Support calls are an inevitable part of a Windows IT professional's life, but that doesn't mean all support calls have to be excessively time-consuming. There are many things you can do to help shorten the time spent on a support call—by explaining the problem, collecting data, or performing a number of troubleshooting steps. One of the keys to ensuring a short call to Microsoft support is to provide a way for support engineers to reproduce the problem in house. Doing so enables our debug team to quickly and efficiently dig in and resolve the issue, usually in a matter of hours or even minutes.
But helping Microsoft support troubleshoot your problem more efficiently isn't usually merely a matter of sending the support engineer a list of steps to reproduce the problem. This is because often it's unclear how or when the OS got into the problem state to begin with, so having a list of repro steps is useless for someone trying to reproduce the problem on a cleanly installed OS. In this column, I'll tell you about a new Windows Sysinternals utility, Disk2vhd, which can help with this aspect of Windows system troubleshooting.
Disk2vhd Use Scenarios
Disk2vhd (disk2vhd.exe) is another great utility from Mark Russinovich and Bryce Cogswell, which you can download at technet.microsoft.com/en-us/sysinternals/ee656415.aspx. Disk2vhd will convert a running physical machine into a Virtual Hard Disk (VHD) in Microsoft's Virtual Machine (VM) disk format. Having the system in a .vhd format allows Microsoft support engineers to quickly load up the image into either Hyper-V or Microsoft Virtual PC to reproduce the problem. Once the problem is reproduced, our debug team can dig into the issue and usually find root cause within a matter of hours. Of course, this utility has other obvious uses. You could use it for server consolidation or other scenarios where you may want to convert a physical system to a VM.
For instance, by having an image of the customer's system, an engineer on my team solved a three-month-old support case in three hours. The customer implemented a customized security descriptor on the Application Event log, causing the Easy Print functionality to break on Windows Server 2008. Who would have expected that a permission change made on the Application log would affect printing? Prior to receiving the customer's image, our team discussed a lot of theories were and took steps to resolve the problem, but to no avail. Once we had the customer's image, the engineer quickly resolved the problem, which, as it turned out, was that the custom security descriptor removed the local system account's write access to the Application log. The Easy Print process has to be able to register (i.e., write) an Event Source ID with the Application Event log, and it does so through the local system account.
Another type of issue that we resolved by using a customer's image was a problem where the association between .lnk files and the executables was broken, so if you tried to open the .lnk file via the common Open File Dialog box, the associated executable would not launch. Within three hours of receiving the customer's image, we were able to reproduce and debug the problem, which turned out to be caused by an unsupported registry change the customer made several months earlier to remove the little arrow associated with shortcut links.
System Center Virtual Machine Manager (SCVMM) also provides the ability to create physical to virtual images. (You can download an evaluation edition of SCVMM at www.microsoft.com/downloads/details.aspx?FamilyID=292de23c-845c-4d08-8d65-b4b8cbc8397b&displaylang=en.) However, SCVMM is rather large in size (more than 1GB), and its installation and configuration is far more involved than Disk2vhd's. If you only require the ability to convert a physical system to a VM, though, Disk2vhd is the tool of choice. It's an easy-to-use utility and a must-have for any administrator who uses Microsoft support. Disk2vhd can save you time, money, and headaches if you have the type of problem that can be reproduced in a VM and outside of your corporate network. What I like about Disk2vhd from a time-saving perspective is that the .vhd image is natively created for Hyper-V or Virtual PC, which lets me as a Microsoft support engineer quickly move past the configuration and setup phase and right into the reproduction and debugging phase—thus saving time and providing a quicker resolution for the customer.
Disk2vhd's UI is simple and straightforward, as Figure 1 shows.
You simply check the boxes for the volumes that you want included in the image. Then you type in where you want the .vhd file to be stored, which can actually be on the same image that's being converted. So if you're converting the C drive, you can actually store the .vhd on the C drive. However, as Mark Russinovich points out on the Disk2vhd website, you'll experience faster conversion times if the file is stored on a disk other than the one being actively converted.
On my Dell Precision 380 with 4GB of RAM running Windows 7, Disk2vhd took approximately 10 minutes to convert the image to a .vhd file. Within a few moments, I was able to successfully load the image up into Hyper-V, allowing me to interact with the image just as if I were on the physical machine itself. Had this been a real issue I was trying to solve, I could have downloaded the .vhd, loaded it up in Hyper-V, and started debugging in a few moments—circumventing the usual back and forth that can occur when trying to resolve problems on a remote system.
Try It Out
So, can you create an image for every type of issue and expect it to be resolved in a few hours? No is the simple answer, but that's because not every issue can be reproduced even if you have an image of the system. Before you send an image to Microsoft support, first test whether the problem can be reproduced. Many issues can be reproduced either right away or with a little configuration. The best way to determine whether your issue is a candidate for imaging is to try creating an image of your system by using the Disk2vhd utility, then attempt to reproduce the problem on an isolated network—which is essentially what we would do once the image was transferred to Microsoft support.
Special thanks to Mark Russinovich and Bryce Cogswell for creating another valuable and easy-to-use tool that will dramatically help resolve issues much faster with far fewer headaches than other virtualization tools. Also special thanks to Venkatesh Ganga, a senior Microsoft escalation engineer, who contributed significantly to this article.