How to collect WinRM traces
Since “How to collect SCVMM traces” and “What to do when I have hosts in Needs Attention state?” are published, we've seen requests on how to further debug WinRM/WMI issues that lead to VMM AddHosts failures.
It’s particularly useful, when you run into a SCVMM error that is rooted from a WinRM error code with a generic error message. So, to make your debugging effort easier, here is the process to collect WinRM traces, which hopefully provide more clues on the root cause of the WinRM failure on the remote host with help from your Microsoft support:
1) Download the Windows SDK toolkit:
1. For Windows 2008 servers:
1. If the server you’re trying to collect WinRM traces from has Internet access, download tracelog from: https://www.microsoft.com/downloads/details.aspx?FamilyId=E6E1C3DF-A74F-4207-8586-711EBE331CDC&displaylang=en;
2. if not, you can download the iso image (about 1.4G) of the Windows SDK from here and burn it into a DVD: https://www.microsoft.com/downloads/details.aspx?FamilyId=F26B1AA4-741A-433A-9BE5-FA919850BDBF&displaylang=en
2. For Windows 2003 or client (XP / Vista) systems:
1. Download it from if you have Internet access: https://www.microsoft.com/downloads/details.aspx?FamilyID=4377f86d-c913-4b5c-b87e-ef72e5b4e065&displaylang=en&Hash=voZ0UJrspn5qT6W4kcu%2fOMSjQf75oB2WCTbQ262yAcHxnRmEWyOw6qqQlesatQ8YZBNHBRZQxyYohHYvUNyNPA%3d%3d
2. Download the ISO file from: https://www.microsoft.com/downloads/details.aspx?FamilyId=F26B1AA4-741A-433A-9BE5-FA919850BDBF&displaylang=en
2) Install The Windows SDK to one of the folders that are in you default path.
3) Save the following text into a starttracing.cmd file to the folder where you install Windows SDK (in particular tracelog.exe).
@echo off
@echo on
REM Usage:
REM this.cmd - turns all tracing on
REM this.cmd 0xHHHH - turns tracing w/ for specific bits
REM see bits in WPP_DEFINE_CONTROL_GUID for more details
REM bits a counted from first entry (0th bit) to last entry (Nth bit)
REM
REM E.g.: this.cmd 0x1C00 will turn on tracing for automation component
REM
@echo off
set FLAGS=0x1
if NOT {%1}=={} (
set FLAGS=%1
)
@echo FLAGS=%FLAGS%
@echo ------------------------------------------------------------------------------------------------
@echo attempting to stop and re-start Wmxlog logger for logging
@echo ------------------------------------------------------------------------------------------------
tracelog.exe -stop Wmxlog
tracelog.exe -start Wmxlog -f wmxlog.etl -guid tracectl.txt -ft 1 -flag %FLAGS%
@echo ------------------------------------------------------------------------------------------------
@echo run your application now and then use displaytrace.cmd to see the traces logged
@echo ------------------------------------------------------------------------------------------------
goto End
:CtlNotExist
@echo tracectl.txt is missing
goto End
:NtTreeNotDefined
@echo variable _NTTREE is not defined
goto End
:TraceFormatDirNotExist
@echo directory %_NTTREE%\Symbols.pri\TraceFormat (_NTTREE\Symbols.pri\TraceFormat) does not exist
goto End
:End
4) Save the following text into a stoptracing.cmd file to the folder where you put tracelog.exe.
@echo off
@echo ------------------------------------------------------------------------------------------------
@echo stop Wmxlog logger
@echo ------------------------------------------------------------------------------------------------
tracelog.exe -stop Wmxlog
5) Save the following text into a tracectl.txt file to the folder where you put tracelog.exe.
04c6e16d-b99f-4a3a-9b3e-b8325bbc781e WinRM
c0a36be8-a515-4cfa-b2b6-2676366efff7 WinrsMgr
f1cab2c0-8beb-4fa2-90e1-8f17e0acdd5d WinrsExe
03992646-3dfe-4477-80e3-85936ace7abb WinrsCmd
6) Run “starttracing.cmd”.
7) Repro your steps that you see the WinRM failure.
8) Run “stoptracing.cmd”. The resulting wmxlog.etl is the trace for WinRM.
Please note that the trace is unreadable since it's binary data. It needs to be sent to your Microsoft support contact to render and explain what has happened in the recorded trace.
Hope this helps and thanks for reading,
Cheng