[SDP 5][ 27e17f4c-3de4-44e0-86c9-de16a127e01f] SharePoint Administration 2016 Diagnostic Package (SPAdmin2016)

Summary
This SharePoint Administration 2016 Diagnostic is designed to detect certain problematic conditions that may exist in the configuration of Microsoft SharePoint Server 2016. The rules in this diagnostic package are limited to SharePoint Administration issues.

Important These problematic conditions are checked only on the server on which this diagnostic package is executed. To make sure that you have maximum coverage, we recommend that you run this diagnostic package on every computer in the Microsoft SharePoint 2016 farm.

Required permissions

The rules in the diagnostic package use the Windows PowerShell snap-in for SharePoint to gather information about the farm. Therefore, the account that is used to run this diagnostic package must either be the farm account or have been given the required permissions through the Add-SPShellAdmin command. Note that the farm account is the account under which the central administration application pool and the timer service are running.

Some rules in this diagnostic package also must have local server administrative privileges to use remote and local administrative tools and to access secure system locations such as the registry. Use the following table to reference the permissions that are required for each rule.

Permission codeDescriptionRequired permission
1Use SharePoint Windows PowerShell cmdlets to interact with the SharePoint farm.Farm administration
2Run queries against SharePoint databases.Farm administration
3Access server administrative tools.Server administrative
4Access files and other resources on the server.Server administrative

More information
DescriptionFile name
The results of the diagnostic package. It lists all rules run on the system, in addition to the outcome of each.ResultReport.xml
Used to format the results in the ResultReport.xml file.Results.xsl, Results.xml
Debug information generated during the execution of the diagnostic package. Also contains timings on each of the rules that are run.SPAdmin2016.0.debugreport.xml
Additional debug information generated by the diagnostic package execution.Stdout.log
Farm Environment Report generated from the server that this package was run on.FarmEnvironment.txt
This file contains SQL Server information from the SQL instance that hosts the SharePoint Configuration database. The information that is captured includes the following:

· ProductVersion

· ProductLevel

· Edition

· ServerName

· InstanceName

· MaxDegreeOfParallelism

· LastUpdateDate

· IsClustered

· IsFullTextInstalled

· IntegratedSecurity
FarmEnvironment.txt
Farm Information Report generated from the server that this package was run on.FarmInformation.txt
Details about Request Management Service.RequestManagement.txt
Details about SharePoint Caching configuration.SPCaching.txt
Application event logs.Application.csv (and .evtx)
Security event logs.Security.csv (and .evtx)
SharePoint event logs.SharePointProductsShared-Operational.csv (and .evtx)
General System event logs.System.csv (and .evtx)
Contains recent PSCDiagnostic logs.PSCDiagnosticLogs.cab
Timezone Synchronization Report.TimeZoneInfo.txt
Contains recent ULS logs (from only the server that this package was run on).ULSLogs.cab
This is an xlst transform that formats the results in the %COMPUTERNAME%_SPSFarmReport_%LANG%_O15SP__%time%.xml file.SPSFarmReport.xslt
This file collects the SharePoint farm information. The information that is captured includes the following:

· Farm general settings

· Services on servers

· Installed products on servers

· Features on servers

· Custom solutions

· Service applications

· Web applications

· AAMs and authentication providers

· Content databases

· Content deployment
%COMPUTERNAME%_SPSFarmReport_%LANG%_O16SP__%time%.xml
This file contains a summary of the specified SharePoint List or Library. The information in this file includes the following:

· SPList Properties

· Forms

· Content Types

· Views

· Event Receivers

· Workflow associations
%COMPUTERNAME%_xml_en-US_O16SP_ListInfoReport.xml

Configuration settings


Rule IDTitleRequired permissionsDescription
78192395-6712-4093-9979-A699BF158D74Checks whether the debug=true attribute is set in the Web.config file4http://msdn.microsoft.com/en-us/library/s10awwz0.aspx
94636052-E114-4773-AADC-E31AE6E34270All Central Administration servers in a farm should be in the same time zone1, 4http://support.microsoft.com/kb/2734729
36161129-FE9F-4B2A-89E5-0075B95C18D2All Timer Service servers in a farm should be in the same time zone1, 4http://support.microsoft.com/kb/2734729
2AFDF425-D3FE-410B-A952-9E6B1A6B71DBTimer service servers should be in the same time zone as the Central Administration servers1, 4http://support.microsoft.com/kb/2734729
8BFCA359-CAF2-4E5B-96B0-611E94E623BBVerifies that each AAM URL has a backing IIS site1http://support.microsoft.com/kb/2624320
2F38FD7A-DEED-4D54-8711-8E3DC2301EAADetects databases that require an upgrade1http://technet.microsoft.com/en-us/library/ff607813.aspx
5800DF39-1C51-463D-87DF-0EC1A37FC16EChecks for unsupported installation configurations in SharePoint 20161, 4http://support.microsoft.com/kb/2764086
0C4C7678-2A8C-C0DE-DE06-66E417008012Checks the SharePoint Configuration database for malformed XML properties in the Objects table2, 4
6A0085C3-4673-C0DE-DE05-4C8BC15F9F90Checks the system time differentiation between servers running SQL Server and SharePoint1, 2http://technet.microsoft.com/en-us/library/jj852172(v=ws.10).aspx
D86A3935-2BA6-C0DE-DE06-6D20320FCA74SharePoint service connection point4http://technet.microsoft.com/en-us/library/ff730261.aspx
33A8CA67-9771-C0DE-DE06-3FF3A4750358Checks CRL status4http://blogs.technet.com/b/lukeb/archive/2011/04/13/sharepoint-delays-crl.aspx
1748BEEC-7617-C0DE-DE06-9E1E2ED206B7An account is missing from 'Allow log on locally'1, 3http://technet.microsoft.com/library/cc756809.aspx
DDE88E63-BD4F-4FED-8338-488F6286AEADThe anonymous access account is not set to IUSR1http://support.microsoft.com/kb/2892419
45952226-46F1-4867-892D-22914259E9AASecurity Token Web Service does not exist1, 4http://support.microsoft.com/kb/2493524
9075ED01-1E56-461B-A8C2-F049CC13652DSecurity Token Service Application is not online1http://support.microsoft.com/kb/2493524
3DDB2C1F-29E4-4035-BBAC-047A275FFAFFCheck if People Picker Hide Inactive Profiles is configured1
72A342A1-8B91-448F-8224-67DF9156665ACheck if ThreadingModel is set to Both for PhotoMetadataHandler4

Data collection


Name/Rule IDDescription
System informationBasic system information
3CAE6F84-C3F5-4DB2-80D1-66C15B7BEF2EFarm Environment Details
FB2C97D5-3681-49B8-972F-8EF0379D7F80General Farm Information
Event Logs Gathers Event Logs
70CB0A39-A4D0-42A6-B967-8F128C6F4098Capture details about the different caching features enabled in each web application
ULS LogsGathers recent ULS Logs
PSC Diagnostic LogsGathers recent PSC Diagnostic Logs
IIS LogsGathers recent IIS Logs
38B09C0C-C2D9-4711-B240-20F961ADB5DAObtains contents of Robots.txt


Lists and libraries


Rule IDTitleRequired permissionsDescription
e266385d-1cea-4b6a-b237-4eb4238d909bWebDav Module installation check1, 4http://support.microsoft.com/kb/2171959
9ECC571A-EBBA-C0DE-DE06-A0AE9B529E0BChecks for lists that have a large amount of unique permissions1, 2, 4http://technet.microsoft.com/en-us/library/cc262787.aspx

Miscellaneous


Rule IDTitleRequired permissionsDescription
5F9036B9-F302-46A0-8235-A73EA47B9434Permissions to access the local farm by using PowerShell commands1Checks the user's ability to execute SharePoint PowerShell commands and flags a warning if the user does not have the right access
8F1C132D-2656-4D8D-9E58-606C0F97B748Minimum requirement for hard disk space1http://technet.microsoft.com/en-us/library/cc262485.aspx
8F1C132D-2656-4D8D-9E58-606C0F97B748Minimum requirement for memory1http://technet.microsoft.com/en-us/library/cc262485.aspx
8F1C132D-2656-4D8D-9E58-606C0F97B748Minimum requirement for processors1http://technet.microsoft.com/en-us/library/cc262485.aspx
4B5F4EBB-2018-472F-9131-48A95A3A21FCDetects Disabled Timer service instances in the farm1http://support.microsoft.com/kb/2616609
C3B5E92C-4B76-4484-97CC-C3177230E2D6Verifies the feature definition files for installed features1http://technet.microsoft.com/en-us/library/ff607680.aspx
EEA07685-E339-C0DE-DE07-9F7F97AC7E59Check the IIS web content directory location4http://support.microsoft.com/kb/2752331
F7E69924-8D42-C0DE-DE07-729E25839D91Check for anonymous authentication on claims based web apps4
CD47EDC0-7D14-4F68-99D2-A423F858CAD9Check for SQL Native Client1, 4http://technet.microsoft.com/library/cc262485.aspx
4F51675D-8358-C0DE-DE06-E7074F5509BFChecks for orphaned databases in SharePoint1, 4
1D4CA0F6-2741-4432-9AAB-2B7DFD6D5F95Check if outgoing email server passes DNS check1, 4http://technet.microsoft.com/library/cc263462.aspx
6243EF65-5671-414E-B3A6-6C0CEC592C19Check if Immediate Alerts Timer job exists1
625B19AB-8053-491A-BE9F-DE008D2B1371Check if Immediate Alerts Timer job has run within its schedule1
626103B1-404A-4F6C-9CE5-6F5BF52DC53BCheck if Immediate Alerts Timer job schedule is changed from default1
6277E604-4ED0-4B2E-A02D-FF907EEFB952Check if Immediate Alerts Timer job is online and enabled1
D83259F4-E3EB-4DD4-A4CD-94B9320C2205Check if the Mail Drop Folder Exists1 , 4http://technet.microsoft.com/library/cc263260.aspx
0C8C236A-C8B8-41EC-833A-F1D4D8C1DFA6Check if the SharePoint Farm account has modify permission on the mail drop folder1, 4http://technet.microsoft.com/library/cc263260.aspx
5CA37E4F-A28A-41A5-A978-569526064B53Check if SPIncomingEmailService is enabled1http://technet.microsoft.com/library/cc263260.aspx
594146D1-5DFA-4B13-9E90-F5C19D26D47BCheck if Social Ribbon Control feature is enabled1http://technet.microsoft.com/library/ee721062.aspx
FF3E4AE6-3DCA-4B85-9F54-A0C4F60F04A7Check if People Picker Search Active Directory Domains passes nltest1
7E7ACD48-5A3F-4090-B726-4FB4506E15F3Check if trust direction is outbound or bidirectional for people picker domain1, 4
7E82BBA6-B63A-4A77-9532-003FC41B347ECheck if a trust exists for people picker domain1, 4
7E9F40C4-D87A-49AA-9339-F0C4C6952D62Check trust type for people picker domain1, 4
96D25952-008B-45C9-89D8-4A017F16887ACheck if App Installation Timer Job exists1
96D3B292-60BA-4791-A0E6-0E57BA813E03Check if App Installation Timer Job ran recently1
96D4B6D6-DB03-43CE-899A-4266138D9913Check if App Installation Timer Job schedule is modified from default1
96D5F3B1-9680-4777-A4FB-99FC96E12B02Check if App Installation Timer Job is Online1

Network


Rule IDTitleRequired permissionsDescription
9E8C354C-A794-46B5-B1F4-FB1D145AB3F3Checks whether the winsock providers are out of order3http://support.microsoft.com/kb/2000689
897B47A4-6A14-472E-ABB3-203A7C9056E2Checks whether the network drivers are old or outdated3http://support.microsoft.com/kb/912222
46D2B3D6-C7BE-4A64-B68B-90A8F068F318Checks whether the network driver settings are using Jumbo packets3
DEFF20EE-F55C-4837-9A93-04E52B28FC3EChecks for network chimney settings that may cause issues3http://support.microsoft.com/kb/951037
EC2FB075-DD02-4E4D-89AE-B260D3F34014Checks whether the DisableLoopbackCheck registry is set3http://support.microsoft.com/kb/926642

Patches/updates


Rule IDTitleRequired permissionsDescription
67C8E3DF-45A7-C0DE-DE06-857FB5419E3FChecks if SharePoint 2016 is at a Pre-RTM1, 4http://technet.microsoft.com/evalcenter/hh973397.aspx

Security information


Rule IDTitleRequired permissionsDescription
E3BCD45E-00A6-43FB-A930-69800785987BChecks the local farm trust1http://support.microsoft.com/kb/2545744
5EB2905F-7619-45F6-84B9-F7AE2FC4864AChecks Portal Super Reader Account Configuration1http://technet.microsoft.com/en-us/library/ff758656.aspx
823C65CF-D269-40DF-9930-8C871440A8CBVerifies that PortalSuperUser has “Full Control” permission granted via Policy for Web App1http://technet.microsoft.com/en-us/library/ff758656.aspx
0D277B72-A1C3-4CC3-BC37-A2B19DEEA41EChecks the Web Application User permissions1http://technet.microsoft.com/en-us/library/ff607719.aspx
19c5bfbd-6b69-40e6-bd5b-a97eac7d0088Checks for proper configuration of identity impersonation in Web.config1, 4http://support.microsoft.com/kb/979917
B96C8475-21E0-4665-92A5-A0BA810A9CF5Required user is not granted permissions on resource1, 4http://technet.microsoft.com/en-us/library/cc678863.aspx
3425a50a-cdd8-41d4-aa89-6512611e7e0fVerifies that defaultProvider = "AspNetWindowsTokenRoleProvider" if roleManager enabled="true" for CA1, 4http://support.microsoft.com/kb/2735026
C7DE53F0-7538-4BB3-8D50-DAF3C04F9359Checks list items and folders that have possible security corruption1
E7C5D9F7-1A19-4AC3-BEDF-66258BFF2A40Checks lists that have possible security corruption1
85918AC8-EB49-4D1D-95E9-9AF33FDEDE3CChecks sites that have possible security corruption1
A0650077-7F64-4EF0-9023-092E9BF90BF2Check whether the certificate chain takes more than 10 seconds to finish1http://social.technet.microsoft.com/wiki/contents/articles/4954.windows-xp-certificate-status-and-revocation-checking.aspx

Services


Rule IDTitleRequired permissionsDescription
5DFE8052-6294-4B27-81B5-18FED77DC27BChecks whether the root of the web application is provisioned for My Site Host of any given user profile service application1
0A53557F-2398-4DE7-AB78-908DA3D89C6BChecks whether Request Management service is started on all WFE1http://technet.microsoft.com/en-us/library/jj712708.aspx#proc3
24CE5FF4-95EC-4240-9743-C1D9B61CE9F4Checks whether Request Management service has some rule destinations that are unavailable1http://technet.microsoft.com/en-us/library/jj712708.aspx#RR
1fe2cb13-62b4-4f63-965f-fa69f5eb05f6If the Distributed Cache Service is not started on at least one server, the distributed cache is not populated1http://technet.microsoft.com/en-us/library/jj219613(office.15).aspx
8B44C564-C065-4C0F-A376-DA44AE86206FCheck the distributed cache host status1http://technet.microsoft.com/library/jj219613.aspx


Site collections



Rule IDTitleRequired permissionsDescription
33997564-C7FC-4DA8-8631-08A7EFF8FB84Site collection locks1, 2http://technet.microsoft.com/en-us/library/cc263238.aspx
78B579A4-E244-C0DE-DE06-9399DC13F645Checks each site collection on an anonymous web application for User Information Lists read security1, 2


Web applications


Rule IDTitleRequired permissionsDescription
6e574b9b-17e5-4c62-bb33-634cf8061152IIS Handler Mapping Must Have Execute Permission1, 4http://support.microsoft.com/kb/2732632
31b72275-cea6-4430-93ef-62f9d14e400cRoot Site Collection is required1, 2http://support.microsoft.com/kb/2590564
DE89AC8C-2DFC-454C-A9ED-C72EF271A5F9Checks multiple AppCatalog web templates are being used on a single web application or single farm1http://technet.microsoft.com/en-us/library/fp161237(v=office.15)
18198ECB-932D-4039-BFEB-999697462ADBA Web Applications ParserEnabled property must be set to True1, 2http://blogs.technet.com/b/yashgoel-msft/archive/2012/11/28/unable-to-re-use-saved-list-templates-in-sharepoint-2010.aspx
DABF4752-13C0-4970-931F-FCC8636B42B9Check for AllowAnonymousImpersonation for Forms Web Apps1, 4http://support.microsoft.com/kb/2686411
E425A500-35ED-4FB5-8461-C4FD49031155Check the content database for orphaned objects1http://blogs.technet.com/b/nishants/archive/2014/03/23/detect-content-db-orphans-in-a-sharepoint-2010-farm-thru-windows-powershell-updated.aspx
3B088E47-BD4E-4FBD-AA40-17194DA34A4ECheck Web Apps process account permissions on the My Site Web Application1
86729545-CCBC-483C-90B3-D6B53F5CB45DCheck for Server Name Indication on Web Apps1, 4
B88B6AD8-2368-4724-8447-1C62F931A521Check the default blocked file types1, 4http://technet.microsoft.com/library/cc262496.aspx

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.
Properties

Article ID: 3166494 - Last Review: 06/14/2016 01:10:00 - Revision: 2.0

Microsoft SharePoint Server 2016

  • KB3166494
Feedback