- Home
- Logging Guide
- Blue Screen of Death
Blue Screen of Death: What does this error mean and how do you fix it?
In this page
- What is the BSOD?
- Evolution of the BSOD through the years
- What causes the BSOD
- Troubleshooting BSOD errors
- Fixing the BSOD on Windows
- Troubleshooting BSOD with EventLog Analyzer
The Blue Screen of Death (BSOD) is an error displayed by the Microsoft Windows operating system in the event of a critical system failure. This article elaborates on the possible reasons for BSOD errors and the steps to troubleshoot them.
What is the BSOD?
The BSOD, also known as the stop error or stop screen, is a critical error that displays when a Windows operating system encounters an issue from which it can't recover on its own. The BSOD is critical because it is unexpected and can lead to data loss due to an abrupt termination of processes.
The screen displayed above indicates that your device ran into a problem it had difficulty recovering from. It can be frustrating for users hindered by a BSOD when their system fails to cope with the myriad of software and hardware issues that can cause the dreaded screen.
Evolution of the BSOD through the years
The BSOD error has been featured in every Windows version, indicating system-level hiccups and any malfunctions related to the hardware or software of your device. In the earlier versions, the blue screen would just show a bunch of scrambled codes that could only be understood by programmers and personnel who were technically proficient enough to dissect the problem at hand.
As Windows came into its own through the years, significant effort went into making computing more accessible, even to average users. From Windows 95 onward, the codes presented were designed to be user-friendlier, empowering more users to understand the error messages.
Windows XP featured the BSOD design, packing information such as the stop code and a description as to what caused the error. The Windows stop code, depicted in hexadecimal, gives a clearer explanation about what caused the error when it is looked up using Microsoft Support.
In subsequent versions of Windows, BSOD errors occurred less often due to continuing efforts to make the operating system structure robust enough to withstand meltdowns. The likes of Windows 7, Windows 8, and Windows 10 have seen the BSOD error more refined than ever. The details shown on the Blue Screen grew in prominence and included features like memory dumps, automatic error reporting, and system recovery options.
To make life even easier, Microsoft has added a QR code that directs users to pages that have all the details on how to troubleshoot the mounting issues and probable fixes for them in Windows 10 and Windows 11.
What causes the BSOD
BSOD errors can be caused by various hardware and software issues. It's crucial to find the reason for the BSOD is the error message displayed on the Blue Screen. There are about 250 bug check codes associated with the occurrence of the BSOD. You can visit www.windows.com/stopcode for more information about this issue and some possible fixes.Here are the most common reasons:
Hardware issues
Numerous issues related to hardware can lead to BSOD errors. Here are some common issues.
Overheating
When you push your system to its limits, you'll end up overclocking your PC, which results in high internal temperatures of CPUs and GPUs. As the heat spreads across your system and reaches a breaking point, you might encounter a Blue Screen error.
Poor upkeep
Dust, if allowed to build up over time, can also hinder internal hardware from operating properly. You run the risk of drives falling into disrepair if it's not addressed quickly.
Hardware redundancies
Over time, hardware functionality can deteriorate. You should keep an eye on your critical resources like motherboards, processors, and auxiliaries that can cause BSOD errors. Utilizing redundant components and backup solutions helps minimize data loss and ensure high availability and data integrity.
The below table sheds more light on some of the most common failures related to faulty hardware and hard drive issues that might lead to BSOD errors.
| Error code | Explanation | Potentially related to BSOD errors? |
|---|---|---|
|
The system was denied access to a specific sector on the drive. This could be due to a bad sector, permission issues, or a failing drive controller. |
|
|
This event happens due to the possible disk-file system failure indicating the presence of aged sectors in your hard disk. |
|
|
This error displays when some of the indispensable files were deleted from your system by accident or your driver is beyond repair. |
|
|
The Timeout Detection and Recovery Component (TDR), a damage limitation actor, is a feature deployed to recover from scenarios where your GPU is pushed beyond what it can endure, potentially resulting in an error. |
|
|
The critical process died error signifies that a critical system process has unexpectedly terminated, leading to system instability and a forced restart. |
|
|
This error suggests that newly installed drivers might be faulty or incompatible for it to perform functions in the Windows environment. |
|
|
The data bus is the lifeblood of data transmissions in your system. When it has encountered a problem, the chances that data is lost at the CPU level before it can finally reach I/O devices is high. |
|
|
This error can occur due to your drivers going out of commission. Making sure your drivers are up to date can help you avoid this error. |
|
|
The memory management bluescreen error indicates that the system has encountered a problem with the computer's memory or hardware. |
|
|
You'd likely get this when you try to navigate the files in your system across directories. The weakening sectors of the drives happen to be the instigator for this error. |
|
Software issues
Applications, drivers, and games that have bungled up code can trigger BSOD errors. Installing such entities that conflict with your system resources can lead to a system crash.
Troubleshooting BSOD errors
Running your Windows in Safe Mode is often the way to begin troubleshooting the problems associated with BSOD errors. Safe Mode, designed as a diagnostic tool, allows you to run Windows in its basic form and identify and fix problems.
In Windows Safe Mode, the core drivers and software essential for your system to run are loaded. This process also avoids third-party startup programs and drivers that are installed so you can zero in on the cause of the BSOD.
Versions of Windows Safe Mode
Safe Mode: This is the most basic mode in which you can get started. It only loads drivers and programs that form the part of the default Windows setup that boots the OS up.
Safe Mode with Networking: This is like the basic version of Windows. However, it will add drivers and vital services that are needed to access the network while keeping all of them in Safe Mode.
Safe Mode with Command Prompt: This version of Safe Mode enables you to narrow down the issue with your PC by using command lines. But it is not advisable to go with this version normally if you're not familiar with Windows Command Prompt.
The next step is to try and get the latest Windows updates. There's an option to revert Windows to a previous point in time using System Restore. However, this is a last resort because it will undo certain changes, like default system settings or software updates, and applications that you have installed might get lost in the process.
In versions prior to Windows 10, you could launch the Get Help app and take cues from the suggested solutions.
Fixing the BSOD on Windows
To start, find the error code associated with the BSOD. If you can't get the system to start normally using Safe Mode, follow the list of steps below to troubleshoot the blue screen error:
- Investigating what you were doing before the error, for example, installing new software, helps you identify if that action, in this case, your newly installed software, happens to be the troublemaker. In that case, you can delete the software to revert your system back to normal.
- Computer viruses, worms, and trojans can be responsible for process failures by corrupting the files in your system. It is wise to run an anti-malware solution, address issues if they arise, and ensure your system receives ongoing protection.
- Updating your essential drivers and BIOS also helps you keep your system compatible through its life cycle. The BIOS upgrades are rolled out by manufacturers to negate advanced security threats.
- You can troubleshoot the Blue Screen natively using the Event Viewer. This tool logs event information categorically to help you analyze the cause of this error using the huge amount of data it has amassed about your device's behavior.
- If you can't diagnose the issue with any of the steps described above, reinstalling Windows could be the only option. However, it should only be used if all else fails, as it could lead to critical data loss.
In cases where the diagnosis is challenging, a memory dump file often is valuable for helping you pinpoint the cause of an issue.
Guide to extract data from a memory dump
This section explains the steps involved in setting up your Windows for dump collection:
- Configure your device for a memory dump by typing sysdm.cpl in the System Properties dialog box.
- Select the Advanced tab in the System Properties page.
- Choose Settings under the Startup and Recovery section.
- In the Write Debugging Information drop-down, select Complete Memory Dump.
- Restart your device for the settings chosen to take effect.
Analyzing the memory dump
Completing the steps above sets up your device for dump collection. The dumps are then located in your Windows Directory and are copied to another computer for analysis.
The Windows Software Development Kit (SDK) is installed on the computer where the dump file has been loaded for carrying out the analysis. The WinDbg can be found in the directory of debugging tools, which is selected at the time of SDK installation.
The symbol path is set to augment WinDbg to interpret your dump files. Now you can open your dump file in WinDbg by selecting Open Crash Dump.
A detailed bug check code is rendered by using the !analyze -v command. In the STACK_TEXT section, you can find the call stack that led to a crash.
Event IDs that are associated with Blue Screen error
More details on the BSOD error, such as the bug code, can be found in the event logs. Therefore, it's imperative for you to use the Event Viewer for deeper analysis of the BSOD. Some of the common event IDs associated with the BSOD are:
- Event ID 1001
- Event ID 41
- Event ID 6008
Event ID 41 serves as a warning that something unanticipated prevented your system back from shutting down cleanly, mainly because of your device's power supply issues. Event ID 6008 more specifically indicates that the system shutdown was not standard and clues the user in by pinpointing the program that triggered the unexpected shutdown.
Event ID 1001 gets logged by Windows Error Reporting (WER) feature when there is a system or application error.
If you are a system administrator or security professional who wants to analyze the occurrence of a BSOD and correlate the events with other critical activities happening in your network, we recommend using ManageEngine's log management tool, EventLog Analyzer, for a centralized view.
Troubleshooting BSOD with EventLog Analyzer
Eventlog Analyzer is a comprehensive log management tool that collects, monitors, correlates, and archives logs centrally from your network. It's a one-stop solution for your organization to troubleshoot errors, fortify your security posture, and help you stay compliant with the mandates.
With the EventLog Analyzer, you can create out-of-the-box reports that automatically analyze event logs to diagnose the common causes of the BSOD, unexpected shutdowns, and restarts and present them in intuitive visualizations. There's a table with all the details of the source that caused the forced shutdown, including the date and time at which the event occurred, presented in an easily readable format.
In the Events Overview tab, there's a list of widgets which presents useful information for you to take insights from. In the All Devices widget, clicking on View All Devices will take you to the device dashboard page, which contains complete information including specific event IDs that caused the device to crash.
Enable unexpected shutdown alerts for critical servers with EventLog Analyzer's predefined alert profile, and get notified in real time over email or SMS on the event by following the below steps:
- Go to EventLog Analyzer > Alerts > Add Alert Profile.
- Select the Alert and Event ID from the respective drop-downs.
- Select Equals and add either 1001, 6008, or 41.
- Add other details like the alert name, severity, and log sources.
- Include the device name, user account, and domain in the alert message, and enable notifications.
- The security admin getting the notifications can use the details in the alert message to check if this event was logged multiple times in the same system.
If you are using the Falcon Sensor and have experienced a BSOD error in light of a recent outage, follow these steps for a quick workaround.
