[SDP 3][20d990f9-502e-4fa9-978d-e1601755f34a] Network Capture Diagnostic

Applies to: Windows 8Windows Server 2012 DatacenterWindows Server 2012 Datacenter

Summary


The Network Capture Diagnostic collects network captures by using either Network Monitor 3.4 or Netsh Trace (Netsh Trace is available only in Windows 7/Windows Server 2008 R2 and later versions). 

More Information


The Network Capture Diagnostic enables the user to select either Network Monitor 3.4 or Netsh Trace (in Windows 7/Windows Server 2008 R2 and later versions).

If Network Monitor 3.4 is selected, the user has the option of selecting a file save location and single or multiple output files. The single file option enables a file size choice of 250 megabytes (MB), 500 MB, or 750 MB. The multiple file option enables a choice of 5, 10, or 20 files of 150 MB each.

If Netsh Trace is selected, the user has the option of selecting a file save location and size of each single file. 

Information that is collected


File version information (Chksym)
DescriptionFile name
File version information from %ProgramFiles%\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.*
{ComputerName}_sym_MS_iscsi.*
File version information from %windir%\cluster\*.*
{ComputerName}_sym_ProgramFiles_sys.*
File version information from %windir%\cluster\*.*
{ComputerName}_sym_Cluster.*
File version information from %windir%\system32\*.dll
{ComputerName}_sym_System32_dll.*
File version information from %windir%\system32\*.exe
{ComputerName}_sym_System32_exe.*
File version information from %windir%\system32\*.sys
{ComputerName}_sym_System32_sys.*
File version information from %windir%\system32\drivers folder
{ComputerName}_sym_Drivers.*
File version information from %windir%\system32\Spool\*.*
{ComputerName}_sym_PrintSpooler.*
File version information from %windir%\syswow64 folder and subfolders
{ComputerName}_sym_SysWOW64_sys.*
File version information from %windir%\syswow64\drivers folder
{ComputerName}_sym_SysWOW64_sys.*
File version information from {Program Files (x86)}\*.sys folder and subfolders
{ComputerName}_sym_ProgramFilesx86_sys.*
File version information from {Program Files}\*.sys folder and subfolders
{ComputerName}_sym_ProgramFiles_sys.*
File version information from drivers currently running on the computer
{ComputerName}_sym_RunningDrivers.*
File version information from processes that are currently running on the computer
{ComputerName}_sym_Process.*

General information
DescriptionFile name
Basic system information. This includes computer name, service pack, computer model and processor name and speed.
resultreport.xml

List of installed updates and hotfixes {ComputerName}_Hotfixes.*
System information - MSInfo32 tool output
{ComputerName}_msinfo32.nfo
{ComputerName}_msinfo32.txt

Hyper-V role
DescriptionFile name
Hyper-V configuration and virtual machine information
{ComputerName}_HyperV-Info.HTM

IPv6Check
DescriptionFile name
Networking adapt configuration from WMI
{ComputerName}_Networking.TXT

IPv6To4Check
DescriptionFile name
IP configuration data from ipconfig command
{ComputerName}_Networking.TXT

Network Capture
DescriptionFile name
Netsh Trace: CAB
{ComputerName}_nettrace.cab
Netsh Trace: Network Capture (ETL)
{ComputerName}_nettrace.etl
Network capture information from nmcap.exe output
{ComputerName}_netcap.cap

Server manager and server roles information
DescriptionFile name
List of roles and features that are installed on server media (Windows Server 2008 R2 and newer)
resultreport.xml



In addition to collecting the information that is described earlier, this diagnostic package can detect one or more of the following symptoms:

  • Check DNS zones for top-level CNAME records
  • Windows Firewall start mode check
  • Windows Firewall Running check
  • IPv6 check
  • IPv6 6To4 interface check
  • Check whether there are more than 32GB of physical memory and whether operating system is Windows 2008 R2 Standard Edition
  • Check whether PMTU is disabled on computer
  • Check for unexpected TcpIp registry settings (KB 967224)
  • Check for excessive number of 6to4 adapters. This may result in decreased startup and logon performance.
  • Check whether Tunnel.sys driver is missing a Windows Server 2008 R2 Server Core installation option
  • Check for problems that are related Microsoft DHCP Relay Agent. This may cause slow restart (KB2459530).
  • Check HTTP redirection on TSGateway
  • Check whether the SMB2 Client driver is disabled.
  • Check whether the SMB2 Server driver is disabled.
  • Check whether Opportunistic Locking is disabled
  • Check whether InfoCacheLevel setting is configured to enable caching for all files and folders
  • Check whether McAfee HIPS 7.0 is installed
  • Check whether there are any virtual machines that have high CPU usage
  • Check whether Dynamic Memory is enabled to one or more virtual machines
  • Check whether Dynamic Memory is enabled on one or more virtual machines with old Integration Services
  • Check for version mismatches of Integration Services
  • Check whether one or more virtual machines have virtual hard disks that are located on a disk that has Advanced Format Drives (512e disks)
  • Event logs messages
  • Virtualization environment

References

For more information about the Microsoft Automated Troubleshooting Services and about the Support Diagnostics Platform, please see the following Microsoft Knowledge Base article:  

2598970 Information about Microsoft Automated Troubleshooting Services and Support Diagnostic Platform