Windows troubleshooting commands

1. Gpresult

Displays Group policy results of a machine. Ex: Which Domain controller the machine is currently connected / authenticated etc.

You can use GPresult to check the group policy is properly applied or not on a remote computer as well.


Displays result of current computer
gpresult /s <remote-computer-name>
Displays result of a remote computer
gpresult /z
Displays all available info about group policy gpresult /z >policy.txt Outputs the result to a text file
gpresult /r
Displays RSoP Summary Data


Chkdsk – Check disk

Chkdsk lists and corrects system (os) errors on the disk. Improper shutdown and power failure during writing lead to system errors. Chkdsk detects for bad sectors and skips those area of the hard disk and skips placing any files in the future.

A bad sector is a sector on a computer’s disk drive or flash memory that cannot be used due to permanent damage (or an OS inability to successfully access it), such as physical damage to the disk surface.

Windows Vista and 2008 server have Chkdsk self healing ability. Which detects and fixes errors silently on the fly.


3. nslookup

NSlookup is used to the Nameserver but more importantly I used to get the hostname of the IP address.

nslookup <<ipaddress>>

Make sure the IP is in the same domain you want to check.

4. trace route


Used to find the router routes to the destination address.

5. How to troubleshoot a slow vm issue

6. DcDiag

dcdiag – Directory Server Diagnosis. Analyse the state of Domain controller and reports any problems.

This command is available if you install AD DS or AD LDS server role. You can only run this command with elevated privileges.

Dcdiag checks the following:
















Also runs partition runs on Forest DNS Zones, domain DNS zones, Schema, Configuration etc.


Runs on local computer
dcdiag /s:<Domain controller name or IP>
Runs on Specified remote DC
dcdiag /a
Runs on all computers on site

Troubleshoot Windows 2008 Server

7. sfc /scannow

sfc – System file checker is used to repair missing or corrupted file system. sfc logs are stored is CBS.logs under C:\Windows\Logs\CBS

CBS log

Below text from (and a bit modified):

cbs.log is a file that is generated by the Microsoft Windows Resource Checker (SFC.exe).

The CBS.persist.log should be generated when the CBS gets to be around 50 meg in size. CBS.log should be copied to cbs.persist.log and a new cbs.log file should be started.

If the file size is large, you can try compressing the file:

  • If you right click on the CBS.log file
  • Then click on Properties
  • On the General tab, click Advanced
  • Check “Compress contents to save disk space” and click on OK

Or, if you are sure your system is running fine, you can delete this file. SFC.exe will create a new one, next time it is run. But, it could be useful for troubleshooting issues.

8. Tools for Windows Troubleshooting:

9. Microsoft tools (OS in-built and free tools):

Debug Diagnostic tool Version 2 Update 2

10. Blue Screen of Death (BSoD)

Causes for BSoD: Recently changed driver, Hardware issue like unseated RAM, HDD, Temperature etc.


For Software issues:

  • Perform a System Restore or if the computer is not updated for a while, install windows updates
  • If your hardware drivers are old, you can check the manufacturer’s site and update it.
  • You can Rollback driver software if it was recently updated.
  • Perform Disk cleanup and run Check disk (Cmd -> chkdsk).
  • If the error occurs after Windows update, Rollback the Windows updates. Run -> Appwiz.Cpl -> View Installed updates.
  • You can Repair the Windows Operating system.
  • Scan for any Malware. Scan with an Anti-virus.
  • Windows 7 and earlier: Press the F8 key while the computer is booting, then select Safe Mode in the menu that appears.
  • Windows 8: Hold Shift and click Restart on the Power menu on either the login screen or through the Charms bar menu.
  • Windows 10: Hold Shift while clicking Restart on the power options menu from the Start Menu.

For Hardware issues:

  • Power OFF the computer. Remove the data cable from HDD and reconnect it. Remove RAM, clean up, attach it again


Some of the contents from

11. Troubleshooting replication using Repadmin and AD Replication status tool (GUI)

We can monitor replication through Microsoft AD Replication status tool and also using Repadmin command.


Use repadmin /? to see all the other commands.

To output this result into csv file:

repadmin /showrepl * /csv >showrepl.csv


If you are facing Replication related issues, you can find the following errors in the Domain controller Event Viewer:

  • KCC
  • Long-running Inbound Replication
  • Conflict with Certificate Services
  • RPC Unavailable
  • Unknown User Name/Bad Password
  • Automatic Topology Generator Was Unable To Complete the Topology

Commands for replication troubleshooting:

  • Repadmin /syncall /AdePq Performs a synchronization for a server with all of its replication partners, the modifiers help in performing the sync in a multisite environment
  • Repadmin /replsum Summarizes the state of replication of the forest
  • Repadmin /kcc * Forces a recalculation of the topology, has the effect of rebuilding the automatically created partner connections in Sites and Services
  • Dcdiag /test:Connectivity dcdiag over all is great, but using the /test modifier you are able to run only specific tests as needed


12. Reliability Monitor

How do you see what caused an issue with the computer in the past ? You can use Event viewer in general but it is tedious. Windows 7 or Windows 2008 R2 and above you can use Reliability Monitor. This is a GUI and OS built-in tool. Also very easy to use.


13. Windows performance deterioration (Memory leak)

If Windows performance is degrading over time and you suspect that a memory leak may be involved, the technique described in this section can indicate whether there is a memory leak. It will not tell you what the source of the leak is, nor whether it is user mode or kernel mode.

Begin by launching Performance Monitor. Add the following counters:

  • Memory–>Pool Nonpaged Bytes
  • Memory–>Pool Paged Bytes
  • Paging File–>% Usage

Change the update time to 600 seconds to capture a graph of the leak over time. You might also want to log the data to a file for later examination.

There are two types of memory leak:

  • Kernel-mode memory leak – Use Poolman to find this leak.
  • User-mode memory leak – Use Performance monitor to find this leak.

Check for more here:

14. CMTrace

CMTrace.exe is a tool available when you install SCCM. It is a good tool for checking logs – highlights errors, warning etc.

This is a GUI tool. Open the executable file and just drag and drop the log file.

Location: C:\Windows\System32\CMTrace.exe


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.