{"id":1821,"date":"2014-02-11T11:59:00","date_gmt":"2014-02-11T11:59:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/powershell\/2014\/02\/11\/dsc-diagnostics-module-analyze-dsc-logs-instantly-now\/"},"modified":"2024-02-22T12:55:15","modified_gmt":"2024-02-22T20:55:15","slug":"dsc-diagnostics-module-analyze-dsc-logs-instantly-now","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/powershell\/dsc-diagnostics-module-analyze-dsc-logs-instantly-now\/","title":{"rendered":"DSC Diagnostics Module\u2013 Analyze DSC Logs instantly now!"},"content":{"rendered":"<div class=\"WordSection1\"><\/div>\n<div class=\"WordSection1\">Have you ever witnessed a DSC Configuration run where you had no idea about what it might have done behind the scenes? Well, then your worries end here! During any DSC Operation, the DSC engine writes into windows event logs, which are like bread crumbs that the engine leaves along the way during any execution. If you read the <a href=\"http:\/\/blogs.msdn.com\/b\/powershell\/archive\/2014\/01\/03\/using-event-logs-to-diagnose-errors-in-desired-state-configuration.aspx\">blog here<\/a> about DSC troubleshooting, you could learn how to use the Get-WinEvent cmdlet to debug a DSC failure using event logs. However, something that really simplifies life is the new module that has been published in <a href=\"http:\/\/gallery.technet.microsoft.com\/site\/search?query=dsc%20resource%20kit&amp;f%5B0%5D.Value=dsc%20resource%20kit&amp;f%5B0%5D.Type=SearchText&amp;ac=2\">Wave 2 of the DSC Resource Kit<\/a> , called <a href=\"http:\/\/gallery.technet.microsoft.com\/scriptcenter\/xDscDiagnostics-PowerShell-abb6bcaa\"><strong>xDscDiagnostics<\/strong><\/a>.<\/div>\n<h1 class=\"WordSection1\">Introduction<\/h2>\n<p class=\"MsoNormal\"><strong>xDscDiagnostics <\/strong>is a PowerShell module that consists of two simple operations that can help analyze DSC failures on your machine \u2013 <strong>Get<\/strong>&#8211;<strong>xDscOperation<\/strong> and <strong>Trace-xDscOperation.<\/strong> These functions help in identifying all the events from past DSC operations run in your system, or any other computer (Note: you need a valid credential to access remote computers). Here, we use the term DSC Operation to define a single unique DSC execution from its start to its end. For instance, Test-DscConfiguration would be a separate DSC Operation. Similarly, every other cmdlet in DSC (such as Get-DscConfiguration, Start-DscConfiguration, etc.) could each be identified as a separate DSC operation.<\/p>\n<p class=\"MsoNormal\">The two cmdlets are explained <a href=\"http:\/\/gallery.technet.microsoft.com\/scriptcenter\/xDscDiagnostics-PowerShell-abb6bcaa\">here<\/a> and in more detail below. Help regarding the cmdlets are available when you run <em>get-help &lt;cmdlet name&gt;<\/em>.<\/p>\n<h1 class=\"WordSection1\">Get-xDscOperation<\/h2>\n<p class=\"MsoNormal\">This cmdlet lets you find the results of the DSC operations that run on one or multiple computers, and returns an object that contains the collection of events produced by each DSC operation.<\/p>\n<p class=\"MsoNormal\">For instance, in the following output, we ran three commands, the first of which passed, and the others failed. These results are summarized in the output of Get-xDscOperation.<\/p>\n<p class=\"MsoNormal\"><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/30\/2018\/10\/2543.image001_thumb_1B969C60.jpg\"><img decoding=\"async\" title=\"image001\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/30\/2018\/10\/2543.image001_thumb_1B969C60.jpg\" alt=\"image001\" width=\"730\" height=\"131\" border=\"0\" \/><\/a><\/p>\n<p class=\"MsoCaption\">Figure 1 : Get-xDscOperation that shows a simple output for a list of operations executed in a machine<\/p>\n<h2><strong>Parameters<\/strong><\/h2>\n<ul>\n<li>\n<div class=\"MsoListParagraph\" style=\"text-indent: -0.25in;\"><strong>Newest<\/strong> \u2013 Accepts an integer value to indicate the number of operations to be displayed. By default, it returns 10 newest operations. For instance,<\/div>\n<\/li>\n<\/ul>\n<p class=\"MsoNormal\"><a href=\"https:\/\/devblogs.microsoft.com\/powershell\/wp-content\/uploads\/sites\/30\/2014\/02\/6355.image002_thumb_022E9926.jpg\"><img decoding=\"async\" class=\"alignnone size-full wp-image-20328\" src=\"https:\/\/devblogs.microsoft.com\/powershell\/wp-content\/uploads\/sites\/30\/2014\/02\/6355.image002_thumb_022E9926.jpg\" alt=\"Image 6355 image002 thumb 022E9926\" width=\"732\" height=\"125\" srcset=\"https:\/\/devblogs.microsoft.com\/powershell\/wp-content\/uploads\/sites\/30\/2014\/02\/6355.image002_thumb_022E9926.jpg 732w, https:\/\/devblogs.microsoft.com\/powershell\/wp-content\/uploads\/sites\/30\/2014\/02\/6355.image002_thumb_022E9926-300x51.jpg 300w\" sizes=\"(max-width: 732px) 100vw, 732px\" \/><\/a><\/p>\n<p class=\"MsoCaption\">Figure 2 : Get-xDscOperation can display the last 5 operations\u2019 event logs<\/p>\n<ul>\n<li>\n<div class=\"MsoListParagraphCxSpFirst\" style=\"text-indent: -0.25in;\">\n<p><strong>ComputerName<\/strong> \u2013 Parameter that accepts an array of strings, each containing the name of a computer from where you\u2019d like to collect DSC event log data. By default, it collects data from the host machine. To enable this feature, you must run the following command in the remote machines, in elevated mode so that the will allow collection of events<\/p>\n<p><strong>New-NetFirewallRule -Name &#8220;Service RemoteAdmin&#8221; -Action Allow\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/strong><\/p>\n<\/div>\n<\/li>\n<\/ul>\n<ul>\n<li>\n<div class=\"MsoListParagraphCxSpLast\" style=\"text-indent: -0.25in;\"><strong>Credential<\/strong> \u2013 Parameter that is of type PSCredential, which can help access to the computers specified in the ComputerName parameter.<\/div>\n<\/li>\n<\/ul>\n<h2><strong>Returned object <\/strong><\/h2>\n<p class=\"MsoNormal\" style=\"background: white; line-height: normal; margin-bottom: 0pt;\">The cmdlet returns an array of objects each of type Microsoft.PowerShell.xDscDiagnostics.GroupedEvents. Each object in this array pertains to a different DSC operation. The default display for this object has the following properties:<\/p>\n<ol>\n<li>\n<div class=\"MsoListParagraphCxSpFirst\" style=\"background: white; line-height: normal; text-indent: -0.25in; margin-bottom: 0pt;\"><strong>SequenceID<\/strong>: Specifies the incremental number assigned to the DSC operation based on time. For instance, the last executed operation would have SequenceID as 1, the second to last DSC operation would have the sequence ID of 2, and so on. This number is another identifier for each object in the returned array.<\/div>\n<\/li>\n<\/ol>\n<ol>\n<li>\n<div class=\"MsoListParagraphCxSpMiddle\" style=\"background: white; line-height: normal; text-indent: -0.25in; margin-bottom: 0pt;\"><strong>TimeCreated<\/strong>: This is a DateTime value that indicates when the DSC operation had begun.<\/div>\n<\/li>\n<\/ol>\n<ol>\n<li>\n<div class=\"MsoListParagraphCxSpMiddle\" style=\"background: white; line-height: normal; text-indent: -0.25in; margin-bottom: 0pt;\"><strong>ComputerName<\/strong>: The computer name from where the results are being aggregated.<\/div>\n<\/li>\n<\/ol>\n<ol>\n<li>\n<div class=\"MsoListParagraphCxSpMiddle\" style=\"background: white; line-height: normal; text-indent: -0.25in; margin-bottom: 0pt;\"><strong>Result<\/strong>: This is a string value with value \u201cFailure\u201d or \u201cSuccess\u201d that indicates if that DSC operation had an error or not, respectively.<\/div>\n<\/li>\n<\/ol>\n<ol>\n<li>\n<div class=\"MsoListParagraphCxSpLast\" style=\"background: white; line-height: normal; text-indent: -0.25in; margin-bottom: 0pt;\"><strong>AllEvents<\/strong>: This is an object that represents a collection of events emitted from that DSC operation.<\/div>\n<\/li>\n<\/ol>\n<p class=\"MsoNormal\" style=\"background: white; line-height: normal; margin-bottom: 0pt;\">For instance, if you\u2019d like to aggregate results of the last operation from multiple computers, we have the following output:<\/p>\n<p class=\"MsoNormal\" style=\"background: white; line-height: normal; margin-bottom: 0pt;\"><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/30\/2018\/10\/5850.image003_4D2209F5.jpg\"><img decoding=\"async\" title=\"image003\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/30\/2018\/10\/0083.image003_thumb_41F87FAB.jpg\" alt=\"image003\" width=\"746\" height=\"94\" border=\"0\" \/><\/a><\/p>\n<p class=\"MsoCaption\">Figure 3 : Get-xDscOperation can display logs from many other computers at once.<\/p>\n<h1 class=\"WordSection1\">Trace-xDscOperation<\/h2>\n<p class=\"MsoNormal\">This cmdlet returns an object containing a collection of events, their event types, and the messages output generated from a particular DSC operation. Typically, when you find a failure in any of the operations using Get-xDscOperation, you would want to trace that operation to find out which of the events caused a failure.<\/p>\n<h2>Parameters<\/h2>\n<ul>\n<li>\n<div class=\"MsoListParagraph\" style=\"text-indent: -0.25in;\"><strong>SequenceID<\/strong>: This is the integer value assigned to any operation, pertaining to a specific computer. By specifying a sequence ID of say, 4, the trace for the DSC operation that was 4<sup>th<\/sup> from the last will be output<\/div>\n<\/li>\n<\/ul>\n<p class=\"MsoNormal\"><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/30\/2018\/10\/3730.image004_thumb_3AD94333.jpg\"><img decoding=\"async\" title=\"image004\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/30\/2018\/10\/3730.image004_thumb_3AD94333.jpg\" alt=\"image004\" width=\"745\" height=\"279\" border=\"0\" \/><\/a><\/p>\n<p class=\"MsoCaption\">Figure 4: Trace-xDscOperation with sequence ID specified<\/p>\n<ul>\n<li>\n<div class=\"MsoListParagraph\" style=\"text-indent: -0.25in;\"><strong>JobID<\/strong>: This is the GUID value assigned by <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/dn249922.aspx\">LCM<\/a> xDscOperation to uniquely identify an operation. Hence, when a JobID is specified, the trace of the corresponding DSC operation is output.<\/div>\n<\/li>\n<\/ul>\n<p class=\"MsoNormal\"><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/30\/2018\/10\/5466.image005_thumb_4CB5D700.jpg\"><img decoding=\"async\" title=\"image005\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/30\/2018\/10\/5466.image005_thumb_4CB5D700.jpg\" alt=\"image005\" width=\"751\" height=\"253\" border=\"0\" \/><\/a><\/p>\n<p class=\"MsoCaption\">Figure 5: Trace-xDscOperation taking JobID as a parameter \u2013 to output the same record as above \u2013 they just have two identifiers- job id and SequenceID<\/p>\n<ul>\n<li>\n<div class=\"MsoListParagraph\" style=\"text-indent: -0.25in;\">\n<p><strong>Computer Name and Credential<\/strong>: These parameters allow the trace to be collected from remote is necessary to run the command :<\/p>\n<p><strong>New-NetFirewallRule -Name &#8220;Service RemoteAdmin&#8221; -Action Allow<\/strong><\/p>\n<\/div>\n<\/li>\n<\/ul>\n<p class=\"MsoNormal\"><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/30\/2018\/10\/6765.image006_thumb_7383ED40.jpg\"><img decoding=\"async\" title=\"image006\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/30\/2018\/10\/6765.image006_thumb_7383ED40.jpg\" alt=\"image006\" width=\"752\" height=\"272\" border=\"0\" \/><\/a><\/p>\n<p class=\"MsoCaption\">Figure 6: Trace-xDscOperation running on a different computer with the -ComputerName option<\/p>\n<p class=\"MsoNormal\">Note: Since Trace-xDscOperation would aggregate events from Analytic, Debug, and operational logs, it will prompt the user to enable these logs. If the logs are not enabled, an error message is displayed stating that these events cannot be read until it has been enabled. However, the trace from other logs are still displayed. This error can be ignored.<\/p>\n<h2><strong>Returned object <\/strong><\/h2>\n<p class=\"MsoNormal\">The cmdlet returns an array of objects, each of type Microsoft.PowerShell.xDscDiagnostics.TraceOutput. Each object in this array contains the following fields:<\/p>\n<ol>\n<li>\n<div class=\"MsoListParagraphCxSpFirst\" style=\"text-indent: -0.25in;\"><strong>ComputerName<\/strong>: The name of the computer from where the logs are being collected.<\/div>\n<\/li>\n<\/ol>\n<ol>\n<li>\n<div class=\"MsoListParagraphCxSpMiddle\" style=\"text-indent: -0.25in;\"><strong>EventType<\/strong>: This is an enumerator type field that contains information on the type of event. It could be any of the following :<\/div>\n<\/li>\n<\/ol>\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"text-indent: -0.25in; margin-left: 1in;\">a.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Operational : Indicates the event is from the operational log<\/p>\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"text-indent: -0.25in; margin-left: 1in;\">b.\u00a0\u00a0\u00a0\u00a0\u00a0 Analytic : The event is from the analytic log<\/p>\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"text-indent: -0.25in; margin-left: 1in;\">c.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Debug : This would mean the event is from the debug log<\/p>\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"text-indent: -0.25in; margin-left: 1in;\">d.\u00a0\u00a0\u00a0\u00a0\u00a0 Verbose: These events are output as verbose messages during execution. The verbose messages make it easy to identify the sequence of events that are published.<\/p>\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"text-indent: -0.25in; margin-left: 1in;\">e.\u00a0\u00a0\u00a0\u00a0\u00a0 Error: These events are error events. Please note that by looking for the error events, we can immediately find the reason for failure most of the times.<\/p>\n<ol>\n<li>\n<div class=\"MsoListParagraphCxSpMiddle\" style=\"text-indent: -0.25in;\"><strong>TimeCreated<\/strong> : A DateTime value indicating when the event was logged by DSC<\/div>\n<\/li>\n<\/ol>\n<ol>\n<li>\n<div class=\"MsoListParagraphCxSpLast\" style=\"text-indent: -0.25in;\"><strong>Message<\/strong>: The message that was logged by DSC into the event logs.<\/div>\n<\/li>\n<\/ol>\n<p class=\"MsoNormal\">There are some fields in this object that are not displayed by default, which can be used for more information about the event. These are:<\/p>\n<ol>\n<li>\n<div class=\"MsoListParagraphCxSpFirst\" style=\"text-indent: -0.25in;\"><strong>JobID<\/strong> : The job ID (GUID format) specific to that DSC operation<\/div>\n<\/li>\n<\/ol>\n<ol>\n<li>\n<div class=\"MsoListParagraphCxSpMiddle\" style=\"text-indent: -0.25in;\"><strong>SequenceID<\/strong>: The SequenceID unique to that DSC operation in that computer.<\/div>\n<\/li>\n<\/ol>\n<ol>\n<li>\n<div class=\"MsoListParagraphCxSpLast\" style=\"text-indent: -0.25in;\"><strong>Event<\/strong>: This is the actual event logged by DSC, of type System.Diagnostics.Eventing.Reader.EventLogRecord. This can also the obtained from running the cmdlet Get-Winevent, as in the <a href=\"http:\/\/blogs.msdn.com\/b\/powershell\/archive\/2014\/01\/03\/using-event-logs-to-diagnose-errors-in-desired-state-configuration.aspx\">blog here<\/a>. It contains more information such as the task, eventID, level, etc. of the event.<\/div>\n<\/li>\n<\/ol>\n<p class=\"MsoNormal\">Hence, we could obtain information on the events too, if we saved the output of Trace-xDscOperation into a variable. To display all the events for a particular DSC operation, the following command would suffice:<\/p>\n<p class=\"MsoNormal\"><span style=\"font-size: small;\">(Trace-xDscOperation-SequenceID3).Event <\/span><\/p>\n<p class=\"MsoNormal\">That would display the same result as the Get-Winevent cmdlet, such as in the output below.<\/p>\n<p class=\"MsoNormal\"><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/30\/2018\/10\/6787.image007_6C64B0C8.jpg\"><img decoding=\"async\" title=\"image007\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/30\/2018\/10\/7357.image007_thumb_7A36F6C3.jpg\" alt=\"image007\" width=\"750\" height=\"299\" border=\"0\" \/><\/a><\/p>\n<p class=\"MsoCaption\">Figure 7 : Output that is identical to a get-winevent output. These details can be extracted using the xDscDiagnostics module as well<\/p>\n<p class=\"MsoNormal\">Ideally, you would first want to use Get-xDscOperations to list out the last few DSC configuration runs on your machines. Following this, you can dissect any one single operation (using its sequenceID or JobID) with Trace-xDscOperation to find out what it did behind the scenes.<\/p>\n<p class=\"MsoNormal\">In summary, xDscDiagnostics is a simple tool to extract the relevant information from DSC logs so that the user can diagnose operations across multiple machines easily. We urge the users to use this more often to simplify their experience with DSC.<\/p>\n<div class=\"WordSection1\"><\/div>\n<div class=\"WordSection1\"><\/div>\n<div class=\"WordSection1\"><\/div>\n<p class=\"MsoNormal\">Inchara Shivalingaiah\nSoftware Developer\nWindows PowerShell Team<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Have you ever witnessed a DSC Configuration run where you had no idea about what it might have done behind the scenes? Well, then your worries end here! During any DSC Operation, the DSC engine writes into windows event logs, which are like bread crumbs that the engine leaves along the way during any execution. [&hellip;]<\/p>\n","protected":false},"author":600,"featured_media":13641,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[142,150,248,251,345,348],"class_list":["post-1821","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-powershell","tag-desired-state-configuration","tag-dsc","tag-powershell","tag-powershell-4-0","tag-windows-powershell-4-0","tag-windows-powershell-desired-state-configuration"],"acf":[],"blog_post_summary":"<p>Have you ever witnessed a DSC Configuration run where you had no idea about what it might have done behind the scenes? Well, then your worries end here! During any DSC Operation, the DSC engine writes into windows event logs, which are like bread crumbs that the engine leaves along the way during any execution. [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/1821","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/users\/600"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/comments?post=1821"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/1821\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media\/13641"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media?parent=1821"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/categories?post=1821"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/tags?post=1821"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}