Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

[SDP 3] [5e6721af-928b-4323-97b8-692504c31d58] Authentication Diagnostic


View products that this article applies to.

Summary

The Authentication Diagnostic was designed to collect information used in troubleshooting common authentication and authorization issues.

↑ Back to the top


More Information

This article describes the information that may be collected from a machine when running the Authentication Diagnostic.

 

Information Collected

Event Logs - General
Description                 File Name
Event Log – System – text, csv and evtx formats{Computername}_evt_System.*
Event Log – Application – text, csv and evtx formats{Computername}_evt_Application.*
Event Log – Security – text, csv and evtx formats{Computername}_evt_Security.*

Active Directory Information
Description                 File Name
User Logon Information (user identity, user status, logon authentication method, domain controller and global catalog used, and logon computer details){Computername}_UserLogonInfo.txt and in ResultReport.xml
Active Directory Domain Information (details about the current domain including a list of all domain controllers in the domain){Computername}_CurrentDomainInfo.txt and in ResultReport.xml
Active Directory Forest Information (details about domains in the current forest){Computername}_ForestInfo.txt and in ResultReport.xml
Active Directory Forest Trusts List (created trusted for the current forest){Computername}_TrustList.txt and in ResultReport.xml
Active Directory Site Domain Controller List{Computername}_SiteDCList.txt and in ResultReport.xml


Winlogon Debug Log
DescriptionFile Name
Winlogon debug log  %systemroot%\security\logs\winlogon.log{Computername}_winlogon.log


Whoami.exe
DescriptionFile Name
Output from the Whoami.exe utility, with the /all switch.{Computername}_whoami.txt


User Rights Configuration
DescriptionFile Name
Currently configured user rights for the local computer.{Computername}_UserRights.txt


Directory Services Miscellaneous
DescriptionFile Name
Domain functional level information and built in Administrators group membership.{Computername}_DSMisc.txt


Audit Policy Information
DescriptionFile Name
AuditPol Configuration{Computername}_ AuditPol_Configuration.*
AuditPol Per-User{Computername}_ AuditPol_Per-User.*
AuditPol User Policy{Computername}_ AuditPol_UserPolicy.*
Audit Policy Events{Computername}_ AuditPolPolicy.*


Secure Channel Information
DescriptionFile Name
Local domain secure channel information on domain member computers and trust secure channel information from domain controllers.  Also gathers basic domain and forest info.{Computername}_Secure_Channels.txt


Authentication Registry Items and Claims
DescriptionFile Name
Authentication related registry entries for effective settings.  Claims information if present.



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32time

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\Kerberos\Parameters



DCs Only:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\KDC\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS
{Computername}_AuthnSettings.txt


Kerberos Tickets
DescriptionFile Name
User session ticket information from Klist.exe.{Computername}_Klist.txt


Group Policy Information
DescriptionFile Name
Group policy results for the logged on user and computer.{Computername}_gpresult.txt
Group policy results for the logged on user and computer.{Computername}_gpresult.htm


User Token Details
Description                 File Name
User Token Details (security groups, group scopes, SIDHistory and token sizing information){Computername}_TokenDetails.txt

Windows Time Information
Description                 File Name
W32Time Reg Key{Computername}_W32Time_Reg_Key.txt
W32Time Reg Key Perms{Computername}_W32Time_Reg_Key_Perms.txt
W32Time Service Status{Computername}_W32Time_Service_Status.txt
W32Time Service Perms{Computername}_W32Time_Service_Perms.txt
W32TM /Monitor{Computername}_W32TM_Monitor.txt
W32TM /TestIf /QPS{Computername}_W32TM_TestIf_QPS.txt
W32TM Query Status{Computername}_W32TM_Query_Status.txt
W32TM Stripchart{Computername}_W32TM_Stripchart.txt

WINS Client Information
Description                 File Name
WINS Client nbtstat output{Computername}_ WinsClient_nbtstat-output.TXT



Netlogon Debug Logs
DescriptionFile Name
Netlogon.log located in %windir%\debug

{Computername}_Netlogon.log
Netlogon.bak located in %windir%\debug{Computername}_Netlogon.bak


DHCP Client Information
Description                 File Name
DHCP Client Registry Key{Computername}_ DhcpClient_reg_.TXT

IPSec Information
Description                 File Name
IPsec Powershell Cmdlets{Computername}_ IPsec_info_pscmdlets.TXT
IPsec Registry keys{Computername}_IPsec_reg_.TXT
IPsec netsh dynamic show all{Computername}_IPsec_netsh_dynamic.TXT
IPsec netsh static show all{Computername}_IPsec_netsh_static.TXT
IPsec Local Policy Export (.ipsec):{Computername}_netsh_LocalPolicyExport.ipsec

DNS Client Information
Description                 File Name
DnsClient Registry Keys{Computername}_ DnsClient_reg_.TXT
Ipconfig /displaydns{Computername}_ DnsClient_ipconfig-displaydns.TXT
DNS Client - HOSTS file{Computername}_ DnsClient_HostsFile.TXT
DNS Client Powershell Cmdlets{Computername}_ DnsClient_info_pscmdlets.TXT
DNS Client netsh show state (for DirectAccess){Computername}_ DnsClient_netsh_dnsclient-show-state.TXT

Firewall Information
Description                 File Name
Firewall PowerShell Cmdlets{Computername}_Firewall_info_pscmdlets.txt
Firewall Registry Keys{Computername}_Firewall_reg.txt
NETSH Advanced Firewall{Computername}_netsh_advFirewall.txt
NETSH Advanced Firewall Export{Computername}_netsh_advFirewall-export.wfw
NETSH Advanced Firewall Rules ConSec{Computername}_netsh_advFirewall-consec-rules.txt
NETSH Advanced Firewall Rules ConSec Active{Computername}_netsh_advFirewall-consec-rules-active.txt
NETSH Advanced Firewall Rules{Computername}_netsh_advFirewall-firewall-rules.txt
NETSH Advanced Firewall Rules Active{Computername}_netsh_advFirewall-firewall-rules-active.txt
NETSH WFP Show Events{Computername}_netsh_wfp_show_netevents.xml
NETSH WFP Show BootTimePolicy{Computername}_netsh_wfp_show.boottimepolicy.xml
NETSH WFP Show Filters{Computername}_netsh_wfp-show-filters.xml
NETSH WFP Show Options OptionsForNetEvents{Computername}_netsh_wfp-show-options-optionsfornetevents.txt
NETSH WFP Show Options OptionsForKeyWords{Computername}_netsh_wfp-show-options-optionsforkeywords.txt
NETSH WFP Show Security Net Events{Computername}_netsh_wfp-show-security-netevents.txt
NETSH WFP Show State{Computername}_netsh_wfp-show-state.xml
NETSH WFP Show Sysports{Computername}_netsh_wfp-show-sysports.xml
Microsoft-Windows-Windows Firewall With Advanced Security/Firewall{Computername}_evt_WindowsFirewallWithAdvancedSecurity-Firewall_evt_.*

TCP Information
Description                 File Name
TCPIP Info{Computername}_ TCPIP_info.TXT
TCPIP registry output{Computername}_ TCPIP_reg_output.TXT
TCP OFFLOAD{Computername}_TCPIP_OFFLOAD.TXT
TCPIP Services File{Computername}_TCPIP_ServicesFile.TXT
TCPIP Net Powershell Cmdlets{Computername}_TCPIP_info_pscmdlets_net.TXT
TCPIP IPv6 Transition Technology Info{Computername}_TCPIP_info_pscmdlets_IPv6Transition.TXT
TCPIP netsh output{Computername}_TCPIP_netsh_info.TXT
Microsoft-Windows-Iphlpsvc/Operational{Computername}_evt_Iphlpsvc-Operational_evt_.*

RPC Information
Description                 File Name
RPC netsh output{Computername}_ RPC_netsh_output.TXT
RPC registry output{Computername}_ RPC_reg_output.TXT

SMB Information
Description                 File Name
SMB Client registry output{Computername}_SmbClient_reg_output.TXT
SMB Client Information from Net.exe {Computername}_SmbClient_info.TXT
SMB Server registry output{Computername}_SmbServer_reg_output.TXT
SMB Server Information from tools like net.exe{Computername}_SmbServer_info.txt


In additional to the files collected and listed above, this troubleshooter can detect one or more of the following situations:

·          Problem detection for Dynamic Access Control Configuration (Windows 8 and Server 2012 only).

·          Problem detection for certificates which are soon to expire or have recently expired within 7 days.

·          Problem detection for identifying certificates with weak keys (RSA keys less than 1024 bits).

·          Problem detection: Cryptographic Cipher Configuration Detection to detect whether cipher uses have been configured explicitly on the computer or via group policy.

·          Problem detection to see if the local domain secure channel has problems (domain members only).

·          Problem detection to see if the secure channels to trusted domains are having problems.

·          Problem detection to see if the computer has experienced MaxConcurrentApi issues in the recent past or is currently seeing a MaxConcurrentApi issue.

·          Operating system name.

·          Time zone.

·          Last Reboot/Uptime.

·          Anti-Malware installed.

·          User Account Control setting.

·          Username logged on during data gathering.

·          Computer Model.

·          Processor information.

·          Computer domain name.

·          Computer domain role.

·          Physical memory.

·          Process summary.

·          Top memory usage statistics.

References                                                                                                                           

KB 926079 - Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT)
http://support.microsoft.com/kb/926079

↑ Back to the top


Keywords: kb

↑ Back to the top

Article Info
Article ID : 2765136
Revision : 1
Created on : 1/7/2017
Published on : 2/19/2014
Exists online : False
Views : 583