[SDP 3][d04d6306-88c6-440a-abba-ec841fc3ea49] Microsoft Exchange Server Diagnostic

Applies to: Exchange Server 2016 Enterprise EditionExchange Server 2016 Standard EditionExchange Server 2013 Standard Edition

Summary


The Microsoft Exchange Server Diagnostic collects comprehensive information to help you troubleshoot issues with Microsoft Exchange Server 2013 or 2016.

More Information


This article describes information that the Microsoft Exchange Server Diagnostic may collect from your computer. This article also describes the names of the output files.  

Note The information that is collected depends on the installed roles, features, and configuration.

Information that is collected

Exchange Server and organization baseline
DescriptionFile name
All Exchange Servers - Versions and Roles
<computer_name>_AllExchangeServers*.txt
Get-ExchangeCertificate cmdlet output
<computer_name>_ExchangeCertificate*.txt
Get-ExchangeServer cmdlet output
<computer_name>_ExchangeServer*.txt
Get-PowerShellVirtualDirectory cmdlet output
<computer_name>_PowerShellVirtualDirectory*.txt
Get-MalwareFilteringServer cmdlet output
<computer_name>_MalwareFilteringServer*.txt
Get-OrganizationConfig cmdlet output
<computer_name>_OrganizationConfig*.txt
Get-UserPrincipalNamesSuffix cmdlet output
<computer_name>_UserPrincipalNamesSuffix*.txt
Get-WorkloadManagementPolicy cmdlet output
<computer_name>_WorkloadManagementPolicy*.txt
Get-WorkloadPolicy cmdlet output
<computer_name>_WorkloadPolicy*.txt
Get-ResourcePolicy cmdlet output
<computer_name>_ResourcePolicy*.txt
Get-SiteMailboxProvisioningPolicy cmdlet output
<computer_name>_SiteMailboxProvisioningPolicy.txt
Get-AcceptedDomain cmdlet output
<computer_name>_AcceptedDomain*.txt
Get-RemoteDomain cmdlet output
<computer_name>_RemoteDomain*.txt
Get-EmailAddressPolicy cmdlet output
<computer_name>_EmailAddressPolicy*.txt
Get-SendConnector cmdlet output
<computer_name>_SendConnector*.txt
Get-EdgeSubscription cmdlet output
<computer_name>_EdgeSubscription*.txt
Get-EdgeSyncServiceConfig cmdlet output
<computer_name>_EdgeSyncServiceConfig*.txt
Get-DataClassification cmdlet output
<computer_name>_DataClassification*.txt
Get-DlpPolicyTemplate cmdlet output
<computer_name>_DlpPolicyTemplate*.txt
Get-DlpPolicy cmdlet output
<computer_name>_DlpPolicy*.txt
Get-MalwareFilterPolicy cmdlet output
<computer_name>_MalwareFilterPolicy*.txt
Get-PolicyTipConfig cmdlet output
<computer_name>_PolicyTipConfig*.txt
Get-AvailabilityAddressSpace cmdlet output
<computer_name>_AvailabilityAddressSpace*.txt
Get-AvailabilityConfig cmdlet output
<computer_name>_AvailabilityConfig*.txt
Get-ThrottlingPolicy cmdlet output
<computer_name>_ThrottlingPolicy*.txt
Get-ActiveSyncMailboxPolicy cmdlet output
<computer_name>_ActiveSyncMailboxPolicy*.txt
Get-ActiveSyncDeviceAutoblockThreshold cmdlet output
<computer_name>_ActiveSyncDeviceAutoblockThreshold*.txt
Get-MobileDeviceMailboxPolicy cmdlet output
<computer_name>_MobileDeviceMailboxPolicy*.txt
Get-OutlookProvider cmdlet output
<computer_name>_OutlookProvider*.txt
Get-App cmdlet output
<computer_name>_App*.txt
Get-UMDialPlan cmdlet output
<computer_name>_UMDialPlan*.txt
Get-UMHuntGroup cmdlet output
<computer_name>_UMHuntGroup*.txt
Get-UMMailboxPolicy cmdlet output
<computer_name>_UMMailboxPolicy*.txt
Get-UMAutoAttendant cmdlet output
<computer_name>_UMAutoAttendant*.txt
Get-UMDialPlan (InCountryOrRegionGroups) cmdlet output
<computer_name>_UMDialPlan_[DialPlan.Name]_CountryOrRegionGroups.txt
Get-UMDialPlan (ConfiguredInternationalGroups) cmdlet output
<computer_name>_UMDialPlan_[DialPlan.Name]_InternationalGroups.txt
Get-UMAutoAttendant (BusinessHoursKeyMapping) cmdlet output
<computer_name>_UMAutoAttendant_[UMAutoAttendant.Name]_BusinessHoursKeyMapping.txt
Get-UMAutoAttendant (AfterHoursKeyMapping) cmdlet output
<computer_name>_UMAutoAttendant_[UMAutoAttendant.Name]_AfterHoursKeyMapping.txt
Get-FederationTrust cmdlet output
<computer_name>_FederationTrust*.txt
Test-FederationTrustCertificate cmdlet output
<computer_name>_FederationTrustCertificate*.txt
Get-FederatedOrganizationIdentifier cmdlet output
<computer_name>_FederatedOrganizationIdentifier*.txt
Get-OrganizationRelationship cmdlet output
<computer_name>_OrganizationRelationship*.txt

Exchange Server IIS information
DescriptionFile name
IIS W3SVC Logs for each site from the past three days  <computer_name>_W3SVC[n]LogFiles.zip

Exchange Mailbox Server role
DescriptionFile name
Get-MailboxServer cmdlet output
<computer_name>_MailboxServer*.txt
Get-MailboxDatabase cmdlet output for each database on server <computer_name>_DBMb_[mailboxDatabase.Name]*.txt
Get-ChildItem -Path output for each database file path <computer_name>_DBMb_[mailboxDatabase.Name]_EDBFilePath_Contents*.txt
Get-ChildItem -Path output for each database log folder path <computer_name>_DBMb_[mailboxDatabase.Name]_LogFolderPath*.txt
Get-DatabaseAvailabilityGroup cmdlet output
<computer_name>_DAG_[DAG.Name]*.txt
Get-DatabaseAvailabilityGroupNetwork cmdlet output
<computer_name>_DAGNetworks*.txt
Get-MailboxDatabaseCopyStatus cmdlet output
<computer_name>_MailboxDatabaseCopyStatus*.txt
Get-StoreUsageStatistics cmdlet output
<computer_name>_StoreUsageStatistics*.txt
Get-PopSettings cmdlet output
<computer_name>_PopSettings*.txt
Get-ImapSettings cmdlet output
<computer_name>_ImapSettings*.txt
Get-OutlookAnywhere cmdlet output
<computer_name>_OutlookAnywhere*.txt
Get-ActiveSyncVirtualDirectory cmdlet output
<computer_name>_ActiveSyncVirtualDirectory*.txt
Get-AutodiscoverVirtualDirectory cmdlet output
<computer_name>_AutodiscoverVirtualDirectory*.txt
Get-OabVirtualDirectory cmdlet output
<computer_name>_OabVirtualDirectory*.txt
Get-OwaVirtualDirectory cmdlet output
<computer_name>_OwaVirtualDirectory*.txt
Get-EcpVirtualDirectory cmdlet output
<computer_name>_EcpVirtualDirectory*.txt
Get-PowerShellVirtualDirectory cmdlet output
<computer_name>_PowerShellVirtualDirectory*.txt
Get-WebServicesVirtualDirectory cmdlet output
<computer_name>_WebServicesVirtualDirectory*.txt
HKLM: SOFTWARE\Microsoft\Rpc\RpcProxy registry key and subkey values <computer_name>_REG_RPCPROXY*.txt
RpcHttp logs from the previous one day <computer_name>_Logs_RpcHttp.zip
RPC Client Access logs from the past three days  <computer_name>_Logs_RPC Client Access.zip
AddressBook Service logs from the past three days  <computer_name>_Logs_AddressBook Service.zip
Update-HybridConfiguration logs from the previous one day <computer_name>_Logs_Update-HybridConfiguration.zip
Get-TransportService cmdlet output
<computer_name>_TransportService*.txt
Get-ReceiveConnector cmdlet output
<computer_name>_ReceiveConnector*.txt
Get-Queue cmdlet output
<computer_name>_Queue*.txt
Get-MailboxTransportService cmdlet output
<computer_name>_MailboxTransportService*.txt
Get-TransportAgent cmdlet output
<computer_name>_TransportAgent*.txt
Get-TransportPipeline cmdlet output
<computer_name>_TransportPipeline*.txt
Get-EdgeSyncServiceConfig cmdlet output
<computer_name>_EdgeSyncServiceConfig*.txt
QueueViewer logs from the previous one day <computer_name>_Logs_QueueViewer.zip
MessageTracking logs from the past three days <computer_name>_Logs_MessageTracking.zip
BE_Routing logs from the previous one day <computer_name>_Logs_BE_Routing.zip
BE_Agent logs from the previous one day <computer_name>_Logs_BE_Agent.zip
Get-UMService cmdlet output
<computer_name>_UMService*.txt

Failover cluster information
DescriptionFile name
Basic failover cluster information: This includes information from existing resources and groups. On operating systems that are earlier than Windows Server 2008 R2, the tool runs the clusmps.exe utility. On newer operating systems, the tool runs FailoverCluster Windows PowerShell cmdlets. resultreport.xml

<computer_name>_cluster_mps_information.txt

General performance information
DescriptionFile name
Information about process and threads by using the pstat.exe tool <computer_name>_PStat.txt
Event log information
DescriptionFile name
Event log - Application: txt, csv, and evtx formats<computer_name>_evt_Application.*
Event log - System: txt, csv, and evtx formats<computer_name>_evt_System.*
Event logs - FailoverClustering*: txt, csv, and evtx formats<computer_name>_evt_FailoverClustering*.*
Event logs - Windows PowerShell: txt, csv, and evtx formats<computer_name>_evt_*PowerShell*.*
Event logs - Exchange*: txt, csv, and evtx formats<computer_name>_evt_*Exchange*.*
General registry data collection
DescriptionFile name
HKLM\Software\Microsoft\Windows\CurrentVersion
<computer_name>_reg_CurrentVersion.txt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
<computer_name>_reg_Uninstall.txt
HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions
<computer_name>_reg_ProductOptions.txt
HKLM\System\CurrentControlSet\Control\CrashControl
<computer_name>_reg_Recovery.txt
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
<computer_name>_reg_Startup.txt
HKLM\SYSTEM\CurrentControlSet\Control\Print
<computer_name>_reg_Print.txt
HKCU\Software\Policies
<computer_name>_reg_Policies.txt
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation
<computer_name>_reg_TimeZone.txt
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
<computer_name>_reg_TimeZone.txt
File version information (Chksym)
DescriptionFile name
File version information from %windir%\cluster\*.*
<computer_name>_sym_ProgramFiles_sys.*
File version information from %windir%\system32\*.dll
<computer_name>_sym_System32_dll.*
File version information from %windir%\system32\*.exe
<computer_name>_sym_System32_exe.*
File version information from %windir%\system32\*.sys
<computer_name>_sym_System32_sys.*
File version information from %windir%\system32\drivers folder
<computer_name>_sym_Drivers.*
File version information from %windir%\syswow64 folder and subfolders
<computer_name>_sym_SysWOW64_sys.*
File version information from %windir%\syswow64\drivers folder
<computer_name>_sym_SysWOW64_sys.*
File version information from <Program Files (x86)>\*.sys folder and subfolders
<computer_name>_sym_ProgramFilesx86_sys.*
File version information from <Program Files (x86)>\*.sys folder and subfolders
<computer_name>_sym_ProgramFiles_sys.*
File version information from %windir%\system32\Spool\*.*
<computer_name>_sym_PrintSpooler.*
File version information from %windir%\cluster\*.*
<computer_name>_sym_Cluster.*
File version information from %ProgramFiles%\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.*
<computer_name>_sym_MS_iscsi.*
File version information from drivers that are currently running on the computer<computer_name>_sym_RunningDrivers.*
File version information from processes that are currently running on the computer<computer_name>_sym_Process.*


In addition to collecting the information that is described earlier, this diagnostic package can detect one or more of the following symptoms:
  • Check whether cluster groups are in Offline or Failed state
  • Check whether the state of one or more cluster nodes is down or paused
  • Check whether Cluster service is not running or offline
  • Check for Advanced Format Drives
  • Check for Native 4K drives on the system
  • Check whether KB 982018 is not installed or the files are outdated
  • Check for Active Directory Domain Services (AD DS) replication failures
  • Check AD DS for lingering objects
  • Check for AD DS replication errors
  • Check for potentially risky audit failure settings (CrashOnAuditFail)
  • Check for a possible Stop error caused by audit failure
  • Check for High CPU usage by Local Security Authority Subsystem Service (LSASS)
  • Check whether the SYSVOL and NETLOGON shares are missing on domain controller
  • Check for domain controller that is missing Rid Set reference attributes in AD DS
  • Check whether the domain controller points to itself for Domain Name System (DNS) exclusively
  • Check for USN Rollback
  • Check state of Intersite Messaging service.
  • Check whether the DFSR UpdateWorkerThreadCount setting is lower than 64
  • Check whether the IPv6 protocol was disabled on a domain controller
  • Check for Win32time configuration for time skew
  • Check for MaxConcurrentApi NTLM bottlenecks or delays
  • Check for Certificates that have Weak RSA Keys
  • Check whether the Cluster Name Object (CNO) exists and it is enabled in AD DS
  • Cluster Shared Volumes issues
  • Check for third-party virtualization solution from Xsigo
  • Check for LmCompatibilityLevel setting
  • Check firewall rules on cluster nodes that have IPv6 enabled
  • Check whether the FailoverCluster Crypto resource exists
  • Check for FailoverCluster missing dependent resources
  • Check whether PMTU was disabled on computer
  • Check for unexpected TCP/IP registry settings (KB 967224)
  • Check whether Opportunistic Locking is disabled
  • Check for too many 6to4 adapters, which may result in decreased startup and logon performance
  • Check whether the Tunnel.sys driver is missing a Windows Server 2008 R2 Server Core installation option
  • Check whether the InfoCacheLevel setting is configured to enable caching for all files and folders
  • Check for processes that use many handles
  • Check for possible Kernel Memory performance-related problem
  • Check for low System PTEs
  • Check for low Virtual Memory
  • Check whether Appsense EM 8.1 is installed on the computer.
  • Check for large number of Inactive Terminal Services ports
  • Check whether the Registry Size Limit setting is present on the system
  • Check the PoolUsageMaximum Setting
  • Check for shared PST files
  • Check for McAfee Endpoint Encryption version, which may cause slow startup issues
  • Check for terminal services licensing binary versions for Windows Server 2003
  • Check for a specific version of SEP that may cause handle leak
  • Check RPC settings that allow for unauthenticated sessions
  • Check for Performance counters to determine whether there is an issue with NTFS metafile cache memory consumption
  • Check for the ProcessorAffinityMask setting for multiprocessor Windows Server 2003 computers
  • Check the ClearPageFileAtShutdown setting, which may cause slow shutdown
  • Check for the NMICrashDump setting on HP ProLiant DL385 G5
  • Check the state of the Search Service when Lenovo Rapid Boot Software is installed
  • Check pool memory that is allocated for "D2d" tag
  • Check pool memory that is allocated for "RxM4" and "SeTI" tag
  • Check pool memory that is allocated for "SslC" tag
  • Check pool memory that is allocated for "Toke" tag on terminal services
  • Check for older versions of MPIO.SYS
  • Check for Broadcom Advanced Server Program driver information
  • Check for Aladdin Knowledge Systems Device Drivers
  • Check the state of the Application Compatibility Engine
  • Check pool memory usage from Citrix XTE process
  • Check whether the Users group has permissions under HKCR\CLSID
  • Check HeapDecommitFreeBlockThreshold registry value
  • Check whether the Wsftpsi.dll file causes Windows Explorer crashes
  • Check the Netapi32.dll file version
  • Check for Symantec Endpoint Protection MR1/MR2
  • Check for Symantec Intrusion Protection System (IPS) driver
  • Check whether the EMC Replistor Software is installed on the computer and whether the hotfix that is described in article KB 975759 is not installed
  • Check for unsupported versions of Windows Vista or Windows Server 2008
  • Check whether DEP and PAE are enabled on a 32-bit system
  • Check whether Ultimaco Safeware disk encryption is installed and the current version
  • Check whether the Telnet service is running under System account
  • Check for known issue with BIOS version of PowerEdge R910, R810, and M910
  • Check the value of "SystemPages" in Memory Management registry key

References

For more information about the Microsoft Automated Troubleshooting Services and about the Support Diagnostics Platform, please go to the following Microsoft Knowledge Base article:

2598970 Information about Microsoft Automated Troubleshooting Services and Support Diagnostic Platform