Summary
The Microsoft Exchange Server Diagnostic collects comprehensive information to help you troubleshoot issues with Microsoft Exchange Server 2013 or 2016.
More Information
This article describes information that the Microsoft Exchange Server Diagnostic may collect from your computer. This article also describes the names of the output files. Â
Note The information that is collected depends on the installed roles, features, and configuration.Information that is collected
Exchange Server and organization baseline
Description |
File name |
All Exchange Servers - Versions and Roles |
<computer_name>_AllExchangeServers*.txt |
Get-ExchangeCertificate cmdlet output |
<computer_name>_ExchangeCertificate*.txt |
Get-ExchangeServer cmdlet output |
<computer_name>_ExchangeServer*.txt |
Get-PowerShellVirtualDirectory cmdlet output |
<computer_name>_PowerShellVirtualDirectory*.txt |
Get-MalwareFilteringServer cmdlet output |
<computer_name>_MalwareFilteringServer*.txt |
Get-OrganizationConfig cmdlet output |
<computer_name>_OrganizationConfig*.txt |
Get-UserPrincipalNamesSuffix cmdlet output |
<computer_name>_UserPrincipalNamesSuffix*.txt |
Get-WorkloadManagementPolicy cmdlet output |
<computer_name>_WorkloadManagementPolicy*.txt |
Get-WorkloadPolicy cmdlet output |
<computer_name>_WorkloadPolicy*.txt |
Get-ResourcePolicy cmdlet output |
<computer_name>_ResourcePolicy*.txt |
Get-SiteMailboxProvisioningPolicy cmdlet output |
<computer_name>_SiteMailboxProvisioningPolicy.txt |
Get-AcceptedDomain cmdlet output |
<computer_name>_AcceptedDomain*.txt |
Get-RemoteDomain cmdlet output |
<computer_name>_RemoteDomain*.txt |
Get-EmailAddressPolicy cmdlet output |
<computer_name>_EmailAddressPolicy*.txt |
Get-SendConnector cmdlet output |
<computer_name>_SendConnector*.txt |
Get-EdgeSubscription cmdlet output |
<computer_name>_EdgeSubscription*.txt |
Get-EdgeSyncServiceConfig cmdlet output |
<computer_name>_EdgeSyncServiceConfig*.txt |
Get-DataClassification cmdlet output |
<computer_name>_DataClassification*.txt |
Get-DlpPolicyTemplate cmdlet output |
<computer_name>_DlpPolicyTemplate*.txt |
Get-DlpPolicy cmdlet output |
<computer_name>_DlpPolicy*.txt |
Get-MalwareFilterPolicy cmdlet output |
<computer_name>_MalwareFilterPolicy*.txt |
Get-PolicyTipConfig cmdlet output |
<computer_name>_PolicyTipConfig*.txt |
Get-AvailabilityAddressSpace cmdlet output |
<computer_name>_AvailabilityAddressSpace*.txt |
Get-AvailabilityConfig cmdlet output |
<computer_name>_AvailabilityConfig*.txt |
Get-ThrottlingPolicy cmdlet output |
<computer_name>_ThrottlingPolicy*.txt |
Get-ActiveSyncMailboxPolicy cmdlet output |
<computer_name>_ActiveSyncMailboxPolicy*.txt |
Get-ActiveSyncDeviceAutoblockThreshold cmdlet output |
<computer_name>_ActiveSyncDeviceAutoblockThreshold*.txt |
Get-MobileDeviceMailboxPolicy cmdlet output |
<computer_name>_MobileDeviceMailboxPolicy*.txt |
Get-OutlookProvider cmdlet output |
<computer_name>_OutlookProvider*.txt |
Get-App cmdlet output |
<computer_name>_App*.txt |
Get-UMDialPlan cmdlet output |
<computer_name>_UMDialPlan*.txt |
Get-UMHuntGroup cmdlet output |
<computer_name>_UMHuntGroup*.txt |
Get-UMMailboxPolicy cmdlet output |
<computer_name>_UMMailboxPolicy*.txt |
Get-UMAutoAttendant cmdlet output |
<computer_name>_UMAutoAttendant*.txt |
Get-UMDialPlan (InCountryOrRegionGroups) cmdlet output |
<computer_name>_UMDialPlan_[DialPlan.Name]_CountryOrRegionGroups.txt |
Get-UMDialPlan (ConfiguredInternationalGroups) cmdlet output |
<computer_name>_UMDialPlan_[DialPlan.Name]_InternationalGroups.txt |
Get-UMAutoAttendant (BusinessHoursKeyMapping) cmdlet output |
<computer_name>_UMAutoAttendant_[UMAutoAttendant.Name]_BusinessHoursKeyMapping.txt |
Get-UMAutoAttendant (AfterHoursKeyMapping) cmdlet output |
<computer_name>_UMAutoAttendant_[UMAutoAttendant.Name]_AfterHoursKeyMapping.txt |
Get-FederationTrust cmdlet output |
<computer_name>_FederationTrust*.txt |
Test-FederationTrustCertificate cmdlet output |
<computer_name>_FederationTrustCertificate*.txt |
Get-FederatedOrganizationIdentifier cmdlet output |
<computer_name>_FederatedOrganizationIdentifier*.txt |
Get-OrganizationRelationship cmdlet output |
<computer_name>_OrganizationRelationship*.txt |
Exchange Server IIS information
Description |
File name |
IIS W3SVC Logs for each site from the past three days |
<computer_name>_W3SVC[n]LogFiles.zip |
Exchange Mailbox Server role
Description |
File name |
Get-MailboxServer cmdlet output |
<computer_name>_MailboxServer*.txt |
Get-MailboxDatabase cmdlet output for each database on server |
<computer_name>_DBMb_[mailboxDatabase.Name]*.txt |
Get-ChildItem -Path output for each database file path |
<computer_name>_DBMb_[mailboxDatabase.Name]_EDBFilePath_Contents*.txt |
Get-ChildItem -Path output for each database log folder path |
<computer_name>_DBMb_[mailboxDatabase.Name]_LogFolderPath*.txt |
Get-DatabaseAvailabilityGroup cmdlet output |
<computer_name>_DAG_[DAG.Name]*.txt |
Get-DatabaseAvailabilityGroupNetwork cmdlet output |
<computer_name>_DAGNetworks*.txt |
Get-MailboxDatabaseCopyStatus cmdlet output |
<computer_name>_MailboxDatabaseCopyStatus*.txt |
Get-StoreUsageStatistics cmdlet output |
<computer_name>_StoreUsageStatistics*.txt |
Get-PopSettings cmdlet output |
<computer_name>_PopSettings*.txt |
Get-ImapSettings cmdlet output |
<computer_name>_ImapSettings*.txt |
Get-OutlookAnywhere cmdlet output |
<computer_name>_OutlookAnywhere*.txt |
Get-ActiveSyncVirtualDirectory cmdlet output |
<computer_name>_ActiveSyncVirtualDirectory*.txt |
Get-AutodiscoverVirtualDirectory cmdlet output |
<computer_name>_AutodiscoverVirtualDirectory*.txt |
Get-OabVirtualDirectory cmdlet output |
<computer_name>_OabVirtualDirectory*.txt |
Get-OwaVirtualDirectory cmdlet output |
<computer_name>_OwaVirtualDirectory*.txt |
Get-EcpVirtualDirectory cmdlet output |
<computer_name>_EcpVirtualDirectory*.txt |
Get-PowerShellVirtualDirectory cmdlet output |
<computer_name>_PowerShellVirtualDirectory*.txt |
Get-WebServicesVirtualDirectory cmdlet output |
<computer_name>_WebServicesVirtualDirectory*.txt |
HKLM: SOFTWARE\Microsoft\Rpc\RpcProxy registry key and subkey values |
<computer_name>_REG_RPCPROXY*.txt |
RpcHttp logs from the previous one day |
<computer_name>_Logs_RpcHttp.zip |
RPC Client Access logs from the past three days |
<computer_name>_Logs_RPC Client Access.zip |
AddressBook Service logs from the past three days |
<computer_name>_Logs_AddressBook Service.zip |
Update-HybridConfiguration logs from the previous one day |
<computer_name>_Logs_Update-HybridConfiguration.zip |
Get-TransportService cmdlet output |
<computer_name>_TransportService*.txt |
Get-ReceiveConnector cmdlet output |
<computer_name>_ReceiveConnector*.txt |
Get-Queue cmdlet output |
<computer_name>_Queue*.txt |
Get-MailboxTransportService cmdlet output |
<computer_name>_MailboxTransportService*.txt |
Get-TransportAgent cmdlet output |
<computer_name>_TransportAgent*.txt |
Get-TransportPipeline cmdlet output |
<computer_name>_TransportPipeline*.txt |
Get-EdgeSyncServiceConfig cmdlet output |
<computer_name>_EdgeSyncServiceConfig*.txt |
QueueViewer logs from the previous one day |
<computer_name>_Logs_QueueViewer.zip |
MessageTracking logs from the past three days |
<computer_name>_Logs_MessageTracking.zip |
BE_Routing logs from the previous one day |
<computer_name>_Logs_BE_Routing.zip |
BE_Agent logs from the previous one day |
<computer_name>_Logs_BE_Agent.zip |
Get-UMService cmdlet output |
<computer_name>_UMService*.txt |
Failover cluster information
Description |
File name |
Basic failover cluster information: This includes information from existing resources and groups. On operating systems that are earlier than Windows Server 2008 R2, the tool runs the clusmps.exe utility. On newer operating systems, the tool runs FailoverCluster Windows PowerShell cmdlets. |
resultreport.xml <computer_name>_cluster_mps_information.txt |
General performance information
Description |
File name |
Information about process and threads by using the pstat.exe tool |
<computer_name>_PStat.txt |
Event log information
Description |
File name |
Event log - Application: txt, csv, and evtx formats |
<computer_name>_evt_Application.* |
Event log - System: txt, csv, and evtx formats |
<computer_name>_evt_System.* |
Event logs - FailoverClustering*: txt, csv, and evtx formats |
<computer_name>_evt_FailoverClustering*.* |
Event logs - Windows PowerShell: txt, csv, and evtx formats |
<computer_name>_evt_*PowerShell*.* |
Event logs - Exchange*: txt, csv, and evtx formats |
<computer_name>_evt_*Exchange*.* |
General registry data collection
Description |
File name |
HKLM\Software\Microsoft\Windows\CurrentVersion |
<computer_name>_reg_CurrentVersion.txt |
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |
<computer_name>_reg_Uninstall.txt |
HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions |
<computer_name>_reg_ProductOptions.txt |
HKLM\System\CurrentControlSet\Control\CrashControl |
<computer_name>_reg_Recovery.txt |
HKCU\Software\Microsoft\Windows\CurrentVersion\Run |
<computer_name>_reg_Startup.txt |
HKLM\SYSTEM\CurrentControlSet\Control\Print |
<computer_name>_reg_Print.txt |
HKCU\Software\Policies |
<computer_name>_reg_Policies.txt |
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation |
<computer_name>_reg_TimeZone.txt |
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server |
<computer_name>_reg_TimeZone.txt |
File version information (Chksym)
Description |
File name |
File version information from %windir%\cluster\*.* |
<computer_name>_sym_ProgramFiles_sys.* |
File version information from %windir%\system32\*.dll |
<computer_name>_sym_System32_dll.* |
File version information from %windir%\system32\*.exe |
<computer_name>_sym_System32_exe.* |
File version information from %windir%\system32\*.sys |
<computer_name>_sym_System32_sys.* |
File version information from %windir%\system32\drivers folder |
<computer_name>_sym_Drivers.* |
File version information from %windir%\syswow64 folder and subfolders |
<computer_name>_sym_SysWOW64_sys.* |
File version information from %windir%\syswow64\drivers folder |
<computer_name>_sym_SysWOW64_sys.* |
File version information from <Program Files (x86)>\*.sys folder and subfolders |
<computer_name>_sym_ProgramFilesx86_sys.* |
File version information from <Program Files (x86)>\*.sys folder and subfolders |
<computer_name>_sym_ProgramFiles_sys.* |
File version information from %windir%\system32\Spool\*.* |
<computer_name>_sym_PrintSpooler.* |
File version information from %windir%\cluster\*.* |
<computer_name>_sym_Cluster.* |
File version information from %ProgramFiles%\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.* |
<computer_name>_sym_MS_iscsi.* |
File version information from drivers that are currently running on the computer |
<computer_name>_sym_RunningDrivers.* |
File version information from processes that are currently running on the computer |
<computer_name>_sym_Process.* |
In addition to collecting the information that is described earlier, this diagnostic package can detect one or more of the following symptoms:
-
Check whether cluster groups are in Offline or Failed state
-
Check whether the state of one or more cluster nodes is down or paused
-
Check whether Cluster service is not running or offline
-
Check for Advanced Format Drives
-
Check for Native 4K drives on the system
-
Check whether KB 982018 is not installed or the files are outdated
-
Check for Active Directory Domain Services (AD DS) replication failures
-
Check AD DS for lingering objects
-
Check for AD DS replication errors
-
Check for potentially risky audit failure settings (CrashOnAuditFail)
-
Check for a possible Stop error caused by audit failure
-
Check for High CPU usage by Local Security Authority Subsystem Service (LSASS)
-
Check whether the SYSVOL and NETLOGON shares are missing on domain controller
-
Check for domain controller that is missing Rid Set reference attributes in AD DS
-
Check whether the domain controller points to itself for Domain Name System (DNS) exclusively
-
Check for USN Rollback
-
Check state of Intersite Messaging service.
-
Check whether the DFSR UpdateWorkerThreadCount setting is lower than 64
-
Check whether the IPv6 protocol was disabled on a domain controller
-
Check for Win32time configuration for time skew
-
Check for MaxConcurrentApi NTLM bottlenecks or delays
-
Check for Certificates that have Weak RSA Keys
-
Check whether the Cluster Name Object (CNO) exists and it is enabled in AD DS
-
Cluster Shared Volumes issues
-
Check for third-party virtualization solution from Xsigo
-
Check for LmCompatibilityLevel setting
-
Check firewall rules on cluster nodes that have IPv6 enabled
-
Check whether the FailoverCluster Crypto resource exists
-
Check for FailoverCluster missing dependent resources
-
Check whether PMTU was disabled on computer
-
Check for unexpected TCP/IP registry settings (KB 967224)
-
Check whether Opportunistic Locking is disabled
-
Check for too many 6to4 adapters, which may result in decreased startup and logon performance
-
Check whether the Tunnel.sys driver is missing a Windows Server 2008 R2 Server Core installation option
-
Check whether the InfoCacheLevel setting is configured to enable caching for all files and folders
-
Check for processes that use many handles
-
Check for possible Kernel Memory performance-related problem
-
Check for low System PTEs
-
Check for low Virtual Memory
-
Check whether Appsense EM 8.1 is installed on the computer.
-
Check for large number of Inactive Terminal Services ports
-
Check whether the Registry Size Limit setting is present on the system
-
Check the PoolUsageMaximum Setting
-
Check for shared PST files
-
Check for McAfee Endpoint Encryption version, which may cause slow startup issues
-
Check for terminal services licensing binary versions for Windows Server 2003
-
Check for a specific version of SEP that may cause handle leak
-
Check RPC settings that allow for unauthenticated sessions
-
Check for Performance counters to determine whether there is an issue with NTFS metafile cache memory consumption
-
Check for the ProcessorAffinityMask setting for multiprocessor Windows Server 2003 computers
-
Check the ClearPageFileAtShutdown setting, which may cause slow shutdown
-
Check for the NMICrashDump setting on HP ProLiant DL385 G5
-
Check the state of the Search Service when Lenovo Rapid Boot Software is installed
-
Check pool memory that is allocated for "D2d" tag
-
Check pool memory that is allocated for "RxM4" and "SeTI" tag
-
Check pool memory that is allocated for "SslC" tag
-
Check pool memory that is allocated for "Toke" tag on terminal services
-
Check for older versions of MPIO.SYS
-
Check for Broadcom Advanced Server Program driver information
-
Check for Aladdin Knowledge Systems Device Drivers
-
Check the state of the Application Compatibility Engine
-
Check pool memory usage from Citrix XTE process
-
Check whether the Users group has permissions under HKCR\CLSID
-
Check HeapDecommitFreeBlockThreshold registry value
-
Check whether the Wsftpsi.dll file causes Windows Explorer crashes
-
Check the Netapi32.dll file version
-
Check for Symantec Endpoint Protection MR1/MR2
-
Check for Symantec Intrusion Protection System (IPS) driver
-
Check whether the EMC Replistor Software is installed on the computer and whether the hotfix that is described in article KB 975759 is not installed
-
Check for unsupported versions of Windows Vista or Windows Server 2008
-
Check whether DEP and PAE are enabled on a 32-bit system
-
Check whether Ultimaco Safeware disk encryption is installed and the current version
-
Check whether the Telnet service is running under System account
-
Check for known issue with BIOS version of PowerEdge R910, R810, and M910
-
Check the value of "SystemPages" in Memory Management registry key
References
For more information about the Microsoft Automated Troubleshooting Services and about the Support Diagnostics Platform, please go to the following Microsoft Knowledge Base article: 2598970 Information about Microsoft Automated Troubleshooting Services and Support Diagnostic Platform