Configuration Manager - Diagnosing Unexpected Changes to the Driver Store

  • Article

While doing OSD deployments with Configuration Manager, if you find that a driver is missing in your driver packages and also in the driver store it can be difficult to find logging to identify what has changed. Note that the behavior of driver packages is that if a driver is deleted from the driver store the content will be deleted from the driver packages the next time it's updated (Ref - https://msdn.microsoft.com/en-us/library/jj217991.aspx).

You can pull the logs for all driver store changes by searching the state messages by component and by site. Using this state message query, set the component as ‘Microsoft.ConfigurationManagement.exe’ with the site and time set appropriately. Once the query populates all the data you can export it to a file that can then be opened in Excel for easier manipulation. Once within Excel, filter for events ids of 30152 and 30154 AND filter the Description field using a text contain filter for '/Driver'.  

You will now have all the creates and deletes for the driver store.

If you have a large number of logs here and you are looking for a specific driver that can be challenging as well. I noticed that when importing a driver that was previously deleted the unique identifier in the log stayed the same. If you were interested in the history of a particular driver that was deleted, re-importing it and then looking at the Excel file (prepared with the steps above) should give you the unique identifier of the driver within the Description field. If you then filtered the Description field using contain text filter with the value of this unique identifier you should have the create/delete history of the driver in the drive store.

Another way to pin down the unique identifier of a particular driver is to use the DriverCatalog.log from the site server which has a history of all imports. If you find the particular driver in the import log you then have a time that can be cross-referenced to the state message log for the driver create log entry (which holds the specific driver unique identifier).

Hope this strategy helps you if you are in need of this information.

 

Note that this method was used on Configuration Manager 1610 so your mileage may vary if using different Configuration Manager versions.