Wednesday, May 14, 2014

What About Those Blue Screens?

In my past experience as an MSP it was not uncommon for us to get a phone call that a customer's PC was down and when we got into diagnosing it we found that the machine had "blue screened" many times in the days, sometimes months, before the customer called.  So the question is how do we, as service providers, find out about these events when they happen instead of waiting for a total failure?  
Microsoft is kind enough to log these events when they happen.  In Windows XP/2000/NT4 these events are recognized by having Event Source "SaveDump".  In Windows Vista/7/8 the Event Source is changed to "BugCheck".  Creating Event Log Checks in your RM dashboard can warn you when a blue screen event happens on one of your customer's devices.

There are two ways to add this check.  One is by using a 24x7 check and the other is by using a Daily Safety Check.  The 24x7 check will alert you sooner but could "self-resolve" at the next check-in cycle if no additional log entries of the same type are found and therefore seem to "go away".  The DSC will stay in alert mode until the next daily safety check run.  By the way, there no rule that says you can't use both.

From the lower right pane in your dashboard click Add DSC Check (or Add 24x7 Check) and choose Event Log Check.

Follow these steps to configure the check:
1. Give your new check a name
2. Select "System" from the Event Log to Query drop down
3. Make sure that the Information, Warning and Error Event Types are selected
4. Enter "BugCheck" into the Event Source text field

Click OK to complete the process.

The process is as simple as that.  Now you will receive notice via the dashboard when your customers have a Blue Screen of Death and "forget" to tell you.

So how do I apply this to multiple devices without adding it one at a time?  Glad you asked...please see the following article: Multiplying your results: One action, multiple devices