Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. [SDP3][07d378dd-c97f-4184-8067-18138066e0b6] Windows Server Remote ServerCore Diagnostic

[SDP3][07d378dd-c97f-4184-8067-18138066e0b6] Windows Server Remote ServerCore Diagnostic

View products that this article applies to.

Summary

Windows Server 2008 R2 ServerCore and Windows Server 2012 ServerCore do not have native support to run diagnostic packages directly on the machine. This diagnostic collects diagnostic information from a remote Windows Server 2008 R2 or Windows Server 2012 ServerCore

↑ Back to the top

More Information

Windows Server 2008 R2 ServerCore installation option as well as Windows Server 2012 ServerCore installation option do not offer support for running SDP Diagnostics directly on the local machine.This specific diagnostic package to allow collecting diagnostic information from a Windows Server ServerCore machine via a remote machine.

From a machine runing the full Windows Operating System (Windows XP or newer operating system) and connected to the Internet, start the diagnostic package execution by following the instructions sent to you. In order to run this diagnostic on a ServerCore computer the machine used to start the diagnostic package must have network connectivity to the ServerCore machine that is being diagnosed. In addition, the user account needs to be administrator of the remote ServerCore machine.

Start the diagnostic package execution from the remote machine. You will be prompted the name of the ServerCore computer. Please type the name of the Server and then click 'Next'.

The diagnostic package will connect to the remote ServerCore R2 machine, install the prer-requisites (PowerShell and .NET Framework) and then execute the diagnostic package. After the execution finishes, the diagnostic package will collect the information from the remote machine and show the option to upload results.


Information Collected


Additional Information
DescriptionFile name
Volume Shadow Copy Service (VSS) information via vssadmin utility output
{ComputerName}_VSSAdmin.TXT

Applied Security Templates
DescriptionFile name
Applied Security Templates from windows\Security\Templates\Policies
{ComputerName}_AppliedSecTempl.txt

Audit policy
DescriptionFile name
Auditpol Audit Policy output via 'auditpol.exe /backup /file'
{ComputerName}_Auditpolicy.csv
Current Per User policy output via 'auditpol.exe /get /user'
{ComputerName}_Auditpol_UserPolicy.txt
Get Configuration output via 'auditpol.exe /get /category'
{ComputerName}_Auditpol_Configuration.txt
Per User configured accounts output via 'auditpol.exe /list /user /v 1'
{ComputerName}_Auditpol_Per-User.txt

Best Practices Analyzer
DescriptionFile name
Best Practices Analyzer (BPA) Report
{ComputerName}_*BPA*.htm

Boot Information
DescriptionFile name
BCDEdit Output
{ComputerName}_BCDEdit.TXT
Boot.ini file
{ComputerName}_Boot.Ini
Copy of BCD - System Store
{ComputerName}_BCD-Backup.BKP

DCDiag
DescriptionFile name
DCDiag DNS Health information output via 'dcdiag.exe /v /test:dns /f'
{ComputerName}_DCDiag-DNS.log
DCDiag Topology Test output via 'dcdiag.exe /v /test:topology /f'
{ComputerName}_DCDiag-Topology.log
DCDiag Verbose output via 'dcdiag.exe /v /f'
{ComputerName}_DCDiag-Verbose.log

Devices and drivers
DescriptionFile name
Devcon utility output
{ComputerName}_DevCon.txt
Fibre Channel Information Tool (FCInfo) output
{ComputerName}_FCInfo.txt
Filter Manager minifilter drivers and instances via Fltmc.exe utility output
{ComputerName}_Fltmc.TXT
Information about MS-DOS device names (symbolic links) via DOSDev utility
{ComputerName}_DOSDev.txt
Upper and lower filters information via fltrfind.exe utility
{ComputerName}_FltrFind.txt

DHCP Client
DescriptionFile name
HKLM\SYSTEM\CurrentControlSet\services\Dhcp
{ComputerName}_DhcpClient_reg_.TXT
Microsoft-Windows-Dhcp-Client/Operational
Microsoft-Windows-DhcpNap/Operational
Microsoft-Windows-Dhcpv6-Client/Operational
{ComputerName}__evt_*.*

Directory Services related registry keys
DescriptionFile name
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts
HKCU\Software\Microsoft\Windows\CurrentVersion\NetCache
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Rpc
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication
HKLM\Software\Microsoft\Windows\CurrentVersion\NetCache
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions
HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\parameters
HKLM\SYSTEM\CurrentControlSet\Services\NTDS\parameters
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\w32time
{ComputerName}_regentries.txt

Distributed File System Replication (DFSR) Information
DescriptionFile name
Information about replication groups
{ComputerName}_DFSR_Replica*.xml
DFS Management Trace Log
{ComputerName}_DFSR_Dfsmgmt*.log
DFSR Configuration Information from Dfsr Performance counters
{ComputerName}_DFSR_Info.txt
DFSR Conflicts and Deletes
{ComputerName}_DFSR_ConflictAndDeleted.xls
DFSR Current Log File
Dfsr*.log
DFSR Database GUIDs
{ComputerName}_DFSR_DBGUIDs.txt
DFSR Events Last 3 Days
{ComputerName}_DFSR_Events_Last_72_Hours.xls
DFSR File Versions
{ComputerName}_DFSR_File_Versions.txt
DFSR Hotfixes
{ComputerName}_DFSR_Hotfixes.txt
Dfsr machine configuration information from DfsrMachineConfig WMI class
{ComputerName}_DFSR_DfsrMachineConfig.XML
DFSR Performance Data from DFSReplicatedFolders performance counters
{ComputerName}_DFSR_Performance_Data.txt
DFSR Previous Log file
Dfsr*.gz
DFSR XML configuration files from \System Volume Information\DFSR\Config
{ComputerName}_DFSR_Volume*.xml
Health Report
*HealthReport*
Output of 'Dirquota Quota List'
{ComputerName}_DFSR_FSRM_Quotas.txt
Output of 'Filescrn Screen List'
{ComputerName}_DFSR_FSRM_File_Screens.txt
Output of 'reg query HKLM\System\CurrentControlSet\Services\DFSR /s'
{ComputerName}_DFSR_RegKey_DFSR.txt
Progress Log
DFSR__Progress.txt

DNS Client
DescriptionFile name
DNS Client - HOSTS file from windir\system32\drivers\etc\HOSTS
{ComputerName}_DnsClient_HostsFile.TXT
DNS Client netsh show state (for DirectAccess): netsh dnsclient show state
{ComputerName}_DnsClient_netsh_dnsclient-show-state.TXT
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient
HKLM\SYSTEM\CurrentControlSet\services\Dnscache
{ComputerName}_DnsClient_reg_.TXT
IP configuration from command: Ipconfig /displaydns
{ComputerName}_DnsClient_ipconfig-displaydns.TXT

Domain Controller Promotion Logs
DescriptionFile name
Domain Controller promotion debug log from \Windows\debug
{ComputerName}_DCPromo.log
Domain Controller promotion UI debug log from \Windows\debug
{ComputerName}_DCPromoUI.log

Driver Verifier Information
DescriptionFile name
Output from Driver Verifier Manager (verifier.exe) utility
{ComputerName}_verifier.txt

Event Logs - Failover Cluster
DescriptionFile name
Microsoft-Windows-FailoverClustering* (.csv .evtx .txt)
{ComputerName}_evt_FailoverClustering.*

Event Logs - General
DescriptionFile name
Application (.csv .evtx .txt)
{ComputerName}_evt_Application.*
System (.csv .evtx .txt)
{ComputerName}_evt_System.*

Event Logs - Networking
DescriptionFile name
Microsoft-Windows-NetworkProfile/Operational* (.csv .evtx .txt)
{ComputerName}_evt_NetworkProfile-Operational.*

Event Logs - PrintService
DescriptionFile name
Microsoft-Windows-PrintService* (.csv .evtx .txt)
{ComputerName}_evt_PrintService.*

Failover Cluster Feature
DescriptionFile name
Basic Failover Cluster information vai clusmps.exe utility (on operating Systems earlier than Windows Server 2008 R2)
{ComputerName}_cluster_mps_information.txt
Basic Failover Cluster information, including information from existing resources and groups via FailoverCluster PowerShell cmdlets (Windows Server 2008 R2 and newer)
 resultreport.xml

Cluster basic Validation Report generated by Test-Cluster PowerShell cmdlet
{ComputerName}_ValidationReport.mht
Cluster Dependency Report generated by Get-ClusterResourceDependencyReport PowerShell cmdlet on Windows Server 2008 or newer
{ComputerName}_DependencyReport.mht
Cluster Logs generated by Get-ClusterLog PowerShell cmdlet on Windows Server 2008 R2, cluster.exe utility or from \windows\cluster\cluster.log on previous versions of Windows
{ComputerName}_cluster.log
Cluster reports XML files located at \Windows\Cluster\Reports\*.xml
{ComputerName}_ClusterReportXML.zip
Cluster Resources information from cluster.exe utility
{ComputerName}_ClusterResources.txt
Cluster resources properties using PowerShell Get-ClusterResource cmdlet or cluster.exe utility on previous versions of Windows
{ComputerName}_ClusterProperties.txt
Cluster validation log files from \Windows\Cluster\Reports\Validate*.log
{ComputerName}_Validate*.log
Cluster validation reports files located at \Windows\Cluster\Reports\*.mht
{ComputerName}_ClusterReportMHT.zip
Information about Cluster Shared Volume
{ComputerName}_CSVInfo.HTM

File Version Information (Chksym)
DescriptionFile name
File version information from %ProgramFiles%\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.*
{ComputerName}_sym_MS_iscsi.*
File version information from %windir%\cluster\*.*
{ComputerName}_sym_ProgramFiles_sys.*
File version information from %windir%\cluster\*.*
{ComputerName}_sym_Cluster.*
File version information from %windir%\system32\*.dll
{ComputerName}_sym_System32_dll.*
File version information from %windir%\system32\*.exe
{ComputerName}_sym_System32_exe.*
File version information from %windir%\system32\*.sys
{ComputerName}_sym_System32_sys.*
File version information from %windir%\system32\drivers folder
{ComputerName}_sym_Drivers.*
File version information from %windir%\system32\Spool\*.*
{ComputerName}_sym_PrintSpooler.*
File version information from %windir%\syswow64 folder and subfolders
{ComputerName}_sym_SysWOW64_sys.*
File version information from %windir%\syswow64\drivers folder
{ComputerName}_sym_SysWOW64_sys.*
File version information from {Program Files (x86)}\*.sys folder and subfolders
{ComputerName}_sym_ProgramFilesx86_sys.*
File version information from {Program Files}\*.sys folder and subfolders
{ComputerName}_sym_ProgramFiles_sys.*
File version information from drivers currently running on the machine
{ComputerName}_sym_RunningDrivers.*
File version information from processes currently running on the machine
{ComputerName}_sym_Process.*

Firewall
DescriptionFile name
Advfirewall ConSec Rules from command: netsh advfirewall consec show rule name=all
{ComputerName}_Firewall_netsh_advfirewall-consec-rules.TXT
Advfirewall Firewall Rules from command: netsh advfirewall firewall show rule name=all
{ComputerName}_Firewall_netsh_advfw-firewall-rules.TXT
Firewall Advfirewall from command: netsh advfirewall
{ComputerName}_Firewall_netsh_advfirewall.TXT
Firewall Export from command: netsh advfirewall export
{ComputerName}_Firewall_netsh_advfirewall-export.wfw
Firewall information from command: netsh firewall
{ComputerName}_Firewall_netsh.TXT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
HKLM\SYSTEM\CurrentControlSet\Services\BFE
HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT
HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
{ComputerName}_Firewall_reg_.TXT

FSMO role owners
DescriptionFile name
Output via 'netdom query fsmo'
{ComputerName}_NetdomFSMO.txt

Functional Levels and Group Membership Information
DescriptionFile name
Group Membership and Functional Levels information via 'net.exe localgroup' commands
{ComputerName}_DSMisc.txt

General information
DescriptionFile name
SP Catalog from windows\system32\catroot2
{ComputerName}_dberr.txt

General Information
DescriptionFile name
Basic Information about processes, such as memory usage and handle count, and information about Kernel memory utilization, such as Paged Pool and Non-Paged Pool memory
{ComputerName}_ProcessesPerfInfo.htm
Basic System Information including machine name, service pack, computer model and processor name and speed
 resultreport.xml

List of environment variables
{ComputerName}_EnvironmentVariables.txt
List of Installed Updates and Hotfixes installed
{ComputerName}_Hotfixes.*
List of User Rights (privileges) using showpriv.exe tool
{ComputerName}_UserRights.txt
List of user SID, group memberships, and privileges via the 'Whoami /all' output
{ComputerName}_Whoami.txt
Resultant Set of Policy (RSoP) generated by gpresult.exe utility
{ComputerName}_GPResult.*
Schedule Tasks information (csv and txt) generated by schtasks.exe utility
{ComputerName}_schtasks.*
Show if machine is running on a Virtual Environment and describes the virtualization environment
 resultreport.xml

Sysinternals Autoruns utility output
{ComputerName}_Autoruns.*
System Information - MSInfo32 tool output
{ComputerName}_msinfo32.nfo
{ComputerName}_msinfo32.txt
Windows Update log file (from windows folder)
{ComputerName}_windowsupdate.log
List of open files
{ComputerName}_OpenFiles.txt

General Performance Information
DescriptionFile name
Information about process and threads using pstat.exe tool
{ComputerName}_PStat.txt

General Registry Data Collection
DescriptionFile name
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{ComputerName}_reg_Startup.txt
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
HKCU\Software\Policies
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies
HKLM\Software\Policies
{ComputerName}_reg_Policies.txt
HKLM\Software\Microsoft\Windows\CurrentVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
{ComputerName}_reg_CurrentVersion.txt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
{ComputerName}_reg_Uninstall.txt
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Windows\Windows Error Reporting
HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting
HKLM\System\CurrentControlSet\Control\CrashControl
HKLM\System\CurrentControlSet\Control\Session Manager
HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management
{ComputerName}_reg_Recovery.txt
HKLM\SYSTEM\CurrentControlSet\Control\Print
{ComputerName}_reg_Print.txt
HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions
{ComputerName}_reg_ProductOptions.txt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server Web Access
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
HKLM\SYSTEM\CurrentControlSet\Services\TermDD
HKLM\SYSTEM\CurrentControlSet\Services\TermService
{ComputerName}_reg_TimeZone.txt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation
{ComputerName}_reg_TimeZone.txt

Group Policy and User Environment
DescriptionFile name
Group Policy Service Debug Log (gpsvc.log) from \windows\debug\usermode
{ComputerName}_gpsvc.log
User environment debug log (UserEnv.log) from \windows\debug\usermode
{ComputerName}_Userenv.log
User environment debug log backup (UserEnv.bak) from \windows\debug\usermode
{ComputerName}_Userenv.bak

Hyper-V role
DescriptionFile name
Hyper-V Configuration and Virtual Machine Information
{ComputerName}_HyperV-Info.HTM
Hyper-V Virtual Machine Definition files from %ProgramData%\Microsoft\Windows\Hyper-V\Virtual Machines\*.xml
{ComputerName}_{VirtualMachineGUID}.xml

IPsec
DescriptionFile name
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec
HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT
HKLM\SYSTEM\CurrentControlSet\Services\IPsec
HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent
{ComputerName}_IPsec_reg_.TXT
IPsec information from command: netsh dynamic show all
{ComputerName}_IPsec_netsh_dynamic.TXT
IPsec information from command: netsh ipsec static exportpolicy
{ComputerName}_IPsec_netsh_LocalPolicyExport.ipsec
IPsec information from command: netsh static show all
{ComputerName}_IPsec_netsh_static.TXT

IPv6Check
DescriptionFile name
Networking adapt configuration from WMI
{ComputerName}_Networking.TXT

IPv6To4Check
DescriptionFile name
IP configuration data from ipconfig command
{ComputerName}_Networking.TXT

iSCSI Information
DescriptionFile name
iSCSI Information based on iscsicli.exe output
{ComputerName}_iSCSIInfo.txt

KList utility output
DescriptionFile name
Output of 'klist tgt' command
{ComputerName}_KList.txt

Memory Dump Information and Files
DescriptionFile name
Information about machine memory dump files, user memory dump files, and memory dump configuration
{ComputerName}_DumpReport.*
Machine Full or Kernel memory dump files (Memory.dmp)
{ComputerName}_dmp_memory.zip
Mini memory dump files from {Windows}\Minidump folder
User dumps generated by Windows Error Reporting
{ComputerName}_dmp_*.zip

Netlogon Logs
DescriptionFile name
Netlogon.bak from \Windows\Debug
{ComputerName}_Netlogon.bak
Netlogon.log from \Windows\Debug
{ComputerName}_Netlogon.log

NetSetup Log
DescriptionFile name
NetSetup Log file from \Windows\Debug
{ComputerName}_netsetup.log

Power Settings
DescriptionFile name
Analysis of the system for common energy-efficiency and battery life problems via 'powercfg -energy -duration 5'
{ComputerName}_PowerCFG_Energy_Report.htm
Battery Report from 'powercfg -batteryreport' output
{ComputerName}_PowerCFG_BatteryReport.htm
PowerCfg subcommands
{ComputerName}_PowerCFG.txt

Print Drivers and Printers information
DescriptionFile name
Information about Print drivers and printers, including print monitors, processors, and print driver file version information
{ComputerName}_PrintInfo.*

Print Registry
DescriptionFile name
Cluster Print Registry File
{ComputerName}_reg_*ClusterPrintKey.txt
HKCU\Printers
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print
HKLM\SYSTEM\CurrentControlSet\Control\Print
{ComputerName}_reg_*Print.txt

Registry Information
DescriptionFile name
HKLM\System\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}
HKLM\System\CurrentControlSet\Control\iSCSIPRT
HKLM\System\CurrentControlSet\Control\MPDEV
HKLM\System\CurrentControlSet\Services\MPIO
HKLM\System\CurrentControlSet\Services\MSDSM
HKLM\System\CurrentControlSet\Services\MSiSCSI
HKLM\System\CurrentControlSet\Services\Tcpip
{ComputerName}_reg_Storage.txt
HKLM\SYSTEM\CurrentControlSet\Enum
{ComputerName}_reg_Enum.TXT
HKLM\SOFTWARE\Microsoft\iSCSI Target
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\iSCSI
HKLM\SYSTEM\CurrentControlSet\Services\iScsiPrt
{ComputerName}_reg_iSCSI.txt
HKLM\System\MountedDevices
{ComputerName}_reg_MountedDevices.*
HKLM\Cluster
{ComputerName}_reg_Cluster.hiv
HKLM\System\CurrentControlSet\services\CluDisk
{ComputerName}_reg_ClusDisk.txt
HKLM\System\CurrentControlSet\services\ClusSvc
{ComputerName}_reg_ClusSvc.txt
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
{ComputerName}_DFSR_RegKey_TCPIP.txt

Replication Diagnostics Tool
DescriptionFile name
Replication topology overview via 'repadmin.exe /showrepl' output
{ComputerName}_Repadmin-Showrepl.txt

RPC
DescriptionFile name
HKLM\Software\Microsoft\Rpc
HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper
HKLM\SYSTEM\CurrentControlSet\Services\RpcLocator
HKLM\SYSTEM\CurrentControlSet\Services\RpcSs
{ComputerName}_RPC_reg_output.TXT
RPC information from netsh rpc output
{ComputerName}_RPC_netsh_output.TXT

Secure Channel Info
DescriptionFile name
Cached values for Secure Channel info from Netlogon such as Secure Channel Information, Secure Channel Info and General Domain Information
{ComputerName}_Secure Channels.txt

Server manager and server roles information
DescriptionFile name
List of roles and features installed on Server Media (Windows Server 2008 R2 and newer)
 resultreport.xml


Servicing and related Logs
DescriptionFile name
Output of dism.exe /online /cleanup-image /checkhealth
{ComputerName}_Dism-CheckHealth.txt

SMB Client
DescriptionFile name
HKCU\Network
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider
HKLM\SYSTEM\CurrentControlSet\Control\SMB
HKLM\SYSTEM\CurrentControlSet\services\LanManWorkstation
HKLM\SYSTEM\CurrentControlSet\services\lmhosts
HKLM\SYSTEM\CurrentControlSet\services\MrxSmb
HKLM\SYSTEM\CurrentControlSet\services\MrxSmb10
HKLM\SYSTEM\CurrentControlSet\services\MrxSmb20
HKLM\SYSTEM\CurrentControlSet\services\MUP
HKLM\SYSTEM\CurrentControlSet\services\NetBIOS
HKLM\SYSTEM\CurrentControlSet\services\NetBT
HKLM\SYSTEM\CurrentControlSet\services\Rdbss
{ComputerName}_SmbClient_reg_output.TXT
SMB Client Information from Net.exe
{ComputerName}_SmbClient_info.TXT

SMB Server
DescriptionFile name
HKLM\SYSTEM\CurrentControlSet\services\LanManServer
HKLM\SYSTEM\CurrentControlSet\services\SRV
HKLM\SYSTEM\CurrentControlSet\services\SRV2
HKLM\SYSTEM\CurrentControlSet\services\SRVNET
{ComputerName}_SmbServer_reg_output.TXT
SMB Server Information from tools like net.exe
{ComputerName}_SmbServer_info.txt

Storage Information
DescriptionFile name
Storage and SAN information via San.exe utility output
{ComputerName}_Storage_Information.txt

Storage related event logs on System log
DescriptionFile name
Parsing of Storage related event logs (Events 6 7 9 11 15 50 51 57 and 389) on System log using evparse.exe utility
{ComputerName}_StorageEventLogs.htm

System Performance Monitor
DescriptionFile name
Performance Monitor Log
{ComputerName}_*.blg
Performance Monitor Report
{ComputerName}_report.html

System Security Settings
DescriptionFile name
System Security Settings from secedit.exe utility output
{ComputerName}_Security-settings.inf

TCPIP
DescriptionFile name
HKLM\SOFTWARE\Policies\Microsoft\Windows\TCPIP
HKLM\SYSTEM\CurrentControlSet\services\TCPIP
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6
HKLM\SYSTEM\CurrentControlSet\Services\tcpipreg
{ComputerName}_TCPIP_reg_output.TXT
TCP OFFLOAD information from netstat output
{ComputerName}_TCPIP_OFFLOAD.TXT
TCPIP Information from commands like: hostname, ipconfig, route, netstat etc.
{ComputerName}_TCPIP_info.TXT
TCPIP information from netsh output
{ComputerName}_TCPIP_netsh_info.TXT
TCPIP Services File located at: windir\system32\drivers\etc\services
{ComputerName}_TCPIP_ServicesFile.TXT

Terminal Services Best Practices Analyzer
DescriptionFile name
BPA Results for Terminal Services
{ComputerName}_TS_BPAInfo.htm

Terminal Services Query Results
DescriptionFile name
Query Terminal Services results
{ComputerName}_TSQuery.TXT

W32Time
DescriptionFile name
Output of 'W32tm /monitor'
{ComputerName}_W32TM_Monitor.txt
Output of 'w32tm /testif /qps'
{ComputerName}_W32TM_TestIf_QPS.txt
W32Time Debug Log file
{ComputerName}_W32Time.log
W32Time Service Permissions via 'sc sdshow w32time'
{ComputerName}_W32Time_Service_Perms.txt
W32Time Service Status via 'sc query w32time'
{ComputerName}_W32Time_Service_Status.txt
W32TM Query Status via 'w32tm /tz'
{ComputerName}_W32TM_Query_Status.txt
W32TM Stripchart via 'w32tm /stripchart'
{ComputerName}_W32TM_Stripchart.txt

Winlogon Log
DescriptionFile name
Winlogon Log file from windows\security\logs
{ComputerName}_winlogon.log

WINS Client
DescriptionFile name
HKLM\SYSTEM\CurrentControlSet\services\WINS
{ComputerName}_WinsClient_reg_output.TXT
WINS Client - LMHOSTS file located at: windir\system32\drivers\etc\LMHOSTS
{ComputerName}_WinsClient_LmhostsFile.TXT
WINS Client information from nbtstat output
{ComputerName}_WinsClient_nbtstat-output.TXT


In addition to collecting the information that is described earlier, this diagnostic package can detect one or more of the following symptoms:

  • Processes using a high number of handles
  • Kernel Memory performance related problem
  • ow System PTEs
  • ow Virtual Memory
  • Memory Dump Configuration Issues
  • Detect if machine is a Virtual Machine running in Microsoft Azure
  • Best Practices Analyzer errors or warnings
  • Check pool memory allocated for 'D2d' tag
  • Check pool memory allocated for RxM4 and SeTI tag
  • Check pool memory allocated for 'SslC' tag
  • Check pool memory allocated for 'Toke' tag on terminal services
  • Check for Broadcom Advanced Server Program driver information
  • Detect memory consumption of Mountmgr.sys driver
  • Detect Pool Memory Allocation for ALPC and Power Management
  • Check if registry key HKLM\CurrentControlSet\Services\Eventlog\Parameters exists
  • Check if cluster groups are in Offline or Failed state
  • Check for errors gathering cluster information via Get-ClusterNode cmdlet
  • Check if the state of one or more cluster nodes is down or paused
  • Check if Cluster service is not running or offline
  • Check if Cluster Shared Volumes is configured to Redirected access
  • Check if Cluster Shared Volumes is configured for Local Access
  • Check if Cluster Shared Volumes is configured to Maintenance Mode
  • Check if Cluster Shared Volumes is configured to Network Access
  • Check if there are any virtual machine with High CPU utilization
  • Check if Dynamic Memory is enabled to one or more Virtual Machines
  • Check if Dynamic Memory is enabled on one or more Virtual Machines with old Integration Services
  • Check for version mismatches of Integration Services
  • Check if one or more Virtual Machines have virtual hard drives located on an disk with Advanced Format Drives (512e disks)
  • Check for ephemeral port usage
  • Detect Advanced Format Drives
  • Detect Native 4K drives on the system
  • Check if KB982018 is not installed or files are outdated
  • Check for Symantec Endpoint Protection MR1/MR2
  • Check for Evaluation Media
  • Check if Page Heap is enabled to one or more processes
  • Check if driver verifier has been enabled for at least one driver.
  • Check if the Cluster Name Object (CNO) exists and it is enabled in Active Directory
  • Check for LmCompatibilityLevel setting
  • Check firewall rules on cluster nodes with IPv6 enabled
  • Detect if there are no orphan resources
  • Check if FailoverCluster Crypto resource exists
  • Check for FailoverCluster missing dependent resources
  • Detect if Cluster nodes have the correct CAU WMI namespace registered
  • Detect if Cluster nodes have the correct MSCluster WMI namespace registered
  • Check for large number of Inactive Terminal Services ports
  • Checking if Registry Size Limit setting is present on the system
  • Check PoolUsageMaximum Setting
  • Checking for shared PST files
  • Check for terminal services licensing binary versions for Windows Server 2003
  • Check RPC settings for allowing unauthenticated sessions
  • Check for Performance counters to see if there is an issue with NTFS metafile cache memory consumption
  • Check for ProcessorAffinityMask setting for multiprocessor Windows Server 2003 machines
  • Check for ClearPageFileAtShutdown setting which may cause slow shutdown
  • Check for NMICrashDump setting on HP ProLiant DL385 G5
  • Check the state of Application Compatibility Engine
  • Check pool memory usage from Citrix XTE process
  • Check if Users group have permissions under HKCR\CLSID
  • Check HeapDecommitFreeBlockThreshold registry value
  • Check for specific version of wsftpsi.dll known to cause Explorer crashes
  • Detect Netapi32.dll version
  • Check for missing registry keys that can cause issues with Component Services
  • Check for 3GB and PAE settings in boot.ini
  • Check the state of DCOM and DTS service and if RPC port range is configured
  • Check if EMC Replistor Software is on machine but KB 975759 is not installed
  • Check for unsupported versions of Windows Vista or Windows Server 2008
  • Check if DEP and PAE is enabled on a 32-bit system
  • Check if Telnet service is running under System account
  • Check for known issue with BIOS version of PowerEdge R910, R810 and M910
  • Check the value of 'SystemPages' in Memory Management registry key
  • Detect Windows XP End-of-Support
  • Possible startup performance problems on Hyper-V Servers due to a large number of orphaned registry keys
  • Check Xeon Processor 5500 Series processor erratum related with Hyper-V (KB 975530)
  • Check if update KB2263829 is installed on Hyper-V on Windows Server 2008 R2 Service Pack 1 systems
  • Check if Tunnel.sys driver is missing a Windows Server 2008 R2 Server Core installation option
  • Check for event ID 21203 or 21125 in the Microsoft-Windows-Hyper-V-High-Availability/Admin event log over the past 15 days.
  • Check for event 602 on PrintService/Admin Event Log (KB2457866)
  • Check for KB 982728 when Kyocera print driver is installed
  • Check if print driver may fail to download from a Print Server due Point and Print Restrictions
  • Check if HP Port Monitor HPTCPMON is installed
  • Check if HP Print Services 'Net Driver HPZ12' or 'Pml Driver HPZ12' are installed
  • The print spooler may crash or hang due to OEM HP print driver
  • Checking for the presence of Zenographics Device Manager User Interface
  • Check if HP Universal Print Driver was upgraded from 5.2 to 5.3
  • Check for orphaned print jobs in Spooler folders
  • Check for the number of subkeys under DevModes2
  • Detect the presence of set*.tmp files in system32 folder
  • Check the for Zenographics version 6.21 known for causing spooler problems
  • Check for Print Update Rollup for Windows 7 and Windows Server 2008 R2
  • Check the size of Client Side Rendering Print Provider settings
  • Check if the binary version of win32spl.dll is older than required version.
  • Check if Group Policy Printers are enabled and if application event 4098 is present
  • Check for Active Directory replication failures
  • Check if it has been too long since this domain controller replicated
  • Active Directory replication is failing for one or more partitions: Status -2146893022 The target principal name is incorrect
  • Active Directory replication is failing for one or more partitions: Status 1127 - While accessing the hard disk, a disk operation failed even after retries.
  • Active Directory replication is failing for one or more partitions: Status 1256 - The remote system is not available
  • Active Directory replication is failing for one or more partitions: Status 1396 - Logon Failure: The target account name is incorrect
  • Active Directory replication is failing for one or more partitions: Status 1722 - The RPC server is unavailable
  • Active Directory replication is failing for one or more partitions: Status 1753 - There are no more endpoints available from the endpoint mapper
  • Active Directory replication is failing for one or more partitions: Status 5 - Access is denied
  • Active Directory replication is failing for one or more partitions: Status 8452 - The naming context is in the process of being removed...
  • Active Directory replication is failing for one or more partitions: Status 8453 - Replication Access Was Denied
  • Active Directory replication is failing for one or more partitions: Status 8524 - The DSA operation is unable to proceed because of a DNS lookup failure
  • Lingering objects have been detected
  • Active Directory replication is failing for one or more partitions: Status 8451 - The replication operation encountered a database error
  • Active Directory replication is failing for one or more partitions: Status 1818 - The remote procedure call was cancelled
  • Active Directory replication is failing for one or more partitions: Status 8456 or 8457: The source or destination server is currently rejecting replication requests
  • Active Directory replication is failing for one or more partitions with status 8589
  • Active Directory replication is failing for one or more partitions with status 8333 - Directory Object not Found
  • Active Directory replication is failing for one or more partitions: Status 8446 - The replication operation failed to allocate memory
  • Active Directory replication is failing for one or more partitions: Status 8240 - There is no such object on the server
  • Active Directory replication is failing for one or more partitions: Status 1783 - The stub received bad data
  • Check for potentially risky audit failure settings (CrashOnAuditFail)
  • Check for a possible STOP error caused by audit failure
  • Check for High CPU usage by Local Security Authority Subsystem Service (LSASS)
  • Check if either SYSVOL and/or NETLOGON shares are missing on domain controller
  • Check for domain controller missing Rid Set reference attributes in Active Directory
  • Check if DC is pointing to itself for DNS exclusively
  • Check for USN Rollback
  • Check state of Intersite Messaging service.
  • Check if DFSR UpdateWorkerThreadCount setting is lower than 64
  • Detect if IPv6 was disabled on a domain controller
  • Detect Win32time configuration for time skew
  • Detect MaxConcurrentApi NTLM bottlenecks or delays
  • Detect Certificates with Weak RSA Keys
  • Trusted Root Certificate Authority List Size Problem
  • Check DNS Zones for top level CNAME records
  • Windows Firewall start mode check
  • Windows Firewall Running check
  • Check if more than 32GB of Physical Memory and Operating System is Windows 2008 R2 Standard Edition
  • Check if PMTU has been disabled on machine
  • Check for unexpected TcpIp registry settings (KB 967224)
  • Check for excessive number of 6to4 adapters which may result in decreased startup and logon performance
  • Check for problem related Microsoft DHCP Relay Agent which may cause slow boot (KB2459530)
  • Check HTTP Redirection on TSGateway
  • Check if the SMB2 Client driver has been disabled.
  • Check if the SMB2 Server driver has been disabled.
  • Check if Opportunistic Locking has been disabled
  • Check if InfoCacheLevel setting is configured to enable caching for all files and folders
  • Check for the presense of HKLM\Components registry keys which indicate a recente component installation
  • Check for the presense of Pending.XML in WinSxS folder
  • Check if SYSTEM permissions in usbhub.sys
  • Run DISM to check servicing corruption
  • Check for Event ID 5 from Windows Backup (KB 2182466)
  • Check the number of entries in FilesNotToBackup registry key
  • Check for Bitlocker Drive Encryption Fixed Data Drive Read-Only Policy
  • Detect the presence of vLite sofware though registry key
  • Check state of 'Application Compatibility Engine' policy

References

For more information about the Microsoft Automated Troubleshooting Services and about the Support Diagnostics Platform, please open the following Microsoft Knowledge Base article:


2598970 Information about Microsoft Automated Troubleshooting Services and Support Diagnostic Platform

↑ Back to the top

Keywords: kb

↑ Back to the top

Article Info
Article ID : 2842384
Revision : 1
Created on : 1/7/2017
Published on : 6/20/2014
Exists online : False
Views : 953