Troubleshooting Tip: How to collect logs on FortiClient Windows after BSOD
| Description | This article describes how and what logs to collect after a Windows endpoint experiences a BSOD with FortiClient installed. |
| Scope | FortiClient. Windows. |
| Solution | Whenever 'Blue Screen of Death' (BSOD) occurs on a Windows endpoint with FortiClient installed, it is critical to collect all the necessary information to effectively expedite whether FortiClient may have contributed to the issue.
Before following the log collection process described below, make sure there's no other third-party security product installed on the Windows workstation that may cause a BSOD. This will help narrow the scope of the troubleshooting. If no third-party security product but FortiClient is present, and BSOD still keeps occurring, follow the steps below.
Step 1. Enable the 'Complete Memory Dump' Setting on Windows. Follow the instructions provided in this document: Generate a kernel or complete crash dump.
Step 2. Enable debug log level on FortiClient as described in Step 1 in the following article: Troubleshooting Tip: Collecting logs for addressing VPN connection issues (note, make sure to check all the boxes for Features in the System Settings profile's log settings).
Step 3. Once BSOD occurs, collect the Complete Memory Dump (default location of the dump file is %SystemRoot%\Memory.dmp).
In total, there must be three files:
Note, a complete memory dump is more likely to be of a size of at least (or close to) 1 Gig. Hence, it is recommended to use FortiCare's SFTP feature when uploading to a support ticket. Refer to this article: Technical Tip: Uploading and Downloading large files to a support ticket using SFTP for instructions. |
