You are currently offline, waiting for your internet to reconnect

[SDP 5][88988f8f-d839-47df-ac7f-bf4d15b8b2e1] SharePoint Administration 2013 Diagnostic Package (SPAdmin2013)

This SharePoint Administration 2013 Diagnostic is designed to detect certain problematic conditions that may exist in the configuration of Microsoft SharePoint Server 2013. The rules in this diagnostic package are limited to SharePoint Administration issues.

Important These problematic conditions are checked only on the server on which this diagnostic package is executed. To make sure that you have maximum coverage, we recommend that you run this diagnostic package on every computer in the Microsoft SharePoint 2013 farm.

Required permissions

The rules in the diagnostic package use the Windows PowerShell snap-in for SharePoint to gather information about the farm. Therefore, the account that is used to run this diagnostic package must either be the farm account or have been given the required permissions through the Add-SPShellAdmin command. Note that the farm account is the account under which the central administration application pool and the timer service are running.

Some rules in this diagnostic package also must have local server administrative privileges to use remote and local administrative tools and to access secure system locations such as the registry. Use the following table to reference the permissions that are required for each rule.

Permission codeDescriptionRequired permission
1Use SharePoint Windows PowerShell cmdlets to interact with the SharePoint farm.Farm administration
2Run queries against SharePoint databases.Farm administration
3Access server administrative tools.Server administrative
4Access files and other resources on the server.Server administrative
More information
DescriptionFile Name
The results of the diagnostic package. It lists all rules run on the system, in addition to the outcome of each.ResultReport.xml
Used to format the results in the ResultReport.xml file.Results.xsl, Results.xml
Debug information generated during the execution of the diagnostic package. Also contains timings on each of the rules that are run.SPAdmin2013.0.debugreport.xml
Additional debug information generated by the diagnostic package execution.Stdout.log
Farm Environment Report generated from the server that this package was run on.FarmEnvironment.txt
This file contains SQL Server information from the SQL instance that hosts the SharePoint Configuration database. The information that is captured includes the following:
  • ProductVersion
  • ProductLevel
  • Edition
  • ServerName
  • InstanceName
  • MaxDegreeOfParallelism
  • LastUpdateDate
  • IsClustered
  • IsFullTextInstalled
  • IntegratedSecurity
Farm Information Report generated from the server that this package was run on.FarmInformation.txt
Details about Request Management Service.RequestManagement.txt
Details about SharePoint Caching configuration.SPCaching.txt
Application event logs.Application.csv (and .evtx)
Security event logs.Security.csv (and .evtx)
SharePoint event logs.SharePointProductsShared-Operational.csv (and .evtx)
General System event logs.System.csv (and .evtx)
Contains recent PSCDiagnostic
Timezone Synchronization Report.TimeZoneInfo.txt
Contains recent ULS logs (from only the server that this package was run on)
This is an xlst transform that formats the results in the %COMPUTERNAME%_SPSFarmReport_%LANG%_O15SP__%time%.xml file. SPSFarmReport.xslt
This file collects the SharePoint farm information. The information that is captured includes the following:
  • Farm general settings
  • Services on servers
  • Installed products on servers
  • Features on servers
  • Custom solutions
  • Service applications
  • Web applications
  • AAMs and authentication providers
  • Content databases
  • Content deployment
This file contains a summary of the specified SharePoint List or Library. The information in this file includes the following:
  • SPList Properties
  • Forms
  • Content Types
  • Views
  • Event Receivers
  • Workflow associations


Configuration settings

Rule IDTitleRequired PermissionsDescription
78192395-6712-4093-9979-A699BF158D74Checks whether the debug=true attribute is set in the Web.config file4
94636052-E114-4773-AADC-E31AE6E34270All Central Administration servers in a farm should be in the same time zone1, 4
36161129-FE9F-4B2A-89E5-0075B95C18D2All Timer Service servers in a farm should be in the same time zone1, 4
2AFDF425-D3FE-410B-A952-9E6B1A6B71DBTimer service servers should be in the same time zone as the Central Administration servers1, 4
8BFCA359-CAF2-4E5B-96B0-611E94E623BBVerifies that each AAM Url has a backing IIS Site1
2F38FD7A-DEED-4D54-8711-8E3DC2301EAADetects databases that require an upgrade1
5800DF39-1C51-463D-87DF-0EC1A37FC16EChecks for unsupported installation configurations in SharePoint 20131, 4
0C4C7678-2A8C-C0DE-DE06-66E417008012Checks the SharePoint Configuration database for malformed XML properties in the Objects table2, 4
6A0085C3-4673-C0DE-DE05-4C8BC15F9F90Checks the system time differentiation between servers running SQL Server and SharePoint1, 2
D86A3935-2BA6-C0DE-DE06-6D20320FCA74SharePoint service connection point4
33A8CA67-9771-C0DE-DE06-3FF3A4750358Checks CRL status4
1748BEEC-7617-C0DE-DE06-9E1E2ED206B7An account is missing from 'Allow log on locally'1, 3
DDE88E63-BD4F-4FED-8338-488F6286AEADThe anonymous access account is not set to IUSR1
45952226-46F1-4867-892D-22914259E9AASecurity Token Web Service does not exist1, 4
9075ED01-1E56-461B-A8C2-F049CC13652DSecurity Token Service Application is not online1
3DDB2C1F-29E4-4035-BBAC-047A275FFAFFCheck if People Picker Hide Inactive Profiles is configured1
72A342A1-8B91-448F-8224-67DF9156665ACheck if ThreadingModel is set to Both for PhotoMetadataHandler4

Data Collection

Name / Rule IDDescription
System InformationBasic System Information
3CAE6F84-C3F5-4DB2-80D1-66C15B7BEF2EFarm Environment Details
FB2C97D5-3681-49B8-972F-8EF0379D7F80General Farm Information
Event Logs Gathers Event Logs
70CB0A39-A4D0-42A6-B967-8F128C6F4098Capture details about the different caching features enabled in each web application
ULS LogsGathers recent ULS Logs
PSC Diagnostic LogsGathers recent PSC Diagnostic Logs
IIS LogsGathers recent IIS Logs
38B09C0C-C2D9-4711-B240-20F961ADB5DAObtains contents of Robots.txt

Lists and Libraries

Rule IDTitleRequired PermissionsDescription
e266385d-1cea-4b6a-b237-4eb4238d909bWebDav Module Installation Check1, 4
9ECC571A-EBBA-C0DE-DE06-A0AE9B529E0BChecks for lists that have a large amount of unique permissions1, 2, 4


Rule IDTitleRequired PermissionsDescription
5F9036B9-F302-46A0-8235-A73EA47B9434Permissions to access the local farm by using PowerShell commands1Checks the user's ability to execute SharePoint PowerShell commands and flags a warning if the user does not have the right access
8F1C132D-2656-4D8D-9E58-606C0F97B748Minimum requirement for hard disk space1
8F1C132D-2656-4D8D-9E58-606C0F97B748Minimum requirement for memory1
8F1C132D-2656-4D8D-9E58-606C0F97B748Minimum requirement for processors1
4B5F4EBB-2018-472F-9131-48A95A3A21FCDetects Disabled Timer service instances in the farm1
C3B5E92C-4B76-4484-97CC-C3177230E2D6Verifies the feature definition files for installed features1
EEA07685-E339-C0DE-DE07-9F7F97AC7E59Check the IIS web content directory location4
F7E69924-8D42-C0DE-DE07-729E25839D91Check for anonymous authentication on claims based web apps4
CD47EDC0-7D14-4F68-99D2-A423F858CAD9Check for SQL Native Client1, 4
4F51675D-8358-C0DE-DE06-E7074F5509BFChecks for orphaned databases in SharePoint1, 4
1D4CA0F6-2741-4432-9AAB-2B7DFD6D5F95Check if outgoing email server passes DNS check1, 4
6243EF65-5671-414E-B3A6-6C0CEC592C19Check if Immediate Alerts Timer job exists1
625B19AB-8053-491A-BE9F-DE008D2B1371Check if Immediate Alerts Timer job has ran within it's schedule1
626103B1-404A-4F6C-9CE5-6F5BF52DC53BCheck if Immediate Alerts Timer job schedule is changed from default1
6277E604-4ED0-4B2E-A02D-FF907EEFB952Check if Immediate Alerts Timer job is online and enabled1
D83259F4-E3EB-4DD4-A4CD-94B9320C2205Check if the Mail Drop Folder Exists1 , 4
0C8C236A-C8B8-41EC-833A-F1D4D8C1DFA6Check if the SharePoint Farm account has modify permission on the mail drop folder1, 4
5CA37E4F-A28A-41A5-A978-569526064B53Check if SPIncomingEmailService is enabled1
594146D1-5DFA-4B13-9E90-F5C19D26D47BCheck if Social Ribbon Control feature is enabled1
FF3E4AE6-3DCA-4B85-9F54-A0C4F60F04A7Check if People Picker Search Active Directory Domains passes nltest1
7E7ACD48-5A3F-4090-B726-4FB4506E15F3Check if trust direction is outbound or bidirectional for people picker domain1, 4
7E82BBA6-B63A-4A77-9532-003FC41B347ECheck if a trust exists for people picker domain1, 4
7E9F40C4-D87A-49AA-9339-F0C4C6952D62Check trust type for people picker domain1, 4
96D25952-008B-45C9-89D8-4A017F16887ACheck if App Installation Timer Job exists1
96D3B292-60BA-4791-A0E6-0E57BA813E03Check if App Installation Timer Job ran recently1
96D4B6D6-DB03-43CE-899A-4266138D9913Check if App Installation Timer Job schedule is modified from default1
96D5F3B1-9680-4777-A4FB-99FC96E12B02Check if App Installation Timer Job is Online1


Rule IDTitleRequired PermissionsDescription
9E8C354C-A794-46B5-B1F4-FB1D145AB3F3Checks whether the winsock providers are out of order3
897B47A4-6A14-472E-ABB3-203A7C9056E2Checks whether the network drivers are old or outdated3
46D2B3D6-C7BE-4A64-B68B-90A8F068F318Checks whether the network driver settings are using Jumbo packets3
DEFF20EE-F55C-4837-9A93-04E52B28FC3EChecks for network chimney settings that may cause issues3
EC2FB075-DD02-4E4D-89AE-B260D3F34014Checks whether the DisableLoopbackCheck registry is set3

Patches / Updates

Rule IDTitleRequired PermissionsDescription
A31A111A-FFD6-4530-827B-8218DD177CECChecks for the presence of KB 25548761
67C8E3DF-45A7-C0DE-DE06-857FB5419E3FChecks if SharePoint 2013 is at a Pre-RTM1, 4

Security Information

Rule IDTitleRequired PermissionsDescription
E3BCD45E-00A6-43FB-A930-69800785987BChecks the local farm trust1
5EB2905F-7619-45F6-84B9-F7AE2FC4864AChecks Portal Super Reader Account Configuration1
823C65CF-D269-40DF-9930-8C871440A8CBVerifies that PortalSuperUser has “Full Control” permission granted via Policy for Web App1
0D277B72-A1C3-4CC3-BC37-A2B19DEEA41EChecks the Web Application User permissions1
19c5bfbd-6b69-40e6-bd5b-a97eac7d0088Checks for proper configuration of identity impersonation in Web.config1, 4
B96C8475-21E0-4665-92A5-A0BA810A9CF5Required user is not granted permissions on resource1, 4
3425a50a-cdd8-41d4-aa89-6512611e7e0fVerifies that defaultProvider = "AspNetWindowsTokenRoleProvider" if roleManager enabled="true" for CA1, 4
C7DE53F0-7538-4BB3-8D50-DAF3C04F9359Checks list items and folders that have possible security corruption1
E7C5D9F7-1A19-4AC3-BEDF-66258BFF2A40Checks lists that have possible security corruption1
85918AC8-EB49-4D1D-95E9-9AF33FDEDE3CChecks sites that have possible security corruption1
A0650077-7F64-4EF0-9023-092E9BF90BF2Check whether the certificate chain takes more than 10 seconds to finish1


Rule IDTitleRequired PermissionsDescription
5DFE8052-6294-4B27-81B5-18FED77DC27BChecks whether the root of the web application is provisioned for My Site Host of any given user profile service application1
0A53557F-2398-4DE7-AB78-908DA3D89C6BChecks whether Request Management service is started on all WFE1
24CE5FF4-95EC-4240-9743-C1D9B61CE9F4Checks whether Request Management service has some rule destinations that are unavailable1
1fe2cb13-62b4-4f63-965f-fa69f5eb05f6If the Distributed Cache Service is not started on at least one server, the distributed cache is not populated1
8B44C564-C065-4C0F-A376-DA44AE86206FCheck the distributed cache host status1

Site Collections

Rule IDTitleRequired PermissionsDescription
33997564-C7FC-4DA8-8631-08A7EFF8FB84Site collection locks1, 2
78B579A4-E244-C0DE-DE06-9399DC13F645Checks each site collection on an anonymous web application for User Information Lists read security1, 2

Web Applications

Rule IDTitleRequired PermissionsDescription
6e574b9b-17e5-4c62-bb33-634cf8061152IIS Handler Mapping Must Have Execute Permission1, 4
31b72275-cea6-4430-93ef-62f9d14e400cRoot Site Collection is required1, 2
DE89AC8C-2DFC-454C-A9ED-C72EF271A5F9Checks multiple AppCatalog web templates are being used on a single web application or single farm1
18198ECB-932D-4039-BFEB-999697462ADBA Web Applications ParserEnabled property must be set to True1, 2
DABF4752-13C0-4970-931F-FCC8636B42B9Check for AllowAnonymousImpersonation for Forms Web Apps1, 4
E425A500-35ED-4FB5-8461-C4FD49031155heck the content database for orphaned objects1
3B088E47-BD4E-4FBD-AA40-17194DA34A4ECheck Web Apps process account permissions on the My Site Web Application1
86729545-CCBC-483C-90B3-D6B53F5CB45DCheck for Server Name Indication on Web Apps1, 4
B88B6AD8-2368-4724-8447-1C62F931A521Check the default blocked file types1, 4
973559 Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT) for Windows 7

Article ID: 2781042 - Last Review: 12/01/2015 23:23:00 - Revision: 43.0

Microsoft SharePoint Foundation 2013, Microsoft SharePoint Server 2013

  • KB2781042
dy>script>"> .gif?DI=4050&did=1&t=">ar varClickTracking = 1; var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write(" r Route = "76500"; var Ctrl = ""; document.write(" ;did=1&t=">