The "Public Key Infrastructure (PKI) Diagnostic" support diagnostic package was designed to collect information interactively to help troubleshoot Active Directory Certificate Services (ADCS) and PKI-related issues.
If you are working together with Microsoft Product Support Services, you should receive instructions about which selections to make during the manifest execution.
The manifest offers two execution modes: Basic and Advanced.
In Basic mode, the manifest collects logs and tool output that already exist on the computer. When you select this mode, the manifest runs and offers to upload or save the resulting file.
In Advanced mode, you can gather data about a problem reproduction attempt, and the manifest prompts you for the kinds of logs and traces to collect.
The items have the following meaning:
After you click Next, the manifest asks you to prepare for the problem reproduction phase of the manifest execution.
When you click Next, begin at the problem reproduction. The manifest waits while you click the radio button at the top of the dialog box, and then click Next to stop the data gathering.
When the problem reproduction data collection is finished, the diagnostic will automatically begin. The manifest execution collects the static data of the system.
The logs should also contain events that were logged during the reproduction attempt. After this data is collected, you can start the upload.
If you are working together with Microsoft Product Support Services, you should receive instructions about which selections to make during the manifest execution.
The manifest offers two execution modes: Basic and Advanced.
In Basic mode, the manifest collects logs and tool output that already exist on the computer. When you select this mode, the manifest runs and offers to upload or save the resulting file.
In Advanced mode, you can gather data about a problem reproduction attempt, and the manifest prompts you for the kinds of logs and traces to collect.
The items have the following meaning:
- Network capture, …: Gathers interface trace data on the named components during a replication attempt, contains data that is exchanged with other computers in the environment.
- Schannel Logging: This logs the activity of the SSL/TSL component on the computer during a problem reproduction.
- CAPI2 Logging: In this logging, the activity of the certificate client component during a problem reproduction.
- SmartCard Logging: Logging of hte Smartcard Servioce activity.
- ADCS information: If checked, the manifest gathers information about the Certificate Authority configuration of the machine.
- NDES Information: “Network Device Enrollment Services” is a standard where a “desktop client” enrolls certificates on behalf of network devices like routers or switches. If you want to collect information for such a scenario, please check this box.
- OCSP Information: The “Online Certificate Status Protocol” helps ensuring certificates are valid while avoiding delays or lots of network traffic. If you suspect problems verifying certificates, check this box.
- CertUtil General Information: Runs various CertUtil commands to gather information about the configuration regarding PKI.
After you click Next, the manifest asks you to prepare for the problem reproduction phase of the manifest execution.
When you click Next, begin at the problem reproduction. The manifest waits while you click the radio button at the top of the dialog box, and then click Next to stop the data gathering.
When the problem reproduction data collection is finished, the diagnostic will automatically begin. The manifest execution collects the static data of the system.
The logs should also contain events that were logged during the reproduction attempt. After this data is collected, you can start the upload.