π Script
Check the script in GitHub
β¨ Key Features
| Scenario | Collects | Typical Use-case |
|---|---|---|
| 1 β Logs only | SystemInfo.txt + Windows Application / System / Security event logs (past 7 days) | General health check; offline log review |
| 2 β Live traces | High-level network ETL (.etl) + lightweight PerfMon (.blg) during issue reproduction | Connectivity issues, performance issues |
| 3 β Full capture | Everything from Scenario 2 plus CAPI2/Operational log and all files from Scenario 1 | Complex scenarios, connectivity issues including SSL/TLS failures, performance issues, general server information |
All output is stored in a time-stamped directory:
<base-path>\MSTraces_YYYYMMDD-HHMMSS\
π§ Prerequisites
- Windows Server 2019 and above
- Administrator rights (script checks and exits if not elevated)
- PowerShell 5.x or newer (comes with Windows)
π Quick Start
# 1. Start an elevated PowerShell console
# 2. Run the script
.\OPDG - Environmental Troubleshooting Data Collector.ps1
You will see a banner similar to:
OPDG - Environmental Troubleshooting Data Collector v0.7
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βͺ Scenario 1 β System info + core event logs
βͺ Scenario 2 β Live network ETL trace + PerfMon
βͺ Scenario 3 β Full capture (trace + CAPI2 + logs)
Follow the prompts to choose a scenario and base folder.
π What Gets Collected?
1. SystemInfo_<timestamp>.txt
A single, human-readable snapshot containing:
| Section | Details |
|---|---|
| Network | Primary IPv4 address, WinHTTP proxy, IE proxy settings |
| CPU / Memory | Physical cores, logical processors, total RAM (GB) |
| OS Build | Major.Minor.Build.Revision & friendly name |
| .NET Runtime | Highest installed desktop CLR 4.x version |
| Firewall | netsh advfirewall show allprofiles dumpβprofile states & rules summary |
| Antivirus | AntivirusProduct names from root/SecurityCenter2 |
| Installed Programs | DisplayName + DisplayVersion from registry keys |
Tip: Since itβs plain text, you can search easily for build numbers, proxies, antivirus vendors, etc.
2. Windows Event Logs (.evtx)
| Scenario | Channels Exported | Time Range |
|---|---|---|
| 1 | Application, System, Security | Last 7 days |
| 3 | Same as Scenario 1 plus Microsoft-Windows-CAPI2/Operational | Last 7 days |
Logs exported with wevtutil epl preserving metadata.
3. Network Trace (Trace_<PC>_<timestamp>.etl)
Circular ETL trace created with:
netsh trace start scenario=netconnection,internetclient
- Providers include NDIS, TCPIP, Winsock-AFD, Schannel.
- Max size: 4 GB (circular, overwrites when full).
- Capture stops when you type stop.
Open with Wireshark, Microsoft Message Analyzer (retired), or NetMon.
4. Performance Monitor (Perfmon_<timestamp>.blg)
Counter set sampled every 5 seconds:
- \Processor(_Total)% Processor Time
- \Memory\Available MBytes
- \Memory\Committed Bytes
- \PhysicalDisk(_Total)% Idle Time
- \PhysicalDisk(_Total)\Current Disk Queue Length
Useful for correlating performance spikes with network traces.
π Expected Folder Layout & Sizes
MSTraces_20250618-093245\
ββ SystemInfo_20250618-093245.txt ~ 5β20 KB
ββ Application_20250618-093245.evtx ~ 1β50 MB
ββ System_20250618-093245.evtx ~ 1β50 MB
ββ Security_20250618-093245.evtx ~ 1β10 MB
ββ Microsoft-Windows-CAPI2_Operational_... (scenario 3 only)
ββ Trace_HOST123_20250618-093245.etl up to 4 GB (circular)
ββ Perfmon_20250618-093245.blg ~ 2β50 MB
Logs compress wellβuse zip/7-zip before uploading.
π Troubleshooting & FAQ
βScript says βPlease run as Administratorβ even though I am admin.β
Launch PowerShell with Run as administrator (title bar shows Administrator:). Having admin rights in AD does not automatically elevate your shell.
How do I view .evtx files on another machine?
Copy the file and open with Event Viewer β Action β Open Saved Logβ¦.
Can I increase the log retention beyond 7 days?
Yesβsearch for the variable $logDays in the script and adjust it.
Does the script collect any personal files?
No. It only queries system metadata, registry keys, and Windows logging APIs. No personal files are collected.
β οΈDisclaimer: This tool and its documentation are not official Microsoft guidance. Please consult Microsoft Learn or other official Microsoft resources for authoritative information. Before running this script, review its contents carefully and ensure it aligns with your organizationβs internal policies and security standards.