[SDP 2][82769D3C-7DF8-4071-B9D1-CB264DE4BE2B] Default SDP Manifest for Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008


Summary


The Windows Default SDP Manifest for Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008, Windows Server 2003, Windows Vista and Windows Server 2008 was designed to collect information used in troubleshooting general Windows issues in different technologies, including Setup, Performance, Networking and Failover Cluster.

More Information




This article describes the information that may be collected from a machine when running Default SDP Manifest for Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

                                                      

Information Collected

Event Logs - General
DescriptionFile Name
Event Log – Application  – text, csv and evtx formats{Computername}_evt_Application.*
Event Log – System – text, csv and evtx formats{Computername}_evt_System.*
Event Logs – Other{Computername}_evt_*.*


File Version Information
DescriptionFile Name
File version information from %windir%\cluster\*.*{Computername}_sym_Cluster.*
File version information from %windir%\system32\*.dll{Computername}_sym_System32_dll.*
File version information from %windir%\system32\*.exe{Computername}_sym_System32_exe.*
File version information from %windir%\system32\*.sys{Computername}_sym_System32_sys.*
File version information from %windir%\system32\drivers folder{Computername}_sym_Drivers.*
File version information from %windir%\system32\drivers\*.*{Computername}_sym_SysWOW64_sys.*
File version information from {Program Files (x86}}\*.sys{Computername}_sym_ProgramFilesx86_sys.*
File version information from {Program Files}\*.sys{Computername}_sym_ProgramFiles_sys.*
File version information from {Program Files}\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.*{Computername}_sym_MS_Iscsi.*
File version information from all drivers currently running on machine{Computername}_sym_RunningDrivers.*
File version information from all processes currently running on machine{Computername}_sym_Process.*
File version information from print spooler folder %windir%\system32\Spool\*.*{Computername}_sym_PrintSpooler.*
File version information from Windows\Cluster{Computername}_sym_Cluster.*


Device and Drivers
DescriptionFile Name
Devices and connection information generated by devcon utility{Computername}_Devcon.log
Minifilter drivers enumeration using Fltmc.exe utility{Computername}_Fltmc.txt
MS-DOS device names using dosdev utility{Computername}_DosDev.txt
Output from Driver Verifier Manager (verifier.exe) utility{Computername}_Verifier.txt
Upper and lower filters Information using fltrfind.exe utility{Computername}_FltrFind.txt
Information about driver signature using driverquery.exe{Computername}_SignedDrivers.txt


Storage/Disk Information
DescriptionFile Name
Fibre Channel Information Tool information collected by FCInfo utility{Computername}_fcinfo.txt
Information from machine disk sectors generated by SecInspect.exe utility{Computername}_Secinspect.txt
iSCSI related information generated by iscsicli.exe utility{Computername}_iSCSIInfo.txt
Parsing of Storage related event logs (Events 6 7 9 11 15 50 51 57 and 389) on System log using evparse.exe utility{Computername}_StorageEventLogs.htm
Fibre Channel Information tool (fcinfo) output to obtain SAN resources and configuration information{Computername}_FCInfo.txt
Dispart’s SAN policy information{Computername}_DiskpartSANPolicy.txt


Memory Dumps and related
DescriptionFile Name
Information about Machine Memory Dumps, User memory dumps and memory dump configuration{Computername}_DumpReport.*
Compressed version of mini machine memory dumps located at %windir%\minidumps{Computername}_dmp_*.cab
Windows Error Reporting mini dumps generated in past 30 days{Computername}_dmp_*.cab


Hotfixes and Updates
DescriptionFile Name
Installed Updates/ Hotfixes{Computername}_Hotfixes.*


Virtualization
DescriptionFile Name
Basic information about machine virtual environment{Computername}_Virtualization.*


Networking Related Information
DescriptionFile Name
Basic IP networking configuration information, such as Tcp/ip registry key, ipconfig, netstat, nbtstat and netsh output{Computername}_TcpIp-Info.txt
Basic SMB configuration information based on output of net.exe utility{Computername}_SMB-Info.txt
Information about TCP Offload from the registry and netsh{Computername}_TCPIP-Info-Offload.txt
Networking Setup/ information about the attempts to join domains{Computername}_netsetup.log
Network Diagnostic took (netdiag.exe) output{Computername}_netdiag.txt
Permissions dump for registry key HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg{Computername}_winreg.txt
DNS cache information from ‘ipconfig.exe /displaydns’ command{Computername}_DnsClient-DnsCache.txt
HOSTS file from \Windows\System32\Drivers\etc folder{Computername}_DnsClient-HostsFile.txt
SERVICES file from \Windows\System32\Drivers\etc folder{Computername}_TCPIP-ServicesFile.txt
LMHOSTS file from \Windows\System32\Drivers\etc folder{Computername}_WinsClient-LmhostsFile.txt
Firewall information from ‘netsh firewall’ context output{Computername}_Firewall-Netsh-Fw.txt
IPSec information from ‘netsh ipsec’ context output{Computername}_IPsec-Netsh.txt
Internet Protocol security (IPSec) policy information via ‘netsh ipsec static exportpolicy’ output{Computername}_IPsec-Export.ipsec
General networking configuration from ‘netsh dump’ output{Computername}_Netsh-Dump.txt
Load Balancing configuration via ‘wlbs.exe display’ command{Computername}_NLB-WlbsDisplay.txt
Remote Access Service Information via ‘netsh ras’ context output{Computername}_RAS-Netsh.txt
General IPv4 information via ‘netsh int ipv4’ context output{Computername}_TCPIP-Netsh-IPv4.txt
General IPv6 information via ‘netsh int ipv6’ context output{Computername}_TCPIP-Netsh-IPv6.txt
Winsock catalog information via ‘netsh winsock show catalog’ output{Computername}_WinSock-Netsh.txt
Wired 802.1X (LAN) information via ‘netsh lan’ context output{Computername}_8021x-Netsh-LAN.txt
Wireless Local Area Network (WLAN) 802.11 connectivity and security settings via ‘netsh wlan’ context output{Computername}_8021x-Netsh-WLAN.txt
Background Intelligent Transfer Service (BITS) information via ‘BitsAdmin /list’ command output{Computername}_BITS-BitsAdmin-List.txt
Dynamic Host Configuration Protocol (DHCP) Server information via ‘netsh dhcp server’ context output{Computername}_DhcpServer-Netsh.txt
Windows Internet Name Service (WINS) Server information via ‘netsh wins server’ context output{Computername}_WinsServer-Netsh.txt
Windows Internet Name Service (WINS) client – Netbios cache via ‘nbtstat.exe –c’ command output{Computername}_WinsClient-NetbiosCache.txt
Remote Procedure Call (RPC) general information via ‘netsh rpc’ context output{Computername}_RPC-Netsh.txt
Displays the current Windows HTTP Services (WinHTTP) proxy information via ‘netsh winhttp show proxy’ output{Computername}_WinHttp-Netsh.txt


Printers and Print drivers
DescriptionFile Name
Printers and Print driver information, including drivers, print monitors, print processors{Computername}_PrintInfo.*


Directory Services Related Information
DescriptionFile Name
Netlogon service log file (\Windows\Debug\Logs\netlogon.log){Computername}_Netlogon.log
Winlogon log file (\Windows\security\logs\winlogon.log){Computername}_Winlogon.log
Security Templates currently cached on the system (From \Windows\Security\Templates\Policies){Computername}_AppliedSecTempl.txt
Gathers the user privilege settings using showpriv.exe tool{Computername}_Userrights.txt
Networking Setup/ Domain Join related information{Computername}_Netsetup.log


Registry Keys
DescriptionFile Name
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Hotfix

HKCU\SOFTWARE\Policies\Microsoft

HKLM\Software\Policies\Microsoft

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

HKLM\SYSTEM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

HKLM\Software\Microsoft\Active Setup

HKCU\Software\Microsoft\Active Setup

HKLM\Software\Microsoft\Windows NT\CurrentVersion

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions

HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions

HKCU\Software\Microsoft\Windows NT\Currentversion\AppCompatFlags

HKCU\Software\Microsoft\Java VM

HKLM\Software\Microsoft\Windows\CurrentVersion\NetCache

HKLM\Software\Microsoft\EAPOL\Parameters\General\Global

HKLM\Software\Microsoft\NetworkAccessProtection

HKLM\Software\Microsoft\Windows NT\CurrentVersion\NetworkList
{Computername}_reg_Software.txt
HKLM\System\MountedDevices

HKLM\Hardware\DESCRIPTION\System\CentralProcessor

HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider

HKLM\System\CurrentControlSet\Control\Session Manager\Power

HKLM\SYSTEM\CurrentControlSet\Control\Lsa

HKLM\System\CurrentControlSet\Control\Session Manager

HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation

HKLM\SYSTEM\CurrentControlSet\Control\Video

HKLM\System\CurrentControlSet\Services\napagent

HKLM\System\CurrentControlSet\Services\Afd

HKLM\System\CurrentControlSet\Services\BITS

HKLM\System\CurrentControlSet\Services\Dhcp

HKLM\System\CurrentControlSet\Services\DHCPServer

HKLM\System\CurrentControlSet\Services\Dnscache

HKLM\System\CurrentControlSet\Services\DNS

HKLM\System\CurrentControlSet\Services\IPsec

HKLM\System\CurrentControlSet\Services\PolicyAgent

HKLM\System\CurrentControlSet\Services\lanmanserver

HKLM\System\CurrentControlSet\Services\LanmanWorkstation

HKLM\System\CurrentControlSet\Services\MpsSvc

HKLM\System\CurrentControlSet\Services\MRxDav

HKLM\System\CurrentControlSet\Services\WebClient

HKLM\System\CurrentControlSet\Services\MrxSmb

HKLM\System\CurrentControlSet\Services\MrxSmb10

HKLM\System\CurrentControlSet\Services\MrxSmb20

HKLM\System\CurrentControlSet\Services\rdbss

HKLM\System\CurrentControlSet\Services\MUP

HKLM\System\CurrentControlSet\Services\NetBT

HKLM\System\CurrentControlSet\Services\Netlogon

HKLM\System\CurrentControlSet\Services\RasMan

HKLM\System\CurrentControlSet\Services\SharedAccess

HKLM\System\CurrentControlSet\Services\wscsvc

HKLM\System\CurrentControlSet\Services\SMB

HKLM\System\CurrentControlSet\Services\Tcpip

HKLM\System\CurrentControlSet\Services\Tcpip6

HKLM\System\CurrentControlSet\Services\VSS

HKLM\System\CurrentControlSet\Services\Winsock

HKLM\System\CurrentControlSet\Services\Winsock2
{Computername}_reg_System.txt
HKLM\System\MountedDevices{Computername}_reg_MountedDevices.hiv
HKCU\Network{Computername}_reg_NetworkConnections.TXT
HKLM\System\CurrentControlSet\Control\CrashControl

HKLM\System\CurrentControlSet\Control\Session Manager

HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management

HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKLM\Software\Microsoft\Windows\Windows Error Reporting

HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting
{Computername}_reg_Recovery.txt
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce

HKCU\Software\Microsoft\Windows\CurrentVersion\RunonceEx

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKLM\ Software\Microsoft\Windows\CurrentVersion\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\Runonce

HKLM\Software\Microsoft\Windows\CurrentVersion\RunonceEx

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Load

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit
{Computername}_reg_Startup.txt
HKLM\SYSTEM\CurrentControlSet\Control\Print{Computername}_reg_Print.*
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server Web Access

HKLM\System\CurrentControlSet\Services\TermService

HKLM\System\CurrentControlSet\Services\TermDD
{Computername}_reg_TermServer.txt
HKLM\Software\Microsoft\Internet Explorer

HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings

HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings

HKLM\Software\Microsoft\Internet Domains

HKLM\Software\Microsoft\Internet Connection Wizard

HKCU\Software\Microsoft\Internet Connection Wizard

HKLM\Software\Microsoft\Internet Account Manager

HKCU\Software\Microsoft\Internet Account Manager

HKLM\Software\Microsoft\IEAK

HKCU\Software\Microsoft\IEAK

HKLM\Software\Microsoft\IEAK6

HKLM\Software\Microsoft\IE Setup
{Computername}_reg_IE.txt
HKLM\System\CurrentControlSet\Services\iScsiPrt

HKLM\Software\Microsoft\iSCSI Target

HKLM\Software\Microsoft\Windows NT\CurrentVersion\iSCSI
{Computername}_reg_iSCSI.*
HKLM\Software\Microsoft\iSCSI Target{Computername}_reg_iSCSI_Target.hiv
HKLM\Software\Microsoft\Windows NT\CurrentVersion\iSCSI{Computername}_reg_CurrentVersion_iSCSI.HIV
HKLM\System\CurrentControlSet\Control\MPDev

HKLM\System\CurrentControlSet\Control\iSCSIPrt

HKLM\System\CurrentControlSet\Services\MSiSCSI

HKLM\System\CurrentControlSet\Services\MSDsm

HKLM\System\CurrentControlSet\Services\MPIO

HKLM\System\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}

HKLM\System\CurrentControlSet\Services\Tcpip
{Computername}_reg_Storage.txt
HKLM\Software\Microsoft\Exchange

HKLM\System\CurrentControlSet\Services\MSExchangeActiveSyncNotify

HKLM\System\CurrentControlSet\Services\MSExchangeADDXA

HKLM\System\CurrentControlSet\Services\MSExchangeAL

HKLM\System\CurrentControlSet\Services\MSExchangeDSAccess

HKLM\System\CurrentControlSet\Services\MSExchangeES

HKLM\System\CurrentControlSet\Services\MSExchangeFBPublish

HKLM\System\CurrentControlSet\Services\MSExchangeIS

HKLM\System\CurrentControlSet\Services\MSExchangeMGMT

HKLM\System\CurrentControlSet\Services\MSExchangeMTA

HKLM\System\CurrentControlSet\Services\MSExchangeMU

HKLM\System\CurrentControlSet\Services\MSExchangeOMA

HKLM\System\CurrentControlSet\Services\MSExchangeSA

HKLM\System\CurrentControlSet\Services\MSExchangeSenderID

HKLM\System\CurrentControlSet\Services\MSExchangeSRS

HKLM\System\CurrentControlSet\Services\MSExchangeTransport

HKLM\System\CurrentControlSet\Services\MSExchangeUCF

HKLM\System\CurrentControlSet\Services\MSExchangeWEB

HKLM\Software\Microsoft\MosTrace\CurrentVersion\DebugAsyncTrace

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\STORE.EXE
{Computername}_reg_Exchange.txt
HKLM\Cluster{Computername}_reg_Cluster.hiv
HKLM\System\CurrentControlSet\Services\Clussvc{Computername}_reg_Clussvc.txt
HKLM\System\CurrentControlSet\Services\Clusdisk{Computername}_reg_Clusdisk.txt


Domain Controllers
Description       File Name
Domain Controller Diagnostics Tool (dcdiag.exe) output{Computername} _DCDiag.txt
Replication topology overview via ‘repadmin.exe /showrepl’ output{Computername}_repadmin.txt


Other
DescriptionFile Name
Resultant Set of Policy (RSoP) generated by gpresult.exe utility{Computername}_GPResult.*
Schedule Tasks information (csv and txt) generated by schtasks.exe utility{Computername}_schtasks.*
System Information - MSInfo32 tool output – txt and nfo formats{Computername}_msinfo32.*
Volume Shadow Copy Service (VSS) information{Computername}_VSSAdmin.txt
Windows basic activation information via %windir%\system32\slmgr.vbs{Computername}_KMSActivation.txt
Operating system Boot options file (Boot.ini){Computername}_BOOT.INI
Hyperthread capable processor information{Computername}_HyperThread.txt
Information about process and threads using pstat.exe tool{Computername}_PStat.txt
SP Catalog Logging file (Windows\System32\catroot2 \DBErr.txt){Computername}_DBErr.txt
Windows Update Reporting Events log file (from WINDOWS\SoftwareDistribution){Computername}_ReportingEvents.log
Windows Update log file (from windows folder){Computername}_WindowsUpdate.log
List Performance information from top Processes, such as memory usage, handle count and number of threads, as well as kernel memory allocation information{Computername}_ProcessPerfInfo.*


Windows 2000, XP, Windows Server 2003

Cluster Servers
Description       File Name
Cluster MPS Tool (clusmps.exe) output{Computername} _Cluster_MPS_Information.txt
Cluster Resource Properties from cluster.exe utility{Computername}_Cluster_Properties.txt
Cluster Resources information from cluster.exe utility{Computername}_Cluster_Resources.txt
Chkdsk utility log files from \Windows\Cluster folder{Computername}_Chkdsk*.log
Cluster Service Setup Log{Computername}_ClCfgSrv.log
Cluster log file{Computername}_Cluster.log


Domain Controllers
Description       File Name
Group Policy Verification Tool (gpotool.exe) output{Computername}_gpotool.txt
current list of operations master role holders via ‘netdom query fsmo’ output{Computername}_netdomfsmo.txt
Description of share permissions on Sysvol Share via subinacl tool{Computername}_SysvolSharePerms.txt


Other
Description       File Name
User environment debug log (UserEnv.*) from \windows\debug\usermode{Computername}_userenv.log
Service Pack installation log file (from Windows folder){Computername}_Svcpack.log
Update Installation Logs (KB*.log located on Windows folder) {Computername}_KB*.log


Windows Vista or Windows Server 2008

Hyper-V Role
Description       File Name
Event Log - Hyper-V related event logs (Microsoft-Windows-Hyper-V*) – Text, csv and evtx formats{Computername}_evt_HyperV*.*
Hyper-V Configuration and Virtual Machine Information{Computername}_HyperV-Info.htm
Hyper-V Virtual Machine Definition files from %ProgramData%\Microsoft\Windows\Hyper-V\Virtual Machines\*.xml{Computername}_{VirtualMachineGUID}.xml


FailoverCluster Feature
DescriptionFile Name
All files from the \windows\cluster\reports folder{Computername}_ClusterReports*.*
Server manager log file located at %windir%\logs\ServerManager.log{Computername}_ServerManager.log
Registry key HKLM\System\CurrentControlSet\Services\ClusDisk{Computername}_Clusdisk.txt
Registry key HKLM\System\CurrentControlSet\Services\ClusSvc{Computername}_ClussvcRegistry.txt
Output from ‘Cluster . RES’ command line utility, listing resources and properties{Computername}_Cluster_Res_Properties_All.txt
Cluster log files generated by running ‘cluster.exe log’{Computername}_Cluster.Log
Cluster MPS Tool (clusmps.exe) output{Computername} _Cluster_MPS_Information.txt


Server Manager/ Roles information
DescriptionFile Name
Information about server roles installed on a server generated by servermanagercmd.exe{Computername}_ServerManagerCmdQuery.*
Server manager log file located at %windir%\logs\ServerManager.log{Computername}_ServerManager.log


Boot Information
DescriptionFile Name
Output from bcdedit.exe utility{Computername}_BCDEdit.txt

{Computername}_BCD-Backup.bak


Deployment Logs
DescriptionFile Name
Setupact.log from folders:

%windir%

%windir%\Panther

%windir%\Panther\UnattendedGC
{Computername}_Setupact-*.log
Setupapi logs located on %windir%\inf folder{Computername}_SetupApi.app.log

{Computername}_SetupApi.evt.log

{Computername}_SetupApi.offline.log
Setuperr.log located on Windows folder{Computername}_Setuperr.log
Upgrade log – SetupReport.txt from windows\panther folder{Computername}_SetupReport.txt


Servicing logs
DescriptionFile Name
Component-Based Servicing Logs located on %windir%\Logs\CBS{Computername}_CBS*.log
DPX Setup Act log located on %windir%\logs\DPX{Computername}_setupact.log"
Pending Operations Queue Exec log located on %windir%\winsxs{Computername}_poqexec.log
Windows Side-by-Side Pending Bad log located on %windir%\ winsxs{Computername}_pending.xml.bad
Windows Side-by-Side Pending log located on %windir%\ winsxs{Computername}_pending.xml


ServerCore Installation Option Media
DescriptionFile Name
Installed roles and component (output from oclist.exe command){Computername}_OCList*.log
Windows Update, Remote Desktop and other information configured by scregedit.wsf script{Computername}_Scregedit.txt


Domain Controllers
Description       File Name
Domain Controller promotion debug log from \Windows\debug folder{Computername}_DCPromo.log


Networking Related Information
DescriptionFile Name
Networking Setup/ information about the attempts to join domains{Computername}_netsetup.log
Current configuration settings for Network Access Protection (NAP) via ‘netsh nap client export’ command{Computername}_NapClient-Export.xml
Network Access Protection (NAP) client information via ‘netsh nap client’ context output{Computername}_NapClient-Netsh.txt
Windows Firewall with Advanced Security general information via ‘netsh advfirewall show’ context output{Computername}_Firewall-Netsh-AdvFw.txt
Windows Firewall with Advanced Security computer security connection rules via ‘netsh advfirewall consec’ context output{Computername}_Firewall-Netsh-AdvFw-ConSec-Rules.txt
Windows Firewall with Advanced Security firewall rules via ‘netsh advfirewall firewall’ context output{Computername}_Firewall-Netsh-AdvFw-Fw-Rules.txt
Information about current Firewall policy via ‘netsh advfirewall export’ command{Computername}_Firewall-Netsh-AdvFw-Export.wfw
Hypertext Transfer Protocol (HTTP) service information via ‘netsh http’ context output{Computername}_Http-Netsh.txt
Network Input Output (NETIO) binding filters via ‘netsh netio show bindingfilters’ command{Computername}_TCPIP-Netsh-NetIO.txt

Additional Information

In addition to the files collected and listed above, this SDP Manifest can detect one or more of the following situations:

·          Machine is running on a virtual environment

·          Presence of a machine memory dumps in the past 30 days

·          Presence of a user mode memory dumps  in the past 30 days

·          Problems related with machine memory dump configuration that could avoid a memory dump to be generated

·          Presence of services that could interfere on memory dump generation

·          Unexpected Shutdown Event Logs on System Log from past 30 days (Events 50 from EventLog)

·          Machine Memory Dump related event logs on System log from past 30 days (Events 1001 from Save Dump)

·          Srv related event logs 2020 and 2021 from the past 30 days

·          Processes with a higher number of handles (above 40,000 handles)

·          Machine has low number of System Page Entries (below 5,000)

·          Machine is in low available memory condition (Machine committed limit above 85%)

·          Any Kernel pool memory tag using more than 60% of all allocated memory.

·          Non-Supported version of a Service Pack

·          Non-Supported operating system versions

References
                                                                                                                           

KB 926079 - Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT)
http://support.microsoft.com/kb/926079