Summary

The Microsoft Exchange Server Diagnostic collects comprehensive information to help you troubleshoot issues with Microsoft Exchange Server 2013 or 2016.

More Information

This article describes information that the Microsoft Exchange Server Diagnostic may collect from your computer. This article also describes the names of the output files.  

Note The information that is collected depends on the installed roles, features, and configuration.

Information that is collected

Exchange Server and organization baseline

Description

File name

All Exchange Servers - Versions and Roles

<computer_name>_AllExchangeServers*.txt

Get-ExchangeCertificate cmdlet output

<computer_name>_ExchangeCertificate*.txt

Get-ExchangeServer cmdlet output

<computer_name>_ExchangeServer*.txt

Get-PowerShellVirtualDirectory cmdlet output

<computer_name>_PowerShellVirtualDirectory*.txt

Get-MalwareFilteringServer cmdlet output

<computer_name>_MalwareFilteringServer*.txt

Get-OrganizationConfig cmdlet output

<computer_name>_OrganizationConfig*.txt

Get-UserPrincipalNamesSuffix cmdlet output

<computer_name>_UserPrincipalNamesSuffix*.txt

Get-WorkloadManagementPolicy cmdlet output

<computer_name>_WorkloadManagementPolicy*.txt

Get-WorkloadPolicy cmdlet output

<computer_name>_WorkloadPolicy*.txt

Get-ResourcePolicy cmdlet output

<computer_name>_ResourcePolicy*.txt

Get-SiteMailboxProvisioningPolicy cmdlet output

<computer_name>_SiteMailboxProvisioningPolicy.txt

Get-AcceptedDomain cmdlet output

<computer_name>_AcceptedDomain*.txt

Get-RemoteDomain cmdlet output

<computer_name>_RemoteDomain*.txt

Get-EmailAddressPolicy cmdlet output

<computer_name>_EmailAddressPolicy*.txt

Get-SendConnector cmdlet output

<computer_name>_SendConnector*.txt

Get-EdgeSubscription cmdlet output

<computer_name>_EdgeSubscription*.txt

Get-EdgeSyncServiceConfig cmdlet output

<computer_name>_EdgeSyncServiceConfig*.txt

Get-DataClassification cmdlet output

<computer_name>_DataClassification*.txt

Get-DlpPolicyTemplate cmdlet output

<computer_name>_DlpPolicyTemplate*.txt

Get-DlpPolicy cmdlet output

<computer_name>_DlpPolicy*.txt

Get-MalwareFilterPolicy cmdlet output

<computer_name>_MalwareFilterPolicy*.txt

Get-PolicyTipConfig cmdlet output

<computer_name>_PolicyTipConfig*.txt

Get-AvailabilityAddressSpace cmdlet output

<computer_name>_AvailabilityAddressSpace*.txt

Get-AvailabilityConfig cmdlet output

<computer_name>_AvailabilityConfig*.txt

Get-ThrottlingPolicy cmdlet output

<computer_name>_ThrottlingPolicy*.txt

Get-ActiveSyncMailboxPolicy cmdlet output

<computer_name>_ActiveSyncMailboxPolicy*.txt

Get-ActiveSyncDeviceAutoblockThreshold cmdlet output

<computer_name>_ActiveSyncDeviceAutoblockThreshold*.txt

Get-MobileDeviceMailboxPolicy cmdlet output

<computer_name>_MobileDeviceMailboxPolicy*.txt

Get-OutlookProvider cmdlet output

<computer_name>_OutlookProvider*.txt

Get-App cmdlet output

<computer_name>_App*.txt

Get-UMDialPlan cmdlet output

<computer_name>_UMDialPlan*.txt

Get-UMHuntGroup cmdlet output

<computer_name>_UMHuntGroup*.txt

Get-UMMailboxPolicy cmdlet output

<computer_name>_UMMailboxPolicy*.txt

Get-UMAutoAttendant cmdlet output

<computer_name>_UMAutoAttendant*.txt

Get-UMDialPlan (InCountryOrRegionGroups) cmdlet output

<computer_name>_UMDialPlan_[DialPlan.Name]_CountryOrRegionGroups.txt

Get-UMDialPlan (ConfiguredInternationalGroups) cmdlet output

<computer_name>_UMDialPlan_[DialPlan.Name]_InternationalGroups.txt

Get-UMAutoAttendant (BusinessHoursKeyMapping) cmdlet output

<computer_name>_UMAutoAttendant_[UMAutoAttendant.Name]_BusinessHoursKeyMapping.txt

Get-UMAutoAttendant (AfterHoursKeyMapping) cmdlet output

<computer_name>_UMAutoAttendant_[UMAutoAttendant.Name]_AfterHoursKeyMapping.txt

Get-FederationTrust cmdlet output

<computer_name>_FederationTrust*.txt

Test-FederationTrustCertificate cmdlet output

<computer_name>_FederationTrustCertificate*.txt

Get-FederatedOrganizationIdentifier cmdlet output

<computer_name>_FederatedOrganizationIdentifier*.txt

Get-OrganizationRelationship cmdlet output

<computer_name>_OrganizationRelationship*.txt


Exchange Server IIS information

Description

File name

IIS W3SVC Logs for each site from the past three days

<computer_name>_W3SVC[n]LogFiles.zip


Exchange Mailbox Server role

Description

File name

Get-MailboxServer cmdlet output

<computer_name>_MailboxServer*.txt

Get-MailboxDatabase cmdlet output for each database on server

<computer_name>_DBMb_[mailboxDatabase.Name]*.txt

Get-ChildItem -Path output for each database file path

<computer_name>_DBMb_[mailboxDatabase.Name]_EDBFilePath_Contents*.txt

Get-ChildItem -Path output for each database log folder path

<computer_name>_DBMb_[mailboxDatabase.Name]_LogFolderPath*.txt

Get-DatabaseAvailabilityGroup cmdlet output

<computer_name>_DAG_[DAG.Name]*.txt

Get-DatabaseAvailabilityGroupNetwork cmdlet output

<computer_name>_DAGNetworks*.txt

Get-MailboxDatabaseCopyStatus cmdlet output

<computer_name>_MailboxDatabaseCopyStatus*.txt

Get-StoreUsageStatistics cmdlet output

<computer_name>_StoreUsageStatistics*.txt

Get-PopSettings cmdlet output

<computer_name>_PopSettings*.txt

Get-ImapSettings cmdlet output

<computer_name>_ImapSettings*.txt

Get-OutlookAnywhere cmdlet output

<computer_name>_OutlookAnywhere*.txt

Get-ActiveSyncVirtualDirectory cmdlet output

<computer_name>_ActiveSyncVirtualDirectory*.txt

Get-AutodiscoverVirtualDirectory cmdlet output

<computer_name>_AutodiscoverVirtualDirectory*.txt

Get-OabVirtualDirectory cmdlet output

<computer_name>_OabVirtualDirectory*.txt

Get-OwaVirtualDirectory cmdlet output

<computer_name>_OwaVirtualDirectory*.txt

Get-EcpVirtualDirectory cmdlet output

<computer_name>_EcpVirtualDirectory*.txt

Get-PowerShellVirtualDirectory cmdlet output

<computer_name>_PowerShellVirtualDirectory*.txt

Get-WebServicesVirtualDirectory cmdlet output

<computer_name>_WebServicesVirtualDirectory*.txt

HKLM: SOFTWARE\Microsoft\Rpc\RpcProxy registry key and subkey values

<computer_name>_REG_RPCPROXY*.txt

RpcHttp logs from the previous one day

<computer_name>_Logs_RpcHttp.zip

RPC Client Access logs from the past three days

<computer_name>_Logs_RPC Client Access.zip

AddressBook Service logs from the past three days

<computer_name>_Logs_AddressBook Service.zip

Update-HybridConfiguration logs from the previous one day

<computer_name>_Logs_Update-HybridConfiguration.zip

Get-TransportService cmdlet output

<computer_name>_TransportService*.txt

Get-ReceiveConnector cmdlet output

<computer_name>_ReceiveConnector*.txt

Get-Queue cmdlet output

<computer_name>_Queue*.txt

Get-MailboxTransportService cmdlet output

<computer_name>_MailboxTransportService*.txt

Get-TransportAgent cmdlet output

<computer_name>_TransportAgent*.txt

Get-TransportPipeline cmdlet output

<computer_name>_TransportPipeline*.txt

Get-EdgeSyncServiceConfig cmdlet output

<computer_name>_EdgeSyncServiceConfig*.txt

QueueViewer logs from the previous one day

<computer_name>_Logs_QueueViewer.zip

MessageTracking logs from the past three days

<computer_name>_Logs_MessageTracking.zip

BE_Routing logs from the previous one day

<computer_name>_Logs_BE_Routing.zip

BE_Agent logs from the previous one day

<computer_name>_Logs_BE_Agent.zip

Get-UMService cmdlet output

<computer_name>_UMService*.txt


Failover cluster information

Description

File name

Basic failover cluster information: This includes information from existing resources and groups. On operating systems that are earlier than Windows Server 2008 R2, the tool runs the clusmps.exe utility. On newer operating systems, the tool runs FailoverCluster Windows PowerShell cmdlets.

resultreport.xml

<computer_name>_cluster_mps_information.txt


General performance information

Description

File name

Information about process and threads by using the pstat.exe tool

<computer_name>_PStat.txt

Event log information

Description

File name

Event log - Application: txt, csv, and evtx formats

<computer_name>_evt_Application.*

Event log - System: txt, csv, and evtx formats

<computer_name>_evt_System.*

Event logs - FailoverClustering*: txt, csv, and evtx formats

<computer_name>_evt_FailoverClustering*.*

Event logs - Windows PowerShell: txt, csv, and evtx formats

<computer_name>_evt_*PowerShell*.*

Event logs - Exchange*: txt, csv, and evtx formats

<computer_name>_evt_*Exchange*.*

General registry data collection

Description

File name

HKLM\Software\Microsoft\Windows\CurrentVersion

<computer_name>_reg_CurrentVersion.txt

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

<computer_name>_reg_Uninstall.txt

HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions

<computer_name>_reg_ProductOptions.txt

HKLM\System\CurrentControlSet\Control\CrashControl

<computer_name>_reg_Recovery.txt

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

<computer_name>_reg_Startup.txt

HKLM\SYSTEM\CurrentControlSet\Control\Print

<computer_name>_reg_Print.txt

HKCU\Software\Policies

<computer_name>_reg_Policies.txt

HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation

<computer_name>_reg_TimeZone.txt

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

<computer_name>_reg_TimeZone.txt

File version information (Chksym)

Description

File name

File version information from %windir%\cluster\*.*

<computer_name>_sym_ProgramFiles_sys.*

File version information from %windir%\system32\*.dll

<computer_name>_sym_System32_dll.*

File version information from %windir%\system32\*.exe

<computer_name>_sym_System32_exe.*

File version information from %windir%\system32\*.sys

<computer_name>_sym_System32_sys.*

File version information from %windir%\system32\drivers folder

<computer_name>_sym_Drivers.*

File version information from %windir%\syswow64 folder and subfolders

<computer_name>_sym_SysWOW64_sys.*

File version information from %windir%\syswow64\drivers folder

<computer_name>_sym_SysWOW64_sys.*

File version information from <Program Files (x86)>\*.sys folder and subfolders

<computer_name>_sym_ProgramFilesx86_sys.*

File version information from <Program Files (x86)>\*.sys folder and subfolders

<computer_name>_sym_ProgramFiles_sys.*

File version information from %windir%\system32\Spool\*.*

<computer_name>_sym_PrintSpooler.*

File version information from %windir%\cluster\*.*

<computer_name>_sym_Cluster.*

File version information from %ProgramFiles%\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.*

<computer_name>_sym_MS_iscsi.*

File version information from drivers that are currently running on the computer

<computer_name>_sym_RunningDrivers.*

File version information from processes that are currently running on the computer

<computer_name>_sym_Process.*



In addition to collecting the information that is described earlier, this diagnostic package can detect one or more of the following symptoms:

  • Check whether cluster groups are in Offline or Failed state

  • Check whether the state of one or more cluster nodes is down or paused

  • Check whether Cluster service is not running or offline

  • Check for Advanced Format Drives

  • Check for Native 4K drives on the system

  • Check whether KB 982018 is not installed or the files are outdated

  • Check for Active Directory Domain Services (AD DS) replication failures

  • Check AD DS for lingering objects

  • Check for AD DS replication errors

  • Check for potentially risky audit failure settings (CrashOnAuditFail)

  • Check for a possible Stop error caused by audit failure

  • Check for High CPU usage by Local Security Authority Subsystem Service (LSASS)

  • Check whether the SYSVOL and NETLOGON shares are missing on domain controller

  • Check for domain controller that is missing Rid Set reference attributes in AD DS

  • Check whether the domain controller points to itself for Domain Name System (DNS) exclusively

  • Check for USN Rollback

  • Check state of Intersite Messaging service.

  • Check whether the DFSR UpdateWorkerThreadCount setting is lower than 64

  • Check whether the IPv6 protocol was disabled on a domain controller

  • Check for Win32time configuration for time skew

  • Check for MaxConcurrentApi NTLM bottlenecks or delays

  • Check for Certificates that have Weak RSA Keys

  • Check whether the Cluster Name Object (CNO) exists and it is enabled in AD DS

  • Cluster Shared Volumes issues

  • Check for third-party virtualization solution from Xsigo

  • Check for LmCompatibilityLevel setting

  • Check firewall rules on cluster nodes that have IPv6 enabled

  • Check whether the FailoverCluster Crypto resource exists

  • Check for FailoverCluster missing dependent resources

  • Check whether PMTU was disabled on computer

  • Check for unexpected TCP/IP registry settings (KB 967224)

  • Check whether Opportunistic Locking is disabled

  • Check for too many 6to4 adapters, which may result in decreased startup and logon performance

  • Check whether the Tunnel.sys driver is missing a Windows Server 2008 R2 Server Core installation option

  • Check whether the InfoCacheLevel setting is configured to enable caching for all files and folders

  • Check for processes that use many handles

  • Check for possible Kernel Memory performance-related problem

  • Check for low System PTEs

  • Check for low Virtual Memory

  • Check whether Appsense EM 8.1 is installed on the computer.

  • Check for large number of Inactive Terminal Services ports

  • Check whether the Registry Size Limit setting is present on the system

  • Check the PoolUsageMaximum Setting

  • Check for shared PST files

  • Check for McAfee Endpoint Encryption version, which may cause slow startup issues

  • Check for terminal services licensing binary versions for Windows Server 2003

  • Check for a specific version of SEP that may cause handle leak

  • Check RPC settings that allow for unauthenticated sessions

  • Check for Performance counters to determine whether there is an issue with NTFS metafile cache memory consumption

  • Check for the ProcessorAffinityMask setting for multiprocessor Windows Server 2003 computers

  • Check the ClearPageFileAtShutdown setting, which may cause slow shutdown

  • Check for the NMICrashDump setting on HP ProLiant DL385 G5

  • Check the state of the Search Service when Lenovo Rapid Boot Software is installed

  • Check pool memory that is allocated for "D2d" tag

  • Check pool memory that is allocated for "RxM4" and "SeTI" tag

  • Check pool memory that is allocated for "SslC" tag

  • Check pool memory that is allocated for "Toke" tag on terminal services

  • Check for older versions of MPIO.SYS

  • Check for Broadcom Advanced Server Program driver information

  • Check for Aladdin Knowledge Systems Device Drivers

  • Check the state of the Application Compatibility Engine

  • Check pool memory usage from Citrix XTE process

  • Check whether the Users group has permissions under HKCR\CLSID

  • Check HeapDecommitFreeBlockThreshold registry value

  • Check whether the Wsftpsi.dll file causes Windows Explorer crashes

  • Check the Netapi32.dll file version

  • Check for Symantec Endpoint Protection MR1/MR2

  • Check for Symantec Intrusion Protection System (IPS) driver

  • Check whether the EMC Replistor Software is installed on the computer and whether the hotfix that is described in article KB 975759 is not installed

  • Check for unsupported versions of Windows Vista or Windows Server 2008

  • Check whether DEP and PAE are enabled on a 32-bit system

  • Check whether Ultimaco Safeware disk encryption is installed and the current version

  • Check whether the Telnet service is running under System account

  • Check for known issue with BIOS version of PowerEdge R910, R810, and M910

  • Check the value of "SystemPages" in Memory Management registry key


References

For more information about the Microsoft Automated Troubleshooting Services and about the Support Diagnostics Platform, please go to the following Microsoft Knowledge Base article:

2598970 Information about Microsoft Automated Troubleshooting Services and Support Diagnostic Platform

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×