olly - Fotolia

Tip

How to troubleshoot the blue screen of death for Windows 10

The blue screen of death is never a pretty sight. Learn how to troubleshoot and fix this dreaded issue in Windows 10, using a variety of different methods and tools.

The infamous blue screen of death is every Windows user's worst nightmare, so IT pros should be able to resolve this dreaded error as quickly as possible.

IT admins should also test before they install hardware, driver updates, or Windows or other software updates to proactively avoid the blue screen of death (BSOD). In the case that it does occur, however, organizations that have support agreements with Microsoft or another software service provider can log a service call for help. That takes time, however, and may cost money.

Alternatively, there are a variety of troubleshooting steps that IT can take when users encounter the blue screen of death in Windows 10. Microsoft provides some free tools in Windows 10 that can help in the troubleshooting process.

Find the cause of a crash or hang

The system failures associated with the BSOD can be categorized as either a "crash" or a "hang." A crash is when a software application or an OS function terminates unexpectedly and exits. If it is an OS function, the entire system will stop to prevent data corruption and create a file, Memory.dmp, which contains memory contents at the time of the crash (Figure 1).

Dump file
Figure 1. IT can configure dump file options in Startup and Recovery.

A hang is a different event in which the system is unresponsive. Potential causes include an application that exhausts memory resources, faulty hardware and an application running at high priority that denies resources to other applications. A poorly written application could have a memory leak when it continues to consume memory, denying other processes to necessary resources. If a system is hung, IT must manually force a memory dump, which differs from the process involved for a crash.

IT pros can use the Memory.dmp file in a post-mortem analysis to determine the cause of the crash or hang. The file contains the data structures and information about what was accessing registers and data in memory at the time of the crash or hang. IT can use a variety of tools, including Windbg, to open this file and examine the contents to find the culprit. IT can use some basic commands in these tools to gather data from the crash, such as the name of the offending driver or software.

IT pros should spend a few minutes with the end user to analyze what changed since the system was healthy and to narrow the scope of the work. IT should set up System Restore points to let the system roll back to a time prior to the problem.

To understand why users encounter the blue screen of death in Windows 10, IT should be aware of common causes of these failures, including:

  • Added new hardware
  • Added new software
  • Updated hardware drivers
  • Updated software, such as Windows updates or antivirus updates

Quick debug

The former Windows BSOD format (Figure 2) provided a stop code, which often includes the name of the offending driver or software as well as register contents.

BSOD
Figure 2. The former blue screen of death format.

The blue screen of death for Windows 10 has a new format (Figure 3), which also contains that stop code as well as a QR code. IT should use these codes to look for offending hardware or software component, usually a driver.

New BSOD
Figure 3. The blue screen of death format for Windows 10.

IT can perform the following debug sequence:

1. Reboot the computer. This could be a one-time issue, but IT pros should compare the stop codes if it's a reoccurring issue. IT pros should ask themselves questions such as, "Is it one driver or several?" Then they should start debugging.

2. IT can boot the system into Safe Mode using the Advanced Boot Options in Windows. There are several options that allow only critical system functions to work and IT can narrow the problem down. IT pros can also manipulate registry settings to eliminate suspect components, but they must be careful, because it is not as secure as booting to Safe Mode.

3. IT can check for any description errors or warnings leading up to the hang or crash in System Event Log. To access this, IT pros can right click on the Windows start button and choose Event Viewer. They should expand Windows Logs and click on System (Figure 4).

Event Viewer
Figure 4. In the System Event Log, IT can check for description errors or warnings.

4. In the event of a hang, IT should run Task Manager and look on the Performance Tab to see if CPU or memory is running at excessively high levels (Figure 5).

Performance Tab
Figure 5. IT can use the Performance Tab to see the CPU or memory levels.

5. IT should also examine process usage on the process and application tabs (Figure 6) and note any suspect processes. Then admins can perform an internet search to see what those processes belong to.

Process and Application Tab
Figure 6. IT can use the process and application tabs to find suspect processes.

Search the internet

If a crash occurred and reported a stop code, IT should perform an internet search on that stop code. IT can search for several sample stop codes to find additional information:

  • CRITICAL_PROCESS_DIED
  • HAL_INITIALIZATION_FAILED
  • SYSTEM_SERVICE_EXCEPTION
  • SYSTEM THREAD EXCEPTION NOT HANDLED
  • MACHINE_CHECK_EXCEPTION

IT should also perform an internet search on the driver named in the BSOD stop code information. Since these have cryptic names, IT will have to search to find out what the device is that uses it. IT should look for the driver version, reported bugs and causes of failures. Then they should contact the vendor for a new driver.

IT pros can save some grief when they install a new hardware device on their system -- even if it is just a printer -- by contacting the OEM and obtaining the latest driver. There is often a long shelf life for devices, and vendors update drivers more frequently.

If the end user encountered the BSOD during the installation, IT pros should include that in their search and focus on Microsoft Knowledge Base articles.

Microsoft-approved options

Over the years, Microsoft has made debugging tools more powerful and easier to use. The Windows 10 Blue Screen Troubleshooter, for example, is an interactive Wizard that prompts the user with questions and provides next steps based on those answers.

There are several other Microsoft tools in the Advanced Boot Options that can give a quick resolution, but organizations will risk losing data or changes. IT can access this by booting up Windows, clicking the Power button in the Start menu, holding the shift key down and clicking Restart.

Upon reboot, Advanced Boot Options menu (Figure 7) will appear with some helpful tools:

Advanced Boot Options
Figure 7. The Advanced Boot Options menu.

System Restore. Assuming IT pros have previously defined a System Restore point, this feature will roll Windows back to what it looked like on the System Restore date. If IT added hardware, they should roll the system back to a time before the hardware installation and then find the hardware fix.

Go back to previous version. IT can use this feature to undo an installation if the crash occurred during a Windows upgrade or installation.

Startup repair. IT can use this to fix a crash during boot.

Troubleshoot -- Reset PC. This reinstalls Windows but does not harm the desktop's applications or data.

Dig Deeper on Windows OS and management