[SDP 3] [5e6721af-928b-4323-97b8-692504c31d58] Authentication Diagnostic

Summary

The Authentication Diagnostic was designed to collect information used in troubleshooting common authentication and authorization issues.

More Information

This article describes the information that may be collected from a machine when running the Authentication Diagnostic.

 

Information Collected

Event Logs - General
Description                 File Name
Event Log – System – text, csv and evtx formats{Computername}_evt_System.*
Event Log – Application – text, csv and evtx formats{Computername}_evt_Application.*
Event Log – Security – text, csv and evtx formats{Computername}_evt_Security.*

Active Directory Information
Description                 File Name
User Logon Information (user identity, user status, logon authentication method, domain controller and global catalog used, and logon computer details){Computername}_UserLogonInfo.txt and in ResultReport.xml
Active Directory Domain Information (details about the current domain including a list of all domain controllers in the domain){Computername}_CurrentDomainInfo.txt and in ResultReport.xml
Active Directory Forest Information (details about domains in the current forest){Computername}_ForestInfo.txt and in ResultReport.xml
Active Directory Forest Trusts List (created trusted for the current forest){Computername}_TrustList.txt and in ResultReport.xml
Active Directory Site Domain Controller List{Computername}_SiteDCList.txt and in ResultReport.xml


Winlogon Debug Log
DescriptionFile Name
Winlogon debug log  %systemroot%\security\logs\winlogon.log{Computername}_winlogon.log


Whoami.exe
DescriptionFile Name
Output from the Whoami.exe utility, with the /all switch.{Computername}_whoami.txt


User Rights Configuration
DescriptionFile Name
Currently configured user rights for the local computer.{Computername}_UserRights.txt


Directory Services Miscellaneous
DescriptionFile Name
Domain functional level information and built in Administrators group membership.{Computername}_DSMisc.txt


Audit Policy Information
DescriptionFile Name
AuditPol Configuration{Computername}_ AuditPol_Configuration.*
AuditPol Per-User{Computername}_ AuditPol_Per-User.*
AuditPol User Policy{Computername}_ AuditPol_UserPolicy.*
Audit Policy Events{Computername}_ AuditPolPolicy.*


Secure Channel Information
DescriptionFile Name
Local domain secure channel information on domain member computers and trust secure channel information from domain controllers.  Also gathers basic domain and forest info.{Computername}_Secure_Channels.txt


Authentication Registry Items and Claims
DescriptionFile Name
Authentication related registry entries for effective settings.  Claims information if present.



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32time

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\Kerberos\Parameters



DCs Only:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\KDC\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS
{Computername}_AuthnSettings.txt


Kerberos Tickets
DescriptionFile Name
User session ticket information from Klist.exe.{Computername}_Klist.txt


Group Policy Information
DescriptionFile Name
Group policy results for the logged on user and computer.{Computername}_gpresult.txt
Group policy results for the logged on user and computer.{Computername}_gpresult.htm


User Token Details
Description                 File Name
User Token Details (security groups, group scopes, SIDHistory and token sizing information){Computername}_TokenDetails.txt

Windows Time Information
Description                 File Name
W32Time Reg Key{Computername}_W32Time_Reg_Key.txt
W32Time Reg Key Perms{Computername}_W32Time_Reg_Key_Perms.txt
W32Time Service Status{Computername}_W32Time_Service_Status.txt
W32Time Service Perms{Computername}_W32Time_Service_Perms.txt
W32TM /Monitor{Computername}_W32TM_Monitor.txt
W32TM /TestIf /QPS{Computername}_W32TM_TestIf_QPS.txt
W32TM Query Status{Computername}_W32TM_Query_Status.txt
W32TM Stripchart{Computername}_W32TM_Stripchart.txt

WINS Client Information
Description                 File Name
WINS Client nbtstat output{Computername}_ WinsClient_nbtstat-output.TXT



Netlogon Debug Logs
DescriptionFile Name
Netlogon.log located in %windir%\debug

{Computername}_Netlogon.log
Netlogon.bak located in %windir%\debug{Computername}_Netlogon.bak


DHCP Client Information
Description                 File Name
DHCP Client Registry Key{Computername}_ DhcpClient_reg_.TXT

IPSec Information
Description                 File Name
IPsec Powershell Cmdlets{Computername}_ IPsec_info_pscmdlets.TXT
IPsec Registry keys{Computername}_IPsec_reg_.TXT
IPsec netsh dynamic show all{Computername}_IPsec_netsh_dynamic.TXT
IPsec netsh static show all{Computername}_IPsec_netsh_static.TXT
IPsec Local Policy Export (.ipsec):{Computername}_netsh_LocalPolicyExport.ipsec

DNS Client Information
Description                 File Name
DnsClient Registry Keys{Computername}_ DnsClient_reg_.TXT
Ipconfig /displaydns{Computername}_ DnsClient_ipconfig-displaydns.TXT
DNS Client - HOSTS file{Computername}_ DnsClient_HostsFile.TXT
DNS Client Powershell Cmdlets{Computername}_ DnsClient_info_pscmdlets.TXT
DNS Client netsh show state (for DirectAccess){Computername}_ DnsClient_netsh_dnsclient-show-state.TXT

Firewall Information
Description                 File Name
Firewall PowerShell Cmdlets{Computername}_Firewall_info_pscmdlets.txt
Firewall Registry Keys{Computername}_Firewall_reg.txt
NETSH Advanced Firewall{Computername}_netsh_advFirewall.txt
NETSH Advanced Firewall Export{Computername}_netsh_advFirewall-export.wfw
NETSH Advanced Firewall Rules ConSec{Computername}_netsh_advFirewall-consec-rules.txt
NETSH Advanced Firewall Rules ConSec Active{Computername}_netsh_advFirewall-consec-rules-active.txt
NETSH Advanced Firewall Rules{Computername}_netsh_advFirewall-firewall-rules.txt
NETSH Advanced Firewall Rules Active{Computername}_netsh_advFirewall-firewall-rules-active.txt
NETSH WFP Show Events{Computername}_netsh_wfp_show_netevents.xml
NETSH WFP Show BootTimePolicy{Computername}_netsh_wfp_show.boottimepolicy.xml
NETSH WFP Show Filters{Computername}_netsh_wfp-show-filters.xml
NETSH WFP Show Options OptionsForNetEvents{Computername}_netsh_wfp-show-options-optionsfornetevents.txt
NETSH WFP Show Options OptionsForKeyWords{Computername}_netsh_wfp-show-options-optionsforkeywords.txt
NETSH WFP Show Security Net Events{Computername}_netsh_wfp-show-security-netevents.txt
NETSH WFP Show State{Computername}_netsh_wfp-show-state.xml
NETSH WFP Show Sysports{Computername}_netsh_wfp-show-sysports.xml
Microsoft-Windows-Windows Firewall With Advanced Security/Firewall{Computername}_evt_WindowsFirewallWithAdvancedSecurity-Firewall_evt_.*

TCP Information
Description                 File Name
TCPIP Info{Computername}_ TCPIP_info.TXT
TCPIP registry output{Computername}_ TCPIP_reg_output.TXT
TCP OFFLOAD{Computername}_TCPIP_OFFLOAD.TXT
TCPIP Services File{Computername}_TCPIP_ServicesFile.TXT
TCPIP Net Powershell Cmdlets{Computername}_TCPIP_info_pscmdlets_net.TXT
TCPIP IPv6 Transition Technology Info{Computername}_TCPIP_info_pscmdlets_IPv6Transition.TXT
TCPIP netsh output{Computername}_TCPIP_netsh_info.TXT
Microsoft-Windows-Iphlpsvc/Operational{Computername}_evt_Iphlpsvc-Operational_evt_.*

RPC Information
Description                 File Name
RPC netsh output{Computername}_ RPC_netsh_output.TXT
RPC registry output{Computername}_ RPC_reg_output.TXT

SMB Information
Description                 File Name
SMB Client registry output{Computername}_SmbClient_reg_output.TXT
SMB Client Information from Net.exe {Computername}_SmbClient_info.TXT
SMB Server registry output{Computername}_SmbServer_reg_output.TXT
SMB Server Information from tools like net.exe{Computername}_SmbServer_info.txt


In additional to the files collected and listed above, this troubleshooter can detect one or more of the following situations:

·          Problem detection for Dynamic Access Control Configuration (Windows 8 and Server 2012 only).

·          Problem detection for certificates which are soon to expire or have recently expired within 7 days.

·          Problem detection for identifying certificates with weak keys (RSA keys less than 1024 bits).

·          Problem detection: Cryptographic Cipher Configuration Detection to detect whether cipher uses have been configured explicitly on the computer or via group policy.

·          Problem detection to see if the local domain secure channel has problems (domain members only).

·          Problem detection to see if the secure channels to trusted domains are having problems.

·          Problem detection to see if the computer has experienced MaxConcurrentApi issues in the recent past or is currently seeing a MaxConcurrentApi issue.

·          Operating system name.

·          Time zone.

·          Last Reboot/Uptime.

·          Anti-Malware installed.

·          User Account Control setting.

·          Username logged on during data gathering.

·          Computer Model.

·          Processor information.

·          Computer domain name.

·          Computer domain role.

·          Physical memory.

·          Process summary.

·          Top memory usage statistics.

References                                                                                                                           

KB 926079 - Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT)
http://support.microsoft.com/kb/926079
Propiedades

Id. de artículo: 2765136 - Última revisión: 19 feb. 2014 - Revisión: 1

Comentarios