Monthly Archives: July 2012

Troubleshooting articles.

imageOnce I have run into some article which was actually a list of references to the Windows IT Pro articles. I don’t even remember where I saw the article (probably it was WinITPro itself), but I all of a sudden remembered, that it was useful for me.

The list was named in my collection as “troubleshooting learning path” and it truly is. below is the list. What you need to access any article stated here is to enter an InstantDoc ID in search on the main page of WinITPro.

Have fun:


Name InstantDoc ID
Administrators’ Intro to Debugging 101818
Conquer Desktop Heap Problems 101701
Disk2vhd: The Windows Troubleshooter’s New Best Friend 102980
Examining Xperf 102054
Find the Binary File for Any WMI Class 102615
Further Adventures in Debugging 102867
Get a Handle on Windows Performance Analysis 101162
Got High-CPU Usage Problems? ProcDump ‘Em! 102479
Reap the Power of MPS_Reports Data 101468
Resolve Memory Leaks Faster 99933
Resolve WMI Problems Quickly with WMIDiag 100845
Say ‘Whoa!’ to Runaway Processes 100212
Simplify Process Troubleshooting with DebugDiag 100577
Troubleshooting the Infamous Event ID 333 Errors 101059
Under the Covers with Xperf 102263

Best practices for… chkdsk

imageThe longer I work, the more I’m aware of the simple fact: even the most routine and mundane thing, technology or tool can have something to learn about it. Like you never know what is a cake you it is made from, unless you try to make it yourself =)

The same stuff can be told about, say, chkdsk. What do you think: do you need to know something more than command line switches about chkdsk? Ok, if you don’t have an inquiring mind then probably not. But probably you just don’t know what impact it can have on your environment. For example, let’s imagine quite a usual situation: your fileserver has been growing with the company unless you finally got your own very special SLA for it. This SLA was negotiated with IT and everyone took into account practically everything:

– time of recovery for any subset of the information (some bits are required ASAP, while others can wait some time)

– time required to recover broken equipment

– and so on and so forth.

But one pretty good day your volume (which stores about 500M small files) was marked as “dirty” and went into chkdsk after reboot… Had you incorporated this 99 hours (!!!) downtime into your SLA? I hadn’t =(

Fortunately, I still have some time for thinking of it and even more because I haven’t yet run into the situation and now, after reading the document named “NTFS Chkdsk Best Practices and Performance”, I have some ideas for my future SLAs Winking smile

BTW, in Server 2012 there will be some big improvement over described issues. Read and prepare yourself.

Creating your own troubleshooting pack


Take notice: My new feed address is now Please re-subscribe.

As I wrote in one of my blogs, you not only can tell your user which exactly troubleshooting pack to run, you can also create one of your own. Finally I decided to learn how and to tell you. I was pretty sure it was very hard, creating those. But I was plain wrong: it’s easy. Moreover it’s fun, because for creating it you should collect all the components of a geek’s fun:

1) Use GUI

2) Use scripting

3) Run the automation and see the result!

So, let’s begin.

Unfortunately, you cannot just create a pack with Notepad. Well, probably there is a method, but I believe it is far less convenient than the following. First of all you need to download and install Windows 7 SDK. I, honestly, don’t know which component exactly contains the feature we are going to use, so you can find it out yourself, or just follow me and care not about it. After installation you’ll have a menu entry for Troubleshooting Pack Designer:


You only need to decide what is the problem you’re going to solve with the pack. In my example, I’m going to automatically detect and fix one simple yet annoying defect: my Dell notebook sometimes cannot detect network speed while on a dock-station. Disabling and re-enabling the interface is one of the workarounds, which I don’t erally hate, but which I’d like to automate. (ok, I know that just a two line script would be enough, but then I wouldn’t have had a simple enough scenario to show you Winking smile)So, I launch the designer:


and create a new project:



(take notice of “Privacy URL” field: it is mandatory) Everything else is pretty straightforward from now on. Add a new root cause (you can add several of them). In my case it is “A Network is detected 10Mbps instead of 100”:


and hit “Design Troubleshooter” button. You’ll be presented with several settings. Troubleshooter – whether to run it elevated and interact with a user. In my case I set both to No:


Then configure a resolver and in the same way:


Surely we want our tool to check whether the actions taken had fixed all the problems, therefore we need to configure a verifier:


And finally, create and input scripts for them.


# TroubleshooterScript – This script checks for the presence of a root cause

# Key Cmdlets:

# — update-diagrootcause flags the status of a root cause and can be used to pass parameters

# — get-diaginput invokes an interactions and returns the response

# — write-diagprogress displays a progress string to the user


$RootCauseID = “NetIs10”


# Your detection Logic Here

$speed = (Get-WmiObject -Class Win32_NetworkAdapter | Where-Object { $_.Speed -ne $null -and $_.MACAddress `

-ne $null -and $ -like “*82567lm*”}).speed

if ($speed -ne 100000000)


      $RootCauseDetected = $true


      #Replace “$true” with the result of your detection logic


#The following line notifies Windows Troubleshooting Platform of the status of this root cause

update-diagrootcause -id $RootCauseId -detected $RootCauseDetected

It’s a very primitive script, which just checks if the network interface has speed of 100Mbps. Resolver:

# Resolver Script – This script fixes the root cause. It only runs if the Troubleshooter detects the root cause.

# Key cmdlets:

# — get-diaginput invokes an interactions and returns the response

# — write-diagprogress displays a progress string to the user


# Your logic to fix the root cause here

$network = Get-WMIObject Win32_NetworkAdapter | where {$ -like “*82567lm*”}


Start-Sleep 4


Even more simple script: just re-enables the interface.

Now just compile (some questions about certificate arise, you can use a test self-signed certificate or configure a right one in options) the pack and use it.


Well, at least for me it was some great experience with a good outcome: I now have an instrument to check and fix everything =)

Blog wrap-up


It seems like I haven’t write any wrap-ups for my blog for at least a year. Unfortunately, there wasn’t much to wrap into it. Now, as I returned to the blogging, I just do the thing for the year Winking smile

  • LCDS: Create your own curriculum
  • The easiest way so far to create a good looking redistributable, or publishable course from your materials.

  • %systemroot%System32 secrets: defrag
  • the continuation of the series. Defragmentation lost its fancy GUI, so why use it?

  • Network trace without NetMon, WireShark, etc…
  • Network trace without NetMon, wireShark, etc… Part 2
  • Two parts of the article which tells you it is possible to collect tons of network related info and even network trace with only two commands.

  • News and freebies
  • No comments.

  • Speaking…
  • Last year I was speaking at the first Russian TechEd. the results were quite average, but then… I met Tom Shinder and he interviewed me Winking smile 

  • Heads-UP DST Cancellation in Russia and some other countries
  • We had changes in DST policy, that is we don’t have it now. So we had all kinds of problems due to it and several quite lively weeks.

  • TechEd is over
  • My micro report about the event.

  • Where’s mah mail, dude?! (meme edition)
  • The tail about storing mail in your deleted items folder Winking smile 

  • Lync and fortunes
  • Probably my most used script. I run it every day =)

  • #RuTeched: the results
  • As I have just told my performance as a speaker was but average. Now I know what to improve for the next occasion.

  • MVP, one more time!
  • A bit late, but I managed to write about my next award.

  • Yep, I’m paranoid. The question is am I paranoid enough…
  • Google-free. I will be such soon.

  • MS SIR #12
  • Overview of most interesting stuff from MS Security Intelligence Report.

  • Freebies: books
  • No comments

  • Trustworthy computing: non-SDL view
  • Trustworthy computing: non-SDL view. Part 2: non-corporate.
  • TC is great. Now it is time to make another step.

  • Myths #2: PKI edition.
  • Be careful while planning your security. Some obvious things aren’t correct.

  • Looking for a GP object?
  • How to find your GPO

  • Want to learn about cryptography? I know where.
  • As, subjectively, now I have more time, I signed up to the cryptography course of Stanford University. It’s fun! Jump in! =)