Introduction

Event tracing for Windows (ETW) provides a data gathering mechanism that is non-invasive and has a low performance effect. For the FIM Service (starting in FIM 2010 R2) there is an option to use ETW for troubleshooting. This is an option to the FIM Service log that requires a service restart. In my experience the service log tracing is more detailed but that requires a service restart.

Applicability

There may be times where using the standard service log tracing is not feasible. Issues that take many hours or days to manifest don't lend themselves to a log file that continually grows. 

Event tracing allows us to wait for the issue to occur, enable tracing without restarting anything, and grab the data.

How to enable ETW for the FIM Service

Fortunately the instructions are in the MicrosoftResourceManagement.Service.config file. 

 

Basically we just:

  • Start the tracing,
  • Stop the tracing, and
  • Format the output.

All that is needed is an administrative command prompt. Navigate to a directory (I use C:\Temp), enable tracing, reproduce the error, stop the tracing, and format the output. I use the exact commands from the .config file. 

Here are detailed steps. Sample screenshots are provided at the end.

  1. Start an administrative command prompt.
  2. Navigate to the desired directory in which the logs will be generated.
  3. Run the following command to start the tracing.
    1. logman start mysession -p {C2751E84-AD11-4a18-9507-6CFE811D3506} -o FIMETWtrace.etl –ets
  4. Reproduce the error.
  5. Run the following command to stop the tracing.
    1. logman stop mysession –ets
  6. Use the following command to format the .ETL file to XML.
    1. tracerpt FIMETWtrace.etl -o logdmp.xml -of XML -lr -summary logdmp.txt -report logrpt.xml
  7. Zip up the files generated/formatted and send them in to support.

Commands starting and stopping the logging

 

Command formatting the output

 

Results after all the commands are run