Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

[SDP 3][10678477-8f52-4968-8848-01305cbcc3c1] Windows Performance Diagnostic

View products that this article applies to.


The Windows Performance Diagnostics tool for Support Diagnostics Platform (SDP) collects information to help you troubleshoot performance problems.

↑ Back to the top

More Information

This article describes the information that may be collected when you run the Windows Performance Diagnostics tool for SDP on a computer that is experiencing performance problems.

Information collected

Event Logs - General

DescriptionFile Name
Event Log – Application – text, csv and evtx formats{Computername}_evt_Application.*
Event Log – System – text, csv and evtx formats{Computername}_evt_System.*

Memory Dumps and related information

DescriptionFile Name
Information about Machine Memory Dumps, User memory dumps, and memory dump configuration{Computername}_DumpReport.*
Mini-machine memory dumps generated within the past 30 days{Computername}_dmp_*.zip

Hotfixes and updates

DescriptionFile Name
Installed Updates and Hotfixes{Computername}_Hotfixes.*

Printer and print driver information

DescriptionFile Name
Information about Print drivers and printers, including print monitors, processors, and print driver file version information{Computername}_PrintInfo.*

Networking basic information

DescriptionFile Name
Basic IP networking configuration information, such as Tcp/ip registry key, ipconfig, netstat, nbtstat, and netsh output{Computername}_TcpIp-Info.txt
Basic SMB configuration information based on output of net.exe utility{Computername}_SMB-Info.txt
Networking Diagnostic output using netdiag.exe utility{Computername}_NetDiag.txt
Netsh "int ipv4" and subcommands output{Computername}_TCPIP-Netsh-IPv4.txt
Netsh "int ipv6" and "int 6to4" subcommands output{Computername}_TCPIP-Netsh-IPv6.txt
Netsh "int tcp" subcommands output{Computername}_TCPIP-Netsh-TCP.txt

File version information

DescriptionFile Name
File version information from %windir%\cluster\*.*{Computername}_sym_Cluster.*
File version information from %windir%\system32\*.dll{Computername}_sym_System32_dll.*
File version information from %windir%\system32\*.exe{Computername}_sym_System32_exe.*
File version information from %windir%\system32\*.sys{Computername}_sym_System32_sys.*
File version information from %windir%\system32\drivers folder{Computername}_sym_Drivers.*
File version information from %windir%\system32\drivers\*.*{Computername}_sym_SysWOW64_sys.*
File version information from {Program Files (x86}}\*.sys{Computername}_sym_ProgramFilesx86_sys.*
File version information from {Program Files}\*.sys{Computername}_sym_ProgramFiles_sys.*
File version information from {Program Files}\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.*{Computername}_sym_MS_Iscsi.*
File version information from all drivers currently running on machine{Computername}_sym_RunningDrivers.*
File version information from all processes currently running on machine{Computername}_sym_Process.*
File version information from print spooler folder %windir%\system32\Spool\*.*{Computername}_sym_PrintSpooler.*

Registry subkeys

DescriptionFile Name
HKLM\Software\Microsoft\Windows NT\CurrentVersion


HKLM\System\CurrentControlSet\Control\Session Manager

HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management

HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKLM\Software\Microsoft\Windows\Windows Error Reporting

HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting






HKLM\ Software\Microsoft\Windows\CurrentVersion\Run






HKCU\Software\Microsoft\Windows NT\CurrentVersion\Load

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run


HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit




HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server Web Access








HKLM\SOFTWARE\Microsoft\iSCSI Target

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\iSCSI







Storage and disk information

DescriptionFile Name
Information from machine disk sectors generated by SecInspect.exe utility{Computername}_Secinspect.txt
iSCSI related information generated by iscsicli.exe utility{Computername}_iSCSIInfo.txt
Parsing of Storage related event logs (Events 6 7 9 11 15 50 51 57 and 389) on System log using evparse.exe utility{Computername}_StorageEventLogs.htm
Fibre Channel Information tool (fcinfo) output to obtain SAN resources and configuration information{Computername}_FCInfo.txt
Dispart’s SAN policy information{Computername}_DiskpartSANPolicy.TXT

Devices and drivers

DescriptionFile Name
Devices and connection information generated by devcon utility{Computername}_Devcon.log
Minifilter drivers enumeration using Fltmc.exe utility{Computername}_Fltmc.TXT
MS-DOS device names using dosdev utility{Computername}_DosDev.txt
Output from Driver Verifier Manager (verifier.exe) utility{Computername}_Verifier.txt
Upper and lower filters Information using fltrfind.exe utility{Computername}_FltrFind.txt
Information about driver signature using driverquery.exe{Computername}_SignedDrivers.txt
iSCSI Information using iscsicli.exe utility{Computername}_iSCSIInfo.txt

Server manager and server roles information

DescriptionFile Name
Information about server roles installed on a server generated by servermanagercmd.exe{Computername}_ServerManagerCmdQuery.*
Server manager log file located at %windir%\logs\ServerManager.log{Computername}_ServerManager.log
SeverCore OCList output{Computername}_OptionalComponents.txt

Hyper-V role

DescriptionFile Name
Event Log - Hyper-V related event logs (Microsoft-Windows-Hyper-V*) – Text, csv and evtx formats{Computername}_evt_HyperV*.*
Hyper-V Configuration and Virtual Machine Information{Computername}_HyperV-Info.htm
Hyper-V Virtual Machine Definition files from %ProgramData%\Microsoft\Windows\Hyper-V\Virtual Machines\*.xml{Computername}_{VirtualMachineGUID}.xml

FailoverCluster feature

DescriptionFile Name
Cluster Logs generated by Get-ClusterLog PowerShell cmdlet{Computername}_Cluster.Log
Cluster MPS Tool (clusmps.exe) output{Computername} _Cluster_MPS_Information.txt
Cluster validation reports files located at \Windows\Cluster\Reports\*.mht{Computername} _*.mht
Cluster reports XML files located at \Windows\Cluster\Reports\*.xml{Computername} _*.xml
Cluster validation log files from \Windows\Cluster\Reports\Validate*.log{Computername}_Validade*.log
Cluster resources properties using PowerShell Get-ClusterResource cmdlet{Computername}_ClusterProperties.txt
Cluster Dependency Report generated by Get-ClusterResourceDependencyReport PowerShell cmdlet{Computername}_DependencyReport.mht
Cluster Shared Volume information – html format{Computername}_CSVInfo.htm
Cluster basic Validation Report generated by Test-Cluster PowerShell cmdlet{Computername}_ValidationReport.mht
Cluster MPS Tool (clusmps.exe) output{Computername} _Cluster_MPS_Information.txt
Event Logs - Microsoft-Windows-FailoverClustering* - text, csv and evtx formats{Computername}_evt_FailoverClustering*.*
Cluster Resource Properties from cluster.exe utility{Computername}_Cluster_Properties.txt
Cluster Resources information from cluster.exe utility

Output from ‘Cluster . RES’ command line utility, listing resources and properties{Computername}_Cluster_Res_Properties_All.txt

Best Practices Analyzer output

DescriptionFile Name
Hyper-V Best Practices Analyzer output in HTML format

Note Update 977238 must be installed to obtain this output
Remote Desktop Services Best Practices Analyzer output in HTML format{Computername}_TS_BPAInfo.*

Performance-related information

DescriptionFile Name
Basic Information about processes, such as memory usage and handle count, and information about Kernel memory utilization, such as Paged Pool and Non-Paged Pool memory{Computername}_ProcessesPerfInfo.htm
Performance Monitor log from common counters from one minute with a sample interval of one second{Computername}_Report.html


DescriptionFile Name
Basic information about virtual environments{Computername}_Virtualization.*


DescriptionFile Name
Resultant Set of Policy (RSoP) generated by gpresult.exe utility{Computername}_GPResult.*
System Information - MSInfo32 tool output – txt and nfo formats{Computername}_msinfo32.*
Volume Shadow Copy Service (VSS) information{Computername}_VSSAdmin.txt
Boot Configuration Data (BCD) configuration via bcdedit.exe tool output{Computername}_BCDEdit.txt
Operating system Boot options file (Boot.ini){Computername}_boot.ini
Schedule Tasks information (csv and txt) generated by schtasks.exe utility{Computername}_schtasks.*
Information about process and threads using pstat.exe tool{Computername}_PStat.txt
Basic information about Remote Desktop Services from QUERY command line utility (query user, query session and query process){Computername}_TSQuery.txt
SysInternals utility Autoruns output displaying startup components on the system{Computername}_AutoRuns.*
Windows Update log file (from windows folder){Computername}_WindowsUpdate.log
SP Catalog Logging file (Windows\System32\catroot2 \DBErr.txt){Computername}_DBErr.txt

Additional Information

In addition to the collected information that is listed in these tables, this troubleshooter can detect one or more of the following situations:
  • Event 602 in the PrintService/Admin event log (KB2457866)
  • Symantec Endpoint Protection MR1/MR2
  • Unexpected TCP/IP registry settings (KB 967224)
  • Unsupported versions of Windows Vista or of Windows Server 2008
  • Version mismatches of Integration Services
  • Whether cluster groups are online
  • Whether a Cluster Name Object (CNO) exists and is enabled in Active Directory Domain Services
  • Whether the Cluster service is not running or is offline
  • Whether a driver verifier has been enabled for at least one driver
  • Whether Dynamic Memory is enabled on one or more virtual machines that are running any version of Integration Services that is older than the current version
  • Whether EMC Replistor Software is installed on the computer but Hotfix 975759 is not installed
  • Whether HP Port Monitor HPTCPMON is installed
  • Whether HP Print Services "Net Driver HPZ12" or "Pml Driver HPZ12" are installed
  • Whether one or more Advanced Format Disks (512e) are detected on the system
  • Whether one or more virtual machines have virtual hard disks that are located on a disk that uses Advanced Format Drives (512e disks)
  • Whether page heap is enabled against one or more processes
  • Whether a print driver failed to download from a Print Server because of a "Point and Print Restrictions" policy
  • Whether the operating system is currently low on virtual memory
  • Whether the state of one or more cluster nodes is down or is paused
  • Whether any 4K native drives exist on the system
  • Whether any virtual machine that have High CPU utilization exist in the environment
  • Whether Update 2541014 is installed (This update fixes a problem that may cause this computer not to hibernate or not to generate a machine memory dump when a Stop error occurs.)
  • Whether Update 2263829 is installed on computers that are running the Hyper-V role in Windows Server 2008 R2 Service Pack 1
  • Whether Xeon Processor 5500 Series processor erratum is occurring relative to Hyper-V (see KB 975530)
  • Whether Cluster Shared Volumes is in Maintenance mode
  • Whether the installed operating system is evaluation media
  • Kernel Memory Pool allocation tags that display a higher-than-average consumption
  • Whether processes are using a high number of handles
  • Presence of machine memory dumps within the past 30 days
  • Presence of user mode memory dumps within the past 30 days
  • Problems related to machine memory dump configuration
  • Unexpected Shutdown event log entries in the System log within the past 30 days (Events 41 from Microsoft-Windows-Kernel-Power)
  • Machine Memory Dump-related event log entries in the System log within the past 30 days (Events 1001 from Save Dump)
  • Any of the hosted Hyper-V virtual machines from a Hyper-V host that is using more than 80 percent CPU capacity
  • Failure to run the Cluster Validation report on cluster nodes
  • An error detected by the Cluster Validation report that indicates a failure of any cluster node to contact the Service Control Manager (SCM)

↑ Back to the top


For more information about the Microsoft Automated Troubleshooting Services and about the Support Diagnostics Platform, click the following article number to see the article in the Microsoft Knowledge Base: 
2598970 Information about the Microsoft Automated Troubleshooting Services and Support Diagnostic Platform

↑ Back to the top

Keywords: kb

↑ Back to the top

Article Info
Article ID : 2516512
Revision : 1
Created on : 1/7/2017
Published on : 12/19/2013
Exists online : False
Views : 384