Forefront Security diagnostic tool


Applies to: Forefront Security for SharePoint

To accurately diagnose a problem, support engineers typically need a variety of information about Forefront Security for SharePoint and the SharePoint server it is running on. This information consists of Forefront Security for SharePoint version information, third-party scan engine versions, the registry settings, and Forefront Security for SharePoint databases. Gathering this configuration information is a major effort that can hinder the troubleshooting process.

To make it easier for you to collect this information, the Forefront Security Diagnostic tool (FSCDiag) automates the process, assembling all the necessary data in one file that can then be uploaded to Microsoft. When you contact Microsoft support, you will be told where to upload the file. For more information about support, see SharePoint Troubleshooting.

Information collected

The Forefront Security Diagnostic tool can collect any or all of the following information, based on your requests:

  • Forefront Security for SharePoint file versions (including scan engine file versions)
  • SharePoint version
  • Forefront Security for SharePoint registry key
  • Forefront Security for SharePoint database (*.fdb) files
  • Forefront Security for SharePoint archive files
  • Forefront Security for SharePoint program log file
  • Windows Event log files
  • Dr. Watson log file
  • User.dmp file
  • Forefront Security for SharePoint installation log file

Running the Forefront Security diagnostic tool

The selected data is gathered and compressed into a single file to be uploaded to Microsoft.

Navigate to the Forefront Security for SharePoint installation folder and launch FSCDiag.exe. The tool runs in a command prompt window. You may also run the tool at a command prompt by navigating to the Microsoft Forefront Security\SharePoint installation folder and entering FSCDiag at a command prompt. FSCDiag normally runs in No Prompt mode, gathering all possible information.

If you want to selectively gather information, run the program in Prompt mode.

To run the Forefront Security Diagnostic tool in Prompt mode

  1. Invoke the program from a command prompt as follows:

    FSCDiag -i

    You are then prompted for each item, as detailed in the next step.

  2. Select the information to be included by answering each of the following screen prompts. Type "yes" or "no", pressing ENTER after each response.

    Add Forefront file versions - Yes or No?

    Add SharePoint versions - Yes or No?

    Add Forefront registry key - Yes or No?

    Add Forefront database files - Yes or No?

    Add Forefront archive files - Yes or No?

    Add Forefront program log - Yes or No?

    Add Windows Event log - Yes or No?

    Add Dr. Watson log - Yes or No?

    Add User.dmp - Yes or No?

    Add Forefront install log - Yes or No?

  3. After you execute the command (or after the final prompt if you use Prompt mode), the tool gathers the requested information and compresses the results into a new file in the Log\Diagnostics folder (in the FSSP installation directory). The file name, constructed from the name of the server, the date, and the time, has the following format:

    Format:   ForefrontDiag-<server name>-<date>-<time>.zip

    <date> has the format yyyymmdd

    <time> has the format (where hh represents a 24-hour clock)

    Example:   C:\Program Files(x86)\Microsoft Forefront Security\SharePoint\Log\ Diagnostics\

  4. Upload the compressed file to Microsoft.