Logging and Tracing

Applies To: Windows Server 2008, Windows Server 2008 R2

You can enable tracing and logging for all Windows Deployment Services components for troubleshooting purposes. The installation logs are stored at %windir%\logs\cbs\cbs.log. This chapter outlines the various logs and output that you can generate.

Other than displaying a message that indicates whether the operation succeeded or failed, WDSUTIL shows minimal screen output (by default). However you can specify two additional options to enable more output. You can specify**/Verbose** to show detailed information about a task, and you can specify /Progress to use ellipses to indicate that a long-running process (for example, adding an image) is running and is not stalled. In the sample WDSUTIL command-lines in this section, these options are used wherever they provide useful information.

Note

You should close the Windows Deployment Services MMC snap-in when you run a WDSUTIL command. If the snap-in is open, the trace logs may not contain messages for some actions.

Warning

Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.

Component Obtain and review this output:

General status of the Windows Deployment Services server

  • WDSUTIL /get-server /show:all /detailed

  • Windows Application log in Event Viewer

  • Windows System log in Event Viewer

Server components

  • WDSUTIL /get-server /show:all /detailed

  • Windows Application log in Event Viewer

  • Windows System log in Event Viewer

  • Deployment Services Diagnostics logs in Event Viewer. To locate these logs, expand Applications and Services Logs, expand Microsoft, expand Windows, and then expand Deployment-Services-Diagnostics. The Admin node contains all errors, and the Operational node contains information messages.

  • Trace logs. Use the following procedure to enable tracing for the server components.

    To enable tracing

    1. Set the following key to 1:

      HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WDSServer\EnableFileTracing

    2. Configure the components that you want to be logged by setting one or more of the following keys to 0:

      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WDSServer\Providers\WDSDDPS\TraceDisabled (Windows Server 2008 R2 only)

      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WDSServer\Providers\WDSMC\TraceDisabled

      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WDSServer\Providers\WDSPXE\TraceDisabled

      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WDSServer\Providers\WDSTFTP\TraceDisabled

    3. If you have Windows Server 2008 R2, you may want to modify the following keys as well.

      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WDSServer\Providers\WDSTFTP\TraceFlags

      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WDSServer\Providers\WDSMC\TraceFlags

        You can set these keys as follows to control what is included:

        • 7F0000. Includes packet and protocol tracing.

        • 3F0000. Excludes packet tracing

        • 3E0000. (default) Exclude packet and protocol tracing

      Note
      Enabling packet tracing may impede performance.

    4. Obtain the trace log at %windir%\tracing\wdsserver.log

Management components

  • Enable tracing in the management and MMC snap-in components by setting the following. Then you can obtain the trace logs at %windir%\tracing\wdsmgmt.log and %windir%\tracing\wdsmmc.log.

    1. Set the following registry key to enable tracing in the management components:

      HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WDSMGMT

      Name: EnableFileTracing

      Value:1

    2. Set the following registry key to enable tracing in the management console:

      HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WDSMMC

      Name: EnableFileTracing

      Value:1

  • WDSUTIL /get-server /show:all /detailed

  • Windows Application log in Event Viewer

  • Windows System log in Event Viewer

    Note

    Although the Windows Deployment Services MMC snap-in and WDSUTIL share the same API layer, in some cases the MMC adds additional processing and functionality. In instances where an error occurs, it is often worthwhile to attempt to reproduce the failure using WDSUTIL to determine if the error is localized to the MMC snap-in or if it is a general management API failure. Often, WDSUTIL will provide more detailed error output without enabling tracing. Where applicable, use the /detailed, /verbose, and /progress options for extra information.

Windows Deployment Services client

Logging in the Windows Deployment Services client serves two purposes. First, it allows you to determine if a particular client failed during installation, and it provides details regarding the failure. Second, it allows you to collect information regarding client installations including how many clients installed a particular image, and the success rate for client installs. You can view the logs in the Application event log in Event Viewer. Because a time stamp is logged with each event, you can use this information to determine how long particular phases of the client installation process took to complete. This information is especially useful when diagnosing performance problems or doing performance benchmarking. There are four logging levels:

  • NONE: No logging (default)

  • ERRORS: Errors only

  • WARNINGS: Warnings and errors

  • INFO: The highest level of logging, which includes errors, warnings, and informational events

To turn on client logging, run WDSUTIL /Set-Server /WDSClientLogging /Enabled:Yes. To change which events are logged, run WDSUTIL /Set-Server /WDSClientLogging /LoggingLevel:{None|Errors|Warnings|Info} (each category includes all events from the previous categories). Regardless of the logging level, the following information is always logged: Architecture type, Client IP address, MAC address, and computer GUID, Time, and Transaction ID. Based on the configured logging level, some or all of these events are logged: Client started, Image selected, Image apply started, Image apply finished, Client finished, and Client error.

To view the logs, obtain the following:

  • Deployment Services Diagnostics logs in Event Viewer. To locate these logs, click Applications and Services Logs, click Microsoft, click Windows, and then click Deployment-Services-Diagnostics. The Admin node contains all errors, and the Operational node contains information messages. Note that in both of these logs, the architectures listed for some errors mean the following:

    • Architecture 0 means x86

    • Architecture 6 means ia64

    • Architecture 9 means x64

  • Setup logs from the client computer. The setup logs appear in different places depending on when the failure occurred:

    If the failure occurred in Windows PE before the disk configuration page of the Windows Deployment Services client has been completed, you can find the logs at X:\Windows\Panther. Use Shift+F10 to open a command prompt, and then navigate to the location.

    If the failure occurred in Windows PE after the disk configuration page of the Windows Deployment Services client has been completed, you can find the logs on the local disk volume (usually C:\) at $Windows.~BT\Sources\Panther. Use Shift+F10 to open a command prompt, and then navigate to the location.

    If the failure occurred on first boot after the image was applied, you can find the logs in the \Windows\Panther folder of the local disk volume (usually C:\).

  • Trace log from the Image Capture Wizard. To obtain these logs, do the following:

    1. Boot into the capture image.

    2. When the wizard starts, press Shift+F10 to access the command prompt.

    3. Enable tracing for the wizard. To do this, first run Regedit.exe. Then set the following registry key:

      HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WDSCapture

      Name: EnableFileTracing

      Value:1

    4. Open a second instance of the Image Capture Wizard.

    5. Reproduce the failure using the wizard that you just opened. Do not close the original wizard or the computer will restart. Note that you can use Alt+Tab to move between windows.

    6. Obtain the trace log from X:\Windows\Tracing\WDSCapture.log.

Network boot components

  • Enable tracing in the server and management components and obtain the trace logs (as outlined previously).

  • Obtain a network trace that shows the failed boot attempt. It is a best practice to obtain this trace from the client and server simultaneously to accurately assess whether the failure is occurring at the sending server or the receiving client. The process is:

    1. Place a client and a third computer (laptop or desktop) on a hub.

    2. Start network traces from the server and third computer.

    3. Boot the client from the network.

      Note

      If you are using Network Monitor to obtain the traces, ensure that the buffer size is at least 20 MB. If you configure a buffer size too small for the capture, then packets will be lost (not appear) in the capture output.