How to setup Nano Server to send diagnostic messages off-box for remote analysis.

Have you ever personally had to troubleshoot Nano Server but didn’t know where to start looking. You try to connect using Remote Server Administration Tools (RSAT), but you get an error saying you cannot connect. Your task is now even more daunting because you don’t have KVM access in order to try to correct the connectivity problem locally. What do you do?

Well, there’s good news, with the right setup in advance, you can have the diagnostic data you need remotely available to you in near-real-time from any of your Windows Server 2016 physical or virtual machines. In the next 5-10 minutes we will walk through the process of setting up your Nano Server image to remotely send their diagnostic data to your SBEC collector.

For a basic understanding of Setup and Boot Event Collection and instructions to setup your own SBEC collector, please read Extending your diagnostic visibility using Setup and Boot Event Collection.

 

Step 1 – Build your Nano Server Image.

Build your base Nano Server image following the PowerShell Script to build your Nano Server Image blog post.

 

Step 2 – Setup your Setup & Boot Event Collector

Setup your SBEC collector following the instructions outlined in Get started with Setup and Boot Event Collection.

 

Step 3 – Adding AutoLogger registry keys to send the diagnostic messages.

In this section, we will be taking the Nano Server VHD that you have created, mounting that image, loading the registry hive, followed by adding the necessary registry keys that will enable the AutoLogger’s to send their diagnostic data. The path’s to some of these steps may be different from your installation.

Note: In this example, I have created my Nano Server image under C:\NanoServer and the following steps are also done under this folder. Your folder path may vary, so adjust your command accordingly.

1. First, we need to grab the Sbec PowerShell cmdlets from your collector.

a. On your SBEC Collector, copy the ..\Windows\System32\WindowsPowerShell\v1.0\Modules\BootEventCollector folder to the ..\Windows\System32\WindowsPowerShell\v1.0\Modules directory on the machine you are using to modify your Nano Server VHD.

b. Open a PowerShell console with elevated permissions and type …

Import-Module BootEventCollector 

2. We will now add the update the VHD with the correct registry keys to enable the AutoLoggers. This is a basic list that covers the general Setup and Boot events that you would normally want to see. You can research adding more by starting with Controlling Event Tracking Sessions.

Enable-SbecAutoLogger –Path C:\NanoServer\Workloads\IncludingWorkloads.vhd 

This command adds the following registry key/value pairs:

  • HKLM\TmpSystem\ControlSet001\Control\WMI\Autologger\EventLog-System
    • LogFileMode
      • REG_DWORD
        • 0x10080180
  • HKLM\TmpSystem\ControlSet001\Control\WMI\Autologger\SetupPlatform
    • LogFileMode
      • REG_DWORD
        • 0x80180
  • HKLM\TmpSystem\ControlSet001\Control\WMI\Autologger\NT Kernel Logger
    • BufferSize
      • REG_DWORD
        • 0x40
  • HKLM\TmpSystem\ControlSet001\Control\WMI\Autologger\NT Kernel Logger
    • Guid
      • REG_SZ
        • {9e814aad-3204-11d2-9a82-006008a86939}
  • HKLM\TmpSystem\ControlSet001\Control\WMI\Autologger\NT Kernel Logger
    • Start
      • REG_DWORD
        • 1
  • HKLM\TmpSystem\ControlSet001\Control\WMI\Autologger\NT Kernel Logger
    • LogFileMode
      • REG_DWORD
        • 0x02880180
  • HKLM\TmpSystem\ControlSet001\Control\WMI\Autologger\NT Kernel Logger
    • EnableKernelFlags
      • REG_BINARY
        • 0100000000000000000000000000000000000000000000000000000000000000

 

Step 4 – Updating BCD Settings.

Now we need to update the BCD settings of the Nano Server image to enable the Events flag and set the SBEC collector’s IP address, port and encryption key so messages are sent to the right server.

Before starting this step, you will need the IPv4 address of your collector, the TCP port it is configured to listen on (default is 50000) and the encryption key you have set in you Collector active.xml file. If you need help locating this data, please review the Get started with Setup and Boot Event Collection guide.

1. Next, we are going to update of your Nano Server VHD by automatically mounting the VHD, turning on the Event flag, setting the right Collector fields and dismounting the VHD.

a. Open a PowerShell console with elevated permissions and type …

Enable-SbecBcd –Path C:\NanoServer\Workloads\IncludingWorkloads.vhd –CollectorIp 192.168.100.1 –CollectorPort 50000 –Key a.b.c.d 

Step 5 – Updating the Collector to receive your events.

Ok, we have our Nano VHD created and ready to send events remotely. Now we need our SBEC Collector configured to accept the messages. To do that, we need to add either the IPv4 address range, the specific IPv4 address or the MAC address of the VHD to the SBEC collector’s active.xml file. These steps are outlined in the Get started with Setup and Boot Event Collection guide.

That’s it, now use any tool that can read an ETL file to read the diagnostic messages that are sent, such as Microsoft Message Analyzer or you can use PowerShell’s Get-WinEvent.

(Example)

Get-WinEvent –Path C:\ProgramData\Microsoft\BootEventCollector\Etl\Nano_w_SBEC\Nano_w_SBEC_001.etl –Oldest

Comments

  • Anonymous
    October 12, 2015
    Do you have a SBEC collector already setup collecting events from your Windows Server 2016 machines?