Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

[SDP3][07d378dd-c97f-4184-8067-18138066e0b6] Windows Server Remote ServerCore Diagnostic

View products that this article applies to.


Windows Server 2008 R2 ServerCore and Windows Server 2012 ServerCore do not have native support to run diagnostic packages directly on the machine. This diagnostic collects diagnostic information from a remote Windows Server 2008 R2 or Windows Server 2012 ServerCore

↑ Back to the top

More Information

Windows Server 2008 R2 ServerCore installation option as well as Windows Server 2012 ServerCore installation option do not offer support for running SDP Diagnostics directly on the local machine.This specific diagnostic package to allow collecting diagnostic information from a Windows Server ServerCore machine via a remote machine.

From a machine runing the full Windows Operating System (Windows XP or newer operating system) and connected to the Internet, start the diagnostic package execution by following the instructions sent to you. In order to run this diagnostic on a ServerCore computer the machine used to start the diagnostic package must have network connectivity to the ServerCore machine that is being diagnosed. In addition, the user account needs to be administrator of the remote ServerCore machine.

Start the diagnostic package execution from the remote machine. You will be prompted the name of the ServerCore computer. Please type the name of the Server and then click 'Next'.

The diagnostic package will connect to the remote ServerCore R2 machine, install the prer-requisites (PowerShell and .NET Framework) and then execute the diagnostic package. After the execution finishes, the diagnostic package will collect the information from the remote machine and show the option to upload results.

Information Collected

Additional Information
DescriptionFile name
Volume Shadow Copy Service (VSS) information via vssadmin utility output

Applied Security Templates
DescriptionFile name
Applied Security Templates from windows\Security\Templates\Policies

Audit policy
DescriptionFile name
Auditpol Audit Policy output via 'auditpol.exe /backup /file'
Current Per User policy output via 'auditpol.exe /get /user'
Get Configuration output via 'auditpol.exe /get /category'
Per User configured accounts output via 'auditpol.exe /list /user /v 1'

Best Practices Analyzer
DescriptionFile name
Best Practices Analyzer (BPA) Report

Boot Information
DescriptionFile name
BCDEdit Output
Boot.ini file
Copy of BCD - System Store

DescriptionFile name
DCDiag DNS Health information output via 'dcdiag.exe /v /test:dns /f'
DCDiag Topology Test output via 'dcdiag.exe /v /test:topology /f'
DCDiag Verbose output via 'dcdiag.exe /v /f'

Devices and drivers
DescriptionFile name
Devcon utility output
Fibre Channel Information Tool (FCInfo) output
Filter Manager minifilter drivers and instances via Fltmc.exe utility output
Information about MS-DOS device names (symbolic links) via DOSDev utility
Upper and lower filters information via fltrfind.exe utility

DHCP Client
DescriptionFile name

Directory Services related registry keys
DescriptionFile name
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Distributed File System Replication (DFSR) Information
DescriptionFile name
Information about replication groups
DFS Management Trace Log
DFSR Configuration Information from Dfsr Performance counters
DFSR Conflicts and Deletes
DFSR Current Log File
DFSR Database GUIDs
DFSR Events Last 3 Days
DFSR File Versions
DFSR Hotfixes
Dfsr machine configuration information from DfsrMachineConfig WMI class
DFSR Performance Data from DFSReplicatedFolders performance counters
DFSR Previous Log file
DFSR XML configuration files from \System Volume Information\DFSR\Config
Health Report
Output of 'Dirquota Quota List'
Output of 'Filescrn Screen List'
Output of 'reg query HKLM\System\CurrentControlSet\Services\DFSR /s'
Progress Log

DNS Client
DescriptionFile name
DNS Client - HOSTS file from windir\system32\drivers\etc\HOSTS
DNS Client netsh show state (for DirectAccess): netsh dnsclient show state
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient
IP configuration from command: Ipconfig /displaydns

Domain Controller Promotion Logs
DescriptionFile name
Domain Controller promotion debug log from \Windows\debug
Domain Controller promotion UI debug log from \Windows\debug

Driver Verifier Information
DescriptionFile name
Output from Driver Verifier Manager (verifier.exe) utility

Event Logs - Failover Cluster
DescriptionFile name
Microsoft-Windows-FailoverClustering* (.csv .evtx .txt)

Event Logs - General
DescriptionFile name
Application (.csv .evtx .txt)
System (.csv .evtx .txt)

Event Logs - Networking
DescriptionFile name
Microsoft-Windows-NetworkProfile/Operational* (.csv .evtx .txt)

Event Logs - PrintService
DescriptionFile name
Microsoft-Windows-PrintService* (.csv .evtx .txt)

Failover Cluster Feature
DescriptionFile name
Basic Failover Cluster information vai clusmps.exe utility (on operating Systems earlier than Windows Server 2008 R2)
Basic Failover Cluster information, including information from existing resources and groups via FailoverCluster PowerShell cmdlets (Windows Server 2008 R2 and newer)

Cluster basic Validation Report generated by Test-Cluster PowerShell cmdlet
Cluster Dependency Report generated by Get-ClusterResourceDependencyReport PowerShell cmdlet on Windows Server 2008 or newer
Cluster Logs generated by Get-ClusterLog PowerShell cmdlet on Windows Server 2008 R2, cluster.exe utility or from \windows\cluster\cluster.log on previous versions of Windows
Cluster reports XML files located at \Windows\Cluster\Reports\*.xml
Cluster Resources information from cluster.exe utility
Cluster resources properties using PowerShell Get-ClusterResource cmdlet or cluster.exe utility on previous versions of Windows
Cluster validation log files from \Windows\Cluster\Reports\Validate*.log
Cluster validation reports files located at \Windows\Cluster\Reports\*.mht
Information about Cluster Shared Volume

File Version Information (Chksym)
DescriptionFile name
File version information from %ProgramFiles%\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.*
File version information from %windir%\cluster\*.*
File version information from %windir%\cluster\*.*
File version information from %windir%\system32\*.dll
File version information from %windir%\system32\*.exe
File version information from %windir%\system32\*.sys
File version information from %windir%\system32\drivers folder
File version information from %windir%\system32\Spool\*.*
File version information from %windir%\syswow64 folder and subfolders
File version information from %windir%\syswow64\drivers folder
File version information from {Program Files (x86)}\*.sys folder and subfolders
File version information from {Program Files}\*.sys folder and subfolders
File version information from drivers currently running on the machine
File version information from processes currently running on the machine

DescriptionFile name
Advfirewall ConSec Rules from command: netsh advfirewall consec show rule name=all
Advfirewall Firewall Rules from command: netsh advfirewall firewall show rule name=all
Firewall Advfirewall from command: netsh advfirewall
Firewall Export from command: netsh advfirewall export
Firewall information from command: netsh firewall

FSMO role owners
DescriptionFile name
Output via 'netdom query fsmo'

Functional Levels and Group Membership Information
DescriptionFile name
Group Membership and Functional Levels information via 'net.exe localgroup' commands

General information
DescriptionFile name
SP Catalog from windows\system32\catroot2

General Information
DescriptionFile name
Basic Information about processes, such as memory usage and handle count, and information about Kernel memory utilization, such as Paged Pool and Non-Paged Pool memory
Basic System Information including machine name, service pack, computer model and processor name and speed

List of environment variables
List of Installed Updates and Hotfixes installed
List of User Rights (privileges) using showpriv.exe tool
List of user SID, group memberships, and privileges via the 'Whoami /all' output
Resultant Set of Policy (RSoP) generated by gpresult.exe utility
Schedule Tasks information (csv and txt) generated by schtasks.exe utility
Show if machine is running on a Virtual Environment and describes the virtualization environment

Sysinternals Autoruns utility output
System Information - MSInfo32 tool output
Windows Update log file (from windows folder)
List of open files

General Performance Information
DescriptionFile name
Information about process and threads using pstat.exe tool

General Registry Data Collection
DescriptionFile name
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Windows\Windows Error Reporting
HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting
HKLM\System\CurrentControlSet\Control\Session Manager
HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server Web Access
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones

Group Policy and User Environment
DescriptionFile name
Group Policy Service Debug Log (gpsvc.log) from \windows\debug\usermode
User environment debug log (UserEnv.log) from \windows\debug\usermode
User environment debug log backup (UserEnv.bak) from \windows\debug\usermode

Hyper-V role
DescriptionFile name
Hyper-V Configuration and Virtual Machine Information
Hyper-V Virtual Machine Definition files from %ProgramData%\Microsoft\Windows\Hyper-V\Virtual Machines\*.xml

DescriptionFile name
IPsec information from command: netsh dynamic show all
IPsec information from command: netsh ipsec static exportpolicy
IPsec information from command: netsh static show all

DescriptionFile name
Networking adapt configuration from WMI

DescriptionFile name
IP configuration data from ipconfig command

iSCSI Information
DescriptionFile name
iSCSI Information based on iscsicli.exe output

KList utility output
DescriptionFile name
Output of 'klist tgt' command

Memory Dump Information and Files
DescriptionFile name
Information about machine memory dump files, user memory dump files, and memory dump configuration
Machine Full or Kernel memory dump files (Memory.dmp)
Mini memory dump files from {Windows}\Minidump folder
User dumps generated by Windows Error Reporting

Netlogon Logs
DescriptionFile name
Netlogon.bak from \Windows\Debug
Netlogon.log from \Windows\Debug

NetSetup Log
DescriptionFile name
NetSetup Log file from \Windows\Debug

Power Settings
DescriptionFile name
Analysis of the system for common energy-efficiency and battery life problems via 'powercfg -energy -duration 5'
Battery Report from 'powercfg -batteryreport' output
PowerCfg subcommands

Print Drivers and Printers information
DescriptionFile name
Information about Print drivers and printers, including print monitors, processors, and print driver file version information

Print Registry
DescriptionFile name
Cluster Print Registry File
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print

Registry Information
DescriptionFile name
HKLM\SOFTWARE\Microsoft\iSCSI Target
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\iSCSI

Replication Diagnostics Tool
DescriptionFile name
Replication topology overview via 'repadmin.exe /showrepl' output

DescriptionFile name
RPC information from netsh rpc output

Secure Channel Info
DescriptionFile name
Cached values for Secure Channel info from Netlogon such as Secure Channel Information, Secure Channel Info and General Domain Information
{ComputerName}_Secure Channels.txt

Server manager and server roles information
DescriptionFile name
List of roles and features installed on Server Media (Windows Server 2008 R2 and newer)

Servicing and related Logs
DescriptionFile name
Output of dism.exe /online /cleanup-image /checkhealth

SMB Client
DescriptionFile name
SMB Client Information from Net.exe

SMB Server
DescriptionFile name
SMB Server Information from tools like net.exe

Storage Information
DescriptionFile name
Storage and SAN information via San.exe utility output

Storage related event logs on System log
DescriptionFile name
Parsing of Storage related event logs (Events 6 7 9 11 15 50 51 57 and 389) on System log using evparse.exe utility

System Performance Monitor
DescriptionFile name
Performance Monitor Log
Performance Monitor Report

System Security Settings
DescriptionFile name
System Security Settings from secedit.exe utility output

DescriptionFile name
TCP OFFLOAD information from netstat output
TCPIP Information from commands like: hostname, ipconfig, route, netstat etc.
TCPIP information from netsh output
TCPIP Services File located at: windir\system32\drivers\etc\services

Terminal Services Best Practices Analyzer
DescriptionFile name
BPA Results for Terminal Services

Terminal Services Query Results
DescriptionFile name
Query Terminal Services results

DescriptionFile name
Output of 'W32tm /monitor'
Output of 'w32tm /testif /qps'
W32Time Debug Log file
W32Time Service Permissions via 'sc sdshow w32time'
W32Time Service Status via 'sc query w32time'
W32TM Query Status via 'w32tm /tz'
W32TM Stripchart via 'w32tm /stripchart'

Winlogon Log
DescriptionFile name
Winlogon Log file from windows\security\logs

WINS Client
DescriptionFile name
WINS Client - LMHOSTS file located at: windir\system32\drivers\etc\LMHOSTS
WINS Client information from nbtstat output

In addition to collecting the information that is described earlier, this diagnostic package can detect one or more of the following symptoms:

  • Processes using a high number of handles
  • Kernel Memory performance related problem
  • ow System PTEs
  • ow Virtual Memory
  • Memory Dump Configuration Issues
  • Detect if machine is a Virtual Machine running in Microsoft Azure
  • Best Practices Analyzer errors or warnings
  • Check pool memory allocated for 'D2d' tag
  • Check pool memory allocated for RxM4 and SeTI tag
  • Check pool memory allocated for 'SslC' tag
  • Check pool memory allocated for 'Toke' tag on terminal services
  • Check for Broadcom Advanced Server Program driver information
  • Detect memory consumption of Mountmgr.sys driver
  • Detect Pool Memory Allocation for ALPC and Power Management
  • Check if registry key HKLM\CurrentControlSet\Services\Eventlog\Parameters exists
  • Check if cluster groups are in Offline or Failed state
  • Check for errors gathering cluster information via Get-ClusterNode cmdlet
  • Check if the state of one or more cluster nodes is down or paused
  • Check if Cluster service is not running or offline
  • Check if Cluster Shared Volumes is configured to Redirected access
  • Check if Cluster Shared Volumes is configured for Local Access
  • Check if Cluster Shared Volumes is configured to Maintenance Mode
  • Check if Cluster Shared Volumes is configured to Network Access
  • Check if there are any virtual machine with High CPU utilization
  • Check if Dynamic Memory is enabled to one or more Virtual Machines
  • Check if Dynamic Memory is enabled on one or more Virtual Machines with old Integration Services
  • Check for version mismatches of Integration Services
  • Check if one or more Virtual Machines have virtual hard drives located on an disk with Advanced Format Drives (512e disks)
  • Check for ephemeral port usage
  • Detect Advanced Format Drives
  • Detect Native 4K drives on the system
  • Check if KB982018 is not installed or files are outdated
  • Check for Symantec Endpoint Protection MR1/MR2
  • Check for Evaluation Media
  • Check if Page Heap is enabled to one or more processes
  • Check if driver verifier has been enabled for at least one driver.
  • Check if the Cluster Name Object (CNO) exists and it is enabled in Active Directory
  • Check for LmCompatibilityLevel setting
  • Check firewall rules on cluster nodes with IPv6 enabled
  • Detect if there are no orphan resources
  • Check if FailoverCluster Crypto resource exists
  • Check for FailoverCluster missing dependent resources
  • Detect if Cluster nodes have the correct CAU WMI namespace registered
  • Detect if Cluster nodes have the correct MSCluster WMI namespace registered
  • Check for large number of Inactive Terminal Services ports
  • Checking if Registry Size Limit setting is present on the system
  • Check PoolUsageMaximum Setting
  • Checking for shared PST files
  • Check for terminal services licensing binary versions for Windows Server 2003
  • Check RPC settings for allowing unauthenticated sessions
  • Check for Performance counters to see if there is an issue with NTFS metafile cache memory consumption
  • Check for ProcessorAffinityMask setting for multiprocessor Windows Server 2003 machines
  • Check for ClearPageFileAtShutdown setting which may cause slow shutdown
  • Check for NMICrashDump setting on HP ProLiant DL385 G5
  • Check the state of Application Compatibility Engine
  • Check pool memory usage from Citrix XTE process
  • Check if Users group have permissions under HKCR\CLSID
  • Check HeapDecommitFreeBlockThreshold registry value
  • Check for specific version of wsftpsi.dll known to cause Explorer crashes
  • Detect Netapi32.dll version
  • Check for missing registry keys that can cause issues with Component Services
  • Check for 3GB and PAE settings in boot.ini
  • Check the state of DCOM and DTS service and if RPC port range is configured
  • Check if EMC Replistor Software is on machine but KB 975759 is not installed
  • Check for unsupported versions of Windows Vista or Windows Server 2008
  • Check if DEP and PAE is enabled on a 32-bit system
  • Check if Telnet service is running under System account
  • Check for known issue with BIOS version of PowerEdge R910, R810 and M910
  • Check the value of 'SystemPages' in Memory Management registry key
  • Detect Windows XP End-of-Support
  • Possible startup performance problems on Hyper-V Servers due to a large number of orphaned registry keys
  • Check Xeon Processor 5500 Series processor erratum related with Hyper-V (KB 975530)
  • Check if update KB2263829 is installed on Hyper-V on Windows Server 2008 R2 Service Pack 1 systems
  • Check if Tunnel.sys driver is missing a Windows Server 2008 R2 Server Core installation option
  • Check for event ID 21203 or 21125 in the Microsoft-Windows-Hyper-V-High-Availability/Admin event log over the past 15 days.
  • Check for event 602 on PrintService/Admin Event Log (KB2457866)
  • Check for KB 982728 when Kyocera print driver is installed
  • Check if print driver may fail to download from a Print Server due Point and Print Restrictions
  • Check if HP Port Monitor HPTCPMON is installed
  • Check if HP Print Services 'Net Driver HPZ12' or 'Pml Driver HPZ12' are installed
  • The print spooler may crash or hang due to OEM HP print driver
  • Checking for the presence of Zenographics Device Manager User Interface
  • Check if HP Universal Print Driver was upgraded from 5.2 to 5.3
  • Check for orphaned print jobs in Spooler folders
  • Check for the number of subkeys under DevModes2
  • Detect the presence of set*.tmp files in system32 folder
  • Check the for Zenographics version 6.21 known for causing spooler problems
  • Check for Print Update Rollup for Windows 7 and Windows Server 2008 R2
  • Check the size of Client Side Rendering Print Provider settings
  • Check if the binary version of win32spl.dll is older than required version.
  • Check if Group Policy Printers are enabled and if application event 4098 is present
  • Check for Active Directory replication failures
  • Check if it has been too long since this domain controller replicated
  • Active Directory replication is failing for one or more partitions: Status -2146893022 The target principal name is incorrect
  • Active Directory replication is failing for one or more partitions: Status 1127 - While accessing the hard disk, a disk operation failed even after retries.
  • Active Directory replication is failing for one or more partitions: Status 1256 - The remote system is not available
  • Active Directory replication is failing for one or more partitions: Status 1396 - Logon Failure: The target account name is incorrect
  • Active Directory replication is failing for one or more partitions: Status 1722 - The RPC server is unavailable
  • Active Directory replication is failing for one or more partitions: Status 1753 - There are no more endpoints available from the endpoint mapper
  • Active Directory replication is failing for one or more partitions: Status 5 - Access is denied
  • Active Directory replication is failing for one or more partitions: Status 8452 - The naming context is in the process of being removed...
  • Active Directory replication is failing for one or more partitions: Status 8453 - Replication Access Was Denied
  • Active Directory replication is failing for one or more partitions: Status 8524 - The DSA operation is unable to proceed because of a DNS lookup failure
  • Lingering objects have been detected
  • Active Directory replication is failing for one or more partitions: Status 8451 - The replication operation encountered a database error
  • Active Directory replication is failing for one or more partitions: Status 1818 - The remote procedure call was cancelled
  • Active Directory replication is failing for one or more partitions: Status 8456 or 8457: The source or destination server is currently rejecting replication requests
  • Active Directory replication is failing for one or more partitions with status 8589
  • Active Directory replication is failing for one or more partitions with status 8333 - Directory Object not Found
  • Active Directory replication is failing for one or more partitions: Status 8446 - The replication operation failed to allocate memory
  • Active Directory replication is failing for one or more partitions: Status 8240 - There is no such object on the server
  • Active Directory replication is failing for one or more partitions: Status 1783 - The stub received bad data
  • Check for potentially risky audit failure settings (CrashOnAuditFail)
  • Check for a possible STOP error caused by audit failure
  • Check for High CPU usage by Local Security Authority Subsystem Service (LSASS)
  • Check if either SYSVOL and/or NETLOGON shares are missing on domain controller
  • Check for domain controller missing Rid Set reference attributes in Active Directory
  • Check if DC is pointing to itself for DNS exclusively
  • Check for USN Rollback
  • Check state of Intersite Messaging service.
  • Check if DFSR UpdateWorkerThreadCount setting is lower than 64
  • Detect if IPv6 was disabled on a domain controller
  • Detect Win32time configuration for time skew
  • Detect MaxConcurrentApi NTLM bottlenecks or delays
  • Detect Certificates with Weak RSA Keys
  • Trusted Root Certificate Authority List Size Problem
  • Check DNS Zones for top level CNAME records
  • Windows Firewall start mode check
  • Windows Firewall Running check
  • Check if more than 32GB of Physical Memory and Operating System is Windows 2008 R2 Standard Edition
  • Check if PMTU has been disabled on machine
  • Check for unexpected TcpIp registry settings (KB 967224)
  • Check for excessive number of 6to4 adapters which may result in decreased startup and logon performance
  • Check for problem related Microsoft DHCP Relay Agent which may cause slow boot (KB2459530)
  • Check HTTP Redirection on TSGateway
  • Check if the SMB2 Client driver has been disabled.
  • Check if the SMB2 Server driver has been disabled.
  • Check if Opportunistic Locking has been disabled
  • Check if InfoCacheLevel setting is configured to enable caching for all files and folders
  • Check for the presense of HKLM\Components registry keys which indicate a recente component installation
  • Check for the presense of Pending.XML in WinSxS folder
  • Check if SYSTEM permissions in usbhub.sys
  • Run DISM to check servicing corruption
  • Check for Event ID 5 from Windows Backup (KB 2182466)
  • Check the number of entries in FilesNotToBackup registry key
  • Check for Bitlocker Drive Encryption Fixed Data Drive Read-Only Policy
  • Detect the presence of vLite sofware though registry key
  • Check state of 'Application Compatibility Engine' policy


For more information about the Microsoft Automated Troubleshooting Services and about the Support Diagnostics Platform, please open the following Microsoft Knowledge Base article:

2598970 Information about Microsoft Automated Troubleshooting Services and Support Diagnostic Platform

↑ Back to the top

Keywords: kb

↑ Back to the top

Article Info
Article ID : 2842384
Revision : 1
Created on : 1/7/2017
Published on : 6/20/2014
Exists online : False
Views : 264