Introduction
This document describes a problem encountered when the WinDump process is used with the Cisco Unified Contact Center Enterprise (UCCE) Outbound Dialer.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Cisco UCCE
- Cisco UCCE Release 8.x Session Initiation Protocol (SIP) or Skinny Client Control Protocol (SCCP) Dialer
Components Used
The information in this document is based on the Cisco Unified Contact Center Enterprise (UCCE) Outbound Dialer.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Problem
When the Outbound Dialer process logs are viewed, you observe that the WinDump process crashes every 15 seconds:
-------------
13:00:12:615 dialer-baDialer Trace: WinDump process has crashed, restarting...
13:00:12:617 dialer-baDialer Trace: CreateProcess succeeded with szCmdline = windump -I 1
-tt -C 20 -s 0 -W 20 -w DialerCapture udp port 58800
dwProcessId= 262600 hProcess = 256784
13:00:28:843 dialer-baDialer Trace: WinDump process has crashed, restarting...
13:00:28:844 dialer-baDialer Trace: CreateProcess succeeded with szCmdline = windump -I 1
-tt -C 20 -s 0 -W 20 -w DialerCapture udp port 58800
dwProcessId= 262412 hProcess = 256792
13:00:45:069 dialer-baDialer Trace: WinDump process has crashed, restarting...
-------------
When WinDump crashes repeatedly, it leads to a memory leak situation that results in an Outbound Dialer service crash.
Solution
There are a couple of scenarios that might lead to this problem:
- The Capture Options Outbound Dialer registry key is not set correctly. Navigate to \HKEY_LOCAL_MACHINE\SOFTWARE\Cisco Systems, Inc.\ICM\<Customer Instance > \Dialer and make sure that the Capture Options registry key is set to -i 1 -tt -C 20 -s 0 -W 20 -w DialerCapture.
In some situations, the registry key is set to -I 1 -tt -C 20 -s 0 -W 20 -w DialerCapture, which results in a crash. This is often seen when the Outbound Dialer is upgraded from an earlier version. For more details, refer to Cisco bug ID CSCuh16754 (WinDump process crashes in Dialer).
- Wireshark software might affect the captured Dynamically Linked Library files (DLLs). If Wireshark is installed on the server in order to troubleshoot, and later uninstalled, the removal of WinPcap by the uninstall can lead to this problem. The Wireshark uninstall process removes the captured DLLs wpcap.dll and packet.dll, which WinDump requires.
In order to confirm that the needed files are present and that WinDump works properly, complete these steps:
- Make sure the wpcap.dll and Packet.dll files are present in these locations:
- C:\Windows\SysWOW64
- C:\Windows\System32
If the DLL files are not found, contact the Cisco Technical Assistance Center (TAC) in order to obtain the proper versions of the DLL files.
- In order to confirm that the WinDump process is correctly installed and captures data correctly, examine the output from these commands:
C:\>windump -V
windump version 3.9.5, based on tcpdump version 3.9.5
WinPcap version 4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008)
C:\>windump
windump: listening on \Device\NPF_{5A01EA28-AF57-4456-A653-DD785A20853F}
13:06:20.596189 IP PG2B.43005 > PG2A.domain.net.49220: .3075400616:3075400617(1) ack 1040704317 win
13:06:20.596222 IP PG2A.domain.net.49220 > PG2B.43005: .ack 1 win 255 <nop,nop,sack 1 {0:1}>
13:06:20.606477 IP PG2A.domain.net.49208 > PG2B.45005: .1242670277:1242670278(1) ack 357439054 win 2
13:06:20.607219 IP PG2B.45005 > PG2A.domain.net.49208: .0:1(1) ack 1 win 251
Feedback