Microsoft KB Archive/302343

= System Restore: Description and Functionality of Srdiag.exe =

Q302343

-

The information in this article applies to:


 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional

-

SUMMARY
This article describes the Srdiag.exe utility that is part of the System Restore feature set.

MORE INFORMATION
The file Srdiag.exe is a tool developed specifically for capturing System Restore files and putting them into a text format or other format so that a support professional or an advanced user can easily view the contents of such files to try to diagnose problems that are occurring with System Restore.

With the Srdiag.exe tool, logs regarding System Restore are collected from a user's computer running that is running Microsoft Windows XP. Please note that System Restore is only supported on x86-based platform, Windows XP Home Edition, and Windows XP Professional Edition. Srdiag.exe collects all information that is related to System Restore and puts it in a .cab file. The .cab file name is then automatically generated by using the computer name, followed by a timestamp for the month, day, and year, as well as a timestamp for the hour, minutes and seconds of the .cab file creation. For example:

"ComputerName_mmddyy_hhmmss.cab" This format is used by default, however, you can change the default by following the steps listed under the &quot;Using Srdiag.exe&quot; section in this article.

You can start the tool in two ways, but you have to first make sure that the user logged on is an administrator/owner: Open a command prompt window and run the following command line: "Windir\System32\Restore\Srdiag.exe" This command will run the tool, and the logs for System Restore will be collected into a .cab file and placed in the following directory: Windir\system32\restore. It will have the default name as described above.

Make sure that the Show hidden files and folders option is enabled:

 In Windows Explorer on the Tools menu, click Folder Options. On the View tab, click Hidden files and folders.

In Windows Explorer to navigate to Windir\system32\restore. Double-click the Srdiag icon to run the tool. The logs for System Restore are then collected into a .cab file and placed into the Windir\System32\Restore folder with the default name.

Using Srdiag.exe
If you use the tool from a command prompt, use the following parameters:

Srdiag [/CabName:name.cab] [/CabLoc:&quot;c:\name\&quot;]

The /CabName parameter is the full name of the .cab file that you want to use. If the .cab file name is not specified, the system will automatically generate one in the following format: "ComputerName_mmddyy_hhmmss.cab" The /CabLoc parameter points to the location to store the .cab file. It must have a back slash (\) at the end. In addition, the directory must be created prior to running Srdiag with the parameter and pointing to it. Srdiag will not create the directory to put the .cab file. If no directory is specified, the default location is the Windir\system32\restore.

Example: "srdiag /CabName:test.cab /CabLoc:c\test\" By navigating to the location of the created .cab file, you can open it and examine the collected files that were placed into a .cab file by double-clicking the file or by right-clicking it and then clicking Extract. The Select a Destination dialog box is displayed, in which you can navigate to the directory to which you want to extract the selected file. At this point, you can also click Make New Folder to create a folder in which to extract the file, and then click Extract. You can now open and view the extracted file.

Files that are collected and placed into a .cab file
Sr-reg.txt

This file contains registry settings for:


 * 1) System information (build number, windows path, and so forth)
 * 2) System Restore settings
 * 3) System Restore Service (Srservice) registry key
 * 4) System Restore Filter registry key
 * 5) System Restore Group Policy registry key

Machineguid.txt

This file contains the _restore directory global universal identification (GUID). The datastore for the system is named _restore{guid} inside the \System Volume Information folder on each drive.

Filelist.xml

The included and excluded specifications for System Restore are listed in this file.

Rstrlog.txt

This file is the restore log file for the last completed restore. This is the clear text version of the Rstrlog.dat file.

Filelist.cfg and Driver.cfg

System Restore Filter's internal files.

Drivetable.txt

This is the internal file for the System Restore Service that contains the status of each drive that is monitored by System Restore. This file will have information on the mount point path, volume GUID, status (frozen/disabled/active/system), and max datastore size for each drive.

Fifo.log

This file will only appear if you have some FIFO restore points. Otherwise, you will not see this file. If it exists, it displays the System Restore files that have been purged as a normal function of maintaining the data store since System Restore was enabled.

Restorepointsize

This file is a binary file that contains the size of the restore point as a 64 bit number. Typically, you will not need to use this file. If there is, you need to interpret the file contents as an 8-byte number.

--RPn-rp.log

This file is a binary file that contains information of each created restore point. This file does not provide any useful information with which you can troubleshoot System Restore. What you see in the file Sr-rp.log is basically the data from the Rp.log files from each restore point (name/type/time). The Rp.log file is collected as well so that its existence can be verified and whether it is corrupted.

Rp.log

This file, which is generally very useful, contains the list of restore points: name/type/time.

SR-chglog.log

This file contains the change log of file operations on each drive for all restore points that are currently available. It also contains the changes to the system that System Restore monitors. This file shows what operations were made at what date and time to specific files.

SR-filelist.log

This file contains a list of all the files that were collected by Srdiag, and file information of all System Restore binaries.

SR.EventLogs.txt

This file contains the Event Viewer log files that are related to the System Restore Service. In addition to collecting System Restore Service-related events, such as restore point creation and restoration, it also checks for filter volume error if any exist.

Note: The following file is collected from each Restore Point directory in the datastore: "Restorepointsize and drive_letter--RPn-rp.log"

Troubleshooting with Srdiag.exe

 * 1) If you are investigating a failed restore, look at Rstrlog.txt to see where the restore failed. The failed operation will be followed by a &quot;START UNDO&quot; marker. Next, look at Sr-chglog.txt to see the original set of operations using the sequence numbers as reference.
 * 2) If you are investigating a problem with System Restore monitoring on one of the system drives, or a problem with the display in the configuration user interface (UI), look at Drivetable.txt to see the status of each drive.
 * 3) If you cannot open the restore UI successfully, check if the System Restore Service is running by running a net start listing. If the System Restore Service is not running, but System Restore is enabled, investigate the values in the registry.

For additional information about basic troubleshooting of System Restore, click the article number below to view the article in the Microsoft Knowledge Base: "Q302796 Troubleshooting System Restore on Windows XP" Additional query words:

Keywords : kbtool

Issue type : kbinfo

Technology : kbWinXPProSearch kbWinXPHomeSearch kbWinXPSearch

Last Reviewed: October 18, 2001

-

[mailto:MSDN@MICROSOFT.COM Send feedback to Microsoft]

© 2002 Microsoft Corporation. All rights reserved.