Enable Windows Installer logging

Windows includes a registry-activated logging service to help diagnose Windows Installer issues. This article describes how to enable this logging service.

Original product version: В Windows 10 — all editions, Windows Server 2012 R2
Original KB number: В 223300

The registry entry in this article is valid for all Windows operating systems.

Windows Installer logging

Windows Installer can use logging to help assist in troubleshooting issues with installing software packages. This logging is enabled by adding keys and values to the registry. After the entries have been added and enabled, you can retry the problem installation and Windows Installer will track the progress and post it to the Temp folder. The new log’s file name is random. However, the first letters are Msi and the file name has a .log extension. To locate the Temp folder, type the following line at a command prompt:

To enable Windows Installer logging manually, see the following section.

Enable Windows Installer logging manually

This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, see How to back up and restore the registry in Windows.

To enable Windows Installer logging yourself, open the registry by using Regedit.exe, and then create the following subkey and keys:

• Path: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer
• Type: Reg_SZ
• Value: Logging
• Data: voicewarmupx

The letters in the value field can be in any order. Each letter turns on a different logging mode. Each letter’s actual function is as follows for MSI version 1.1:

• v — Verbose output
• o — Out-of-disk-space messages
• i — Status messages
• c — Initial UI parameters
• e — All error messages
• w — Non-fatal warnings
• a — Start up of actions
• r — Action-specific records
• m — Out-of-memory or fatal exit information
• u — User requests
• p — Terminal properties
• + — Append to existing file
• ! — Flush each line to the log
• x — Extra debugging information. The x flag is available only in Windows Server 2003 and later operating systems, and on the MSI redistributable version 3.0, and on later versions of the MSI redistributable.
• * — Wildcard. Log all information except the v and the x option. To include the v and the x option, specify /l*vx.

This change should be used only for troubleshooting and should not be left on because it will have adverse effects on system performance and disk space. Each time that you use the Add or Remove Programs item in Control Panel, a new Msi*.log file is created. To disable the logging, remove the Logging registry value.

Enable Windows Installer logging with Group Policies

You can enable logging with Group Policies by editing the appropriate OU or Directory Group Policy. Under Group Policy, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then select Windows Installer.

Double-click Logging, and then click Enabled. In the Logging box, enter the options you want to log. The log file, Msi.log, appears in the Temp folder of the system volume.

For more information about MSI logging, see Windows Help. To do this, search by using the phrase msi logging, and then select Managing options for computers through Group Policy.

The addition of the x flag is available natively in Windows Server 2003 and later operating systems, on the MSI redistributable version 3.0, and on later versions of the MSI redistributable.

Enabling debug logging for the Netlogon service

This article describes the steps to enable logging of the Netlogon service in Windows to monitor or troubleshoot authentication, DC locator, account lockout, or other domain communication-related issues.

Original product version: В Windows 10 — all editions, Windows Server 2016, Windows Server 2019, Windows Server 2012 R2
Original KB number: В 109626

More information

This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

The version of Netlogon.dll that has tracing included is installed by default on all currently supported versions of Windows. To enable debug logging, set the debug flag that you want by using Nltest.exe, the registry, or Group Policy. To do it, follow these steps:

For Windows Server 2019, Windows Server 2016, Windows Server 2012 R2

These steps also apply to Windows 10.

To enable Netlogon logging:

Open a Command Prompt window (administrative Command Prompt window for Windows Server 2012 R2 and later versions).

Type the following command, and then press Enter:

It’s typically unnecessary to stop and restart the Netlogon service for Windows Server 2012 R2 or later to enable Netlogon logging. Netlogon-related activity is logged to %windir%\debug\netlogon.log. Verify new writes to this log to determine whether a restart of the Netlogon service is necessary. If you have to restart the service, open a Command Prompt window (administrative Command Prompt window for Windows 10, and Windows Server 2012 R2 and later versions). Then run the following commands:

• In some circumstances, you may have to perform an authentication against the system in order to obtain a new entry in the log to verify that logging is enabled.
• Using the computer name may cause no new test authentication entry to be logged.

To disable Netlogon logging, follow these steps:

Open a Command Prompt window (administrative Command Prompt window for Windows Server 2012 R2 and higher).

Type the following command, and then press Enter:

It’s typically unnecessary to stop and restart the Netlogon service for Windows Server 2012 R2 or later versions to disable Netlogon logging. Netlogon-related activity is logged to %windir%\debug\netlogon.log. Verify that no new information is being written to this log to determine whether a restart of the Netlogon service is necessary. If you have to restart the service, open a Command Prompt window (administrative Command Prompt window for Windows 10, and Windows Server 2012 R2 and later versions). Then run the following commands:

Alternative methods to enable Netlogon logging

In all versions of Windows, you can use the registry method that’s provided in the Enable/Disable logging by using registry method section.

On computers that are running Windows Server 2012 R2 and later versions of the operating system, you can also use the following policy setting to enable verbose Netlogon logging (value is set in bytes):

\Computer Configuration\Administrative Templates\System\Net Logon\Specify log file debug output level

A value of decimal 545325055 is equivalent to 0x2080FFFF (which enables verbose Netlogon logging). This Group Policy setting is specified in bytes.

The Group Policy method can be used to enable Netlogon logging on a larger number of systems more efficiently. We don’t recommend that you enable Netlogon logging in policies that apply to all systems, such as the Default Domain Policy. Instead, consider narrowing the scope to systems that may be causing problems by using one of the following methods:

• Create a new policy by using this Group Policy setting, and then provide the Read and Apply Group Policy rights to a group that contains only the required computer accounts.
• Move computer objects into a different OU, and then apply the policy settings at that OU level.

Enable/Disable logging by using registry method

To enable logging, you may have to obtain a checked build of Netlogon.dll.

Start Registry Editor.

If it exists, delete the Reg_SZ value of the following registry entry, create a REG_DWORD value with the same name, and then add the 2080FFFF hexadecimal value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag

It’s typically unnecessary to stop and restart the Netlogon service for Windows Server 2012 R2 and later versions to enable Netlogon logging. Netlogon-related activity is logged to %windir%\debug\netlogon.log. Verify the new writes to this log to determine whether a restart of the Netlogon service is necessary. If you have to restart the service, open a Command Prompt window (administrative Command Prompt window for Windows Server 2012 R2/Windows 10 and above). Then run the following commands:

• In some circumstances, you may have to do an authentication against the system to obtain a new entry in the log to verify that logging is enabled.
• Using the computer name may cause no new test authentication entry to be logged.

To disable Netlogon logging, follow these steps:

In Registry Editor, change the data value to 0x0 in the following registry key:

Exit Registry Editor.

It’s typically unnecessary to stop and restart the Netlogon service for Windows Server 2012 R2, Windows 10, or later versions to disable Netlogon logging. Netlogon-related activity is logged to %windir%\debug\netlogon.log. Verify that no new information is being written to this log to determine whether a restart of the Netlogon service is necessary. If you have to restart the service, open a Command Prompt window (administrative Command Prompt window for Windows Server 2012 R2/Windows 10 and later versions of the operating system). Then run the following commands:

Set the maximum log file size for Netlogon logs:

The MaximumLogFileSize registry entry can be used to specify the maximum size of the Netlogon.log file. By default, this registry entry doesn’t exist, and the default maximum size of the Netlogon.log file is 20 MB. When the file reaches 20 MB, it’s renamed to Netlogon.bak, and a new Netlogon.log file is created. This registry entry has the following parameters:

• Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
• Value Name: MaximumLogFileSize
• Value Type: REG_DWORD
• Value Data:

Remember that the total disk space that’s used by Netlogon logging is the size that’s specified in the maximum log file size times two (2). It’s required to accommodate space for the Netlogon.log and Netlogon.bak file. For example, a setting of 50 MB can require 100 MB of disk space, which provides 50 MB for Netlogon.log and 50 MB for Netlogon.bak.

As mentioned earlier, on Windows Server 2012 R2 and later versions of the operating system, you can use the following policy setting to configure the log file size (value is set in bytes):

\Computer Configuration\Administrative Templates\System\Net Logon\Maximum Log File Size

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
247811 How domain controllers are located in Windows

How to enable logging in WDS in Windows

This article describes how to enable logging in Windows Deployment Services (WDS) in Windows Server.

Original product version: В Windows Server 2012 R2
Original KB number: В 936625

This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see Windows registry information for advanced users.

Introduction

This article discusses how to enable logging in WDS in Windows Server. Additionally, this article describes how to gather data in WDS.

You can use this information to help troubleshoot issues that you may experience in WDS.

Overview

Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Each WDS component has a mechanism that you can enable for logging and for tracing. You can then analyze the results for troubleshooting. Use the information in the following sections to enable logging and tracing for WDS components.

General WDS server health

Type the following command to generate general server health information:

This command causes general server health information to be logged in the Application log and in the System log.

WDS server component

Type the following command to generate health information about the WDS server component:

This command causes WDS information to be logged in the Application log and in the System log.

Obtain trace logs for Windows Server

To obtain trace information for Windows Server, do the following:

1. Open Event Viewer (eventvwr).
2. Browse to Windows Logs\Applications and Services Logs\Microsoft\Windows\Deployment-Services-Diagnostics.
3. Right-click the channel and choose Enable Log.

Then, configure the components that you want to be logged by setting one or more of the following registry keys to a 0 value.

WDS servers also support the following additional tracing:

You can set these registry keys to the following values to control what is included:

• 7F0000: This value includes packet tracing and protocol tracing.
• 3F0000: This value excludes packet tracing.
• 3E0000: This value excludes packet tracing and protocol tracing. By default, this value is used.

A tracing process may affect performance. Therefore, we recommend that you disable the tracing functionality when you do not have to generate a log.

After you set this registry entry, trace information for the WDS server component is logged in the following file:%windir%\Tracing\wdsserver.log

WDS management components

Type the following command to generate management component health information:

This command causes WDS component health information to be logged in the Application log and in the System log.

Enable tracing

To obtain trace information, you must enable tracing in the WDS management component and in the WDS Microsoft Management Console (MMC) component. To do this, set the following registry entries:

For the management component

• Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WDSMGMT
• Name: EnableFileTracing
• Value type: REG_DWORD
• Value data: 1

For the MMC component

• Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WDSMMC
• Name: EnableFileTracing
• Value type: REG_DWORD
• Value data: 1

After you set these registry entries, trace information for the WDS management component is logged in the %windir%\Tracing\wdsmgmt.log file.

Additionally, trace information for the WDS MMC component is logged in the %windir%\Tracing\wdsmmc.log file.

Although the WDS MMC component and the WDSUTIL component share the same API layer, MMC sometimes adds processing and functionality. If an error occurs, it is frequently worthwhile to use WDSUTIL to try to reproduce the failure. WDSUTIL may help you determine whether the error is local to MMC or whether the error is a general management API failure. Frequently, the WDSUTIL component provides more detailed error output when tracing is not enabled. Where applicable, use the following options to obtain extra information:

WDS legacy components

If you perform legacy management functions, set the following registry entry to enable tracing in the RISetup component:

• Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RISetup
• Name: EnableFileTracing
• Value type: REG_DWORD
• Value data: 1

To obtain the trace log in the WDSCapture operation, follow these steps:

Start the Capture Windows PE boot image.

When the Capture Wizard starts, press SHIFT+F10 to open a command prompt.

Enable tracing in the WDSCapture component. To do this, follow these steps:

1. Start Registry Editor.
2. Set the following registry entry to enable tracing in the WDSCapture component:

• Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WDSCapture
• Name: EnableFileTracing
• Value type: REG_DWORD
• Value data: 1

Start a second instance of the WDSCapture component. Then, reproduce the problem by using the second instance of WDSCapture.

Don’t close the original instance of WDSCapture. If you close the original instance of WDSCapture, Windows PE restarts. Instead, press ALT+TAB to switch between the instances of WDSCapture.The following trace log file is generated: X:\Windows\Tracing\WDSCapture.log.

WDS client components

To turn on the client logging functionality, run the following command on the WDS server:

Then, run the following command on the WDS server to change which events are logged:

Each category includes all the events from the previous categories.

The following are the definitions of the logging levels:

• The NONE logging level disables the logging functionality. By default, this logging level is used.
• The ERRORS logging level logs only errors.
• The WARNINGS logging level logs warnings and errors.
• The INFO logging level logs errors, warnings, and informational events. This logging level is the highest logging level.

To view the event logs, follow these steps:

1. Open Server Manager, and then click Diagnostics.
2. Click Event Viewer.
3. Click Applications and Services Logs.
4. Click Microsoft, click Windows, and then click Deployment-Services-Diagnostics.

In the tree structure of event logs, the Admin log contains all the errors, and the Operational log contains the information messages. The following are the definitions of the architectures that are listed for some errors in these logs:

• The Architecture 0 is the x86 processor architecture.
• The Architecture 6 is the IA-64 processor architecture.
• The Architecture 9 is the x64 processor architecture.

Setup logs from the client computer

The location of the setup logs depends on when the failure occurs.

If the failure occurs in Windows PE before the disk configuration page of the WDS client is completed, you can find the logs at the X:\Windows\Panther folder. Use Shift+F10 to open a command prompt, and then change the directory to the location.

If the failure occurs in Windows PE after the disk configuration page of the WDS client is completed, you can find the logs on the local disk volume at the $Windows.

BT\Sources\Panther folder. The local disk volume is usually the drive C. Use Shift+F10 to open a command prompt, and then change the directory to the location.

If the failure occurs on the first boot after the image is applied, you can find the logs in the \Windows\Panther folder of the local disk volume. The local disk volume is usually the drive C.