Skip to main content
Pure Technical Services

Troubleshooting: Collect Windows Server Logs and System Information

Currently viewing public documentation. Please login to access the full scope of documentation.

Overview

The followings information is available to help end users quickly gather Windows Server and Windows Server Failover Cluster related log files for analysis by Pure Storage Support. 

By running the script described below, or running the commands manually, the collection of logs and diagnostic information will help aid in troubleshooting. If gathering the log files manually, please make sure to include as much of the information below as possible.

Whether running the PowerShell script or gathering the information manually, both PowerShell and Command (CMD) windows must be run as an Administrator.

When gathering the Event Logs, there will also be a folder generated called "LocaleMetaData". Be sure to send the .evtx files along with the LocaleMetaData folder. The LocaleMetaData folder includes the Display Information.

Gathering Logs with a PowerShell Script

A PowerShell script is available that incorporates all of the manual collection steps given below. This script is available on GitHub as well as attached to this article. The latest updated version will always be available on GitHub. The script is also a part of the FlashArray PowerShell Toolkit. The script provides more flexibility with a -Cluster parameter for Windows Server Failover Cluster (WSFC) environments, as well as a -Compress parameter which allows for the ability to compress the logs for ease of submission to Support. 

The Get-WindowsDiagnosticinfo.ps1 script is not digitally signed. In order for the script to run in more secure environments, you must set the Set-ExecutionPolicy -RemoteSigned in the PowerShell session. After running the script, you can reset the execution restriction back to it's original state. To determine the current execution state, run Get-ExecutionPolicy.

To run the script:

  • Download the script from GitHub or this article. (If you are using the PowerShell Toolkit version 2.0.2.0 or later, the Get-WindowsDiagnosticinfo cmdlet is included.)
  • Open a PowerShell session as Administrator.
  • Go the location of the script download and execute it as follows:
    • For non-Windows Server Failover Cluster machines - . .\Get-WindowsDiagnosticInfo.ps1 -Compress
    • For Windows Server Failover Cluster machines - ..\Get-WindowsDiagnosticInfo.ps1 -Cluster -Compress
  • The script may take some time to run. Once complete, the uncompressed files will be located in a folder that is named after the computer name on the C:\ drive. The compressed .zip file containing all of the generated log files will be in the root of the C:\ drive.
  • Upload the compressed file to Pure Support. 

Manually Gathering Logs

General Windows Information:

The following information should be gathered for all Windows Server versions.

System Information Report
Run in command prompt:

msinfo32 /report c:\${env:computername}_msinfo32.txt

Hotfixes & QuickFix Engineering
Run in PowerShell:

Get-WmiObject -Class Win32_QuickFixEngineering | Select-Object -Property Description, HotFixID, InstalledOn | Format-table -Wrap -AutoSize  | out-file  c:\${env:computername}_Win32_QuickFixEngineering.txt
Get-HotFix | Format-table -Wrap -AutoSize | Out-File c:\${env:computername}_Get-Hotfix.txt

File System DeleteNotify Status
Run in PowerShell:

fsutil behavior query DisableDeleteNotify | out-file c:\${env:computername}_fsutil_behavior_DisableDeleteNotify.txt
Storage Information:

The following information should be gathered for all Windows Server versions.

MPIO and MSDSM details
Run in PowerShell:

Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\MSDSM\Parameters" | out-file c:\${env:computername}_Get-ItemProperty_msdsm.txt
Get-MSDSMGlobalDefaultLoadBalancePolicy | out-file c:\${env:computername}_Get-ItemProperty_msdsm_load_balance_policy.txt
Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\mpio\Parameters" | out-file c:\${env:computername}_Get-ItemProperty_mpio.txt
Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\Disk" | out-file c:\${env:computername}_Get-ItemProperty_disk.txt

Run in command prompt:

mpclaim -s -d | out-file c:\${env:computername}_mpclaim_-s_-d.txt
mpclaim -v | out-file c:\${env:computername}_mpclaim_-v.txt
 "SAN" | diskpart | Out-File c:\${env:computername}_SAN_policy.txt

Fibre Channel HBAs
Run in PowerShell:

Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\lpxnds\Parameters\Device\NumberOfRequests"  | out-file c:\${env:computername}_lpxnds_NumberOfRequests.txt
Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\ql2300\Parameters\Device" | out-file c:\${env:computername}_ql2300_Parameters.txt

Run in command prompt:

winrm e wmi/root/wmi/MSFC_FCAdapterHBAAttributes > c:\${env:computername}_MSFC_FCAdapterHBAAttributes.txt
winrm e wmi/root/wmi/MSFC_FibrePortHBAAttributes > c:\${env:computername}_MSFC_FibrePortHBAAttributes.txt

Event Logs in EVTX format

When gathering the Event Logs, there will also be a folder generated called "LocaleMetaData". Be sure to send the .evtx files along with the LocaleMetaData folder. The LocaleMetaData folder includes the Display Information.

Run in command prompt:

wevtutil epl System c:\${env:computername}_systemlog.evtx
wevtutil epl Setup c:\${env:computername}_setuplog.evtx
wevtutil epl Application c:\${env:computername}_applicationlog.evtx

wevtutil al c:\${env:computername}_systemlog.evtx
wevtutil al c:\${env:computername}_setuplog.evtx
wevtutil al c:\${env:computername}_applicationlog.evtx

Event Logs in CSV format
Run in PowerShell:

Get-WinEvent -FilterHashtable @{LogName = 'Application'; 'Level' = 1, 2, 3} -ErrorAction SilentlyContinue | Export-Csv "application_log-CRITICAL_ERROR_WARNING.csv" -NoTypeInformation
Get-WinEvent -FilterHashtable @{LogName = 'System'; 'Level' = 1, 2, 3 } -ErrorAction SilentlyContinue | Export-Csv "system_log-CRITICAL_ERROR_WARNING.csv" -NoTypeInformation
Get-WinEvent -FilterHashtable @{LogName = 'Security'; 'Level' = 1, 2, 3 } -ErrorAction SilentlyContinue | Export-Csv "security_log-CRITICAL_ERROR_WARNING.csv" -NoTypeInformation
Get-WinEvent -FilterHashtable @{LogName = 'Setup'; 'Level' = 1, 2, 3 } -ErrorAction SilentlyContinue | Export-Csv "setup_log-CRITICAL_ERROR_WARNING.csv" -NoTypeInformation

Get-WinEvent -FilterHashtable @{LogName = 'Application'; 'Level' = 4 } -ErrorAction SilentlyContinue | Export-Csv "application_log-INFO.csv" -NoTypeInformation
Get-WinEvent -FilterHashtable @{LogName = 'System'; 'Level' = 4 } -ErrorAction SilentlyContinue | Export-Csv "system_log-INFO.csv" -NoTypeInformation
Get-WinEvent -FilterHashtable @{LogName = 'Security'; 'Level' = 4 } -ErrorAction SilentlyContinue | Export-Csv "security_log-INFO.csv" -NoTypeInformation
Get-WinEvent -FilterHashtable @{LogName = 'Setup'; 'Level' = 4 } -ErrorAction SilentlyContinue | Export-Csv "setup_log-INFO.csv" -NoTypeInformation

Windows 2012 and Above

General Storage Information
Run in PowerShell:

Get-PhysicalDisk | select * | out-file c:\${env:computername}_Get-PhysicalDisk.txt
Get-Disk | select * | out-file c:\${env:computername}_Get-Disk.txt
Get-Volume | select * | out-file c:\${env:computername}_Get-Volume.txt
Get-Partition | select * | out-file c:\${env:computername}_Get-Partition.txt

NICs
Run in PowerShell:

Get-NetAdapter | Format-Table Name,ifIndex,Status,MacAddress,LinkSpeed,InterfaceDescription  -AutoSize | Out-File  c:\${env:computername}_Get-NetAdapter.txt
Get-NetAdapterAdvancedProperty  | ft DisplayName, DisplayValue, ValidDisplayValues | out-file c:\${env:computername}_Get-NetAdapterAdvancedProperty.txt -width 160

MPIO
Run in PowerShell:

Get-MPIOSetting | out-file c:\${env:computername}_Get-MPIOSetting.txt
Get-MPIOAvailableHW | out-file c:\${env:computername}_Get-MPIOAvailableHW.txt
Get-InitiatorPort | out-file c:\${env:computername}_Get-InitiatorPort.txt

Windows 2008R2

General Storage Information
Run in PowerShell:

Get-CimInstance -Class Win32_DiskDrive | Where-Object { $_.Model -like "PURE*" }| Format-Table -Autosize

NICs
Run in PowerShell:

netsh interface ipv4 show interface | Out-File c:\${env:computername}_netsh_ipv4_show_interface.txt
netsh interface ipv4 show config | Out-File c:\${env:computername}_netsh_ipv4_show_config.txt

 

Windows Failover Cluster Information

Please gather the following information if the Windows Server is configured for Failover Clustering.

Windows 2012 and Above

Cluster Log and Cluster Shared Volumes
Run in PowerShell:

Get-ClusterLog -Destination c:\
Get-ClusterSharedVolume | select * | out-file c:\${env:computername}_Get-ClusterSharedVolume.txt
Get-ClusterSharedVolumeState | select * | out-file c:\${env:computername}_Get-ClusterSharedVolumeState.txt

Windows 2008R2

Cluster Log
Run in command prompt:

cluster log /g /Copy:c:\${env:computername}_ClusterLog.txt