[SDP 5][903798d0-a2be-4b10-9395-628dfbcc98cd] SharePoint Administration 2010 Diagnostic Package (SPAdmin2010)

Summary
This SharePoint Administration 2010 Diagnostic is designed to detect certain problematic conditions that may exist in the configuration of Microsoft SharePoint Server 2010. The rules in this diagnostic package are limited to SharePoint Administration issues.

Important These problematic conditions are checked only on the server on which this diagnostic package is executed. To make sure that you have maximum coverage, we recommend that you run this diagnostic package on each computer in the Microsoft SharePoint 2010 farm.

Required permissions

The rules in the diagnostic package leverage the SharePoint PowerShell snap-in to gather information about the farm. Therefore, the account that is used to run this diagnostic package must either be the farm account or have been given the required permissions through the Add-SPShellAdmin command.

Note The farm account is the account under which the central administration application pool and the timer service are running.

Some rules in this diagnostic package also must have local server administrative privileges to leverage remote and local administrative tools and also to access secure system locations such as the registry. The following table can be used to reference the permissions that are required for each rule.

Permission codeDescriptionRequired permission
1Use SharePoint Windows PowerShell cmdlets to interact with the SharePoint farm.Farm administration
2Run queries against SharePoint databases.Farm administration
3Access server administrative tools.Server administrative
4Access files and other resources on the server.Server administrative
More information
DescriptionFile Name
This file contains the results of the diagnostic package. It lists all rules run on the system, along with the outcome of each.ResultReport.xml
These files are used to format the results in the ResultReport.xml file.Results.xsl, Results.xml
This file contains debug information generated during the execution of the diagnostic package. It also contains timings on each of the rules that are run.SPAdmin2010.0.debugreport.xml
This file contains additional debug information generated by the diagnostic package execution.Stdout.log
This file contains a summary of the specified SharePoint List or Library. The information in this file includes the following:

  • SPList Properties
  • Forms
  • Content Types
  • Views
  • Event Receivers
  • Workflow associations
%COMPUTERNAME%_xml_en-US_O14SP_ListInfoReport.xml

Configuration settings

Rule IDTitleRequired PermissionsDescription
78192395-6712-4093-9979-A699BF158D74Checks whether the 'debug=true' attribute is set in the Web.config file4http://msdn.microsoft.com/en-us/library/s10awwz0.aspx
94636052-E114-4773-AADC-E31AE6E34270All Central Administration servers in a farm should be in the same time zone1, 4http://support.microsoft.com/kb/2734729
36161129-FE9F-4B2A-89E5-0075B95C18D2All Timer Service servers in a farm should be in the same time zone1, 4http://support.microsoft.com/kb/2734729
2AFDF425-D3FE-410B-A952-9E6B1A6B71DBTimer service servers should be in the same time zone as the Central Administration servers1, 4http://support.microsoft.com/kb/2734729
8BFCA359-CAF2-4E5B-96B0-611E94E623BBVerifies that each AAM Url has a backing IIS site1http://support.microsoft.com/kb/2624320
2F38FD7A-DEED-4D54-8711-8E3DC2301EAADetects databases that require an upgrade1http://technet.microsoft.com/en-us/library/ff607813.aspx
0C4C7678-2A8C-C0DE-DE06-66E417008012Checks the SharePoint Configuration database for malformed XML properties in the Objects table2, 4
6A0085C3-4673-C0DE-DE05-4C8BC15F9F90Checks the system time differentiation between servers running SQL Server and SharePoint1, 2http://technet.microsoft.com/en-us/library/jj852172(v=ws.10).aspx
D86A3935-2BA6-C0DE-DE06-6D20320FCA74SharePoint service connection point4http://technet.microsoft.com/en-us/library/ff730261.aspx
33A8CA67-9771-C0DE-DE06-3FF3A4750358Checks CRL status4http://blogs.technet.com/b/lukeb/archive/2011/04/13/sharepoint-delays-crl.aspx
1748BEEC-7617-C0DE-DE06-9E1E2ED206B7An account is missing from 'Allow log on locally'1, 3http://technet.microsoft.com/library/cc756809.aspx
CD47EDC0-7D14-4F68-99D2-A423F858CAD9Check for SQL Native Client1, 4http://technet.microsoft.com/library/cc262485.aspx
F14DB2A3-737A-4884-A15E-08698481E180Check if a value exists for People Picker property SearchAD-CustomFilter1, 4http://technet.microsoft.com/library/f1d7a0d5-1f32-4d26-8ccf-cf090a44d93c(office.12).aspx
DDE88E63-BD4F-4FED-8338-488F6286AEADThe anonymous access account is not set to IUSR1http://support.microsoft.com/kb/2892419
45952226-46F1-4867-892D-22914259E9AASecurity Token Web Service does not exist1, 4http://support.microsoft.com/kb/2493524
9075ED01-1E56-461B-A8C2-F049CC13652DSecurity Token Service Application is not online1http://support.microsoft.com/kb/2493524
1D4CA0F6-2741-4432-9AAB-2B7DFD6D5F95Check if outgoing email server passes DNS check1, 4http://technet.microsoft.com/library/cc263462.aspx
B51C5DE1-C7AB-487B-9BE6-D151D656E07DCheck for multiple web app IIS bindings for PowerPivot1, 4http://support.microsoft.com/kb/2712071
E425A500-35ED-4FB5-8461-C4FD49031155Check the content database for orphaned objects1http://blogs.technet.com/b/nishants/archive/2014/03/23/detect-content-db-orphans-in-a-sharepoint-2010-farm-thru-windows-powershell-updated.aspx
3DDB2C1F-29E4-4035-BBAC-047A275FFAFFCheck if People Picker Hide Inactive Profiles is configured1
72A342A1-8B91-448F-8224-67DF9156665ACheck if ThreadingModel is set to Both for PhotoMetadataHandler4
7E7ACD48-5A3F-4090-B726-4FB4506E15F3Check if trust direction is outbound or bidirectional for people picker domain1
7E82BBA6-B63A-4A77-9532-003FC41B347ECheck if a trust exists for people picker domain1
7E9F40C4-D87A-49AA-9339-F0C4C6952D62Check trust type for people picker domain1

Lists and Libraries

Rule IDTitleRequired PermissionsDescription
e266385d-1cea-4b6a-b237-4eb4238d909bWebDav Module Installation Check1, 4http://support.microsoft.com/kb/2171959
9ECC571A-EBBA-C0DE-DE06-A0AE9B529E0BChecks for lists that have a large amount of unique permissions1, 2, 4http://technet.microsoft.com/en-us/library/cc262787.aspx
C9E7EAB2-95AD-C0DE-DE03-A25B245BE8FEMail enabled document libraries in SharePoint 2010 stop receiving emails2

Miscellaneous

Rule IDTitleRequired PermissionsDescription
5F9036B9-F302-46A0-8235-A73EA47B9434Permissions to access the local farm by using PowerShell commands1Checks the user's ability to execute SharePoint PowerShell commands and flags a warning if the user does not have the right access
8F1C132D-2656-4D8D-9E58-606C0F97B748Minimum requirement for hard disk space1http://technet.microsoft.com/en-us/library/cc262485.aspx
8F1C132D-2656-4D8D-9E58-606C0F97B748Minimum requirement for memory1http://technet.microsoft.com/en-us/library/cc262485.aspx
8F1C132D-2656-4D8D-9E58-606C0F97B748Minimum requirement for processors1http://technet.microsoft.com/en-us/library/cc262485.aspx
4B5F4EBB-2018-472F-9131-48A95A3A21FCDetect Disabled Timer service instances in the farm1http://support.microsoft.com/kb/2616609
C3B5E92C-4B76-4484-97CC-C3177230E2D6Verify the feature definition files for installed features1http://technet.microsoft.com/en-us/library/ff607680.aspx
EEA07685-E339-C0DE-DE07-9F7F97AC7E59Check the IIS web content directory location4http://support.microsoft.com/kb/2752331
373293CD-DB70-C0DE-DE06-67B4390EA0E6A SPTrustedIdentityTokenIssuer is missing its' signing certificate1
F7E69924-8D42-C0DE-DE07-729E25839D91Check for anonymous authentication on claims based web apps4
A5B94575-59C9-4EC4-993F-D97A175E97DAMisssing System.Web.SessionState.SessionStateModule type in modules section Central Admin web config4
4F51675D-8358-C0DE-DE06-E7074F5509BFChecks for orphaned databases in SharePoint1
6243EF65-5671-414E-B3A6-6C0CEC592C19Check if Immediate Alerts Timer job exists1
625B19AB-8053-491A-BE9F-DE008D2B1371Check if Immediate Alerts Timer job has ran within it's schedule1
626103B1-404A-4F6C-9CE5-6F5BF52DC53BCheck if Immediate Alerts Timer job schedule is changed from default1
6277E604-4ED0-4B2E-A02D-FF907EEFB952Check if Immediate Alerts Timer job is online and enabled1
D83259F4-E3EB-4DD4-A4CD-94B9320C2205Check if the Mail Drop Folder Exists1, 4http://technet.microsoft.com/library/cc263260.aspx
0C8C236A-C8B8-41EC-833A-F1D4D8C1DFA6Check if the SharePoint Farm account has modify permission on the mail drop folder1, 4http://technet.microsoft.com/library/cc263260.aspx
5CA37E4F-A28A-41A5-A978-569526064B53Check if SPIncomingEmailService is enabled 1http://technet.microsoft.com/library/cc263260.aspx
594146D1-5DFA-4B13-9E90-F5C19D26D47BCheck if Social Ribbon Control feature is enabled1http://technet.microsoft.com/library/ee721062.aspx
FF3E4AE6-3DCA-4B85-9F54-A0C4F60F04A7Check if People Picker Search Active Directory Domains passes nltest1

Network

Rule IDTitleRequired PermissionsDescription
9E8C354C-A794-46B5-B1F4-FB1D145AB3F3Check whether the winsock providers are out of order3http://support.microsoft.com/kb/2000689
897B47A4-6A14-472E-ABB3-203A7C9056E2Check whether the network driver is old or outdated3http://support.microsoft.com/kb/912222
46D2B3D6-C7BE-4A64-B68B-90A8F068F318Check whether the network driver settings are using Jumbo packets3
DEFF20EE-F55C-4837-9A93-04E52B28FC3ECheck for network chimney settings that may cause issues3http://support.microsoft.com/kb/951037
EC2FB075-DD02-4E4D-89AE-B260D3F34014Check whether DisableLoopbackCheck registry is set3http://support.microsoft.com/kb/926642

Security Information

Rule IDTitleRequired PermissionsDescription
E3BCD45E-00A6-43FB-A930-69800785987BChecks the local farm trust1http://support.microsoft.com/kb/2545744
071A5E86-5193-49C1-A332-C08FD5118238Checks Portal Super Reader Account Configuration for Claims Based Web Apps1http://technet.microsoft.com/en-us/library/ff758656.aspx
5EB2905F-7619-45F6-84B9-F7AE2FC4864AChecks Portal Super Reader Account Configuration1http://technet.microsoft.com/en-us/library/ff758656.aspx
823C65CF-D269-40DF-9930-8C871440A8CBVerifies PortalSuperUser has “Full Control” permission granted via Policy for Web App1http://technet.microsoft.com/en-us/library/ff758656.aspx
0D277B72-A1C3-4CC3-BC37-A2B19DEEA41ECheck the Web Application User Permissions1http://technet.microsoft.com/en-us/library/ff607719.aspx
19c5bfbd-6b69-40e6-bd5b-a97eac7d0088Check for proper configuration of identity impersonation in Web.config1, 4http://support.microsoft.com/kb/979917
B96C8475-21E0-4665-92A5-A0BA810A9CF5Required user is not permissioned on resource1, 4http://technet.microsoft.com/en-us/library/cc678863.aspx
3425a50a-cdd8-41d4-aa89-6512611e7e0fVerify that defaultProvider = "AspNetWindowsTokenRoleProvider" if roleManager enabled="true" for CA1, 4http://support.microsoft.com/kb/2735026
C7DE53F0-7538-4BB3-8D50-DAF3C04F9359Checks list items and folders that have possible security corruption1
E7C5D9F7-1A19-4AC3-BEDF-66258BFF2A40Checks lists that have possible security corruption1
85918AC8-EB49-4D1D-95E9-9AF33FDEDE3CChecks sites that have possible security corruption1
8E3CDA9D-7483-C0DE-DE06-EA3312D58D14Checks sync connection for 'Replicate Directory Changes' Permission1, 2http://technet.microsoft.com/library/ff182925.aspx#permission

Site Collections

Rule IDTitleRequired PermissionsDescription
33997564-C7FC-4DA8-8631-08A7EFF8FB84Site collection locks1, 2http://technet.microsoft.com/en-us/library/cc263238.aspx
78B579A4-E244-C0DE-DE06-9399DC13F645Checks each site collection on an anonymous web application for User Information Lists read security1, 2
92F80D4A-B6DD-C0DE-DE03-10D3089E03B8Checks if My sites is marked as provisioned1, 2http://support.microsoft.com/kb/2597150
FF28BD81-B366-4661-9692-23598AF85AC0Check for FBA addresses that contain an underscore (_) character1
4DBD513B-40A8-4771-B979-CE43E0A407A3Check if Self-Service Site Creation is enabled1http://technet.microsoft.com/library/cc261685(v=office.14).aspx

Patches / Updates

Rule IDTitleRequired PermissionsDescription
1527DE74-E3F0-424A-8F26-4388840CF33FCheck for KB9799174http://support.microsoft.com/kb/979917
F8F24452-E0E5-46BA-A38A-8FC9DB26B7EACheck for KB9823074http://support.microsoft.com/kb/982307

Web Applications

Rule IDTitleRequired PermissionsDescription
6e574b9b-17e5-4c62-bb33-634cf8061152IIS Handler Mapping Must Have Execute Permission1, 4http://support.microsoft.com/kb/2732632
31b72275-cea6-4430-93ef-62f9d14e400cRoot Site Collection is required1, 2http://support.microsoft.com/kb/2590564
db71eaad-ec6b-4eac-b741-1d7f0477fb78Browser File Handling is set to Strict1http://support.microsoft.com/kb/2661910
18198ECB-932D-4039-BFEB-999697462ADBA Web Applications ParserEnabled property must be set to True1, 2http://blogs.technet.com/b/yashgoel-msft/archive/2012/11/28/unable-to-re-use-saved-list-templates-in-sharepoint-2010.aspx
DABF4752-13C0-4970-931F-FCC8636B42B9Check for AllowAnonymousImpersonation for Forms Web Apps1, 4http://support.microsoft.com/kb/2686411
3B088E47-BD4E-4FBD-AA40-17194DA34A4ECheck Web Apps process account permissions on the My Site Web Application1
86729545-CCBC-483C-90B3-D6B53F5CB45DCheck for Server Name Indication on Web Apps1, 4
B88B6AD8-2368-4724-8447-1C62F931A521Check the default blocked file types1, 4http://technet.microsoft.com/library/cc262496.aspx
References
For more information about the Microsoft Support Diagnostic Tool, click the following article number to go to the article in the Microsoft Knowledge Base:
973559 Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT) when it is used with Windows 7 or Windows Server 2008 R2
Properties

Article ID: 2777962 - Last Review: 10/08/2015 02:27:00 - Revision: 49.0

Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2010, Microsoft SharePoint Server 2010 Service Pack 1

  • kbprosharepoint kbdiagnostics KB2777962
Feedback