How to get Terminal Services ETW traces provider name and GUID

Rahul Pathak 0 Reputation points
2023-05-17T09:47:58.36+00:00

Hi All,

I am working on a VDI solution and there I am using Windows Terminal services. Looks like some issue with Terminal services and sessions are getting disconnected.

I wanted to collect RDS traces which may have more information from Terminal services side and I can then provide the same to Microsoft for further analysis.

Here is sample of what I am looking for:

logman create trace "RDS Trace" -ow -o rdstrace.etl -p {5283d5f6-65b5-425f-a30b-f16c057d6b57} 0xffffffffffffffff 0xff -nb 16 16 -bs 1024 -mode Circular -f bincirc -max 4096 -ets

logman update trace "RDS Trace" -p {557d257b-180e-4aae-8f06-86c4e46e9d00} 0xffffffffffffffff 0xff -ets

repro the issue and then run following:

logman stop "RDS Trace" -ets

I got this above sample commands from internet but not sure about GUIDS {5283d5f6-65b5-425f-a30b-f16c057d6b57} and {557d257b-180e-4aae-8f06-86c4e46e9d00}. To get information about this I ran logman query providers but output of that command also doesn't have these guid. So in case I need to collect this RDS traces what I need to provide for provider name or GUID.

Thanks

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,117 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,236 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 43,931 Reputation points
    2023-05-18T13:39:17.1466667+00:00

    Hello there,

    The script below will generate an ETL trace; in this example, data for the Provider - Microsoft-Windows-TerminalServices-RemoteConnectionManager.

    Copy

    @echo off

    ECHO These commands will enable tracing:

    @echo on

    logman create trace admin_wmi -ow -o c:\admin_wmi.etl -p " Microsoft-Windows-TerminalServices-RemoteConnectionManager " 0xffffffffffffffff 0xff -nb 16 16 -bs 1024 -mode 0x2 -max 2048

    logman start admin_wmi

    @echo off

    echo

    ECHO Reproduce your issue and enter any key to stop tracing

    @echo on

    pause

    logman stop admin_wmi

    logman delete admin_wmi

    @echo off

    echo Tracing has been captured and saved successfully at c:\admin_wmi.etl

    Save the above mentioned script as a batch file (.bat) and run it with elevated privilege to generate the.etl file.

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/system-management-components/event-tracing-for-windows-simplified

    https://gist.github.com/guitarrapc/35a94b908bad677a7310

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments