[SDP 3][d04d6306-88c6-440a-abba-ec841fc3ea49] Microsoft Exchange Server Diagnostic

Applies to: Exchange Server 2016 Enterprise EditionExchange Server 2016 Standard EditionExchange Server 2013 Standard Edition


The Microsoft Exchange Server Diagnostic collects comprehensive information to help you troubleshoot issues with Microsoft Exchange Server 2013 or 2016.

More Information

This article describes information that the Microsoft Exchange Server Diagnostic may collect from your computer. This article also describes the names of the output files.  

Note The information that is collected depends on the installed roles, features, and configuration.

Information that is collected

Exchange Server and organization baseline
DescriptionFile name
All Exchange Servers - Versions and Roles
Get-ExchangeCertificate cmdlet output
Get-ExchangeServer cmdlet output
Get-PowerShellVirtualDirectory cmdlet output
Get-MalwareFilteringServer cmdlet output
Get-OrganizationConfig cmdlet output
Get-UserPrincipalNamesSuffix cmdlet output
Get-WorkloadManagementPolicy cmdlet output
Get-WorkloadPolicy cmdlet output
Get-ResourcePolicy cmdlet output
Get-SiteMailboxProvisioningPolicy cmdlet output
Get-AcceptedDomain cmdlet output
Get-RemoteDomain cmdlet output
Get-EmailAddressPolicy cmdlet output
Get-SendConnector cmdlet output
Get-EdgeSubscription cmdlet output
Get-EdgeSyncServiceConfig cmdlet output
Get-DataClassification cmdlet output
Get-DlpPolicyTemplate cmdlet output
Get-DlpPolicy cmdlet output
Get-MalwareFilterPolicy cmdlet output
Get-PolicyTipConfig cmdlet output
Get-AvailabilityAddressSpace cmdlet output
Get-AvailabilityConfig cmdlet output
Get-ThrottlingPolicy cmdlet output
Get-ActiveSyncMailboxPolicy cmdlet output
Get-ActiveSyncDeviceAutoblockThreshold cmdlet output
Get-MobileDeviceMailboxPolicy cmdlet output
Get-OutlookProvider cmdlet output
Get-App cmdlet output
Get-UMDialPlan cmdlet output
Get-UMHuntGroup cmdlet output
Get-UMMailboxPolicy cmdlet output
Get-UMAutoAttendant cmdlet output
Get-UMDialPlan (InCountryOrRegionGroups) cmdlet output
Get-UMDialPlan (ConfiguredInternationalGroups) cmdlet output
Get-UMAutoAttendant (BusinessHoursKeyMapping) cmdlet output
Get-UMAutoAttendant (AfterHoursKeyMapping) cmdlet output
Get-FederationTrust cmdlet output
Test-FederationTrustCertificate cmdlet output
Get-FederatedOrganizationIdentifier cmdlet output
Get-OrganizationRelationship cmdlet output

Exchange Server IIS information
DescriptionFile name
IIS W3SVC Logs for each site from the past three days  <computer_name>_W3SVC[n]LogFiles.zip

Exchange Mailbox Server role
DescriptionFile name
Get-MailboxServer cmdlet output
Get-MailboxDatabase cmdlet output for each database on server <computer_name>_DBMb_[mailboxDatabase.Name]*.txt
Get-ChildItem -Path output for each database file path <computer_name>_DBMb_[mailboxDatabase.Name]_EDBFilePath_Contents*.txt
Get-ChildItem -Path output for each database log folder path <computer_name>_DBMb_[mailboxDatabase.Name]_LogFolderPath*.txt
Get-DatabaseAvailabilityGroup cmdlet output
Get-DatabaseAvailabilityGroupNetwork cmdlet output
Get-MailboxDatabaseCopyStatus cmdlet output
Get-StoreUsageStatistics cmdlet output
Get-PopSettings cmdlet output
Get-ImapSettings cmdlet output
Get-OutlookAnywhere cmdlet output
Get-ActiveSyncVirtualDirectory cmdlet output
Get-AutodiscoverVirtualDirectory cmdlet output
Get-OabVirtualDirectory cmdlet output
Get-OwaVirtualDirectory cmdlet output
Get-EcpVirtualDirectory cmdlet output
Get-PowerShellVirtualDirectory cmdlet output
Get-WebServicesVirtualDirectory cmdlet output
HKLM: SOFTWARE\Microsoft\Rpc\RpcProxy registry key and subkey values <computer_name>_REG_RPCPROXY*.txt
RpcHttp logs from the previous one day <computer_name>_Logs_RpcHttp.zip
RPC Client Access logs from the past three days  <computer_name>_Logs_RPC Client Access.zip
AddressBook Service logs from the past three days  <computer_name>_Logs_AddressBook Service.zip
Update-HybridConfiguration logs from the previous one day <computer_name>_Logs_Update-HybridConfiguration.zip
Get-TransportService cmdlet output
Get-ReceiveConnector cmdlet output
Get-Queue cmdlet output
Get-MailboxTransportService cmdlet output
Get-TransportAgent cmdlet output
Get-TransportPipeline cmdlet output
Get-EdgeSyncServiceConfig cmdlet output
QueueViewer logs from the previous one day <computer_name>_Logs_QueueViewer.zip
MessageTracking logs from the past three days <computer_name>_Logs_MessageTracking.zip
BE_Routing logs from the previous one day <computer_name>_Logs_BE_Routing.zip
BE_Agent logs from the previous one day <computer_name>_Logs_BE_Agent.zip
Get-UMService cmdlet output

Failover cluster information
DescriptionFile name
Basic failover cluster information: This includes information from existing resources and groups. On operating systems that are earlier than Windows Server 2008 R2, the tool runs the clusmps.exe utility. On newer operating systems, the tool runs FailoverCluster Windows PowerShell cmdlets. resultreport.xml


General performance information
DescriptionFile name
Information about process and threads by using the pstat.exe tool <computer_name>_PStat.txt
Event log information
DescriptionFile name
Event log - Application: txt, csv, and evtx formats<computer_name>_evt_Application.*
Event log - System: txt, csv, and evtx formats<computer_name>_evt_System.*
Event logs - FailoverClustering*: txt, csv, and evtx formats<computer_name>_evt_FailoverClustering*.*
Event logs - Windows PowerShell: txt, csv, and evtx formats<computer_name>_evt_*PowerShell*.*
Event logs - Exchange*: txt, csv, and evtx formats<computer_name>_evt_*Exchange*.*
General registry data collection
DescriptionFile name
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
File version information (Chksym)
DescriptionFile name
File version information from %windir%\cluster\*.*
File version information from %windir%\system32\*.dll
File version information from %windir%\system32\*.exe
File version information from %windir%\system32\*.sys
File version information from %windir%\system32\drivers folder
File version information from %windir%\syswow64 folder and subfolders
File version information from %windir%\syswow64\drivers folder
File version information from <Program Files (x86)>\*.sys folder and subfolders
File version information from <Program Files (x86)>\*.sys folder and subfolders
File version information from %windir%\system32\Spool\*.*
File version information from %windir%\cluster\*.*
File version information from %ProgramFiles%\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.*
File version information from drivers that are currently running on the computer<computer_name>_sym_RunningDrivers.*
File version information from processes that are currently running on the computer<computer_name>_sym_Process.*

In addition to collecting the information that is described earlier, this diagnostic package can detect one or more of the following symptoms:
  • Check whether cluster groups are in Offline or Failed state
  • Check whether the state of one or more cluster nodes is down or paused
  • Check whether Cluster service is not running or offline
  • Check for Advanced Format Drives
  • Check for Native 4K drives on the system
  • Check whether KB 982018 is not installed or the files are outdated
  • Check for Active Directory Domain Services (AD DS) replication failures
  • Check AD DS for lingering objects
  • Check for AD DS replication errors
  • Check for potentially risky audit failure settings (CrashOnAuditFail)
  • Check for a possible Stop error caused by audit failure
  • Check for High CPU usage by Local Security Authority Subsystem Service (LSASS)
  • Check whether the SYSVOL and NETLOGON shares are missing on domain controller
  • Check for domain controller that is missing Rid Set reference attributes in AD DS
  • Check whether the domain controller points to itself for Domain Name System (DNS) exclusively
  • Check for USN Rollback
  • Check state of Intersite Messaging service.
  • Check whether the DFSR UpdateWorkerThreadCount setting is lower than 64
  • Check whether the IPv6 protocol was disabled on a domain controller
  • Check for Win32time configuration for time skew
  • Check for MaxConcurrentApi NTLM bottlenecks or delays
  • Check for Certificates that have Weak RSA Keys
  • Check whether the Cluster Name Object (CNO) exists and it is enabled in AD DS
  • Cluster Shared Volumes issues
  • Check for third-party virtualization solution from Xsigo
  • Check for LmCompatibilityLevel setting
  • Check firewall rules on cluster nodes that have IPv6 enabled
  • Check whether the FailoverCluster Crypto resource exists
  • Check for FailoverCluster missing dependent resources
  • Check whether PMTU was disabled on computer
  • Check for unexpected TCP/IP registry settings (KB 967224)
  • Check whether Opportunistic Locking is disabled
  • Check for too many 6to4 adapters, which may result in decreased startup and logon performance
  • Check whether the Tunnel.sys driver is missing a Windows Server 2008 R2 Server Core installation option
  • Check whether the InfoCacheLevel setting is configured to enable caching for all files and folders
  • Check for processes that use many handles
  • Check for possible Kernel Memory performance-related problem
  • Check for low System PTEs
  • Check for low Virtual Memory
  • Check whether Appsense EM 8.1 is installed on the computer.
  • Check for large number of Inactive Terminal Services ports
  • Check whether the Registry Size Limit setting is present on the system
  • Check the PoolUsageMaximum Setting
  • Check for shared PST files
  • Check for McAfee Endpoint Encryption version, which may cause slow startup issues
  • Check for terminal services licensing binary versions for Windows Server 2003
  • Check for a specific version of SEP that may cause handle leak
  • Check RPC settings that allow for unauthenticated sessions
  • Check for Performance counters to determine whether there is an issue with NTFS metafile cache memory consumption
  • Check for the ProcessorAffinityMask setting for multiprocessor Windows Server 2003 computers
  • Check the ClearPageFileAtShutdown setting, which may cause slow shutdown
  • Check for the NMICrashDump setting on HP ProLiant DL385 G5
  • Check the state of the Search Service when Lenovo Rapid Boot Software is installed
  • Check pool memory that is allocated for "D2d" tag
  • Check pool memory that is allocated for "RxM4" and "SeTI" tag
  • Check pool memory that is allocated for "SslC" tag
  • Check pool memory that is allocated for "Toke" tag on terminal services
  • Check for older versions of MPIO.SYS
  • Check for Broadcom Advanced Server Program driver information
  • Check for Aladdin Knowledge Systems Device Drivers
  • Check the state of the Application Compatibility Engine
  • Check pool memory usage from Citrix XTE process
  • Check whether the Users group has permissions under HKCR\CLSID
  • Check HeapDecommitFreeBlockThreshold registry value
  • Check whether the Wsftpsi.dll file causes Windows Explorer crashes
  • Check the Netapi32.dll file version
  • Check for Symantec Endpoint Protection MR1/MR2
  • Check for Symantec Intrusion Protection System (IPS) driver
  • Check whether the EMC Replistor Software is installed on the computer and whether the hotfix that is described in article KB 975759 is not installed
  • Check for unsupported versions of Windows Vista or Windows Server 2008
  • Check whether DEP and PAE are enabled on a 32-bit system
  • Check whether Ultimaco Safeware disk encryption is installed and the current version
  • Check whether the Telnet service is running under System account
  • Check for known issue with BIOS version of PowerEdge R910, R810, and M910
  • Check the value of "SystemPages" in Memory Management registry key


For more information about the Microsoft Automated Troubleshooting Services and about the Support Diagnostics Platform, please go to the following Microsoft Knowledge Base article:

2598970 Information about Microsoft Automated Troubleshooting Services and Support Diagnostic Platform