How to get network captures from a task sequence in Windows PE

Velja za: Microsoft System Center 2012 R2 Configuration ManagerMicrosoft System Center 2012 R2 Configuration Manager Service Pack 1System Center Configuration Manager (current branch)


Microsoft Support sometimes asks customers to capture a network trace when a Configuration Manager task sequence fails and returns a network error. Usually, we request that you capture a network trace by configuring port mirroring on the LAN switch or you capture a network trace on a Virtual Machine (VM) host, if the issue can be reproduced by a VM.

It’s difficult to capture a network trace in a Windows Preinstallation Environment (Windows PE), as the Netsh command doesn’t support tracing in Windows PE. Additionally, you can't bind to any network adapter if you just copy and then run the Network Monitor command in Windows PE.

More information

To capture a network trace in a Windows PE environment, follow these steps:

  1. Extract the Network Monitor setup file to a local folder, and then extract the Netmon.msi by using Msiexec.exe.

    Figure 1

  2. In the extracted files, find the Network Monitor driver files Netnm3.inf and Nm3.sys.

    Figure 2

  3. Mount the boot image source file and inject the driver Netnm3.inf into it. Be aware that the image file is the original source image, not the file that has a package ID.

    Figure 3

  4. Copy the Microsoft Network Monitor 3 folder from the extracted Network Monitor files to the <Image_MountDir> folder. The Microsoft Network Monitor 3 folder contains all the executables (.exe) that are needed to install and run Network Monitor 3.4.

    Figure 4

  5. Copy Nm3.sys to the following folders. Only the SYSTEM account has write permission. Therefore, you have to use Psexec.exe to start a command prompt with SYSTEM context.

    • <Image MountDir>\Windows\System32\drivers

    • <Image MountDir>\Windows\System32\DriverStore\FileRepository\netnm3.inf_amd64_ddce99a12d11c79a

  6. Unmount and then commit the Windows PE image. Add the boot image in the Configuration Manager console or update distribution point if you're editing an existing boot image.

    Figure 6

  7. Start the computer from PXE or boot media. After the boot image is loaded, press F8 and execute the following commands in the Microsoft Network Monitor 3 folder. The first command will bind the Network Monitor driver to the network adapter.

    Figure 7

You can now create a new trace file and start capturing. The parsers aren't available. However, you can save the trace after the issue is reproduced and the trace can be analyzed on another computer.