I've got a customer with intermittent System hangs. The System in case is a Windows Terminal Server 2008R2 SP1. Sometimes one session in the Server will freeze. Everyone else can work as usual, but this one user can't log in again, the session can not be closed even a Server shutdown will not work.
I obtained Memory.dmp files using the ctrl+scroll lock method but of course These just tell me "the user manually initiated this Crash dump".
So how would I continue to debug? Is there a way to get the most actives processes from the dump or anything else which might be useful? I tried DebugDiag 2.0 but it crashes on the dump, so it is of no help to me :(
You should raise a case with Microsoft support to get dumps analysed. Its not possible to teach hang analysis over the forum.
You can try and learn debugging using resources like http://blogs.msdn.com/b/ntdebugging/. But that will take time.
You could try and isolate this by checking for third party components that might be responsible. Using msconfig to disable third party services and seen whether you can repro. Similarly test safe mode with networking.
If you have change control and you are aware of what changes were done from a known good configuration on the past, you can back them out or restore and old backup too.
But like I say getting Microsoft to analyse the dump is the best thing you can do for your customer.