Skip to main content
Skip table of contents

Data collection on Client computer

In Local machine:

  1. Create c:\mslog folder

  2. Document policies:

    1. gpresult /H C:\MSLOG\%COMPUTERNAME%_gpresult.htm
      msinfo32 /report c:\MSLOG\%COMPUTERNAME%_msinfo32.txt
      ipconfig /all > c:\MSLOG\%COMPUTERNAME%_ipconfig.txt
      route print > c:\MSLOG\%COMPUTERNAME%_route_print.txt

  3. Document the current certificate store content:

    1. certutil -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%_cert-Personal-Registry.txt
      certutil -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-Registry.txt
      certutil -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-GroupPolicy.txt
      certutil -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_TrustedRootCA-Enterprise.txt
      certutil -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Reg.txt
      certutil -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-GroupPolicy.txt
      certutil -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Enterprise.txt
      certutil -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-Registry.txt
      certutil -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-GroupPolicy.txt
      certutil -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%_cert-Intermediate-Enterprise.txt
      certutil -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Registry.txt
      certutil -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-GroupPolicy.txt
      certutil -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Enterprise.txt
      certutil -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Registry.txt
      certutil -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-GroupPolicy.txt
      certutil -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Enterprise.txt
      certutil -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%_cert-NtAuth-Enterprise.txt
      certutil -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%_cert-User-Personal-Registry.txt
      certutil -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Registry.txt
      certutil -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Enterprise.txt
      certutil -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-Registry.txt
      certutil -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-GroupPolicy.txt
      certutil -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-Registry.txt
      certutil -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-GroupPolicy.txt
      certutil -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-Registry.txt
      certutil -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-GroupPolicy.txt
      certutil -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-Registry.txt
      certutil -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-GroupPolicy.txt
      certutil -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-Registry.txt
      certutil -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-GroupPolicy.txt
      certutil -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%_cert-User-UserDS.txt

  4. Export TLS and ciphers settings:

    1. reg export HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL c:\MSLOG\%COMPUTERNAME%\SCHANNEL.reg

  5. Verify user’s certificate.

    1. Go to C:\Windows\System32\config\systemprofile\AppData\Local\BOPS

    2. Copy newest file without extension (from last logon) to c:\MSLOG

    3. Rename file to user.cer

    4. Start cmd.exe ad administrator

    5. Execute:

      1. certutil -verify c:\MSLOG\user.cer > c:\MSLOG\%COMPUTERNAME%_cert-User-verify.txt
        certutil -verify -urlfetch c:\MSLOG\user.cer > c:\MSLOG\%COMPUTERNAME%_cert-User-urlfetch.txt
        certutil -csplist >c:\MSLOG\%COMPUTERNAME%_CSPList.txt
        certutil -csptest >c:\MSLOG\%COMPUTERNAME%_CSPTest.txt
        certutil -DCInfo Verify > c:\MSLOG\%COMPUTERNAME%_DCInfo.txt

    6. Last command might take few minutes to complete.

      1. Start cmd.exe as administrator
        Start CMD in a context of Local computer:

      2. psexec -i -s cmd.exe
        (psexec might be downloaded here https://docs.microsoft.com/en-us/sysinternals/downloads/pstools)
        Execute (in the computer system context):
        certutil -verify c:\MSLOG\user.cer > c:\MSLOG\%COMPUTERNAME%_cert-Machine-verify.txt
        certutil -verify -urlfetch c:\MSLOG\user.cer > c:\MSLOG\%COMPUTERNAME%_cert-Machine-urlfetch.txt

  6. Ciphers compatibility check

    1. Download IISCrypto tool. https://www.nartac.com/Products/IISCrypto

    2. Execute the tool and check available SChannel and ciphersuits (make a screenshot and store it to c:\MSLOG):

    3. Same for Cipher Suits (make a screenshot, store it on c:\MSLOG)

  7. Export event log:

    1. wevtutil epl Application c:\MSLOG\%COMPUTERNAME%_Application.evtx
      wevtutil epl System c:\MSLOG\%COMPUTERNAME%_System.evtx
      wevtutil epl Security c:\MSLOG\%COMPUTERNAME%_Security.evtx
      wevtutil epl Microsoft-Windows-CAPI2/Operational c:\MSLOG\%COMPUTERNAME%_CAPI2.evtx

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close