7009022: Capturing information for Novell Client problems

Capturing a “Boot-up” LAN trace

In many cases, it is necessary to capture all the LAN traffic on a workstation, including that packets that are sent and received before the user is logged in and the desktop is available. See TID 7003237 for information on obtaining a boot-up LAN trace.

Capturing Process Monitor logs for issues occurring at machine boot:

(See NOTE below for additional steps currently needed for Windows 10)

Some problems occur before the desktop appears, so it is necessary to configure Process Monitor to capture events which occur before the desktop is available.

1. Run ProcMon.exe, which will start capturing information immediately. De-select “Capture Events” from the File menu (or in the toolbar) to stop collection.

2. From the “Options” menu, select “Enable Boot Logging”. Leave “Generate profiling events” de-selected, and press OK to save the boot logging configuration.

3. Close Process Monitor, and then restart (reboot) the workstation to duplicate the problem.

4. Once logged back into the machine, run ProcMon.exe again to start Process Monitor.

5. Process Monitor will report “A log of boot-time activity was created by a previous instance of Process Monitor. Do you wish to save this collected data now?” Select “Yes” to begin the process of saving the boot-time data, and specify a .PML file into which Process Monitor should save the data. Note that due to the volume of data, Process Monitor may end up saving multiple files (BOOT.PML, BOOT-1.PML, BOOT-2.PML, etc.).

6. Once saved, Process Monitor will open the saved boot data.

7. Use “Save” from the “File” menu, de-select “Also include profiling events”, and select “Native Process Monitor Format (.PML)”, and then specify a location to save the .PML file.


For Windows 10 users, the Microsoft utilities encounter a Windows 10-specific compatibility issue that prevents them from enabling “Log Boot” in the same manner that is successful on Windows 8.1 and earlier. Specifically, because Windows 10 holds a loaded driver file open, these utilities find they cannot overwrite their driver file once it is already loaded into memory. Enabling the “Log Boot” option on Windows 10 therefore requires some additional steps on the current versions of the Microsoft utilities, up to and including Process Monitor 3.2 (May 2015).

To select Process Monitor “Enable Boot Logging” on Windows 10:

1. When Process Monitor is launched normally, it creates and loads the “C:WindowsSystem32DriversPROCMON23.SYS” driver to capture kernel-level API interaction. When you attempt to select the “Enable Boot Logging” option from the “Options” menu, Process Monitor again tries to write the “C:WindowsSystem32DriversPROCMON23.SYS” driver to be ready to capture output during the next Windows boot. On Windows 10 this second attempt fails because the PROCMON23.SYS driver is already loaded in memory. Process Monitor presents the message “Unable to write PROCMON23.SYS” when attempting to select “Enable Boot Logging”.

2. To work around this Windows 10-specific failure, open Windows Explorer and navigate to the “C:WindowsSystem32Drivers” directory. Find the “PROCMON23.SYS” driver and rename that driver to “PROCMON23.disabled.sys” or a similar unique name. The driver currently loaded into memory cannot be deleted, but can be renamed. Now return to Process Monitor and attempt to select “Enable Boot Logging” again, and the attempt will be successful.

Memory Dump

For issues where a memory dump is required (such as when the application or system will crash, “blue screen,” or “hang,” see TID 7004093.

Registry Export

If your support engineer requests a registry export, export the Novell Client registry settings from a batch file or command prompt using the command:

regedit /e C:NovellClient.reg HKEY_LOCAL_MACHINESoftwareNovell

This will save the registry branch to a file called C:NovellClient.reg.


Leave a Reply