The Windows Small Business Server 2011 All-purpose data collection and analysis manifest was designed to collect and analyze information used in troubleshooting SBS 2011 issues. This includes general Windows issues in different technologies, including Setup, Performance, Networking and Directory Services. Furthermore, data about Exchange, SQL and SharePoint is collected and analyzed. The collection and analysis is done based on rules created to tackle common issues that may be affecting the server that are updated on a regular basis.
When you open a new case you may receive an automated e-mail with instructions on how to generate and upload this manifest. It is highly recommended that this is completed at the earliest as the information gathered can lead (and does lead in good number of instances) to a faster resolution of the associated case. You may also receive a request to do this from the support engineer working on your case.
This article describes the information that may be collected from a machine when running Windows Small Business Server 2011 Standard All-purpose data collection and analysis manifest.
Information CollectedEvent Logs - GeneralCollapse this tableExpand this table
| Description | File Name |
| Event Log – Application – text, csv and evtx formats | {Computername}_evt_Application.* |
| Event Log – System – text, csv and evtx formats | {Computername}_evt_System.* |
| Event Logs – Other | {Computername}_evt_*.* |
Collapse this tableExpand this table
| Description | File Name |
| File version information from %windir%\cluster\*.* | {Computername}_sym_Cluster.* |
| File version information from %windir%\system32\*.dll | {Computername}_sym_System32_dll.* |
| File version information from %windir%\system32\*.exe | {Computername}_sym_System32_exe.* |
| File version information from %windir%\system32\*.sys | {Computername}_sym_System32_sys.* |
| File version information from %windir%\system32\drivers folder | {Computername}_sym_Drivers.* |
| File version information from %windir%\system32\drivers\*.* | {Computername}_sym_SysWOW64_sys.* |
| File version information from {Program Files (x86}}\*.sys | {Computername}_sym_ProgramFilesx86_sys.* |
| File version information from {Program Files}\*.sys | {Computername}_sym_ProgramFiles_sys.* |
| File version information from {Program Files}\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.* | {Computername}_sym_MS_Iscsi.* |
| File version information from all drivers currently running on machine | {Computername}_sym_RunningDrivers.* |
| File version information from all processes currently running on machine | {Computername}_sym_Process.* |
| File version information from print spooler folder %windir%\system32\Spool\*.* | {Computername}_sym_PrintSpooler.* |
| File version information from Windows\Cluster | {Computername}_sym_Cluster.* |
Collapse this tableExpand this table
| Description | File Name |
| Devices and connection information generated by devcon utility | {Computername}_Devcon.log |
| Minifilter drivers enumeration using Fltmc.exe utility | {Computername}_Fltmc.txt |
| MS-DOS device names using dosdev utility | {Computername}_DosDev.txt |
| Output from Driver Verifier Manager (verifier.exe) utility | {Computername}_Verifier.txt |
| Upper and lower filters Information using fltrfind.exe utility | {Computername}_FltrFind.txt |
| Information about driver signature using driverquery.exe | {Computername}_SignedDrivers.txt |
Collapse this tableExpand this table
| Description | File Name |
| Fibre Channel Information Tool information collected by FCInfo utility | {Computername}_fcinfo.txt |
| Information from machine disk sectors generated by SecInspect.exe utility | {Computername}_Secinspect.txt |
| iSCSI related information generated by iscsicli.exe utility | {Computername}_iSCSIInfo.txt |
| Parsing of Storage related event logs (Events 6 7 9 11 15 50 51 57 and 389) on System log using evparse.exe utility | {Computername}_StorageEventLogs.htm |
| Fibre Channel Information tool (fcinfo) output to obtain SAN resources and configuration information | {Computername}_FCInfo.txt |
| Dispart’s SAN policy information | {Computername}_DiskpartSANPolicy.txt |
Collapse this tableExpand this table
| Description | File Name |
| Information about Machine Memory Dumps, User memory dumps and memory dump configuration | {Computername}_DumpReport.* |
| Compressed version of mini machine memory dumps located at %windir%\minidumps | {Computername}_dmp_*.cab |
| Windows Error Reporting mini dumps generated in past 30 days | {Computername}_dmp_*.cab |
Collapse this tableExpand this table
| Description | File Name |
| Installed Updates/ Hotfixes | {Computername}_Hotfixes.* |
Collapse this tableExpand this table
| Description | File Name |
| Basic information about machine virtual environment | {Computername}_Virtualization.* |
Collapse this tableExpand this table
| Description | File Name |
| Basic IP networking configuration information, such as Tcp/ip registry key, ipconfig, netstat, nbtstat and netsh output | {Computername}_TcpIp-Info.txt |
| Basic SMB configuration information based on output of net.exe utility | {Computername}_SMB-Info.txt |
| Information about TCP Offload from the registry and netsh | {Computername}_TCPIP-Info-Offload.txt |
| Networking Setup/ information about the attempts to join domains | {Computername}_netsetup.log |
| Network Diagnostic took (netdiag.exe) output | {Computername}_netdiag.txt |
| Permissions dump for registry key HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg | {Computername}_winreg.txt |
| DNS cache information from ‘ipconfig.exe /displaydns’ command | {Computername}_DnsClient-DnsCache.txt |
| HOSTS file from \Windows\System32\Drivers\etc folder | {Computername}_DnsClient-HostsFile.txt |
| SERVICES file from \Windows\System32\Drivers\etc folder | {Computername}_TCPIP-ServicesFile.txt |
| LMHOSTS file from \Windows\System32\Drivers\etc folder | {Computername}_WinsClient-LmhostsFile.txt |
| Firewall information from ‘netsh firewall’ context output | {Computername}_Firewall-Netsh-Fw.txt |
| IPSec information from ‘netsh ipsec’ context output | {Computername}_IPsec-Netsh.txt |
| Internet Protocol security (IPSec) policy information via ‘netsh ipsec static exportpolicy’ output | {Computername}_IPsec-Export.ipsec |
| General networking configuration from ‘netsh dump’ output | {Computername}_Netsh-Dump.txt |
| Load Balancing configuration via ‘wlbs.exe display’ command | {Computername}_NLB-WlbsDisplay.txt |
| Remote Access Service Information via ‘netsh ras’ context output | {Computername}_RAS-Netsh.txt |
| General IPv4 information via ‘netsh int ipv4’ context output | {Computername}_TCPIP-Netsh-IPv4.txt |
| General IPv6 information via ‘netsh int ipv6’ context output | {Computername}_TCPIP-Netsh-IPv6.txt |
| Winsock catalog information via ‘netsh winsock show catalog’ output | {Computername}_WinSock-Netsh.txt |
| Wired 802.1X (LAN) information via ‘netsh lan’ context output | {Computername}_8021x-Netsh-LAN.txt |
| Wireless Local Area Network (WLAN) 802.11 connectivity and security settings via ‘netsh wlan’ context output | {Computername}_8021x-Netsh-WLAN.txt |
| Background Intelligent Transfer Service (BITS) information via ‘BitsAdmin /list’ command output | {Computername}_BITS-BitsAdmin-List.txt |
| Dynamic Host Configuration Protocol (DHCP) Server information via ‘netsh dhcp server’ context output | {Computername}_DhcpServer-Netsh.txt |
| Windows Internet Name Service (WINS) Server information via ‘netsh wins server’ context output | {Computername}_WinsServer-Netsh.txt |
| Windows Internet Name Service (WINS) client – Netbios cache via ‘nbtstat.exe –c’ command output | {Computername}_WinsClient-NetbiosCache.txt |
| Remote Procedure Call (RPC) general information via ‘netsh rpc’ context output | {Computername}_RPC-Netsh.txt |
| Displays the current Windows HTTP Services (WinHTTP) proxy information via ‘netsh winhttp show proxy’ output | {Computername}_WinHttp-Netsh.txt |
Collapse this tableExpand this table
| Description | File Name |
| Printers and Print driver information, including drivers, print monitors, print processors | {Computername}_PrintInfo.* |
Directory Services Related Information
Collapse this tableExpand this table
| Description | File Name |
| Netlogon service log file (\Windows\Debug\Logs\netlogon.log) | {Computername}_Netlogon.log |
| Winlogon log file (\Windows\security\logs\winlogon.log) | {Computername}_Winlogon.log |
| Security Templates currently cached on the system (From \Windows\Security\Templates\Policies) | {Computername}_AppliedSecTempl.txt |
| Gathers the user privilege settings using showpriv.exe tool | {Computername}_Userrights.txt |
| Networking Setup/ Domain Join related information | {Computername}_Netsetup.log |
| |
Collapse this tableExpand this table
| Description | File Name |
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Hotfix
HKCU\SOFTWARE\Policies\Microsoft
HKLM\Software\Policies\Microsoft
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKLM\SYSTEM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKLM\Software\Microsoft\Active Setup
HKCU\Software\Microsoft\Active Setup
HKLM\Software\Microsoft\Windows NT\CurrentVersion
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions
HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions
HKCU\Software\Microsoft\Windows NT\Currentversion\AppCompatFlags
HKCU\Software\Microsoft\Java VM
HKLM\Software\Microsoft\Windows\CurrentVersion\NetCache
HKLM\Software\Microsoft\EAPOL\Parameters\General\Global
HKLM\Software\Microsoft\NetworkAccessProtection
HKLM\Software\Microsoft\Windows NT\CurrentVersion\NetworkList | {Computername}_reg_Software.txt |
HKLM\System\MountedDevices
HKLM\Hardware\DESCRIPTION\System\CentralProcessor
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider
HKLM\System\CurrentControlSet\Control\Session Manager\Power
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
HKLM\System\CurrentControlSet\Control\Session Manager
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation
HKLM\SYSTEM\CurrentControlSet\Control\Video
HKLM\System\CurrentControlSet\Services\napagent
HKLM\System\CurrentControlSet\Services\Afd
HKLM\System\CurrentControlSet\Services\BITS
HKLM\System\CurrentControlSet\Services\Dhcp
HKLM\System\CurrentControlSet\Services\DHCPServer
HKLM\System\CurrentControlSet\Services\Dnscache
HKLM\System\CurrentControlSet\Services\DNS
HKLM\System\CurrentControlSet\Services\IPsec
HKLM\System\CurrentControlSet\Services\PolicyAgent
HKLM\System\CurrentControlSet\Services\lanmanserver
HKLM\System\CurrentControlSet\Services\LanmanWorkstation
HKLM\System\CurrentControlSet\Services\MpsSvc
HKLM\System\CurrentControlSet\Services\MRxDav
HKLM\System\CurrentControlSet\Services\WebClient
HKLM\System\CurrentControlSet\Services\MrxSmb
HKLM\System\CurrentControlSet\Services\MrxSmb10
HKLM\System\CurrentControlSet\Services\MrxSmb20
HKLM\System\CurrentControlSet\Services\rdbss
HKLM\System\CurrentControlSet\Services\MUP
HKLM\System\CurrentControlSet\Services\NetBT
HKLM\System\CurrentControlSet\Services\Netlogon
HKLM\System\CurrentControlSet\Services\RasMan
HKLM\System\CurrentControlSet\Services\SharedAccess
HKLM\System\CurrentControlSet\Services\wscsvc
HKLM\System\CurrentControlSet\Services\SMB
HKLM\System\CurrentControlSet\Services\Tcpip
HKLM\System\CurrentControlSet\Services\Tcpip6
HKLM\System\CurrentControlSet\Services\VSS
HKLM\System\CurrentControlSet\Services\Winsock
HKLM\System\CurrentControlSet\Services\Winsock2 | {Computername}_reg_System.txt |
| HKLM\System\MountedDevices | {Computername}_reg_MountedDevices.hiv |
| HKCU\Network | {Computername}_reg_NetworkConnections.TXT |
HKLM\System\CurrentControlSet\Control\CrashControl
HKLM\System\CurrentControlSet\Control\Session Manager
HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Windows\Windows Error Reporting
HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting | {Computername}_reg_Recovery.txt |
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\ Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit | {Computername}_reg_Startup.txt |
| HKLM\SYSTEM\CurrentControlSet\Control\Print | {Computername}_reg_Print.* |
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server Web Access
HKLM\System\CurrentControlSet\Services\TermService
HKLM\System\CurrentControlSet\Services\TermDD | {Computername}_reg_TermServer.txt |
HKLM\Software\Microsoft\Internet Explorer
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
HKLM\Software\Microsoft\Internet Domains
HKLM\Software\Microsoft\Internet Connection Wizard
HKCU\Software\Microsoft\Internet Connection Wizard
HKLM\Software\Microsoft\Internet Account Manager
HKCU\Software\Microsoft\Internet Account Manager
HKLM\Software\Microsoft\IEAK
HKCU\Software\Microsoft\IEAK
HKLM\Software\Microsoft\IEAK6
HKLM\Software\Microsoft\IE Setup | {Computername}_reg_IE.txt |
HKLM\System\CurrentControlSet\Services\iScsiPrt
HKLM\Software\Microsoft\iSCSI Target
HKLM\Software\Microsoft\Windows NT\CurrentVersion\iSCSI | {Computername}_reg_iSCSI.* |
| HKLM\Software\Microsoft\iSCSI Target | {Computername}_reg_iSCSI_Target.hiv |
| HKLM\Software\Microsoft\Windows NT\CurrentVersion\iSCSI | {Computername}_reg_CurrentVersion_iSCSI.HIV |
HKLM\System\CurrentControlSet\Control\MPDev
HKLM\System\CurrentControlSet\Control\iSCSIPrt
HKLM\System\CurrentControlSet\Services\MSiSCSI
HKLM\System\CurrentControlSet\Services\MSDsm
HKLM\System\CurrentControlSet\Services\MPIO
HKLM\System\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}
HKLM\System\CurrentControlSet\Services\Tcpip | {Computername}_reg_Storage.txt |
HKLM\Software\Microsoft\Exchange
HKLM\System\CurrentControlSet\Services\MSExchangeActiveSyncNotify
HKLM\System\CurrentControlSet\Services\MSExchangeADDXA
HKLM\System\CurrentControlSet\Services\MSExchangeAL
HKLM\System\CurrentControlSet\Services\MSExchangeDSAccess
HKLM\System\CurrentControlSet\Services\MSExchangeES
HKLM\System\CurrentControlSet\Services\MSExchangeFBPublish
HKLM\System\CurrentControlSet\Services\MSExchangeIS
HKLM\System\CurrentControlSet\Services\MSExchangeMGMT
HKLM\System\CurrentControlSet\Services\MSExchangeMTA
HKLM\System\CurrentControlSet\Services\MSExchangeMU
HKLM\System\CurrentControlSet\Services\MSExchangeOMA
HKLM\System\CurrentControlSet\Services\MSExchangeSA
HKLM\System\CurrentControlSet\Services\MSExchangeSenderID
HKLM\System\CurrentControlSet\Services\MSExchangeSRS
HKLM\System\CurrentControlSet\Services\MSExchangeTransport
HKLM\System\CurrentControlSet\Services\MSExchangeUCF
HKLM\System\CurrentControlSet\Services\MSExchangeWEB
HKLM\Software\Microsoft\MosTrace\CurrentVersion\DebugAsyncTrace
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\STORE.EXE | {Computername}_reg_Exchange.txt |
| HKLM\Cluster | {Computername}_reg_Cluster.hiv |
| HKLM\System\CurrentControlSet\Services\Clussvc | {Computername}_reg_Clussvc.txt |
| HKLM\System\CurrentControlSet\Services\Clusdisk | {Computername}_reg_Clusdisk.txt |
Collapse this tableExpand this table
| Description | File Name |
| Domain Controller Diagnostics Tool (dcdiag.exe) output | {Computername} _DCDiag.txt |
| Replication topology overview via ‘repadmin.exe /showrepl’ output | {Computername}_repadmin.txt |
Collapse this tableExpand this table
| Description | File Name |
| Resultant Set of Policy (RSoP) generated by gpresult.exe utility | {Computername}_GPResult.* |
| Schedule Tasks information (csv and txt) generated by schtasks.exe utility | {Computername}_schtasks.* |
| System Information - MSInfo32 tool output – txt and nfo formats | {Computername}_msinfo32.* |
| Volume Shadow Copy Service (VSS) information | {Computername}_VSSAdmin.txt |
| Windows basic activation information via %windir%\system32\slmgr.vbs | {Computername}_KMSActivation.txt |
| Operating system Boot options file (Boot.ini) | {Computername}_BOOT.INI |
| Hyperthread capable processor information | {Computername}_HyperThread.txt |
| Information about process and threads using pstat.exe tool | {Computername}_PStat.txt |
| SP Catalog Logging file (Windows\System32\catroot2 \DBErr.txt) | {Computername}_DBErr.txt |
| Windows Update Reporting Events log file (from WINDOWS\SoftwareDistribution) | {Computername}_ReportingEvents.log |
| Windows Update log file (from windows folder) | {Computername}_WindowsUpdate.log |
| List Performance information from top Processes, such as memory usage, handle count and number of threads, as well as kernel memory allocation information | {Computername}_ProcessPerfInfo.* |
Collapse this tableExpand this table
| Description | File Name |
| Event Log - Hyper-V related event logs (Microsoft-Windows-Hyper-V*) – Text, csv and evtx formats | {Computername}_evt_HyperV*.* |
| Hyper-V Configuration and Virtual Machine Information | {Computername}_HyperV-Info.htm |
| Hyper-V Virtual Machine Definition files from %ProgramData%\Microsoft\Windows\Hyper-V\Virtual Machines\*.xml | {Computername}_{VirtualMachineGUID}.xml |
Collapse this tableExpand this table
| Description | File Name |
| Information about server roles installed on a server generated by servermanagercmd.exe | {Computername}_ServerManagerCmdQuery.* |
| Server manager log file located at %windir%\logs\ServerManager.log | {Computername}_ServerManager.log |
Collapse this tableExpand this table
| Description | File Name |
| Output from bcdedit.exe utility | {Computername}_BCDEdit.txt
{Computername}_BCD-Backup.bak |
Collapse this tableExpand this table
| Description | File Name |
Setupact.log from folders:
%windir%
%windir%\Panther
%windir%\Panther\UnattendedGC | {Computername}_Setupact-*.log |
| Setupapi logs located on %windir%\inf folder | {Computername}_SetupApi.app.log
{Computername}_SetupApi.evt.log
{Computername}_SetupApi.offline.log |
| Setuperr.log located on Windows folder | {Computername}_Setuperr.log |
| Upgrade log – SetupReport.txt from windows\panther folder | {Computername}_SetupReport.txt |
Collapse this tableExpand this table
| Description | File Name |
| Component-Based Servicing Logs located on %windir%\Logs\CBS | {Computername}_CBS*.log |
| DPX Setup Act log located on %windir%\logs\DPX | {Computername}_setupact.log" |
| Pending Operations Queue Exec log located on %windir%\winsxs | {Computername}_poqexec.log |
| Windows Side-by-Side Pending Bad log located on %windir%\ winsxs | {Computername}_pending.xml.bad |
| Windows Side-by-Side Pending log located on %windir%\ winsxs | {Computername}_pending.xml |
Collapse this tableExpand this table
| Description | File Name |
| Installed roles and component (output from oclist.exe command) | {Computername}_OCList*.log |
| Windows Update, Remote Desktop and other information configured by scregedit.wsf script | {Computername}_Scregedit.txt |
Collapse this tableExpand this table
| Description | File Name |
| Domain Controller promotion debug log from \Windows\debug folder | {Computername}_DCPromo.log |
Collapse this tableExpand this table
| Description | File Name |
| Networking Setup/ information about the attempts to join domains | {Computername}_netsetup.log |
| Current configuration settings for Network Access Protection (NAP) via ‘netsh nap client export’ command | {Computername}_NapClient-Export.xml |
| Network Access Protection (NAP) client information via ‘netsh nap client’ context output | {Computername}_NapClient-Netsh.txt |
| Windows Firewall with Advanced Security general information via ‘netsh advfirewall show’ context output | {Computername}_Firewall-Netsh-AdvFw.txt |
| Windows Firewall with Advanced Security computer security connection rules via ‘netsh advfirewall consec’ context output | {Computername}_Firewall-Netsh-AdvFw-ConSec-Rules.txt |
| Windows Firewall with Advanced Security firewall rules via ‘netsh advfirewall firewall’ context output | {Computername}_Firewall-Netsh-AdvFw-Fw-Rules.txt |
| Information about current Firewall policy via ‘netsh advfirewall export’ command | {Computername}_Firewall-Netsh-AdvFw-Export.wfw |
| Hypertext Transfer Protocol (HTTP) service information via ‘netsh http’ context output | {Computername}_Http-Netsh.txt |
| Network Input Output (NETIO) binding filters via ‘netsh netio show bindingfilters’ command | {Computername}_TCPIP-Netsh-NetIO.txt |
SBS Logs
Collapse this tableExpand this table
| Description | File Name |
SBS logs
Exchange Server setup logs
DcPromo logs | {computername}_*.log |
SBS BPA
Collapse this tableExpand this table
| Description | File Name |
| SBS 2011 Std BPA data is captured using the latest BPA configuration file. | {computername}_BPA.xml |
SBS Autodiscover Troubleshooter
Collapse this tableExpand this table
| Description | File Name |
| SBS 2011 Std Exchange Autodiscover configuration | {computername}_AutodiscoverTroubleshooter.txt |
In addition to the files collected and listed above, this SDP Manifest can detect one or more of the following situations:
· Machine is running on a virtual environment
· Presence of a machine memory dumps in the past 30 days
· Presence of a user mode memory dumps in the past 30 days
· Problems related with machine memory dump configuration that could avoid a memory dump to be generated
· Presence of services that could interfere on memory dump generation
· Unexpected Shutdown Event Logs on System Log from past 30 days (Events 50 from EventLog)
· Machine Memory Dump related event logs on System log from past 30 days (Events 1001 from Save Dump)
· Srv related event logs 2020 and 2021 from the past 30 days
· Processes with a higher number of handles (above 40,000 handles)
· Machine has low number of System Page Entries (below 5,000)
· Machine is in low available memory condition (Machine committed limit above 85%)
· Any Kernel pool memory tag using more than 60% of all allocated memory.
· Non-Supported version of a Service Pack
· Non-Supported operating system versions
References KB 973559 - Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT) for Windows 7
http://support.microsoft.com/kb/973559
(http://support.microsoft.com/kb/973559)
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See
Terms of Use
(http://go.microsoft.com/fwlink/?LinkId=151500)
for other considerations.
Windows Live
Facebook
Twitter
Linkedin
Digg it
Yahoo
Delicious
StumbleUpon
Yammer
Reddit
Technorati
FriendFeed
Email
Back to the top
