Error Reporting, Configuring Windows Error Reporting

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
4/19/2013 6:55:54 PM

5. Architecture of Windows Error Reporting

This section discusses the main Windows Error Reporting components.

Wer.dll

Wer.dll contains the major parts of the WER infrastructure and is responsible for showing the user interface (dialogs), exposing the WER APIs, and report management.

Wermgr.exe

Wrmgr.exe is responsible for WER error queue management.

Problem Reports And Solutions Control Panel

The Problem Reports And Solutions control panel provides a user interface to access the following actions:

  • View any solutions to your problems

  • Configure Windows Error Reporting

  • View problem history

  • Check for new solutions (to sent or unsent reports)

  • Clear solutions and problem history

  • Learn more about WER Privacy

  • Change your Customer Experience Improvement Program Settings

The Problems And Reports control panel is implemented entirely within the following binaries:

  • Wercon.exe

  • Wercplsupport.dll

Note

You can access Problem Reports And Solutions from the Control Panel or by running wercon.exe.
Problem Reports And Solutions Control Panel Support Service

You use the Problem Reports And Solutions Control Panel Support service to manage error reports in the Problem Reports And Solutions control panel when needed for UAC support. This service is set to a Manual startup type and starts on demand when called by WER.

Windows Error Reporting Service

The Windows Error Reporting Service is responsible for obtaining the information that is provided to the back-end Watson servers when an application exception occurs. The service library, wersvc.dll, is hosted in its own svchost.exe process. When a process crashes, the Windows Error Reporting service calls werfault.exe (or werfaultsecure.exe, discussed later in this section) to obtain all of the necessary data for the crashing/hanging process. Werfault.exe loads dbgeng.dll and dbghelp.dll to collect the application error data. It also loads faultrep.dll to perform the reporting to the back-end Watson servers. If the Windows Error Reporting Service is not started when an application exception occurs, werfault.exe and the dependent libraries will still be started to perform the data collection and reporting tasks for the fault.

WER in Windows Vista also supports error reporting for secure processes. Secure processes are processes that contain data encrypted with a private key and restricted permission. If a crash occurs in a secure process, the Windows Error Reporting service uses werfaultsecure.exe to obtain the necessary data for the crashing/hanging process. The report is encrypted when created and queued automatically to prevent any possibility of exploitation through the user interface. The encrypted data is then sent to the back-end Watson servers, where it is decrypted and analyzed.

The following components have been removed because of the error-reporting redesign for Windows Vista and no longer install as part of the operating system:

  • ErSvc.dll

  • Drwtsn32.exe

  • Dwwin.exe

  • Dumprep.exe

Store.lock

To ensure that WER and the Problem Reports And Solutions control panel are synchronized, wercon.exe creates a store.lock file in each of the four report folders when the Problems Reports And Solutions control panel is open. WER will still function to obtain the error report data even though the stores (report folders) are locked, but it will not write the data to any of the stores. The collected report data remains in the user’s Temp folder when the stores are locked.

The store.lock file is deleted when the Problems Reports And Solutions control panel is closed; the report data is then written to the destination store folder. Because of this locking feature, errors that occur when the Problems Reports And Solutions control panel is open will not be immediately displayed but will be displayed when the Problems Reports And Solutions control panel is closed and then reopened.

6. Configuring Windows Error Reporting

You can configure Windows Error Reporting by selecting options in the Problem Reports And Solutions control panel, by directly editing the registry, or by using Group Policy settings. This section describes the registry keys used to store per-computer, per-user, and Group Policy settings.

Per-Machine Registry Settings

Per-machine settings are stored in the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting

Per-User Registry Settings

Per-user settings are stored in the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting

Group Policy Registry Settings

Each WER registry setting has a corresponding Group Policy setting.

Per-Machine Group Policy Settings

The per-machine WER Group Policy settings are located in the following Group Policy container:

Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting

These settings are stored in the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting

Per-User Group Policy Settings

The per-user WER Group Policy settings are located in the following Group Policy container:

User Configuration\Administrative Templates\Windows Components\Windows Error Reporting

These settings are stored in the following registry key:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Error Reporting

WER Registry Values

WER uses the same registry value names for per-computer, per-user, and Group Policy settings described in the preceding section. Table 1 describes WER registry values.

Table 1. WER Registry Values
Key/value descriptionTypeValues
Disabled
Enable error reporting.DWORD0 = Reporting Enabled 1 = Reporting Disabled
Consent\DefaultConsent
Default consent choice for the user.DWORD1 = Always Ask

2 = Params Only

3 = Params + Safe second Level

4 = Send Everything
Consent\DefaultOverrideBehavior
Whether the default consent should override the vertical consents.DWORD0 = Do Not Override [Default] 1 = Override
Consent\<VerticalName>\Consent
Consent choice for the user for that vertical.DWORDSame as Consent\DefaultConsent
ConfigureArchive
Configure whether the archive will store parameters only or all data.DWORD1 = Store Parameters Only (no CAB) 2 = Store everything (Default)
DisableArchive
Disable the archival of WER reports.DWORD0 = Disabled (Archive is enabled) 1 = Enabled (Archive is disabled)
MaxArchiveCount
Maximum size of the computer archive.DWORDFile Count (min 1, default 1000, max 5000)
DisableQueue
Disable queuing of WER reports.DWORD0 = Disabled (Queue is enabled) 1 = Enabled (Queue is disabled)
MaxQueueCount
Maximum size of the computer queue.DWORDFile Count (min 1, default 50, max 500)
LoggingDisabled
Enable event logging.DWORD0 = Enabled [Default] 1 = Disabled
ExcludedApplications\<Application Name>
List of applications that do not support error reporting (based on APIs used).STRING 
DebugApplications\<ExeName>
List of executable names that will always require the user to choose between Debug and Continue. A value of “*” (asterisk) prompts for all executables.STRING 
ForceQueue
Send all reports to the user’s queue.DWORD0 = Disabled [Default] 1 = Enabled
ForceAdminQueue
Send all reports to the administrator’s queue.DWORD0 = Disabled [Default] 1 = Enabled
DontSendAdditionalData
Prevent any second-level data from being sent from the computer. Takes precedence over consent settings.DWORD0 = Disabled [Default] 1 = Enabled
DoNotShowUI
Prevent any WER dialog UI from being shown to the user.DWORD0 = Disabled [Default] 1 = Enabled
QueuePesterInterval
Time between notification reminders to tell the user to check for solutions.DWORDTime in days [Default = 2 weeks]
CorporateWERServer
Name of corporate server.STRINGServer name
CorporateWERUseSSL
Whether to use SSL.DWORD0 = Disabled [Default] 1 = Enabled
CorporateWERPortNumber
Port number to use with corporate server.DWORDPort number
CorporateWERDirectory
Name of target directory on server.STRINGDirectory name
CorporateWERUseAuthentication
Whether to use Windows Integrated Authentication.DWORD0 = Disabled [Default] 1 = Enabled

The order of preference for applying the configured settings is:

  1. Group Policy settings (overrides all other configured settings)

  2. Per-computer settings

  3. Per-user settings

  4. User interface settings

If WER has been configured using Group Policy settings, the Problems And Reports user interface will appear dimmed and be unavailable.

Note

The following registry key is no longer used for error reporting: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting.
Other -----------------
- Maintaining Desktop Health : Using Performance Information And Tools
- Maintaining Desktop Health : Understanding the Windows System Assessment Tool
- Maintaining Desktop Health : Understanding Windows Eventing (part 2) - Event Viewer User Interface
- Maintaining Desktop Health : Understanding Windows Eventing (part 1) - Windows Eventing Capabilities
- Using Voice and Sounds : Associating a Sound with an Event, Using Alternatives to Sound
- Using Voice and Sounds : Letting Your Computer Do the Talking, Creating a Sound File
- Managing Windows Licensing and Activation : Notification Experience and Reduced Functionality Mode
- Managing Windows Licensing and Activation : Managing Volume License Activation (part 3) - Managing licensing and activation, Implementing KMS activation
- Managing Windows Licensing and Activation : Managing Volume License Activation (part 2) - Leveraging MAK activation, Comparing KMS and MAK activation
- Managing Windows Licensing and Activation : Managing Volume License Activation (part 1) - Centralizing activation with KMS
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
 Windows Vista
programming4us
 Windows 7
programming4us
 Windows Azure
programming4us
 Windows Server