Yeah you are right, this was the cause of issue.
I did an update and then after that I crashed the system and was able to
execute !wmitrace extension commands and
was able to recover the buffered logs 
Having said that, I would like to ask one more question.
In TraceView when I enable the logs to be sent to WinDbg option by going
into the advanced options.
And after that if I try to break into the debugger (force break using
Ctrl+break), it doesn’t break and target gets in hung state.
And it never recovers nor break in.
Consequently I do a force shutdown after that.
Is this something known and expected?
If not then any ideas of why it could happen.
Regards
Deepak
On Fri, Aug 21, 2009 at 12:10 AM, Scott Noone wrote:
> Looks like my version number is greater:
>
> Yours: Built by: 3790.srv03_sp1_rtm.050324-1447
>
> vs
>
> Mine: Built by: 3790.srv03_sp1_gdr.080813-1204
>
>
> It’s possible that applying some hotfixes with get you a set of PDBs with
> the right type information.
>
> -scott
>
> –
> Scott Noone
> Consulting Associate
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
> “Deepak Gupta” wrote in message news:xxxxx@windbg.
> …
> It’s running on your setup, that means that some thing is fishy at my setup
> 
>
> Well I did “!sym noisy” and ".reload /o /f " and getting below errors.
>
> sym lookup ‘ntdll!RtlpUnloadEventTraceEx’ failure
> sym lookup ‘ntdll!RtlpUnloadEventTrace’ failure
>
> any guesses why this is happening?
>
> kd> vertarget
> Windows Server 2003 Kernel Version 3790 (Service Pack 1) UP Free x86
> compatible
> Product: Server, suite: Enterprise TerminalServer SingleUserTS
> Built by: 3790.srv03_sp1_rtm.050324-1447
> Machine Name:
> Kernel base = 0x80800000 PsLoadedModuleList = 0x8089ffa8
> Debug session time: Tue Aug 18 14:51:23.093 2009 (GMT+5)
> System Uptime: 0 days 0:10:28.15
>
> Regards
> Deepak
>
>
>
> On Wed, Aug 19, 2009 at 7:12 PM, Scott Noone wrote:
>
> I just tried this on a S03 SP1 and it seemed to work OK (besides not having
> the TMF for the only active logger):
>
> 0: kd> vertarget
> Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (2 procs) Free
> x86 compatible
> Built by: 3790.srv03_sp1_gdr.080813-1204
> Machine Name:
> Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
> Debug session time: Wed Aug 19 09:18:39.636 2009 (GMT-4)
> System Uptime: 0 days 0:03:45.718
> 0: kd> lmt mnt
> start end module name
> 80800000 80a53000 nt Wed Aug 13 05:35:51 2008 (48A2AAF7)
> 0: kd> !wmitrace.strdump
> (WmiTracing)StrDump Generic
> LoggerContext Array @ 0x808AE180 [64 Elements]
> Logger Id 0x02 @ 0x89B4B000 Named ‘MSDTC_TRACE_SESSION’
> 0: kd> !wmitrace.logdump 2
> TMFfile = ‘C:\Program Files (x86)\Debugging Tools for
> Windows\WINXP\system.tmf’
>
> (WmiTrace)LogDump for Logger Id 0x02
>
> Processing Global List: 6 Buffers
> Total of 6 buffers found, now sorting entries
> LOGGED MESSAGES (4):
> Unknown( 11): GUID=9dc9c33d-ade5-469f-8f18-dac2d836657d (No Format
> Information found).
> Unknown( 11): GUID=715e95bb-fc0a-4442-950b-9d1d1f1f964b (No Format
> Information found).
> Unknown( 13): GUID=715e95bb-fc0a-4442-950b-9d1d1f1f964b (No Format
> Information found).
> Unknown( 13): GUID=9dc9c33d-ade5-469f-8f18-dac2d836657d (No Format
> Information found).
> Total of 4 Messages from 6 Buffers
>
> You might want to try a .reload /o /f, could be that they’ve added the
> types
> to the PDB since you’ve had them cached:
>
> 0: kd> dt nt!wmi
> ntkrpamp!_WMI_LOGGER_CONTEXT
> ntkrpamp!_WMI_BUFFER_HEADER
> ntkrpamp!_WMI_LOGGER_MODE
> ntkrpamp!_WMI_CLIENT_CONTEXT
> ntkrpamp!_WMI_BUFFER_STATE
>
>
> -scott
>
> –
> Scott Noone
> Consulting Associate
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
>
> “Deepak Gupta” wrote in message news:xxxxx@windbg.
> …
>
> Yeah tried the latest (6.11.1.404) and quite an older one (6.6.7.5) also.
>
> ‘nt!_WMI_LOGGER_CONTEXT’ is not even resolving there
>
> no one has face this problem earlier?
>
>
> Regards
> Deepak
>
>
>
> On Tue, Aug 18, 2009 at 6:52 PM, Scott Noone wrote:
>
> >Can any one confirm on what debugger release to use? (I am using
> >6.10.003…233
>
>
> The latest version is 6.11.1.404, probably worth trying to see if it makes
> a
> difference.
>
>
> -scott
>
> –
> Scott Noone
> Consulting Associate
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
>
> “Deepak Gupta” wrote in message news:xxxxx@windbg.
> …
>
> Thanks Scott for pointing to right direction
>
> Now it is more verbose and showing me the errors.
>
> Here is what I get If I do a listing of loggers
>
> kd> !wmitrace.strdump
> (WmiTracing)StrDump Generic
> type lookup ‘nt!WmipLoggerContext’ failure.
> LoggerContext Array @ 0x808A7280 [64 Elements]
> Logger Id 0x02 @ 0x89C42000 Named '
> type lookup ‘nt!_WMI_LOGGER_CONTEXT’ failure.
> '
> Logger Id 0x03 @ 0x89C0E000 Named '
> type lookup ‘nt!_WMI_LOGGER_CONTEXT’ failure.
>
> And If I want to get the trace logs I get following
>
> kd> !wmitrace.logdump 2 D:\MYTMFS\MYGUIDFILE.GUID
> type lookup ‘nt!WmipLoggerContext’ failure.
> type lookup ‘nt!_WMI_LOGGER_CONTEXT’ failure.
> type lookup ‘nt!_WMI_LOGGER_CONTEXT’ failure.
>
> TMFfile = ‘D:\MYTMFS\MYGUIDFILE.GUID’
>
> (WmiTrace)LogDump for Logger Id 0x02
> type lookup ‘nt!WmipLoggerContext’ failure.
> type lookup ‘nt!_WMI_LOGGER_CONTEXT’ failure.
> type lookup ‘nt!_WMI_LOGGER_CONTEXT’ failure.
> type lookup ‘nt!_WMI_LOGGER_CONTEXT’ failure.
>
> Unable to determine buffer mechanism. Check for complete symbol
> availability.
> No buffers found
>
>
> Just to verify once more I did “dt nt!_WMI_LOGGER_CONTEXT” and it didn’t
> resolove.
> Googled a bit on it and found a thread on OSR –
> https://www.osronline.com/cf.cfm?PageURL=showThread.CFM?link=129403
> I am suspecting the same issue with me
>
> The above thread discussion says that extension will be fixed in next
> debugger release.
> Can any one confirm on what debugger release to use? (I am using
> 6.10.003…233 and I don’t have XP target, My target is 2K3sp1)
> or Is there any work around?
>
> Regards
> Deepak
>
>
>
>
>
> On Tue, Aug 18, 2009 at 5:08 PM, Scott Noone wrote:
>
>
> It’s been a long while since I’ve had to play with this extension (we’ve
> mostly given up on WPP). Couple of things to try though:
>
>
> >Which symbols is it talking about?. I have already pointed it to my driver
> >symbols and corr target os symbols.
>
>
> You can try:
>
> .show_sym_failures /s /t
> .show_read_failures /v
>
> And see if it complains about anything interesting. Just be aware that you
> might get some type lookup failures that are OK, so don’t get too sucked
> down a rat hole.
>
>
> >Do we have any !wmitrace extension which can give us the loggerids of the
> >ongoing tracing sessions?
>
>
> !wmitrace.strdump
>
> Good luck!
>
> -scott
>
> –
> Scott Noone
> Consulting Associate
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
>
> “Deepak Gupta” wrote in message news:xxxxx@windbg.
> …
>
> I am trying to get acquainted with WPP and tracing utilities.
>
> Here one of my aim to do a forced a crash on system and see if I can get
> buffered (which were not written) tracelogs from the MEMORY.DMP
>
> So I enable tracing on my driver(I am using TraceView, yeah I am able to
> see my tracelogs in TraveView) and do some heavy ops on my driver
> and using BANG! I crash the system.
>
> I did !wmitrace.searchpath D:\MYTMFS<br>> Now when I do !wmitrace.logdump 1 MYGUIDFILE.GUID on the crashdump, it says
> following
>
> TMFfile = ‘D:\MYTMFS\MYGUIDFILE.GUID’
> (WmiTrace)LogDump for Logger Id 0x01
> Unable to determine buffer mechanism. Check for complete symbol
> availability.
> No buffers found
>
>
> Is there anything that I am doing wrong?
> Which symbols is it talking about?. I have already pointed it to my driver
> symbols and corr target os symbols.
>
> One more query is that, Do we have any !wmitrace extension which can give
> us
> the loggerids of the ongoing tracing sessions?
>
>
> Regards
> Deepak
>
>
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>