How to Troubleshoot SQL, Skype, Windows, Active Directory, Exchange and Basic Server issues with one tool! Its called Multi-Perf!

How to Troubleshoot SQL, Skype, Windows, Active Directory, Exchange and Basic Server issues with one tool! Its called Multi-Perf!

I made this tool last year and you know what? Its really cool! The instructions make it sound hard, but all i can say is it works,  you almost cant make a mistake, and it keeps running until a point of failure.  You will get a trace no matter what the customer does. this script has enough checking in it to run consistently, regardless of user input.


But we do want users to input the execution term correctly, so here they are.

So I know they are cryptic, but I wanted to share a few screen shots.


This script just uses a Perfmon collector to create a counter package that runs on a schedule.


Figure 1. Perfmon


Well Multi-Perf sounds like it will do a lot!  This tool will collect performance information, related to the main counters for that technology. Once the log is collected, you can then review it for specific problems,


Figure Figure 2. Set-Execution Policy

The bottom line is you get a script that gives you choices on what set of performance information you need.


dont forget to run set-execution policy Fig. 2

ex… Set-Execution Policy –Execution Policy Unrestricted.

Multi-Perf is run simply as “.\Multi-Perf  counter”, where the counter is Basic, Active, SQL, EXCH and Skype


Figure 3. Multi-Perf and Readme

See in figure 3, you have a read-me as well. This will tell you all you need to know, to run and execute the collectors for the performance monitor.

Information like the syntax of the command are located there.

.\Mult-Perf testname –computer mycomputer –instance myinstance.


Figure 4. Mult-Perf Syntax

If you are not using SQL, then you only have 2 items to put  in the tests are active, sql,lync,exch, active or basic



Here is some syntax examples



Figure 5. Run Active test on computer

See above, you use the form: .\Program testname –computer computername

If you forget the computer name, it will automatically select the local computer:




Figure 6. Run as Program .\Multi-Perf.ps1 only

If you forget to put the type of test, it will default to basic.



Figure 7 with SQL instance

If you forget to specify the instance, you will get another chance to put it in.

If you put the instance in, then that is fine. But if you did not, there is no penalty. This makes the Log tool, infallible and easy to use.



Instead of failing, The Script looks up the SQL instances, and presents them for the customer. It also says the user must type

the instance name themselves, so there is no accident


Hopefully you get the Idea of how this tool works. See the read me as well, it lays out all the features. Just try it out! It will not be as hard as at looks… because it will work every time.


Download Me Here







Microsoft Updates does not complete Initial Update on Server 2012 or Server 2016



Hello Everyone,

It’s a lovely night in late 2016, and I am in no shortage of topics to write articles about. I think I’ll choose an issue which actually got me for several hours before I could put together what it was.

Lets start with the customer. Mr. Customer calls in with Windows Server Updates failing. So I know that he had manually updated the server, so the updates done were not from Windows Updates. This is a case where Microsoft Updates never worked. This is a famed situation where you can claim that the customer is not supported if the feature never worked.

I don’t believe in no win scenarios, so I dive In. I hit the basic windows update items.  I am going to try to bulletize these so you have some troubleshooting steps in a normal situation:


  • 1. Go to the Windows Update log. Mine was in the windows folder. Other places exist
  • 2. Look for any error or use the link above to find any errors.
  • 3. How to resolve Update issues article from TechNet
  • 4. Check to make sure there is not WSUS server locally.
  • Even if there is not, check the registry to make sure WSUS IP and port is not listed.
  • Check group Policy for WSUS and or issue the Detect now command switch with Wuauclt. See Link

Now is the time to let you in on the fact that two errors have been in the back of my mind in the Windows Update.log They are:

  • Windows OOBE is still in progress.
  • Failed to get network cost from NLM

So somewhere in the middle of the bullets above, I did think of taking the server out of the OOBE mode. There was no setup going on and it seemed the right thing to do. Surprisingly, after I set the registry key and rebooted, I found the error persisted.

So in the end, I really did find this solution on a Microsoft blog. Why am I reposting this story? Because you have to know what Audit Mode is, to find the article! The solutions are posed under audit mode. My article is on the internet as a Updates failed article. I just hope it finds its way into the hand of someone who fell into audit mode, without realizing it.

So I have to be honest and tell you the customer would not let me apply the solution. he decided to reinstall!!! That’s why its even more important to make sure the solution for this gets out.

From the MS Blog:

  • 1. log in as administrator
  • 2. turn UAC off
  • 3. make sure the user you plan on logging in has administrative rights
  • 4. reboot and login as that user
  • 5. System should have a dialog box for OOBE/reboot and Audit/reboot, choose OOBE, system will restart
  • 6. Audit mode will be off and will ask for language selection etc.


So now realize, you may need to create the new Administrator user name, so please be aware of that.

In closing, Please be aware of the two telltale signs of audit mode:

  • If you get a message that says OOBE\boot and Audit\Boot, pick OOBE every time!
  • If Windows Update will not work, look in the windows Update log, to see if you have the OOBE issue. It will not show up anywhere else!


I hope this has been helpful and educational!


Disk Probe Cheat Sheet. This is a sheet for Experienced Support Individuals and should not be used by anyone but! You have been warned!


Good day all,

Today I have a share for you. This is credited to Kristian Lamb. I am helping him to get his blog going. And I am sharing this work  he had put in, to improve on a cheat sheet for use with a tool called DISKPROBE. You will need to consult other documentation, if you need to execute a use case; but for a quick cheat sheet, Kristin has done a great job, and I encourage him to get his blog going to show off his very good work.

Here is a link to start you off on DiskProbe. Let this be a warning. You want to learn this today! IF your array goes down, you will not have time to learn this on the fly! There is a lot to understand before you even consider using it!


Better yet, Contact your Support organization, and get some help. This should be used BY professional IT support agents Only!

You have been warned!





Boot code first 440bytes of the MBR are boot code. Boot code is only used if we are booting to the drive otherwise it is ignored.
Disk Signature Bytes 01B8 – 01BB unique 32bit number
Partition Table Bytes 01BE to 01FD. Notice the Highlighted line. This section is 4 lines and is also the reason for the MBR disk limitation of 4 primary partitions!
End of Sector Marker aka MBR Signature – for MBR’s and EBR’s will always be 0x55 0xAA. Boxed in Blue

MBR Partition Table Entries


Bootable Flag 00 or 80 (when you mark a partition as Active that is writing a value of 0x80 here.
Starting CHS:  – Cylinder Head Sector
Partition Identifier: Common partition ID by windows [07h NTFS, 42h Dynamic disk, EEh GPT]
Ending CHS: Cylinder Head Sector
Relative Sector (LBA): Logical Block Address where Partition Starts
Total Sectors (LBA): Number of Sectors that make up the Partition

NTFS Boot Sector



JUMP INSTRUCTION : valid x86 assembly to point to entry of boot code.(only used if booting to volume)
OEM TAG : ASCI encoded 8byte field
BIOS PARAMETER BLOCK : Defines Properties of the Volume
EXTENDED BIOS PARAMETER BLOCK : Defines structures specific to NTFS aka $MFT ect.. Ect..
BOOT CODE : The Entry point from jump instruction (note more to boot strap than shown in NTFS Boot Sector. NTFS reserves the first 16 sectors of a volume for bootcode information.
END OF SECTOR MARKER : Same as an MBR signature the NTFS Boot sector will have 0x55AA

BIOS Parameter Block (NTFS BootSector)


Note: *Fields were used with FAT, and are not used in NTFS.
Bytes Per Sector
Sectors Per Cluster
Reserved Sectors *
Number of FATs *
ROOT Dir Entries *
Media Descriptor
Small Sectors *
Sectors Per Track
Number of Heads
Hidden Sectors
Large Sectors *

Exteneded BIOS Parameter Block (NTFS BootSector)


Note: *Fields were used with FAT, and are not used in NTFS.
Drive Number or FAT Size *
Total Sectors
Clusters to $MFT
Cluster to $MFTMIR
Clusters per FRS
Clusters Per Index Block
Volume Serial Number

GPT Array Header


Signature This is always the same value (EFI PART).  It identifies the header as being EFI compatible.  Making it misleading, as it is NOT the start of, or any part of, an EFI partition.
Version While this has remained the same for as long as Windows has incorporated GPT disks, it is possible that if the UEFI standard changes, then the GPT version might be incremented.
Header Size This value tells how big the Array Header is.  Currently it is always 92 bytes but by defining it here, it is possible to make the header bigger if we should ever need to.  Since the field is 4 bytes in size, the header size could be defined as large as 4 GB.

Note: Even though only 92 bytes of LBA 1 is used for the Array Header, the rest of the sector is left unused.  The header size does NOT have to align to sector boundaries.

Header CRC A CRC32 checksum of the Array Header against its counterpart at the end of the drive.
Reserved Must be zeros.  While this could actually be used for something on some future date, it is my opinion that this is just keeping everything quad word aligned.
This LBA The LBA where the Array Header is located.
Alternate LBA The LBA where the Array Header’s backup is located.
First Useable LBA The first LBA that partitions can actually be created at.  For Microsoft GPT disks, this is normally the start of the Microsoft Reserved Partition.
Last Useable LBA The last LBA that partitions can use.
Disk GUID This is the number that should be used to identify the disk rather than the old disk signature.
Partition Entry LBA This is the location of the beginning of the Partition Array
Number of Partition Entries The number of possible partitions.  While this is currently 128, it is left open to change this number later if the need arises.

Note: This is a 4 byte field.  Meaning that GPT disks COULD be defined to store over 4 billion partitions.

Partition Entry Size Defines the size of the partition entries in bytes (seen later).  Currently this is 128 bytes.
Partition Array CRC A CRC32 checksum of the Partition Array against its counterpart near the end of the drive.

GPT Partition Array


Partition Type GUID This is the replacement for the old partition ID.
Partition Unique GUID This is a GUID that is unique for every partition
Starting LBA The first LBA of the partition being defined
Ending LBA The last LBA of the partition being defined
Partition Name This usually corresponds to what is found in the list of partition type GUIDs.
Microsoft Reserved Partition E3C9E316-0B5C-4DB8-817D-F92DF00215AE
Basic Data Partition EBD0A0A2-B9E5-4433-87C0-68B6B72699C7
LDM Metadata Partition   5808C8AA-7E8F-42E0-85D2-E1E90434CFB3
LDM Data Partition   AF9B60A0-1431-4F62-BC68-3311714A69AD
Cluster Partition DB97dBA9-0840-4bAE-97F0-FFB9A327C7E1
WinRE DE94BBA4-06D1-4D40-A16A-BFD50179D6AC

Log Analysis tool for IIS Review, Data-mining, and other Support tasks, MS log Parser Studio and Log Lizard are Great tools of the trade.

I wanted to send out something I found over the weekend which seems very useful. This tool is based off of the Microsoft log parser. This tool would have been easy to overlook, because the initial release did not have a User Interface. Most of us installed it and then said, great another command line tool with no instructions.

Why would I need this tool? This tool comes in handy to analyze Exchange logs. Also, this tool can query and search for anything, across many log types. The strength of this tool, is in the potential to help front line support, to use queries, created by escalation engineers in finding problems. This tool would be a call generator repository. It would take Engineer participation and leadership, but it could be used by entire IT departments as unified tool. Below please find the two ways to use Log parser and you can be the judge.

MS and lizard labs have both developed separate GUIS. The way you get this product to work is simple:

Microsoft GUI

1. Install Log Parser 2.2
2. Download and install Log Parser Studio
3. Go through the Material to learn
4. Start collecting Queries to solve problems

Once installed, you focus on adding a folder to the tool, containing your logs. Set the query to the File type you have. Then look at your chosen query to make sure it has any specific information from you, before you run it.

The tool is able to analyze the following log types-





There are a few things the MS log tool is missing. One thing It is not missing is a ton of pre-defined queries. That is nice. If you need more then just some pre-canned stuff,  there is another project going on to build a better GUI, built off the awesome MS Log engine. There is a free and paid version of this tool:

The free version is totally worth its weight. It has been tried. It has been weighed. It has not been found  Wanting. Lizard Labs Log Wizard is a very good adaptation of the Log analyzer tool.

If you want to go this route:

1. Install Log Parser 2.2
2. Download and install Lizard Labs Log Wizard
3. Go through the Material to learn
4. Start collecting Queries to solve problems

This tool starts to border on Data Mining. That is what is so cool about it! Being able to control data logs in this way, can be helpful with the most complex cases.

Input log types for lizard are pretty robust.


I hope this is helpful.




Microsoft Terminates Microsoft Certified Master (MCM) and MCSM Program; aka Canceled Masters Cantidates Anonymous

My understanding is the Microsoft Certified Solutions Masters program (MCSM) has ben canceled in its entirety.  If I didn’t know someone personally who received the email, I wouldn’t be making this public appeal. Unfortunately, this has touched myself and persons close to me who have dedicated their life to Microsoft products and technical knowhow.  The MCSM rotation and program has been  canceled. the Blogs started reporting this as truth, before noon on 8/31/2013. You can reference several blogs, but this is the one I read:

Repeating the text from the article:

We are contacting you to let you know we are making a change to the Microsoft Certified Master, Microsoft Certified Solutions Master, and Microsoft Certified Architect certifications. As technology changes so do Microsoft certifications and as such, we are continuing to evolve the Microsoft certification program. Microsoft will no longer offer Masters and Architect level training rotations and will be retiring the Masters level certification exams as of October 1, 2013.

I would urge anyone who has an elevated position and opportunity to express this grief and dismay at this decision. This move seems to be justified to allow Microsoft to take its focus off of on premise products, and create a market in the cloud. I feel this decision was made in haste. This really is going to cause only a greater rift in the market. Microsoft wave 15 products really do have need for specialized knowledge. Taking away the goal of aspiring Engineers and support personal, not only removes the drive and impetus for goal oriented career path planning, but also causes long term Microsoft professionals to believe we support products the company does not believe in.

I appeal to the powers that be, in Microsoft, the MCM or MCSM status is just good business. If Microsoft is going to succeed, it should embrace the groups who have a vested interest in their success. If there is not way to be a Master of a technology, wont most of the smartest individuals move to platforms that do not just unplug from their distinguished talent?

It is sad that someone in MS decided to drop this on a Friday night; Leaving emails for all to see on Saturday. This will not stop this issue from being brought to light during business hours, when all can see what you have done.

Every other serious software technology has a master level designation. IT is only the laggards who will be waiting around. Our careers are serous and we can push any software we feel good about. I don’t feel good about Lync or Exchange today.