[SDP 3][5c130e43-65d0-441b-a990-03ca193f5bbc] DirectAccess Diagnostic

Applies to: Windows 7 EnterpriseWindows Server 2008 R2 EnterpriseWindows 8

Summary


The DirectAccess Diagnostic collects data that helps in troubleshooting DirectAccess issues.

More Information


The DirectAccess Diagnostic collects data either statically or interactively.

The Static Data Collection option collects static data configuration information.

The Interactive Data Collection option enables the user to collect data while the issue is reproduced. This option also collects static configuration data. Interactive data collection enables tracing together with the DirectAccess netsh trace scenario, netsh wfp capture logging, and other ETL logging or related components. 

Information that is collected


DirectAccess Diagnostic: Interactive Data Collection
DescriptionFile name
DirectAccess Scenario Tracing: The file "netshtrace.cab" contains the compressed version of netshtrace.etl and several other static files.
netshtrace.cab
DirectAccess Scenario Tracing: The file "netshtrace.etl" contains the ETL output from this command: "netsh.exe trace start scenario=DirectAccess tracefile=netshtrace.etl capture=yes"
netshtrace.etl
Kerberos ETL logging [DirectAccess Server option Only]
SecurityKerberos.etl
Microsoft-Windows-CAPI2/Operational
{ComputerName}__evt_*.*
NTLM ETL logging [DirectAccess Server option only]
SecurityNTLM.etl
OTP ETL logging [DirectAccess Client and Server; if OTP is enabled]
OTP.etl
Problem Steps Recorder output: The file "IssueSteps.zip" contains the output from Problem Steps Recorder (PSR.EXE).
IssueSteps.zip
WFP Tracing: The file "wfpdiag.cab" contains the output from this command: "netsh.exe wfp capture start"
wfpdiag.cab

Certificates information
DescriptionFile name
Certutil command to show certificates in the machine store: certutil -silent -store my
{ComputerName}_Certificates-machinestore.TXT
Certutil command to show certificates in the user store: certutil -silent -user -store my
{ComputerName}_Certificates-userstore.TXT
HKLM\SYSTEM\CurrentControlSet\services\CertPropSvc
HKLM\SYSTEM\CurrentControlSet\services\crypt32
HKLM\SYSTEM\CurrentControlSet\services\CryptSvc
HKLM\SYSTEM\CurrentControlSet\services\SCardSvr
HKLM\SYSTEM\CurrentControlSet\services\SCPolicySvc
{ComputerName}_Certificates_reg_.TXT
Microsoft-Windows-CAPI2/Operational
{ComputerName}__evt_*.*

DirectAccess Client
DescriptionFile name
Collects multiple registry key contents related to the DirectAccess client.
{ComputerName}_DirectAccessClient_reg_.TXT
DNS Client netsh show state (for DirectAccess): netsh dnsclient show state
{ComputerName}_DirectAccessClient_netsh_dnsclient-show-state.TXT
W8/WS2012 powershell output for the DirectAccess client.
{ComputerName}_DirectAccessClient_info_pscmdlets.TXT

DirectAccess Server
DescriptionFile name
HKLM\SOFTWARE\Policies\Microsoft\DirectAccess
HKLM\SOFTWARE\Policies\Microsoft\Windows\RemoteAccess
HKLM\System\CurrentControlSet\Services\RaMgmtSvc
HKLM\System\CurrentControlSet\Services\RemoteAccess
{ComputerName}_DirectAccessServer_reg_.TXT
Microsoft-Windows-RemoteAccess-MgmtClient/Operational
Microsoft-Windows-RemoteAccess-RemoteAccessServer/Admin
Microsoft-Windows-RemoteAccess-RemoteAccessServer/Operational
{ComputerName}__evt_*.*
W8/WS2012 powershell output for the DirectAccess Server
{ComputerName}_DirectAccessServer_info_pscmdlets.TXT

DNS Client
DescriptionFile name
Copies the Hosts file if it exists.
{ComputerName}_DnsClient_HostsFile.TXT
DNS Client - Hosts file from windir\system32\drivers\etc\Hosts
{ComputerName}_DnsClient_HostsFile.TXT
DNS Client netsh show state (for DirectAccess): netsh dnsclient show state
{ComputerName}_DnsClient_netsh_dnsclient-show-state.TXT
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient
HKLM\SYSTEM\CurrentControlSet\services\Dnscache
{ComputerName}_DnsClient_reg_.TXT
IP configuration from command: Ipconfig /displaydns
{ComputerName}_DnsClient_ipconfig-displaydns.TXT
Microsoft-Windows-DNS-Client/Operational
{ComputerName}__evt_*.*
W8/WS2012 powershell output for the DNS Client.
{ComputerName}_DnsClient_info_pscmdlets.TXT

Firewall
DescriptionFile name
Advfirewall ConSec Rules from command: netsh advfirewall consec show rule name=all
{ComputerName}_Firewall_netsh_advfirewall-consec-rules.TXT
Advfirewall Firewall Rules from command: netsh advfirewall firewall show rule name=all
{ComputerName}_Firewall_netsh_advfw-firewall-rules.TXT
Firewall Advfirewall from command: netsh advfirewall
{ComputerName}_Firewall_netsh_advfirewall.TXT
Firewall Export from command: netsh advfirewall export
{ComputerName}_Firewall_netsh_advfirewall-export.wfw
Firewall information from command: netsh firewall
{ComputerName}_Firewall_netsh.TXT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
HKLM\SYSTEM\CurrentControlSet\Services\BFE
HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT
HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
{ComputerName}_Firewall_reg_.TXT
Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity
Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose
Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose
{ComputerName}__evt_*.*
W8/WS2012 powershell output for the Firewall component
{ComputerName}_Firewall_info_pscmdlets.TXT

General information
DescriptionFile name
Basic System Information including computer name, service pack, computer model and processor name and speed
resultreport.xml

List of user SID, group memberships, and permissions through the 'Whoami /all' output
{ComputerName}_Whoami.txt
Resultant Set of Policy (RSoP) generated by gpresult.exe utility
{ComputerName}_GPResult.*
System Information - MSInfo32 tool output
{ComputerName}_msinfo32.nfo
{ComputerName}_msinfo32.txt

Group Policy Client
DescriptionFile name
Microsoft-Windows-GroupPolicy/Operational
{ComputerName}__evt_*.*

HTTP
DescriptionFile name
HKLM\SYSTEM\CurrentControlSet\Services\HTTP
{ComputerName}_HTTP_reg_.TXT
HTTP information from netsh output
{ComputerName}_HTTP_netsh_output.TXT

Internet Explorer
DescriptionFile name
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
{ComputerName}_InternetExplorer_reg_output.TXT

IPsec
DescriptionFile name
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec
HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT
HKLM\SYSTEM\CurrentControlSet\Services\IPsec
HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent
{ComputerName}_IPsec_reg_.TXT
IPsec information from command: netsh dynamic show all
{ComputerName}_IPsec_netsh_dynamic.TXT
IPsec information from command: netsh ipsec static exportpolicy
{ComputerName}_IPsec_netsh_LocalPolicyExport.ipsec
IPsec information from command: netsh static show all
{ComputerName}_IPsec_netsh_static.TXT
W8/WS2012 powershell output for the IPsec.
{ComputerName}_IPsec_info_pscmdlets.TXT

Kerberos tickets and TGT
DescriptionFile name
Kerberos Information from klist.exe output
{ComputerName}_Kerberos_klist.txt

NAP Client
DescriptionFile name
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Security Center
HKLM\SOFTWARE\Policies\Microsoft\NetworkAccessProtection
HKLM\System\CurrentControlSet\Services\napagent
{ComputerName}_NapClient_reg_.TXT
Microsoft-Windows-NetworkAccessProtection/Operational
Microsoft-Windows-NetworkAccessProtection/WHC
{ComputerName}__evt_*.*
NAP Client information from netsh output
{ComputerName}_NapClient_netsh_output.TXT

NAP Server
DescriptionFile name
HKLM\SOFTWARE\Microsoft\NapServer
{ComputerName}_NapServer_reg_.TXT
Microsoft-Windows-MSSHAV-SHV/Operational
{ComputerName}__evt_*.*

Network adapters
DescriptionFile name
W8/WS2012 powershell output for Network Adapter information
{ComputerName}_NetworkAdapters_info_pscmdlets.TXT

Network connections
DescriptionFile name
HKLM\SYSTEM\CurrentControlSet\services\Netman
{ComputerName}_NetworkConnections_reg_.TXT
W8/WS2012 powershell output for Network Connections
{ComputerName}_NetworkConnections_info_pscmdlets.TXT

Network LBFO
DescriptionFile name
W8/WS2012 powershell output for Network LBFO
{ComputerName}_NetworkLBFO.TXT

Network list
DescriptionFile name
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList
HKLM\SYSTEM\CurrentControlSet\services\netprofm
{ComputerName}_NetworkList_reg_.TXT
Microsoft-Windows-NetworkProfile/Operational
{ComputerName}__evt_*.*

Network Location Awareness
DescriptionFile name
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc
{ComputerName}_NetworkLocationAwareness_reg_.TXT
Microsoft-Windows-NlaSvc/Operational
{ComputerName}__evt_*.*

Network Store Interface
DescriptionFile name
HKLM\SYSTEM\CurrentControlSet\services\nsi
HKLM\SYSTEM\CurrentControlSet\services\nsiproxy
{ComputerName}_NetworkStoreInterface_reg_.TXT

NLB
DescriptionFile name
HKLM\SYSTEM\CurrentControlSet\services\WLBS
{ComputerName}_NLB_reg_.TXT
NLB display information from nlb.exe output
{ComputerName}_NLB_nlb-display.txt
NLB query information from nlb.exe output
{ComputerName}_NLB_nlb-query.txt
W8/WS2012 powershell output for NLB
{ComputerName}_NLB_info_pscmdlets.TXT

Proxy configuration
DescriptionFile name
Copies PAC files from Internet Explorer locations
Firewall Client Proxy Configuration (ISA/TMG)
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Network Isolation Policy registry information
WinHTTP Proxy Configuration: netsh winhttp show proxy

TCPIP
DescriptionFile name
HKLM\SOFTWARE\Policies\Microsoft\Windows\TCPIP
HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc
HKLM\SYSTEM\CurrentControlSet\services\TCPIP
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6
HKLM\SYSTEM\CurrentControlSet\Services\tcpipreg
{ComputerName}_TCPIP_reg_output.TXT
Microsoft-Windows-Iphlpsvc/Operational
{ComputerName}__evt_*.*
TCP OFFLOAD information from netstat output
{ComputerName}_TCPIP_OFFLOAD.TXT
TCPIP information from commands like hostname, ipconfig, route, netstat, and so on
{ComputerName}_TCPIP_info.TXT
TCPIP information from netsh output
{ComputerName}_TCPIP_netsh_info.TXT
TCPIP services file that is located at: windir\system32\drivers\etc\services
{ComputerName}_TCPIP_ServicesFile.TXT
W8/WS2012 powershell output for TCPIP
{ComputerName}_TCPIP_info_pscmdlets_net.TXT

WinHTTP
DescriptionFile name
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKLM\System\CurrentControlSet\Services\WinHttpAutoProxySvc
{ComputerName}_WinHTTP_reg_output.TXT
WinHTTP proxy settings from command: netsh winhttp show proxy
{ComputerName}_WinHTTP_netsh_proxy-settings.txt
WinHTTP proxy settings from proxycfg.exe output
{ComputerName}_WinHTTP_proxycfg.txt

WinSock
DescriptionFile name
Microsoft-Windows-Winsock-AFD/Operational
Microsoft-Windows-Winsock-WS2HELP/Operational
{ComputerName}__evt_*.*
HKLM\SYSTEM\CurrentControlSet\services\AFD
HKLM\SYSTEM\CurrentControlSet\services\WinSock
HKLM\SYSTEM\CurrentControlSet\services\WinSock2
Registry Information for WinSock and AFD:
{ComputerName}_WinSock_reg_.TXT
Winsock information from netsh winsock output
{ComputerName}_WinSock_netsh.TXT


In addition to collecting the information that is described earlier, this diagnostic package can detect one or more of the following symptoms:

  • Event logs messages
  • Whether a %Component% Event Trace Log file was collected

References

For more information about the Microsoft Automated Troubleshooting Services and about the Support Diagnostics Platform, please see the following Microsoft Knowledge Base article:  

2598970 Information about Microsoft Automated Troubleshooting Services and Support Diagnostic Platform