[SDP 2][95843D75-9A34-42F5-B011-9B5B5705EA58] SPSReport 2007


The SPSReport 2007 manifest file is designed to collect basic system and event log information to help troubleshoot common SharePoint support issues. This article provides details on the data collected by the SPSReport 2007 manifest file.

The data is collected only on the server where this manifest is executed. To ensure maximum coverage, it is recommended that SPSReport 2007 be executed on each computer in your Microsoft SharePoint farm.

This article provides details on the operation of this manifest file.

More Information

This article describes the information that may be collected from a machine when running the SPSReport 2007 manifest. It is possible that not all of the files below will be captured. There is logic in the tool that will determine if a component is installed and collect the information if appropriate.

PowerShell is required for the execution of the manifest. If PowerShell is not currently, then PowerShell 1.0 will be silently installed on the server. Upon completion of the diagnostic manifest, PowerShell 1.0 will remain on the server.

Information Collected
DescriptionFile Name
An enumeration of environment variables for the user that is running the diagnostic package. The same output is generated via the SET command from the command line.

The following information is included:
·          MachineName

·          Timestamp

·          Name

·          Value
An enumeration of the hotfixes that are installed on the server. This information is obtain via the WMI Win32_QuickFixEngineering class and includes the following:

·          MachineName

·          Timestamp

·          Description

·          URL

·          KBNumber

·          InstalledOn

·          InstalledBy
Output of IIS utilities:

2003: iisweb.vbs /query /s %COMPUTERNAME%

2008: appcmd list site
Information from WMI Win32_OperatingSystem call. Includes the following:

·          MachineName

·          Timestamp

·          Caption

·          CodeSet

·          TZOffset

·          Debug

·          LastBootDate

·          LocalDate

·          Locale

·          Manufacturer

·          SKU

·          Architecture

·          Language

·          ProductSuite

·          Type

·          Role

·          ServicePackVersion

·          Version

·          PhysicalMemory

·          CPUCores
An enumeration of scheduled tasks as given by the following command: schtasks.exe /QUERY /V /FO CSV

Includes the following information:

·          MachineName

·          TaskName

·          NextRunTime

·          Status

·          LogonMode

·          LastRunTime

·          LastResult

·          Creator

·          Schedule

·          TaskToRun

·          StartIn

·          Comment

·          ScheduledTaskState

·          ScheduledType

·          StartTime

·          StartDate

·          EndDate

·          Days

·          Months

·          RunAsUser

·          DeleteTaskIfNotRescheduled

·          StopTaskIfRunsXHoursandXMins

·          Repeat:Every

·          Repeat:Until:Time

·          Repeat:Until:Duration

·          Repeat:StopIfStillRunning

·          IdleTime

·          PowerManagement
The output of the WMI Win32_Service class. The following information is collected for all services:

·          Machinename

·          Timestamp

·          Displayname

·          ServiceName

·          PathToExecutable

·          Description

·          State

·          StartupType

·          LogOnAs

·          DesktopInteract
Grabs a dump of the last 30 days of the Application and System event logs. Only the last 7 days of the Security event log are captured. The fields are:

·          Date

·          Time

·          Type/Level

·          Computer name

·          Event Code

·          Source

·          Task

·          Category

·          Username

·          Description


The output (3 different formats) of updates (hotfixes) installed on the host machine. The fields are:

·          Category

·          Level

·          ID

·          Operation

·          Date

·          Client

·          By

·          Result

·          Title


A collection of the last 7 days of IIS logs for those site where the data is collected. A check is made for each web server on the machine. Next, we check to see if there are IIS logs associated with the web server. If so, we gather the last 7 days (if available) and compress the results. There will be a CAB file for each of the web servers that had IIS logs.%COMPUTERNAME%_iis_O12SP_W3SVC#######.cab
An enumeration of all of the processes that are currently running on the machine. We also grab information about each of the DLLs loaded by those processes. The fields are:

·          MachineName

·          Timestamp

·          ProcessID

·          ParentProcessId

·          ModuleName

·          Path

·          FileSize

·          FileDate

·          Company

·          ProductVersion

·          Language
A collection of the 7 most recent PSCDiagnostic Logs%COMPUTERNAME%_log_O12SP_PSCDiagnosticLogs.cab
The output of the msinfo32.exe command in both NFO and TXT format.%COMPUTERNAME%_msinfo32.nfo

An enumeration of the contents of the %windir%\system32\drivers\etc\hosts file. The fields are:

·          MachineName

·          Timestamp

·          IP

·          Hostname

·          Comment
Network configuration information for the server. We first make sure that the server can be pinged. Once verified, we use the WMI Win32_NetworkAdapter class to get the following information for each adapter (where applicable):

·          MachineName

·          Timestamp

·          Index

·          ConnectionSpecificDnsSuffix

·          Description

·          PhysicalAddress

·          DHCPEnabled

·          IPv6Address

·          IPv4Address

·          SubnetMask

·          DHCPLeasObtained

·          DHCPLeaseExpires

·          DefaultGateway

·          DHCPServer

·          DNSRegistered

·          DNSServers

·          PrimaryWINSServer

·          SecondaryWINSServer

·          NetBIOSOverTcpip
The output of the WMI Win32_Share class for the server. The following information for each network share is collected:

·          MachineName

·          Timestamp

·          Name

·          Path

·          Description
The output of the WMI Win32_IP4RouteTable. For each route, the following fields are collected:

·          MachineName

·          Timestamp

·          Destination

·          NetMask

·          Gateway

·          Interface

·          Metric
Contains an enumeration of the output of the netsh winsock show catalog. The following fields are collected:

·          MachineName

·          Timestamp

·          Description
Contains the number of unique local TCP ports in use (above the starting port) for each IP address and process on the server. High numbers of unique local ports in use may reveal ephemeral port exhaustion which can cause failures in applications and OS components that use TCP. If a large number of these ports are in use, then a warning is displayed.%COMPUTERNAME%_PortUsage.txt
A dump of relevant registry hives for Office 12. They include the following:

·          HKLM\Software\Microsoft\Shared Tools\Web Server Extensions

·          HKLM\Software\Microsoft\Office Server

·          HKLM\Software\Microsoft\Windows NT\CurrentVersion\Hotfix

·          HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

·          HKLM\Software\Microsoft\Microsoft SQL Server

·          HKLM System\CurrentControlSet\Services\Tcpip\Parameters

·          HKLM\System\CurrentControlSet\Services\w32time
A collection of the output of the following commands:

·          Net config workstation

·          Net config server

·          Net use

·          Net share

·          Net sessions

·          Net accounts

·          Net statistics workstation

·          Net statistics server
The output of the checksym utility for the following areas:

·          %WINDIR%\system32\drivers

·          The currently running processes in memory

·          The currently running drivers in memory





A collection of the outputs of the following commands:

·          Hostname

·          Ipconfig /all

·          Arp –a

·          Nbtstat –n

·          Netsat –ano

·          Netstat –anob

·          Reg query HKLM\System\CurrentControlSet\Services\Tcpip\Parameters /v EnableTCPChimney

·          Reg query HKLM\System\CurrentControlSet\Services\Tcpip\Parameters /v EnableRSS

·          Reg query HKLM\System\CurrentControlSet\Services\Tcpip\Parameters /v EnableTCPA

·          Reg query HKLM\System\CurrentControlSet\Services\Tcpip\Parameters /v DisableTaskOffload

·          Netsh int tcp show global

·          Netsh int ipv4 show offload

·          Netstat –nato –p tcp (Windows 2008 R2)

·          Netstat –ano –p tcp (Pre Windows 2008 R2)
Collects the last 12 hours of ULS logs and compresses them into a CAB file for easier transmission%COMPUTERNAME%_uls_O12SP_ULSLogs.cab
A collection of information gathered using the showpriv.exe tool (http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17657)

The following commands/options are used:

·          Showpriv SeTakeOwnershipPrivilege

·          Showpriv SeNetworkLogonRight

·          Showpriv SeTcbPrivilege

·          Showpriv SeMachineAccountPrivilege

·          Showpriv SeIncreaseQuotaPrivilege

·          Showpriv SeInteractiveLogonRight

·          Showpriv SeRemoteInteractiveLogonRight

·          Showpriv SeBackupPrivilege

·          Showpriv SeChangeNotifyPrivilege

·          Showpriv SeSystemTimePrivilege

·          Showpriv SeTimeZonePrivilege

·          Showpriv SeCreatePagefilePrivilege

·          Showpriv SeCreateTokenPrivilege

·          Showpriv CreateGlobalPrivilege

·          Showpriv SeCreatePermanentPrivilege

·          Showpriv SeCreateSymbolicLinkPrivilege

·          Showpriv SeDebugPrivilege

·          Showpriv SeDenyNetworkLogonRight

·          Showpriv SeDenyBatchLogonRight

·          Showpriv SeDenyServiceLogonRight

·          Showpriv SeDenyInteractiveLogonRight

·          Showpriv SeDenyRemoteInteractiveLoginRight

·          Showpriv SeEnableDelagationPrivilege

·          Showpriv SeRemoteShutdownPrivilege

·          Showpriv SeAuditPrivilege

·          Showpriv SeImpersonatePrivilege

·          Showpriv SeIncreaseWorkingSetPrivilege

·          Showpriv IncreaseBasePriorityPrivilege

·          Showpriv SeLoadDriverPrivilege

·          Showpriv SeBatchLogonRight

·          Showpriv SeServiceLogonRight

·          Showpriv SeSecurityPrivilege

·          Showpriv SeRelabelPrivilege

·          Showpriv SeSystemEnvironmentPrivilege

·          Showpriv SeManageVolumePrivilege

·          Showpriv SeProfileSingleProcessPrivilege

·          Showpriv SeSystemProfilePrivilege

·          Showpriv SeUndockPrivilege

·          Showpriv SeAssignPrimaryTokenPrivilege

·          Showpriv SeRestorePrivilege

·          Showpriv SeShutdownPrivilege

·          Showpriv SeSynchAgentPrivilege

·          Showpriv SeTakeOwnershipPrivilege

·          Showpriv SeUnsolicitedInputPrivilege
An enumeration of file version information for various folder on the server. We determine where WSS and MOSS are installed. From there, we recursively gather file version information below that point. We also collect the same information for the following:

·          %SystemRoot%\assembly\GAC

·          %SystemRoot%\assembly\GAC_MSIL

·          %SystemRoot%\assembly\GAC_32

·          %SystemRoot%\assembly\GAC_64 (if applicable)

The following fields are captured for each file:

·          MachineName

·          Timestamp

·          FileName

·          DirectoryName

·          FileVersion

·          CompanyName

·          IsDebug

·          Language

·          Mode

·          FileSize

·          CreationTime

·          CreationTimeUTC

·          MD5

·          SHA1





The output of the whoami /all Output command%COMPUTERNAME%_Whoami.txt

Additional Information

In order for the diagnostic packages to run a customer’s machine, we assume a few things:

They have access to the internet (either directly or indirectly)

That the relevant diagnostic services are running on the target machine

Diagnostic Policy Service - The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function.

Diagnostic Service Host - The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function.

Diagnostic System Host - The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function.


Diagnostics Infrastructure - http://technet.microsoft.com/en-us/library/cc774650(v=WS.10).aspx

KB 926079 - Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT)

Artikelnummer: 2597711 – Letzte Überarbeitung: 13.02.2012 – Revision: 1