[SDP 3][f819beda-777a-40c7-979d-499f663649fc] Windows Setup Diagnostic

Information Collected

Additional Information

Description	File name
Volume Shadow Copy Service (VSS) information via vssadmin utility output	{ComputerName}_VSSAdmin.TXT

Best Practices Analyzer

Description	File name
Best Practices Analyzer (BPA) Report	{ComputerName}_*BPA*.htm

Boot Information

Description	File name
BCDEdit Output	{ComputerName}_BCDEdit.TXT
Boot.ini file	{ComputerName}_Boot.Ini
Copy of BCD - System Store	{ComputerName}_BCD-Backup.BKP

Deployment Logs

Description	File name
DISM.log on Windows\logs\DISM	{ComputerName}_DISM-Windows-Logs.log
Service Pack Installation Log from %windir%\SVCPack.Log	{ComputerName}_SVCPack.Log
Setupact.log on Windows folder	{ComputerName}_setupact-windows.log
Setuperr.log on Windows folder	{ComputerName}_setuperr-windows.log
Task Sequencer Log on C:\_SMSTaskSequence	{ComputerName}_smsts_SMSTaskSequence.log
Task Sequencer Log on C:\SMSTSLog	{ComputerName}_smsts_SMSTSLog.log
Task Sequencer Log on System32\ccm\logs	{ComputerName}_smsts_ccm_logs.log
Task Sequencer Log on Temp folder	{ComputerName}_smsts_temp.log

Device Drivers Installation Logs

Description	File name
Setupapi logs located on %windir%\inf folder	{ComputerName}_SetupAPI.Log

Devices and drivers

Description	File name
Devcon utility output	{ComputerName}_DevCon.txt
Fibre Channel Information Tool (FCInfo) output	{ComputerName}_FCInfo.txt
Filter Manager minifilter drivers and instances via Fltmc.exe utility output	{ComputerName}_Fltmc.TXT
Information about MS-DOS device names (symbolic links) via DOSDev utility	{ComputerName}_DOSDev.txt
Upper and lower filters information via fltrfind.exe utility	{ComputerName}_FltrFind.txt

Driver Verifier Information

Description	File name
Output from Driver Verifier Manager (verifier.exe) utility	{ComputerName}_verifier.txt

DriverStore

Description	File name
DriverStore Index Data File located on %windir%\system32\driverstore	{ComputerName}_drvindex.dat
DriverStore INF Cache DB located on %windir%\system32\driverstore	{ComputerName}_INFCACHE.1
DriverStore INF Pub Data File located on %windir%\system32\driverstore	{ComputerName}_infpub.dat
DriverStore INF Stor Data File located on %windir%\system32\driverstore	{ComputerName}_infstor.dat
DriverStore Strng Data File located on %windir%\system32\driverstore	{ComputerName}_infstrng.dat

Event Log Files

Description	File name
BitLocker Event logs (.csv .evtx .txt)	{ComputerName}_Microsoft-Windows-BitLocker-DrivePreparationTool/Admin.* {ComputerName}_Microsoft-Windows-BitLocker-DrivePreparationTool/Operational.* {ComputerName}_Microsoft-Windows-BitLocker-Driver-Performance/Operational.* {ComputerName}_Microsoft-Windows-BitLocker/BitLocker Management.*
MBAM Event logs (.csv .evtx .txt)	{ComputerName}_Microsoft-Windows-MBAM/Admin.* {ComputerName}_Microsoft-Windows-MBAM/Diagnostic.* {ComputerName}_Microsoft-Windows-MBAM/Operational.*

Event Logs - Failover Cluster

Description	File name
Microsoft-Windows-FailoverClustering* (.csv .evtx .txt)	{ComputerName}_evt_FailoverClustering.*

Event Logs - General

Description	File name
Application (.csv .evtx .txt)	{ComputerName}_evt_Application.*
System (.csv .evtx .txt)	{ComputerName}_evt_System.*

Event Logs - Networking

Description	File name
Microsoft-Windows-NetworkProfile/Operational* (.csv .evtx .txt)	{ComputerName}_evt_NetworkProfile-Operational.*

Event Logs - Setup

Description	File name
Setup (.csv .evtx .txt)	{ComputerName}_evt_Setup.*

FailoverCluster Feature

Description	File name
Basic Failover Cluster information vai clusmps.exe utility (on operating Systems earlier than Windows Server 2008 R2)	{ComputerName}_cluster_mps_information.txt
Basic Failover Cluster information, including information from existing resources and groups via FailoverCluster PowerShell cmdlets (Windows Server 2008 R2 and newer)	resultreport.xml
Cluster basic Validation Report generated by Test-Cluster PowerShell cmdlet	{ComputerName}_ValidationReport.mht
Cluster Dependency Report generated by Get-ClusterResourceDependencyReport PowerShell cmdlet on Windows Server 2008 or newer	{ComputerName}_DependencyReport.mht
Cluster Logs generated by Get-ClusterLog PowerShell cmdlet on Windows Server 2008 R2, cluster.exe utility or from \windows\cluster\cluster.log on previous versions of Windows	{ComputerName}_cluster.log
Cluster reports XML files located at \Windows\Cluster\Reports\*.xml	{ComputerName}_ClusterReportXML.zip
Cluster Resources information from cluster.exe utility	{ComputerName}_ClusterResources.txt
Cluster resources properties using PowerShell Get-ClusterResource cmdlet or cluster.exe utility on previous versions of Windows	{ComputerName}_ClusterProperties.txt
Cluster validation log files from \Windows\Cluster\Reports\Validate*.log	{ComputerName}_Validate*.log
Cluster validation reports files located at \Windows\Cluster\Reports\*.mht	{ComputerName}_ClusterReportMHT.zip
Information about Cluster Shared Volume	{ComputerName}_CSVInfo.HTM

File Version Information (Chksym)

Description	File name
File version information from %ProgramFiles%\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.*	{ComputerName}_sym_MS_iscsi.*
File version information from %windir%\cluster\*.*	{ComputerName}_sym_ProgramFiles_sys.*
File version information from %windir%\cluster\*.*	{ComputerName}_sym_Cluster.*
File version information from %windir%\system32\*.dll	{ComputerName}_sym_System32_dll.*
File version information from %windir%\system32\*.exe	{ComputerName}_sym_System32_exe.*
File version information from %windir%\system32\*.sys	{ComputerName}_sym_System32_sys.*
File version information from %windir%\system32\drivers folder	{ComputerName}_sym_Drivers.*
File version information from %windir%\system32\Spool\*.*	{ComputerName}_sym_PrintSpooler.*
File version information from %windir%\syswow64 folder and subfolders	{ComputerName}_sym_SysWOW64_sys.*
File version information from %windir%\syswow64\drivers folder	{ComputerName}_sym_SysWOW64_sys.*
File version information from {Program Files (x86)}\*.sys folder and subfolders	{ComputerName}_sym_ProgramFilesx86_sys.*
File version information from {Program Files}\*.sys folder and subfolders	{ComputerName}_sym_ProgramFiles_sys.*
File version information from drivers currently running on the machine	{ComputerName}_sym_RunningDrivers.*
File version information from processes currently running on the machine	{ComputerName}_sym_Process.*

General information

Description	File name
SP Catalog from windows\system32\catroot2	{ComputerName}_dberr.txt

General Information

Description	File name
Basic Information about processes, such as memory usage and handle count, and information about Kernel memory utilization, such as Paged Pool and Non-Paged Pool memory	{ComputerName}_ProcessesPerfInfo.htm
Basic System Information including machine name, service pack, computer model and processor name and speed	resultreport.xml
List of Installed Updates and Hotfixes installed	{ComputerName}_Hotfixes.*
List of User Rights (privileges) using showpriv.exe tool	{ComputerName}_UserRights.txt
List of user SID, group memberships, and privileges via the 'Whoami /all' output	{ComputerName}_Whoami.txt
Resultant Set of Policy (RSoP) generated by gpresult.exe utility	{ComputerName}_GPResult.*
Schedule Tasks information (csv and txt) generated by schtasks.exe utility	{ComputerName}_schtasks.*
Show if machine is running on a Virtual Environment and describes the virtualization environment	resultreport.xml
Sysinternals Autoruns utility output	{ComputerName}_Autoruns.*
System Information - MSInfo32 tool output	{ComputerName}_msinfo32.nfo {ComputerName}_msinfo32.txt
Windows basic activation information via %windir%\system32\slmgr.vbs	{ComputerName}_KMSActivation.TXT
Windows Update log file (from windows folder)	{ComputerName}_windowsupdate.log
List of open files	{ComputerName}_OpenFiles.txt

General Performance Information

Description	File name
Information about process and threads using pstat.exe tool	{ComputerName}_PStat.txt

General Registry Data Collection

Description	File name
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Load HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce HKCU\Software\Microsoft\Windows\CurrentVersion\RunonceEx HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKLM\Software\Microsoft\Windows\CurrentVersion\Runonce HKLM\Software\Microsoft\Windows\CurrentVersion\RunonceEx HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	{ComputerName}_reg_Startup.txt
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies HKCU\Software\Policies HKLM\Software\Microsoft\Windows\CurrentVersion\Policies HKLM\Software\Policies	{ComputerName}_reg_Policies.txt
HKLM\Software\Microsoft\Windows\CurrentVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	{ComputerName}_reg_CurrentVersion.txt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall	{ComputerName}_reg_Uninstall.txt
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKLM\Software\Microsoft\Windows\Windows Error Reporting HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting HKLM\System\CurrentControlSet\Control\CrashControl HKLM\System\CurrentControlSet\Control\Session Manager HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management	{ComputerName}_reg_Recovery.txt
HKLM\SYSTEM\CurrentControlSet\Control\Print	{ComputerName}_reg_Print.txt
HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions	{ComputerName}_reg_ProductOptions.txt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server Web Access HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server HKLM\SYSTEM\CurrentControlSet\Services\TermDD HKLM\SYSTEM\CurrentControlSet\Services\TermService	{ComputerName}_reg_TimeZone.txt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation	{ComputerName}_reg_TimeZone.txt

Hyper-V role

Description	File name
Hyper-V Configuration and Virtual Machine Information	{ComputerName}_HyperV-Info.HTM
Hyper-V Virtual Machine Definition files from %ProgramData%\Microsoft\Windows\Hyper-V\Virtual Machines\*.xml	{ComputerName}_{VirtualMachineGUID}.xml

iSCSI Information

Description	File name
iSCSI Information based on iscsicli.exe output	{ComputerName}_iSCSIInfo.txt

Logs

Description	File name
Deployment Logs on \windows\temp	{ComputerName}_DeploymentLogs_Windows_Temp.zip
Deployment Logs on SystemDrive\Minint	{ComputerName}_Minint_SystemDrive.zip

Memory Dump Information and Files

Description	File name
Information about machine memory dump files, user memory dump files, and memory dump configuration	{ComputerName}_DumpReport.*
Machine Full or Kernel memory dump files (Memory.dmp)	{ComputerName}_dmp_memory.zip
Mini memory dump files from {Windows}\Minidump folder User dumps generated by Windows Error Reporting	{ComputerName}_dmp_*.zip

Panther Folder

Description	File name
Contents of %windir%\Panther	{ComputerName}_panther.zip

Power Settings

Description	File name
Output of PowerCfg utility	{ComputerName}_PowerCFG.*

Print Drivers and Printers information

Description	File name
Information about Print drivers and printers, including print monitors, processors, and print driver file version information	{ComputerName}_PrintInfo.*

Registry Information

Description	File name
HKLM\COMPONENTS	{ComputerName}_reg_Components.HIV
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing	{ComputerName}_reg_Component_Based_Servicing.HIV
HKLM\System\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318} HKLM\System\CurrentControlSet\Control\iSCSIPRT HKLM\System\CurrentControlSet\Control\MPDEV HKLM\System\CurrentControlSet\Services\MPIO HKLM\System\CurrentControlSet\Services\MSDSM HKLM\System\CurrentControlSet\Services\MSiSCSI HKLM\System\CurrentControlSet\Services\Tcpip	{ComputerName}_reg_Storage.txt
HKLM\SYSTEM\CurrentControlSet\Enum	{ComputerName}_reg_Enum.TXT
HKLM\SOFTWARE\Microsoft\iSCSI Target HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\iSCSI HKLM\SYSTEM\CurrentControlSet\Services\iScsiPrt	{ComputerName}_reg_iSCSI.txt
HKLM\SYSTEM\CurrentControlSet\services\TrustedInstaller	{ComputerName}_reg_TrustedInstaller.TXT
HKLM\System\MountedDevices	{ComputerName}_reg_MountedDevices.*

Registry Keys

Description	File name
HKLM\Cluster	{ComputerName}_reg_Cluster.hiv
HKLM\System\CurrentControlSet\services\CluDisk	{ComputerName}_reg_ClusDisk.txt
HKLM\System\CurrentControlSet\services\ClusSvc	{ComputerName}_reg_ClusSvc.txt

Server manager and server roles information

Description	File name
List of roles and features installed on Server Media (Windows Server 2008 R2 and newer)	resultreport.xml
Server Manager Installation Log from %windir%\logs	{ComputerName}_ServerManager.log
SeverCore OCList output	{ComputerName}_OptionalComponents.txt

Servicing and related Logs

Description	File name
Component Update log located on %windir%\SoftwareDistribution	{ComputerName}_ReportingEvents.log
Component-Based Servicing Logs located on %windir%\Logs\CBS	{ComputerName}_CBS*.Log
Contents of %windir%\servicing\Sessions	{ComputerName}_Sessions.zip
DPX Setup Act log located on %windir%\logs\DPX	{ComputerName}_setupact.log
Pending Operations Queue Exec log located on %windir%\winsxs	{ComputerName}_poqexec.log
Sessions log located on %windir%\servicing	{ComputerName}_Sessions.xml
System Update Readiness log located on %windir%\logs\CBS	{ComputerName}_CheckSUR.log
Windows Side-by-Side Pending Bad log	{ComputerName}_pending.xml.bad
Windows Side-by-Side Pending log located on %windir%\winsxs	{ComputerName}_pending.xml

Servicing Logs

Description	File name
reboot.xml from %windir%\winsxs folder	{ComputerName}_reboot.xml

Storage Information

Description	File name
Storage and SAN information via San.exe utility output	{ComputerName}_Storage_Information.txt

Storage related event logs on System log

Description	File name
Parsing of Storage related event logs (Events 6 7 9 11 15 50 51 57 and 389) on System log using evparse.exe utility	{ComputerName}_StorageEventLogs.htm

Sysprep Folder

Description	File name
Contents of %windir%\System32\sysprep	{ComputerName}_sysprep.zip

Windows hotfix installation logs

Description	File name
Windows XP and Server 2003 KB Installation Logs from Windows folder	{ComputerName}_KBInstallLogs.zip

In addition to collecting the information that is described earlier, this diagnostic package can detect one or more of the following symptoms:
Event Logs Messages One or more processes are using a high number of handles Possible Kernel Memory performance related problem This system is currently running under low System PTEs This system is currently running under low Virtual Memory Memory Dump Related Issues Detect if this machine is a Virtual Machine running in Microsoft Azure Check if cluster groups are in Offline or Failed state Check for errors gathering cluster information via Get-ClusterNode cmdlet Check if the state of one or more cluster nodes is down or paused Check if Cluster service is not running or offline Check if Cluster Shared Volumes is configured to Redirected access Check if Cluster Shared Volumes is configured for Local Access Check if Cluster Shared Volumes is configured to Maintenance Mode Check if Cluster Shared Volumes is configured to Network Access Check if there are any virtual machine with High CPU utilization Check if Dynamic Memory is enabled to one or more Virtual Machines Check if Dynamic Memory is enabled on one or more Virtual Machines with old Integration Services Check for version mismatches of Integration Services Check if one or more Virtual Machines have virtual hard drives located on an disk with Advanced Format Drives (512e disks) Best Practices Analyzer errors or warnings Print Drivers and Printers information Detect Advanced Format Drives Detect Native 4K drives on the system KB982018 is not installed or files are outdated Check for Symantec Endpoint Protection MR1/MR2 Check for Evaluation Media Check if Page Heap is enabled to one or more processes Check if driver verifier has been enabled for at least one driver. Check for ephemeral port usage Check for ephemeral port usage Check if the Cluster Name Object (CNO) exists and it is enabled in Active Directory Check for third party virtualization solution from Xsigo Check for LmCompatibilityLevel setting Check firewall rules on cluster nodes with IPv6 enabled Checks if Appsense EM 8.1 is installed on machine Check for large number of Inactive Terminal Services ports Checking if Registry Size Limit setting is present on the system Check PoolUsageMaximum Setting Checking for shared PST files Check for McAfee Endpoint Encryption version which may cause slow boot issues Check for terminal services licensing binary versions for Windows Server 2003 Check for specific version of SEP that may cause handle leak Check RPC settings for allowing unauthenticated sessions Check for Performance counters to see if there is an issue with NTFS metafile cache memory consumption Check for ProcessorAffinityMask setting for multiprocessor Windows Server 2003 machines Check for ClearPageFileAtShutdown setting which may cause slow shutdown Check for NMICrashDump setting on HP ProLiant DL385 G5 Check state of Search Sevice when Lenovo Rapid Boot Software is installed Check pool memory allocated for 'D2d' tag Check pool memory allocated for RxM4 and SeTI tag Check pool memory allocated for 'SslC' tag Check pool memory allocated for 'Toke' tag on terminal services Older version of MPIO.SYS was detected in this machine andNonpaged pool kernel memory leak detected on Windows Server 2003 with Multipathing solution installed Check for Broadcom Advanced Server Program driver information Detect Aladdin Knowledge Systems Device Drivers Check the state of Application Compatibility Engine Check pool memory usage from Citrix XTE process Check if Users group have permissions under HKCR\CLSID Check HeapDecommitFreeBlockThreshold registry value Check for specific version of wsftpsi.dll known to cause Explorer crashes Detect Netapi32.dll version Detect if fail to install due to an invalid Registry entry for Autoruns Check for missing registry keys that can cause issues with Component Services Check if EMC Replistor Software is on machine but KB 975759 is not installed Check for unsupported versions of Windows Vista or Windows Server 2008 Check if DEP and PAE is enabled on a 32-bit system Check if Ultimaco Safeware disk encryption is installed and current version Check if Telnet service is running under System account Check for known issue with BIOS version of PowerEdge R910, R810 and M910 Check the value of 'SystemPages' in Memory Management registry key Possible startup performance problems on Hyper-V Servers due to a large number of orphaned registry keys Check Xeon Processor 5500 Series processor erratum related with Hyper-V (KB 975530) Check if update KB2263829 is installed on Hyper-V on Windows Server 2008 R2 Service Pack 1 systems Check for event ID 21203 or 21125 in the Microsoft-Windows-Hyper-V-High-Availability/Admin event log over the past 15 days. Check for the presense of HKLM\Components registry keys which indicate a recente component installation Check for the presense of Pending.XML in WinSxS folder Check if SYSTEM permisions in usbhub.sys Check for Veritas disk VXIO device states Check the number of entries in FilesNotToBackup registry key Check for Bitlocker Drive Encryption Fixed Data Drive Read-Only Policy
References For more information about the Microsoft Automated Troubleshooting Services and about the Support Diagnostics Platform, please open the following Microsoft Knowledge Base article:

2598970 Information about Microsoft Automated Troubleshooting Services and Support Diagnostic Platform