Task Sequence Troubleshooting – Log Gather

by

TLDR Script used to gather important logs and information during OSD for Troubleshooting:
GitHub: garytown/OSD/OSDLogGather.ps1 at master

NOTE, use this for troubleshooting only, don’t run on every device. This does capture sensitive information you would not want to leave on a device after deployment.

I was recently assisting someone who was having issues with domain join. I asked for the logs, but they only sent me the SMSTS log, which is awesome, but doesn’t cover the full extent of logs that I’d like to see during OSD.

I wrote a script that can be added into the task sequence that will create a compressed zip file of a pile of different things important when troubleshooting OSD.

  • SOFTWARE & SYSTEM Registry Hives
    • Captured while offline in WinPE
    • Captured at end of process while in Full OS
    • This allows you to compare what you’re deploying in your image, and what gets modifed during the online phase.
  • Panther Folder (C:\Windows\Panther)
  • SetupComplete Files (c:\windows\Setup\Scripts\*)
  • Domain Join Log (Netsetup) and others in folder (c:\windows\Debug)
  • DISM Logs (c:\windows\logs\DISM)
  • SMSTS Log Folder contents (SMSTS.log + anything else that you write there)
    • If you have any custom processes that write logs, you can write them to the %_SMSTSLogPath% path, and this script will grab them.
  • Task Sequence Variables
    • Using Johan Schrewelius script to create several Task Sequence Variables
    • Using Johan Schrewelius script to write variables to a log file

Task Sequence

I place the script twice in the task sequence, one right before it goes from WinPE into Full OS, and one at the end. Right now I’m running the script directly from GitHub, as I’ve been making a lot of enhancements during testing, and don’t want to have to keep updating my Task Sequence directly.
You can either embed the script directly, or add it to your scripts package

Endpoint – After OSD

Once OSD is done, there will be a new folder in programdata called OSD, with a ZIP file for each time you run the script.
The ZIP files will be named based on time stamp and if the machine was in WinPE or Full OS when it ran. I’ve been having issues with the timestamp being 2 hours later while in WinPE (time zone thing), haven’t fixed that yet.

WinPE Logs

Full OS Logs

Task Sequence Variables

The script will run a gather process to create many additional variables, if you’d like to only use this gather process to create helpful Task Sequence variables, you can grab the original script on GitHub and add it to your task sequence. Gather-Script-For-ConfigMgr-TS/Gather.ps1

Here is a capture of the TSVariables-DATE file. This only shows the beginning of the file, but gives you a good idea of what is in there. I find this handy when troubleshooting why specific conditions weren’t met to trigger a step, or want to verify what a variable is set to at a specific point.

Panther / Unattend

WinPE

I find it handy to grab the panther folder as well, which contains many things, including the Unattend.xml that gets injected and applied during OOBE. You can find a copy of what the TS generated in the Panther\unattend folder

NOTE, this is one of the sensitive items that is captures, domain join password in the unattend file
This is why Windows automatically cleans up this file for you, which makes troubleshooting harder.
NOTE, this is also how a savvy tech or malicious actor could get your domain join, if they have physical access while a reimage, they could power off after the WinPE stage, boot to WinPE and get the information.

Full OS

Once in the full os, the unattend file is automatically purged by the process, and you won’t find it in the FullOS capture of logs, but you’ll find a lot more in the Panther folder this time.

Registry

The script will grab the offline registry if in WinPE, or Save (export) the Registry if in the Full OS. I find this helpful to confirm registry edits are made, or if you’re installing software, you can track down what those apps are doing. You can also confirm that registry values are either coming from your original WIM, or if they are getting set during the online full os phase. I’ll show an example of an addition that is made during OSD that isn’t in the original WIM.

To compare, you can mount them in your registry. Click on your HKEY_LOCAL_MACHINE. File-> Load Hive -> Select Registry Hive File (SOFTWARE) -> Give it an appropriate name.

Example: WinPE

Example: Full OS

Summary

Using this script can help to gather logs when troubleshooting an issue. Add it to your Task Sequence, and have the Tech send you the logs. Just remember to remove the steps again, or better yet only add this in a “Debug” task sequence copy of the Production. Please leave comments below if you have other ideas for Task Sequence Posts.

1 thought on “Task Sequence Troubleshooting – Log Gather”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.