The FSC diagnostic tool
Applies to: Forefront Security for Exchange Server
To accurately diagnose a problem, support engineers typically need a variety of information about Forefront Security for Exchange Server (FSE) and the Exchange server on which it is running. This information consists of FSE version information, third-party scan engine versions, registry settings, and FSE databases. Gathering this configuration information is a major effort that can hinder the troubleshooting process.
To make it easier for you to collect this information, the Forefront Security Diagnostic tool (FSCDiag) automates the process, assembling all the necessary data in one file that can then be uploaded to Microsoft. When you contact Microsoft Help and Support, you are told where to upload the file.
The Forefront Security Diagnostic tool can collect any or all of the following information, based on your requests:
FSE file versions
Exchange file versions
FSE registry key
FSE database files
FSE archive files
FSE program log file
Windows event log files
Dr. Watson log file
FSE installation log file
FSE hotfix installation log file
Exchange agents.config file
Running the Forefront Security diagnostic tool
You can run the Forefront Security Diagnostic tool in no prompt mode (the default), gathering all possible information. You can also run the tool in interactive mode or console mode. When running in interactive mode, you are prompted for every option. When running in console mode, you can use command-line switches to specify which information you want gathered. After running the tool, the selected data is gathered and compressed into a single file to be uploaded to Microsoft.
Console mode is only available if you have installed SP1 rollup 3 or higher.
To run the Forefront Security Diagnostic tool
Run the program in no prompt mode, interactive mode, or console mode.
To run the program in no prompt mode: Navigate to the Forefront Security for Exchange Server installation folder (default: C:\Program Files(x86)\Microsoft Forefront Security\Exchange Server) and launch FSCDiag.exe. The program runs in a command prompt window. You can also run the program at a command prompt by navigating to the Microsoft Forefront Security\Exchange Server installation folder and typing:
To run the program in interactive mode: At a command prompt, navigate to the Microsoft Forefront Security\Exchange Server installation folder and type:
You are prompted for each item. Type Yes or No, pressing ENTER after each response.
To run the program in console mode: At a command prompt, navigate to the Microsoft Forefront Security\Exchange Server installation folder and type:
FSCDiag /c /switch1
You must specify /c, which signifies that you are running the tool in console mode. You can specify as many switches as needed. An example of the syntax used to collect only the Forefront file versions and the Forefront registry keys is:
FSCDiag.exe /c /ver Forefront /reg Forefront
To view the possible switch combinations that you can use, type FSCDiag /? before running the program.
After you execute the program, the tool gathers the requested information and compresses the results into a new file that is located in the Log\Diagnostics\ folder under the FSE installation directory. The file name, constructed from the name of the server, date, and time, has the following format:
Format: ForefrontDiag-<server name>-<date>-<time>.zip
<date> has the format yyyymmdd
<time> has the format hh.mm.ss (where hh represents a 24-hour clock)
Example: C:\Program Files(x86)\Microsoft Forefront Security\Exchange Server\Log\Diagnostics\ForefrontDiag-Server1-20051210-17.50.27.zip
Contact Microsoft Help and Support to find out where to upload the compressed file.
Upload the compressed file to Microsoft.