Troubleshooting: Collect Windows Server Logs and System Information
This KB has been migrated to the new Knowledge Base and can be found here: https://kb.purestorage.com/csm?id=kb...icle=KB0014074.
Please update your bookmarks, if you have any questions please ping us at knowledge-feedback@purestorage.com.
Overview
The followings information is available to help end users quickly gather Windows Server and Windows Server Failover Cluster related log files for analysis by Pure Storage Support.
By running the script described below, or running the commands manually, the collection of logs and diagnostic information will help aid in troubleshooting. If gathering the log files manually, please make sure to include as much of the information below as possible.
Whether running the PowerShell script or gathering the information manually, both PowerShell and Command (CMD) windows must be run as an Administrator.
When gathering the Event Logs, there will also be a folder generated called "LocaleMetaData". Be sure to send the .evtx files along with the LocaleMetaData folder. The LocaleMetaData folder includes the Display Information.
Gathering Logs with a PowerShell Script
A PowerShell script is available that incorporates all of the manual collection steps given below. This script is available on GitHub as well as attached to this article. The latest updated version will always be available on GitHub. The script is also a part of the FlashArray PowerShell Toolkit. The script provides more flexibility with a -Cluster parameter for Windows Server Failover Cluster (WSFC) environments, as well as a -Compress parameter which allows for the ability to compress the logs for ease of submission to Support.
The Get-WindowsDiagnosticinfo.ps1 script is not digitally signed. In order for the script to run in more secure environments, you must set the Set-ExecutionPolicy -RemoteSigned in the PowerShell session. After running the script, you can reset the execution restriction back to it's original state. To determine the current execution state, run Get-ExecutionPolicy.
To run the script:
- Download the script from GitHub or this article. (If you are using the PowerShell Toolkit version 2.0.2.0 or later, the
Get-WindowsDiagnosticinfocmdlet is included.) - Open a PowerShell session as Administrator.
- Go the location of the script download and execute it as follows:
- For non-Windows Server Failover Cluster machines -
. .\Get-WindowsDiagnosticInfo.ps1 -Compress - For Windows Server Failover Cluster machines -
..\Get-WindowsDiagnosticInfo.ps1 -Cluster -Compress
- For non-Windows Server Failover Cluster machines -
- The script may take some time to run. Once complete, the uncompressed files will be located in a folder that is named after the computer name on the C:\ drive. The compressed .zip file containing all of the generated log files will be in the root of the C:\ drive.
- Upload the compressed file to Pure Support.
Manually Gathering Logs
General Windows Information:
The following information should be gathered for all Windows Server versions.
System Information Report
Run in command prompt:
msinfo32 /report c:\${env:computername}_msinfo32.txt
Hotfixes & QuickFix Engineering
Run in PowerShell:
Get-WmiObject -Class Win32_QuickFixEngineering | Select-Object -Property Description, HotFixID, InstalledOn | Format-table -Wrap -AutoSize | out-file c:\${env:computername}_Win32_QuickFixEngineering.txt
Get-HotFix | Format-table -Wrap -AutoSize | Out-File c:\${env:computername}_Get-Hotfix.txt
File System DeleteNotify Status
Run in PowerShell:
fsutil behavior query DisableDeleteNotify | out-file c:\${env:computername}_fsutil_behavior_DisableDeleteNotify.txt
Storage Information:
The following information should be gathered for all Windows Server versions.
MPIO and MSDSM details
Run in PowerShell:
Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\MSDSM\Parameters" | out-file c:\${env:computername}_Get-ItemProperty_msdsm.txt
Get-MSDSMGlobalDefaultLoadBalancePolicy | out-file c:\${env:computername}_Get-ItemProperty_msdsm_load_balance_policy.txt
Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\mpio\Parameters" | out-file c:\${env:computername}_Get-ItemProperty_mpio.txt
Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\Disk" | out-file c:\${env:computername}_Get-ItemProperty_disk.txt
Run in command prompt:
mpclaim -s -d | out-file c:\${env:computername}_mpclaim_-s_-d.txt
mpclaim -v | out-file c:\${env:computername}_mpclaim_-v.txt
"SAN" | diskpart | Out-File c:\${env:computername}_SAN_policy.txt
Fibre Channel HBAs
Run in PowerShell:
Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\lpxnds\Parameters\Device\NumberOfRequests" | out-file c:\${env:computername}_lpxnds_NumberOfRequests.txt
Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\ql2300\Parameters\Device" | out-file c:\${env:computername}_ql2300_Parameters.txt
Run in command prompt:
winrm e wmi/root/wmi/MSFC_FCAdapterHBAAttributes > c:\${env:computername}_MSFC_FCAdapterHBAAttributes.txt
winrm e wmi/root/wmi/MSFC_FibrePortHBAAttributes > c:\${env:computername}_MSFC_FibrePortHBAAttributes.txt
Event Logs in EVTX format
When gathering the Event Logs, there will also be a folder generated called "LocaleMetaData". Be sure to send the .evtx files along with the LocaleMetaData folder. The LocaleMetaData folder includes the Display Information.
Run in command prompt:
wevtutil epl System c:\${env:computername}_systemlog.evtx
wevtutil epl Setup c:\${env:computername}_setuplog.evtx
wevtutil epl Application c:\${env:computername}_applicationlog.evtx
wevtutil al c:\${env:computername}_systemlog.evtx
wevtutil al c:\${env:computername}_setuplog.evtx
wevtutil al c:\${env:computername}_applicationlog.evtx
Event Logs in CSV format
Run in PowerShell:
Get-WinEvent -FilterHashtable @{LogName = 'Application'; 'Level' = 1, 2, 3} -ErrorAction SilentlyContinue | Export-Csv "application_log-CRITICAL_ERROR_WARNING.csv" -NoTypeInformation
Get-WinEvent -FilterHashtable @{LogName = 'System'; 'Level' = 1, 2, 3 } -ErrorAction SilentlyContinue | Export-Csv "system_log-CRITICAL_ERROR_WARNING.csv" -NoTypeInformation
Get-WinEvent -FilterHashtable @{LogName = 'Security'; 'Level' = 1, 2, 3 } -ErrorAction SilentlyContinue | Export-Csv "security_log-CRITICAL_ERROR_WARNING.csv" -NoTypeInformation
Get-WinEvent -FilterHashtable @{LogName = 'Setup'; 'Level' = 1, 2, 3 } -ErrorAction SilentlyContinue | Export-Csv "setup_log-CRITICAL_ERROR_WARNING.csv" -NoTypeInformation
Get-WinEvent -FilterHashtable @{LogName = 'Application'; 'Level' = 4 } -ErrorAction SilentlyContinue | Export-Csv "application_log-INFO.csv" -NoTypeInformation
Get-WinEvent -FilterHashtable @{LogName = 'System'; 'Level' = 4 } -ErrorAction SilentlyContinue | Export-Csv "system_log-INFO.csv" -NoTypeInformation
Get-WinEvent -FilterHashtable @{LogName = 'Security'; 'Level' = 4 } -ErrorAction SilentlyContinue | Export-Csv "security_log-INFO.csv" -NoTypeInformation
Get-WinEvent -FilterHashtable @{LogName = 'Setup'; 'Level' = 4 } -ErrorAction SilentlyContinue | Export-Csv "setup_log-INFO.csv" -NoTypeInformation
Windows 2012 and Above
General Storage Information
Run in PowerShell:
Get-PhysicalDisk | select * | out-file c:\${env:computername}_Get-PhysicalDisk.txt
Get-Disk | select * | out-file c:\${env:computername}_Get-Disk.txt
Get-Volume | select * | out-file c:\${env:computername}_Get-Volume.txt
Get-Partition | select * | out-file c:\${env:computername}_Get-Partition.txt
NICs
Run in PowerShell:
Get-NetAdapter | Format-Table Name,ifIndex,Status,MacAddress,LinkSpeed,InterfaceDescription -AutoSize | Out-File c:\${env:computername}_Get-NetAdapter.txt
Get-NetAdapterAdvancedProperty | ft DisplayName, DisplayValue, ValidDisplayValues | out-file c:\${env:computername}_Get-NetAdapterAdvancedProperty.txt -width 160
MPIO
Run in PowerShell:
Get-MPIOSetting | out-file c:\${env:computername}_Get-MPIOSetting.txt
Get-MPIOAvailableHW | out-file c:\${env:computername}_Get-MPIOAvailableHW.txt
Get-InitiatorPort | out-file c:\${env:computername}_Get-InitiatorPort.txt
Windows 2008R2
General Storage Information
Run in PowerShell:
Get-CimInstance -Class Win32_DiskDrive | Where-Object { $_.Model -like "PURE*" }| Format-Table -Autosize
NICs
Run in PowerShell:
netsh interface ipv4 show interface | Out-File c:\${env:computername}_netsh_ipv4_show_interface.txt
netsh interface ipv4 show config | Out-File c:\${env:computername}_netsh_ipv4_show_config.txt
Windows Failover Cluster Information
Please gather the following information if the Windows Server is configured for Failover Clustering.
Windows 2012 and Above
Cluster Log and Cluster Shared Volumes
Run in PowerShell:
Get-ClusterLog -Destination c:\
Get-ClusterSharedVolume | select * | out-file c:\${env:computername}_Get-ClusterSharedVolume.txt
Get-ClusterSharedVolumeState | select * | out-file c:\${env:computername}_Get-ClusterSharedVolumeState.txt
Windows 2008R2
Cluster Log
Run in command prompt:
cluster log /g /Copy:c:\${env:computername}_ClusterLog.txt