[SDP3][3db601d0-f012-4959-8fc5-b0c9f9806a6a] CTS Reports Diagnostic Package

Summary

This diagnostic package is a multi-product-technology data collector used to collect the more common data points used to troubleshoot Windows, SQL Server and Exchange

More Information


Information Collected


Boot Information
DescriptionFile name
BCDEdit Output
{ComputerName}_BCDEdit.TXT
Boot.ini file
{ComputerName}_Boot.Ini
Copy of BCD - System Store
{ComputerName}_BCD-Backup.BKP

Devices and drivers
DescriptionFile name
Devcon utility output
{ComputerName}_DevCon.txt
Fibre Channel Information Tool (FCInfo) output
{ComputerName}_FCInfo.txt
Filter Manager minifilter drivers and instances via Fltmc.exe utility output
{ComputerName}_Fltmc.TXT
Upper and lower filters information via fltrfind.exe utility
{ComputerName}_FltrFind.txt

Driver Verifier Information
DescriptionFile name
Output from Driver Verifier Manager (verifier.exe) utility
{ComputerName}_verifier.txt

Event Logs - Failover Cluster
DescriptionFile name
Microsoft-Windows-FailoverClustering* (.csv .evtx .txt)
{ComputerName}_evt_FailoverClustering.*

Event Logs - General
DescriptionFile name
Application (.csv .evtx .txt)
{ComputerName}_evt_Application.*
System (.csv .evtx .txt)
{ComputerName}_evt_System.*

Event Logs - Networking
DescriptionFile name
Microsoft-Windows-NetworkProfile/Operational* (.csv .evtx .txt)
{ComputerName}_evt_NetworkProfile-Operational.*

FailoverCluster Feature
DescriptionFile name
Basic Failover Cluster information vai clusmps.exe utility (on operating Systems earlier than Windows Server 2008 R2)
{ComputerName}_cluster_mps_information.txt
Basic Failover Cluster information, including information from existing resources and groups via FailoverCluster PowerShell cmdlets (Windows Server 2008 R2 and newer)
resultreport.xml

Cluster Dependency Report generated by Get-ClusterResourceDependencyReport PowerShell cmdlet on Windows Server 2008 or newer
{ComputerName}_DependencyReport.mht
Cluster Logs generated by Get-ClusterLog PowerShell cmdlet on Windows Server 2008 R2, cluster.exe utility or from \windows\cluster\cluster.log on previous versions of Windows
{ComputerName}_cluster.log
Cluster Resources information from cluster.exe utility
{ComputerName}_ClusterResources.txt
Cluster resources properties using PowerShell Get-ClusterResource cmdlet or cluster.exe utility on previous versions of Windows
{ComputerName}_ClusterProperties.txt
Information about Cluster Shared Volume
{ComputerName}_CSVInfo.HTM

File Version Information (Chksym)
DescriptionFile name
File version information from %ProgramFiles%\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.*
{ComputerName}_sym_MS_iscsi.*
File version information from %windir%\cluster\*.*
{ComputerName}_sym_ProgramFiles_sys.*
File version information from %windir%\cluster\*.*
{ComputerName}_sym_Cluster.*
File version information from %windir%\system32\*.dll
{ComputerName}_sym_System32_dll.*
File version information from %windir%\system32\*.exe
{ComputerName}_sym_System32_exe.*
File version information from %windir%\system32\*.sys
{ComputerName}_sym_System32_sys.*
File version information from %windir%\system32\drivers folder
{ComputerName}_sym_Drivers.*
File version information from %windir%\system32\Spool\*.*
{ComputerName}_sym_PrintSpooler.*
File version information from %windir%\syswow64 folder and subfolders
{ComputerName}_sym_SysWOW64_sys.*
File version information from %windir%\syswow64\drivers folder
{ComputerName}_sym_SysWOW64_sys.*
File version information from {Program Files (x86)}\*.sys folder and subfolders
{ComputerName}_sym_ProgramFilesx86_sys.*
File version information from {Program Files}\*.sys folder and subfolders
{ComputerName}_sym_ProgramFiles_sys.*
File version information from drivers currently running on the machine
{ComputerName}_sym_RunningDrivers.*
File version information from processes currently running on the machine
{ComputerName}_sym_Process.*

General Information
DescriptionFile name
Basic Information about processes, such as memory usage and handle count, and information about Kernel memory utilization, such as Paged Pool and Non-Paged Pool memory
{ComputerName}_ProcessesPerfInfo.htm
Basic System Information including machine name, service pack, computer model and processor name and speed
resultreport.xml

List of Installed Updates and Hotfixes installed
{ComputerName}_Hotfixes.*
List of User Rights (privileges) using showpriv.exe tool
{ComputerName}_UserRights.txt
List of user SID, group memberships, and privileges via the 'Whoami /all' output
{ComputerName}_Whoami.txt
Resultant Set of Policy (RSoP) generated by gpresult.exe utility
{ComputerName}_GPResult.*
Schedule Tasks information (csv and txt) generated by schtasks.exe utility
{ComputerName}_schtasks.*
Show if machine is running on a Virtual Environment and describes the virtualization environment
resultreport.xml

Sysinternals Autoruns utility output
{ComputerName}_Autoruns.*
System Information - MSInfo32 tool output
{ComputerName}_msinfo32.nfo
{ComputerName}_msinfo32.txt
Windows Update log file (from windows folder)
{ComputerName}_windowsupdate.log
List of open files
{ComputerName}_OpenFiles.txt

General Performance Information
DescriptionFile name
Information about process and threads using pstat.exe tool
{ComputerName}_PStat.txt

General Registry Data Collection
DescriptionFile name
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{ComputerName}_reg_Startup.txt
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
HKCU\Software\Policies
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies
HKLM\Software\Policies
{ComputerName}_reg_Policies.txt
HKLM\Software\Microsoft\Windows\CurrentVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
{ComputerName}_reg_CurrentVersion.txt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
{ComputerName}_reg_Uninstall.txt
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Windows\Windows Error Reporting
HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting
HKLM\System\CurrentControlSet\Control\CrashControl
HKLM\System\CurrentControlSet\Control\Session Manager
HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management
{ComputerName}_reg_Recovery.txt
HKLM\SYSTEM\CurrentControlSet\Control\Print
{ComputerName}_reg_Print.txt
HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions
{ComputerName}_reg_ProductOptions.txt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server Web Access
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
HKLM\SYSTEM\CurrentControlSet\Services\TermDD
HKLM\SYSTEM\CurrentControlSet\Services\TermService
{ComputerName}_reg_TimeZone.txt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation
{ComputerName}_reg_TimeZone.txt

Hyper-V role
DescriptionFile name
Hyper-V Configuration and Virtual Machine Information
{ComputerName}_HyperV-Info.HTM
Hyper-V Virtual Machine Definition files from %ProgramData%\Microsoft\Windows\Hyper-V\Virtual Machines\*.xml
{ComputerName}_{VirtualMachineGUID}.xml

Memory Dump Information and Files
DescriptionFile name
Information about machine memory dump files, user memory dump files, and memory dump configuration
{ComputerName}_DumpReport.*
Machine Full or Kernel memory dump files (Memory.dmp)
{ComputerName}_dmp_memory.zip
Mini memory dump files from {Windows}\Minidump folder
User dumps generated by Windows Error Reporting
{ComputerName}_dmp_*.zip

Print Drivers and Printers information
DescriptionFile name
Information about Print drivers and printers, including print monitors, processors, and print driver file version information
{ComputerName}_PrintInfo.*

Server manager and server roles information
DescriptionFile name
List of roles and features installed on Server Media (Windows Server 2008 R2 and newer)
resultreport.xml


Storage Information
DescriptionFile name
Storage and SAN information via San.exe utility output
{ComputerName}_Storage_Information.txt


In addition to collecting the information that is described earlier, this diagnostic package can detect one or more of the following symptoms:

  • One or more processes are using a high number of handles
  • Possible Kernel Memory performance related problem
  • This system is currently running under low System PTEs
  • This system is currently running under low Virtual Memory
  • Memory Dump Related Issues
  • Print Drivers and Printers information
  • Detect Advanced Format Drives
  • Detect Native 4K drives on the system
  • Check if KB982018 is not installed or files are outdated
  • Check if cluster groups are in Offline or Failed state
  • Check for errors gathering cluster information via Get-ClusterNode cmdlet
  • Check if the state of one or more cluster nodes is down or paused
  • Check if Cluster service is not running or offline
  • Check if there are virtual machines using High CPU utilization
  • Check if Dynamic Memory is enabled on one or more Virtual Machines with old Integration Services
  • Check for version mismatches of Integration Services
  • Check if one or more Virtual Machines have virtual hard drives located on an disk with Advanced Format Drives (512e disks)
  • Check for Active Directory replication failures
  • Check if has been too long since this domain controller replicated
  • Active Directory replication is failing for one or more partitions: Status -2146893022 The target principal name is incorrect
  • Active Directory replication is failing for one or more partitions: Status 1127 - While accessing the hard disk, a disk operation failed even after retries.
  • Active Directory replication is failing for one or more partitions: Status 1256 - The remote system is not available
  • Active Directory replication is failing for one or more partitions: Status 1396 - Logon Failure: The target account name is incorrect
  • Active Directory replication is failing for one or more partitions: Status 1722 - The RPC server is unavailable
  • Active Directory replication is failing for one or more partitions: Status 1753 - There are no more endpoints available from the endpoint mapper
  • Active Directory replication is failing for one or more partitions: Status 5 - Access is denied
  • Active Directory replication is failing for one or more partitions: Status 8452 - The naming context is in the process of being removed...
  • Active Directory replication is failing for one or more partitions: Status 8453 - Replication Access Was Denied
  • Active Directory replication is failing for one or more partitions: Status 8524 - The DSA operation is unable to proceed because of a DNS lookup failure
  • Detect Lingering objects on domain controllers
  • Active Directory replication is failing for one or more partitions: Status 8451 - The replication operation encountered a database error
  • Active Directory replication is failing for one or more partitions: Status 1818 - The remote procedure call was cancelled
  • Active Directory replication is failing for one or more partitions: Status 8456 or 8457: The source or destination server is currently rejecting replication requests
  • Active Directory replication is failing for one or more partitions with status 8589
  • Active Directory replication is failing for one or more partitions with status 8333 - Directory Object not Found
  • Active Directory replication is failing for one or more partitions: Status 8446 - The replication operation failed to allocate memory
  • Active Directory replication is failing for one or more partitions: Status 8240 - There is no such object on the server
  • Active Directory replication is failing for one or more partitions: Status 1783 - The stub received bad data
  • Check for potentially risky audit failure settings (CrashOnAuditFail)
  • Check for a possible STOP error caused by audit failure
  • Check for High CPU usage by Local Security Authority Subsystem Service (LSASS)
  • Check if either SYSVOL and/or NETLOGON shares are missing on domain controller
  • Check for domain controller missing Rid Set reference attributes in Active Directory
  • Check if DC is pointing to itself for DNS exclusively
  • Check for USN Rollback
  • Check state of Intersite Messaging service.
  • Check if DFSR UpdateWorkerThreadCount setting is lower than 64
  • Detect if IPv6 was disabled on a domain controller
  • Detect Win32time configuration for time skew
  • Detect MaxConcurrentApi NTLM bottlenecks or delays
  • Detect Certificates with Weak RSA Keys
  • Check if the Cluster Name Object (CNO) exists and it is enabled in Active Directory
  • Check if Cluster Shared Volumes is configured to Redirected access
  • Check if Cluster Shared Volumes is configured for Local Access
  • Check if Cluster Shared Volumes is configured to Maintenance Mode
  • Check if Cluster Shared Volumes is configured to Network Access
  • Check for third party virtualization solution from Xsigo
  • Check for LmCompatibilityLevel setting
  • Check firewall rules on cluster nodes with IPv6 enabled
  • Check if PMTU has been disabled on machine
  • Check for unexpected TcpIp registry settings (KB 967224)
  • Check if Opportunistic Locking has been disabled
  • Check for excessive number of 6to4 adapters which may result in decreased startup and logon performance
  • Check if Tunnel.sys driver is missing a Windows Server 2008 R2 Server Core installation option
  • Check if InfoCacheLevel setting is configured to enable caching for all files and folders
  • Checks if Appsense EM 8.1 is installed on machine
  • Check for large number of Inactive Terminal Services ports
  • Checking if Registry Size Limit setting is present on the system
  • Check PoolUsageMaximum Setting
  • Checking for shared PST files
  • Check for McAfee Endpoint Encryption version which may cause slow boot issues
  • Check for terminal services licensing binary versions for Windows Server 2003
  • Check for specific version of SEP that may cause handle leak
  • Check RPC settings for allowing unauthenticated sessions
  • Check for Performance counters to see if there is an issue with NTFS metafile cache memory consumption
  • Check for ProcessorAffinityMask setting for multiprocessor Windows Server 2003 machines
  • Check for ClearPageFileAtShutdown setting which may cause slow shutdown
  • Check for NMICrashDump setting on HP ProLiant DL385 G5
  • Check for older version of MPIO.SYS on Windows Server 2003 with Multipathing solution installed
  • Check for Broadcom Advanced Server Program driver information
  • Check if Users group have permissions under HKCR\CLSID
  • Check HeapDecommitFreeBlockThreshold registry value
  • Detect Netapi32.dll version
  • Detect if fail to install due to an invalid Registry entry for Autoruns
  • Check for missing registry keys that can cause issues with Component Services
  • Check for possible startup performance problems on Hyper-V Servers due to a large number of orphaned registry keys
  • Check Xeon Processor 5500 Series processor erratum related with Hyper-V (KB 975530)
  • Check if update KB2263829 is installed on Hyper-V on Windows Server 2008 R2 Service Pack 1 systems
  • Check for event ID 21203 or 21125 in the Microsoft-Windows-Hyper-V-High-Availability/Admin event log over the past 15 days.
  • Check for Symantec Endpoint Protection MR1/MR2
  • Check for unsupported versions of Windows Vista or Windows Server 2008
  • Check if DEP and PAE is enabled on a 32-bit system
  • Check if Telnet service is running under System account
  • Check the value of 'SystemPages' in Memory Management registry key
  • Check for Evaluation Media
  • Check if Page Heap is enabled to one or more processes
  • Check if driver verifier has been enabled for at least one driver.
  • Check for ephemeral port usage

References

For more information about the Microsoft Automated Troubleshooting Services and about the Support Diagnostics Platform, please open the following Microsoft Knowledge Base article:


2598970 Information about Microsoft Automated Troubleshooting Services and Support Diagnostic Platform

Properties

Article ID: 2770518 - Last Review: 6 Nov 2012 - Revision: 1

Feedback