[SDP 3][f819beda-777a-40c7-979d-499f663649fc] Windows Setup Diagnostic


The Windows Setup Troubleshooter for Windows was designed to collect information used in troubleshooting support Windows Setup issues.

More Information

Information Collected

Additional Information

Description File name
Volume Shadow Copy Service (VSS) information via vssadmin utility output

Best Practices Analyzer
Description File name
Best Practices Analyzer (BPA) Report

Boot Information
Description File name
BCDEdit Output
Boot.ini file
Copy of BCD - System Store

Deployment Logs
Description File name
DISM.log on Windows\logs\DISM
Service Pack Installation Log from %windir%\SVCPack.Log
Setupact.log on Windows folder
Setuperr.log on Windows folder
Task Sequencer Log on C:\_SMSTaskSequence
Task Sequencer Log on C:\SMSTSLog
Task Sequencer Log on System32\ccm\logs
Task Sequencer Log on Temp folder

Device Drivers Installation Logs
Description File name
Setupapi logs located on %windir%\inf folder

Devices and drivers
Description File name
Devcon utility output
Fibre Channel Information Tool (FCInfo) output
Filter Manager minifilter drivers and instances via Fltmc.exe utility output
Information about MS-DOS device names (symbolic links) via DOSDev utility
Upper and lower filters information via fltrfind.exe utility

Driver Verifier Information
Description File name
Output from Driver Verifier Manager (verifier.exe) utility

Description File name
DriverStore Index Data File located on %windir%\system32\driverstore
DriverStore INF Cache DB located on %windir%\system32\driverstore
DriverStore INF Pub Data File located on %windir%\system32\driverstore
DriverStore INF Stor Data File located on %windir%\system32\driverstore
DriverStore Strng Data File located on %windir%\system32\driverstore

Event Log Files

Description File name
BitLocker Event logs (.csv .evtx .txt){ComputerName}_Microsoft-Windows-BitLocker-DrivePreparationTool/Admin.*
{ComputerName}_Microsoft-Windows-BitLocker/BitLocker Management.*
MBAM Event logs (.csv .evtx .txt){ComputerName}_Microsoft-Windows-MBAM/Admin.*

Event Logs - Failover Cluster

Description File name
Microsoft-Windows-FailoverClustering* (.csv .evtx .txt)

Event Logs - General
Description File name
Application (.csv .evtx .txt)
System (.csv .evtx .txt)

Event Logs - Networking
Description File name
Microsoft-Windows-NetworkProfile/Operational* (.csv .evtx .txt)

Event Logs - Setup
Description File name
Setup (.csv .evtx .txt)

FailoverCluster Feature
Description File name
Basic Failover Cluster information vai clusmps.exe utility (on operating Systems earlier than Windows Server 2008 R2)
Basic Failover Cluster information, including information from existing resources and groups via FailoverCluster PowerShell cmdlets (Windows Server 2008 R2 and newer)
Cluster basic Validation Report generated by Test-Cluster PowerShell cmdlet
Cluster Dependency Report generated by Get-ClusterResourceDependencyReport PowerShell cmdlet on Windows Server 2008 or newer
Cluster Logs generated by Get-ClusterLog PowerShell cmdlet on Windows Server 2008 R2, cluster.exe utility or from \windows\cluster\cluster.log on previous versions of Windows
Cluster reports XML files located at \Windows\Cluster\Reports\*.xml
Cluster Resources information from cluster.exe utility
Cluster resources properties using PowerShell Get-ClusterResource cmdlet or cluster.exe utility on previous versions of Windows
Cluster validation log files from \Windows\Cluster\Reports\Validate*.log
Cluster validation reports files located at \Windows\Cluster\Reports\*.mht
Information about Cluster Shared Volume

File Version Information (Chksym)
Description File name
File version information from %ProgramFiles%\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.*
File version information from %windir%\cluster\*.*
File version information from %windir%\cluster\*.*
File version information from %windir%\system32\*.dll
File version information from %windir%\system32\*.exe
File version information from %windir%\system32\*.sys
File version information from %windir%\system32\drivers folder
File version information from %windir%\system32\Spool\*.*
File version information from %windir%\syswow64 folder and subfolders
File version information from %windir%\syswow64\drivers folder
File version information from {Program Files (x86)}\*.sys folder and subfolders
File version information from {Program Files}\*.sys folder and subfolders
File version information from drivers currently running on the machine
File version information from processes currently running on the machine

General information
Description File name
SP Catalog from windows\system32\catroot2

General Information
Description File name
Basic Information about processes, such as memory usage and handle count, and information about Kernel memory utilization, such as Paged Pool and Non-Paged Pool memory
Basic System Information including machine name, service pack, computer model and processor name and speed
List of Installed Updates and Hotfixes installed
List of User Rights (privileges) using showpriv.exe tool
List of user SID, group memberships, and privileges via the 'Whoami /all' output
Resultant Set of Policy (RSoP) generated by gpresult.exe utility
Schedule Tasks information (csv and txt) generated by schtasks.exe utility
Show if machine is running on a Virtual Environment and describes the virtualization environment
Sysinternals Autoruns utility output
System Information - MSInfo32 tool output
Windows basic activation information via %windir%\system32\slmgr.vbs
Windows Update log file (from windows folder)
List of open files

General Performance Information
Description File name
Information about process and threads using pstat.exe tool

General Registry Data Collection
Description File name
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Windows\Windows Error Reporting
HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting
HKLM\System\CurrentControlSet\Control\Session Manager
HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server Web Access
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones

Hyper-V role
Description File name
Hyper-V Configuration and Virtual Machine Information
Hyper-V Virtual Machine Definition files from %ProgramData%\Microsoft\Windows\Hyper-V\Virtual Machines\*.xml

iSCSI Information
Description File name
iSCSI Information based on iscsicli.exe output

Description File name
Deployment Logs on \windows\temp
Deployment Logs on SystemDrive\Minint

Memory Dump Information and Files
Description File name
Information about machine memory dump files, user memory dump files, and memory dump configuration
Machine Full or Kernel memory dump files (Memory.dmp)
Mini memory dump files from {Windows}\Minidump folder
User dumps generated by Windows Error Reporting

Panther Folder
Description File name
Contents of %windir%\Panther

Power Settings
Description File name
Output of PowerCfg utility

Print Drivers and Printers information
Description File name
Information about Print drivers and printers, including print monitors, processors, and print driver file version information

Registry Information
Description File name
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing
HKLM\SOFTWARE\Microsoft\iSCSI Target
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\iSCSI

Registry Keys
Description File name

Server manager and server roles information
Description File name
List of roles and features installed on Server Media (Windows Server 2008 R2 and newer)
Server Manager Installation Log from %windir%\logs
SeverCore OCList output

Servicing and related Logs
Description File name
Component Update log located on %windir%\SoftwareDistribution
Component-Based Servicing Logs located on %windir%\Logs\CBS
Contents of %windir%\servicing\Sessions
DPX Setup Act log located on %windir%\logs\DPX
Pending Operations Queue Exec log located on %windir%\winsxs
Sessions log located on %windir%\servicing
System Update Readiness log located on %windir%\logs\CBS
Windows Side-by-Side Pending Bad log
Windows Side-by-Side Pending log located on %windir%\winsxs

Servicing Logs
Description File name
reboot.xml from %windir%\winsxs folder

Storage Information
Description File name
Storage and SAN information via San.exe utility output

Storage related event logs on System log
Description File name
Parsing of Storage related event logs (Events 6 7 9 11 15 50 51 57 and 389) on System log using evparse.exe utility

Sysprep Folder
Description File name
Contents of %windir%\System32\sysprep

Windows hotfix installation logs
Description File name
Windows XP and Server 2003 KB Installation Logs from Windows folder

In addition to collecting the information that is described earlier, this diagnostic package can detect one or more of the following symptoms:
Event Logs Messages One or more processes are using a high number of handles Possible Kernel Memory performance related problem This system is currently running under low System PTEs This system is currently running under low Virtual Memory Memory Dump Related Issues Detect if this machine is a Virtual Machine running in Microsoft Azure Check if cluster groups are in Offline or Failed state Check for errors gathering cluster information via Get-ClusterNode cmdlet Check if the state of one or more cluster nodes is down or paused Check if Cluster service is not running or offline Check if Cluster Shared Volumes is configured to Redirected access Check if Cluster Shared Volumes is configured for Local Access Check if Cluster Shared Volumes is configured to Maintenance Mode Check if Cluster Shared Volumes is configured to Network Access Check if there are any virtual machine with High CPU utilization Check if Dynamic Memory is enabled to one or more Virtual Machines Check if Dynamic Memory is enabled on one or more Virtual Machines with old Integration Services Check for version mismatches of Integration Services Check if one or more Virtual Machines have virtual hard drives located on an disk with Advanced Format Drives (512e disks) Best Practices Analyzer errors or warnings Print Drivers and Printers information Detect Advanced Format Drives Detect Native 4K drives on the system KB982018 is not installed or files are outdated Check for Symantec Endpoint Protection MR1/MR2 Check for Evaluation Media Check if Page Heap is enabled to one or more processes Check if driver verifier has been enabled for at least one driver. Check for ephemeral port usage Check for ephemeral port usage Check if the Cluster Name Object (CNO) exists and it is enabled in Active Directory Check for third party virtualization solution from Xsigo Check for LmCompatibilityLevel setting Check firewall rules on cluster nodes with IPv6 enabled Checks if Appsense EM 8.1 is installed on machine Check for large number of Inactive Terminal Services ports Checking if Registry Size Limit setting is present on the system Check PoolUsageMaximum Setting Checking for shared PST files Check for McAfee Endpoint Encryption version which may cause slow boot issues Check for terminal services licensing binary versions for Windows Server 2003 Check for specific version of SEP that may cause handle leak Check RPC settings for allowing unauthenticated sessions Check for Performance counters to see if there is an issue with NTFS metafile cache memory consumption Check for ProcessorAffinityMask setting for multiprocessor Windows Server 2003 machines Check for ClearPageFileAtShutdown setting which may cause slow shutdown Check for NMICrashDump setting on HP ProLiant DL385 G5 Check state of Search Sevice when Lenovo Rapid Boot Software is installed Check pool memory allocated for 'D2d' tag Check pool memory allocated for RxM4 and SeTI tag Check pool memory allocated for 'SslC' tag Check pool memory allocated for 'Toke' tag on terminal services Older version of MPIO.SYS was detected in this machine andNonpaged pool kernel memory leak detected on Windows Server 2003 with Multipathing solution installed Check for Broadcom Advanced Server Program driver information Detect Aladdin Knowledge Systems Device Drivers Check the state of Application Compatibility Engine Check pool memory usage from Citrix XTE process Check if Users group have permissions under HKCR\CLSID Check HeapDecommitFreeBlockThreshold registry value Check for specific version of wsftpsi.dll known to cause Explorer crashes Detect Netapi32.dll version Detect if fail to install due to an invalid Registry entry for Autoruns Check for missing registry keys that can cause issues with Component Services Check if EMC Replistor Software is on machine but KB 975759 is not installed Check for unsupported versions of Windows Vista or Windows Server 2008 Check if DEP and PAE is enabled on a 32-bit system Check if Ultimaco Safeware disk encryption is installed and current version Check if Telnet service is running under System account Check for known issue with BIOS version of PowerEdge R910, R810 and M910 Check the value of 'SystemPages' in Memory Management registry key Possible startup performance problems on Hyper-V Servers due to a large number of orphaned registry keys Check Xeon Processor 5500 Series processor erratum related with Hyper-V (KB 975530) Check if update KB2263829 is installed on Hyper-V on Windows Server 2008 R2 Service Pack 1 systems Check for event ID 21203 or 21125 in the Microsoft-Windows-Hyper-V-High-Availability/Admin event log over the past 15 days. Check for the presense of HKLM\Components registry keys which indicate a recente component installation Check for the presense of Pending.XML in WinSxS folder Check if SYSTEM permisions in usbhub.sys Check for Veritas disk VXIO device states Check the number of entries in FilesNotToBackup registry key Check for Bitlocker Drive Encryption Fixed Data Drive Read-Only Policy
References For more information about the Microsoft Automated Troubleshooting Services and about the Support Diagnostics Platform, please open the following Microsoft Knowledge Base article:

2598970 Information about Microsoft Automated Troubleshooting Services and Support Diagnostic Platform