Search Brian Hehir's sites

Loading

Sunday, February 14, 2010

Useful tool to trace Windows 7 startup - netsh trace

When debugging performance and logon issues in large corporations, where hooking up a sniffer can be just slightly less painful than pointy stick time, I've often found it 'painful' to get a full trace of Windows startup including network traffic. However Windows 7, though having taken away the useful userenvdebuglevel and userenv.log, have introduced full tracing 'out of the box' akin to but more evolved than old netcap.exe... and the wunderkind is:

NETSH TRACE START CAPTURE=YES

Drop this into a scheduled task set to run, fully elevated, at boot time, after the NIC is active and you have a full trace and log of all system actvity during the boot process. All you need do is run:

NETSH TRACE STOP (Best to run from a command prompt so you can see all the files saved extract all the contents of the NetTrace.cab and use the report.etl file as well as the NetTrace.etl)

After you've logged in with the shell loaded and you'll have all the logs you need to dig into the guts of boot and logon issues.

The only pain with this is the new .ETL network log format only works in MS Network Monitor (and you have to set the parsers to Full) and cannot be opened in WireShark... but the new MS Network Monitor is pretty good just takes a little getting used to... note there are newer parsers published on www.codeplex.com

Another useful article is here http://blogs.technet.com/netmon/archive/2010/01/04/capturing-a-trace-a-boot-up.aspx and covers using nmcap.exe to take the trace but you could just as easily replace nmcap with another capture tool e.g. winpcap

The netmon blog is a great resource for debugging...
Posted by Sir Numpty at 10:19 AM 0 comments

Saturday, January 23, 2010

really should update something

Happy New Year! roll on 2010!
Posted by Sir Numpty at 12:27 PM 0 comments

Sunday, November 8, 2009

Local group policy toolset

Useful toolset from Microsoft for turning text into policy settings and applying local group policies:

local group policy toolset posted on the FDCC blog
Posted by Sir Numpty at 1:47 PM 0 comments
Labels: , ,

Saturday, November 7, 2009

network level authentication xp

Enabling Network Level Authentication on Windows XP Service Pack 3 for access to Server 2008 via Remote Desktop

"The remote computer requires Network Level Authentication, which your computer does not support."

To enable NLA on XP SP3, run regedit.exe:

1. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

2. Add tspkg to the Security Packages REG_MULTI_SZ

3. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

4. Add credssp.dll to the SecurityProviders REG_SZ (separated by commas)

5. Reboot


happys days

Posted by Sir Numpty at 10:18 AM 0 comments
Labels: , , , ,
Subscribe to: Posts (Atom)