One of the most valuable things a support person can do is to create automation which can replicate the troubleshooting for known problems.
Over the past few years we have been investing in that automation using Windows Troubleshooting Platform SDK to create collections of PowerShell scripts which do data collection and problem detections (which we call “packages”) focused on certain technical areas. We have also created some web infrastructure for distributing the packages. These packages are used by CSS engineers to collect the appropriate data to troubleshoot problems and to call out known problems.
The best thing about these packages is that they are now available for anyone to use at Fix It Center Pro. Fix It Center Pro let’s you select and run the CSS packages on whatever computer you like, without having to open a support incident with Microsoft (though you can if you want) and without having to send that data to anyone. You do need to have a Microsoft Live account (or Outlook.com or Hotmail) to logon to the site, but that is the only constraint.
Once you logon here is what you should see:
After getting past the “Welcome…” popup a list of the available diagnostic packages appears in a list. But I said something about having the diagnostics I and my colleagues use there, didn’t I? There are several which are now available for anyone to at that site.
Let’s go over what is available there now for Active Directory and Directory Services in detail and a high level overview of when you would want to use them:
Directory Services Diagnostic (DSDiag)
This is the diagnostic to use for Active Directory Domain Services (ADDS). It works on Windows Server 2003 and later, and does basic health tests when ran on domain controllers. The diagnostic will call out known configuration problems if they are detected. It also collects domain related and security information that can be useful when troubleshooting AD concerns. More detail on what data it collects is available in this KB article: 2736625.
Directory Services PKI Interactive Diagnostic (PKIDiag)
If you have a Public Key Infrastructure (PKI) related issue, or concerns with Active Directory Certificate Services (ADCS) this is the diagnostic to use. In addition to gathering relevant certificate details from the computer, this diagnostic also checks for known concerns with certificates which are soon to expire or expired, weak certificate public keys, and more. Additional detail on what the diagnostic collects is available in this KB article: 2642485.
Office 365 Single Sign On Diagnostic (SSODiag)
Office 365 (O365) and Windows Azure Active Directory (WAAD) offer some challenges which can be tough to understand. This diagnostic is designed to collect information about your WAAD or O365 tenant and put it at your fingertips. In addition to that it will check for known single sign on related issues with Active Directory Federated Services configuration or Shibboleth if you use that for your federated solution. More detail on what data is collected by this diagnostic is available at this KB: 2842997.
Office 365 Directory Synchronization Diagnostics (DirSyncDiag)
Office 365 (O365) and Windows Azure Active Directory (WAAD) offers the service of allowing your on premise Active Directory to synchronize to the “cloud” so that the data is available for use by other services. This feature is called Directory Synchronization and is based on Forefront Identity Management (FIM). The diagnostic will look for common configuration issues, it will identify objects which are not successfully synchronizing and it will suggest what to do to resolve any issues found. In addition the diagnostic collects relevant data for troubleshooting DirSync issues. Additional details on what the diagnostic collects is available in this KB article: 2844079.
MaxConcurrentApi Diagnostic (MCADiag)
“MaxConcurrentApi” issues are authentication conditions which are caused by a high volume of NTLM password or Kerberos PAC validations. The symptoms of these issues are described well in this KB article. This problem is very difficult to detect and diagnose but the MaxConcurrentApi Diagnostic can let you diagnose it. MCADiag can run immediately to check whether a server is having the problem right then, or it can be started in “wait until issue occurs” mode where it will not continue the data collection and testing until a problem condition starts. When the diagnostic is finished it gives a summary of what servers saw the problem and action to take to resolve it. More detail on the data which MCADiag collects can be found in KB 2709071.
So we have five diagnostics available for folks to use without ever having to call Microsoft to get at them. In my experience these diagnostics are time savers at the very least in that they put the useful data-and only the useful data-right in front of you without you having to spend the time to collect it.
For some issues the diagnostic may actually call out known problems to you and give you a link to content on how to fix it. That is the Nerd-vana for any IT person.
I’ll talk more about these diagnostics and give detail on what they can do and detect in later posts. Until next time…