IE Diagnostics


In recent posts we talked about giving feedback and filing a great bug using a tool called IE Diagnostics that is included with the publically available Internet Explorer Platform Preview releases. We encourage you to include IE Diagnostics reports with every bug submission. This blog post sheds more light on the IE Diagnostics tool by detailing the data included in an IE Diagnostics report, what you can learn from it, and how you can use this information to debug problems you see in IE.

What is IE Diagnostics?

IE Diagnostics is a tool that gathers comprehensive dynamic and static data related to Internet Explorer. The data gathered is packaged up into a .cab file and stored on your machine at a location you specify. If you open the cab, you will find an IEDiag.xml file which contains detailed information related to IE add-ons, registry settings, network configurations, and more. (Click here to view a sample IE Diagnostics report). This data is invaluable when we need to debug a problem in IE without having direct access to the computer, such as, when trying to reproduce and investigate root causes of bugs reported by users.

What can I learn from an IE Diagnostics Report?

Add-ons

Imagine the following scenario: Your mom calls you up saying her IE has been running really slow for the past few days and she doesn’t know why. You suspect that the culprit is probably the last add-on she had installed but you can’t be sure until you see, first-hand, the list of add-ons installed on her machine. The problem is that she is across the country and you don’t want to spend all your mobile-to-mobile minutes debugging the issue over the phone. With an IE Diagnostics report, you can easily get all the information you need to fix the problem. All your mom has to do is save an IE Diagnostics report and send you the cab file.

Windows Internet Explorer Diagnostic Tool

Once you have the report on your machine, click on ‘View saved report’ in IE Diagnostics.

From the report formatting options, choose the “All Enabled and Disabled Add-ons” and click ‘Apply Format’. This view will show you information about every IE add-on on your machine. You can scan the Installed On column to see which was last add-on installed and easily disable it using the Manage Add-ons feature in IE.

You can also use the “All Enabled and Disabled Add-ons” format to view version numbers of various add-ons. If you know that a certain version of a particular add-on is outdated and/or causes problems in Internet Explorer, and you see that it has been installed, then you can take note of that and choose to upgrade to a newer version of that add-on or disable it. 

Crashes

An IE Diagnostics report gives you information about crashes in IE. Often times a bad add-on is the root cause of a crash in IE and an IE Diagnostics report can help you pinpoint which add-on is the actual culprit.

To get crash information, view an IE Diagnostics report that has been saved on your machine and from the drop down of applicable formats, choose the “Events” viewer. In the list displayed, scan for entries where Provider = “Windows Error Reporting” and Event Name (under Message) = “APPCRASH”. If such an entry is found, get the filename in position P4 under the Problem signature portion of the Message. This will be the name of the add-on binary (most likely) causing IE to crash.

Report showing a crash

If you know which add-on the binary is associated to, you can go into Manage add-ons to disable the particular add-on. If you can’t tell which add-on the binary is part of, then you can pull up the “All Enabled and Disabled add-ons” view for an IE Diagnostics report, scan the module name column for the filename in question and see which add-on (in the name column) it corresponds to.

report showing IE add-ons

Security Zone Settings

An IE Diagnostics report allows you to view your security settings in all zones (local machine, Intranet, Internet, Trusted, Restricted) at a glance and compare changes you made to what the default settings were when you first installed IE. If your computer is infected with Malware, oftentimes security zone settings are compromised, as this user discovered.  The zone view in IE Diagnostics is useful when you want to know which settings have changed from the default so you can undo specific ones without having to Reset IE and undo all other configuration changes.

To view security zone settings, view an IE Diagnostics report that has been saved on your machine and from the drop down of applicable formats, choose the “Zone View” viewer and click ‘Apply Format’. This displays settings in each zone- both settings for the machine and those for the particular user – for all security options in Internet Options. You can scan pairs of columns (for example, Intranet vs. userIntranet) to see if there are any differences between what you (the user) have set  vs. what was default on the machine.

report showing IE security settings

Browsing Issues

The live network capture feature of IE Diagnostics allows you to debug broken functionality on a website. By enabling the Network Captures feature in an IE Diagnostics report you can capture network traffic, view and analyze it to identify any potential issues. This is especially useful in remote debugging scenarios where you don’t have direct access to a user’s (like your mom’s) machine to run fiddler traces or use the new Network tab in IE9 Dev Tools.

Some things to look out for in network capture data include:

  1. Cookies being passed, for session related issues – cookie related issues are typically seen when people are unable to successfully login to a website even when using the correct credentials
  2. Websites 302 or 303 redirects – examples here include why a particular site is not rendered in Compat View even though it is in the user’s Compatibility View List (e.g. example.com does a 302 redirect to say, example2.com so the domain that should be added to the CV List should be example2.com!)
  3. Cache related issues to see which resource is refreshed – IE may not see certain dynamic page updates occur, if they are not refreshed correctly, and a network trace helps dig deeper into why this is the case- for example, a trace will tell you when a cached page is set to expire and will be re-downloaded from the server.
  4. Network hangs to see if the client is waiting on the server or vice versa.
  5. Watch AJAX activity- to see if HTTP requests and responses are being sent across the wire as expected
  6. Examine to see if HTTP compression is being used- knowing whether compression is being used may help you diagnose problems of this nature.

What data is stored in an IE Diagnostics report?

When you look at an IEDiag.xml report for the first time, you’ll notice the sheer volume of data collected. This section describes exactly what is in an IE Diagnostics report.

IE Diagnostics contains 2 major tool sets to perform its operations:

Data Collectors: Collects static data such as Registry settings, Set up info, Installed add-ons and DxDiag output.

Captures: Collects Network and/or Process information dynamically as you browse the web using Internet Explorer or Internet Explorer Platform Preview.

By default, when you choose to save an IE Diagnostics report, the tool will collect only static data unless you opt-in to collect dynamic data by enabling one (or both) of the captures. For more information on how to run IE Diagnostics to gather Captures data, please refer to the IE Diagnostics User Guide.

Data Collectors

Data collectors in the IE diag tool

IE Diagnostics contains eight Data Collector tools that gather exhaustive data about your machine settings and operating environment.

  • Add-ons Enumerator: The Add-ons Data Collector looks in known locations of the registry and gathers information about all the add-ons, extensions, toolbars and BHOs currently installed for IE. This is meta information about the add-ons such as, the add-on type, version number, publisher, and whether the add-on is enabled or disabled.
  • DxDiag: The DxDiag data collector runs the DxDiag tool in Windows Vista and Windows 7 and gathers the output. This data collector generates a comprehensive report containing information about DirectX components and drivers installed on your system. You can access the DxDiag tool on your machine by typing DxDiag in Windows Search (or you can run the application from C:\Windows\System32\dxdiag.exe). More information about DxDiag can be found here.
  • Event Log Information: The Event Log Data Collector looks through the Application event log, searching for all the events that related to IE. It picks up all application errors and Windows Error Reporting buckets. The criteria used in selecting events are simply if the string “iexplore.exe” or “iepreview.exe” (for IEDiag in Platform Previews) exists in the message portion of the event.  It keeps the most recent 100 events.
  • File Information: The file information data collector gathers metadata like file size, creation time, attributes and last write time for a set of files related to IE that are guaranteed to be present on your machine with any IE installation.
  • Networking: The networking data collector gathers information about your current network settings. It collects static network data, for example, the output from running IPConfig -all and data about the operational network adapters on your machine and their IP addresses. It also gathers data to help diagnose the health of your network connection. For example, it pings the www.windowsupdate.com server to see if there is any activity over the network. This is useful information when debugging a scenario where you do not have physical access to a machine and are trying to debug an error of the “Page cannot be displayed” variety, where you are able to connect to the internet but see that no packets are being transferred. An accidentally misconfigured firewall or malicious software that corrupted Windows socket settings can be detected from this section of an IEDiag log report as well.
  • Registry Settings: The registry settings data collector gathers a mass of registry settings information under the Internet Explorer and Internet Settings hives.
  • Security Settings: The security settings data collector gathers the ACLs of Favorites, Cookies, Internet Cache, and History in Internet Explorer.
  • Setup Information: This data collector collects various set-up log files generated during the course of an IE install. Copies of files gathered by this data collector are included in the .cab file generated by IEDiag. These files can help diagnose installation issues.

Captures

IE Diagnostics contains two capture tools that collect data specific to your browsing activity within the time range you specify. The best way to get the most detailed diagnostic information when debugging a specific browsing scenario is by enabling the capture tools. The depth of data gathered around the specific problem you are experiencing makes pin-pointing the root cause of the issue that much easier.

captures in the IE Diag tool capture start screen

  • Network Capture: This feature runs Unified tracing (on Windows 7) or Netmon 3.3(on Vista if installed) to get a complete trace of network activity while you are reproducing an issue in IE. The official Netmon blog has many tips and tricks on troubleshooting network problems and using Netmon. There are also helpful videos on channel 9 on the same topic.

    Note: If you are on the Windows Vista operating system, you may not see the Network Capture feature in IE Diagnostics if you don’t have Netmon 3.3 installed. You can install Netmon 3.3 from here.

  • Process Logger: The process logger feature captures the creation, modification and deletion of system events during the time span that the feature is running. For each process, the tool will gather its name and creation, modification or deletion time, and more.

Summary

As mentioned previously, IE Diagnostics reports are extremely valuable in remote debugging scenarios- when one doesn’t have immediate access to the faulty machine. We urge you to include an IE Diagnostics report with your bug submission on Connect. IE Diagnostics reports contain valuable information that helps the IE team reproduce issues reported by you, and find and fix them faster. For more information on how to generate an IE Diagnostics report, please refer to the user guide.

Thanks!
Swathi Ganapathi
Program Manager


Comments (21)

  1. Anonymous says:

    Figures that Flash would be the culprit. 99% of ActiveX controls don't deserve to live.

  2. steppres says:

    Any hints as to what the new UI for IE9 will look like?

  3. Anonymous says:

    Please DISABLE OCX thoroughly. Almost ALL crushing and security problems are caused by OCX!

    So, please disable OCX in standard mode. Use it only in compacity mode. Or only manually enabled.(except a list of CLSIDs provided by Microsoft, this contains flash)

    And, WHERE IS CANVAS OR DX-TEXTURE MANIPULATION?

    WHERE IS CSS TRANSFORM?

    WHERE IS CSS TRANSITION?

    WHERE IS IT?

    TELL ME!!!!!!!!!!!

  4. Neil Dunensach says:

    Geez… an informative, useful post and the first 3 responses are totally non-relevant:

    @blah – yeah we know.  Get over it.  Flash sucks, Adobe sucks, Active X sucks, whatever.

    @Steppres – probably like IE 8.  This post isn't about UI.

    @Infinite – I don't recall seeing anything about CSS in this post.  Maybe you should yell in the previous CSS topics that have been posted, or wait until a new, relevant post comes along.

  5. Anonymous says:

    I have a lot of crashes in IE8 like these:

    Prodotto

    Internet Explorer

    Problema

    Ha smesso di funzionare

    Data

    08/06/2010 9.20

    Stato

    Segnalazione inviata

    Firma del problema

    Nome evento problema: BEX

    Nome applicazione: iexplore.exe

    Versione applicazione: 8.0.6001.18904

    Timestamp applicazione: 4b835fec

    Nome modulo con errori: StackHash_fd00

    Versione modulo con errori: 0.0.0.0

    Timestamp modulo con errori: 00000000

    Offset eccezione: 5e5fd6ff

    Codice eccezione: c0000005

    Dati eccezione: 00000008

    Versione SO: 6.0.6002.2.2.0.768.3

    ID impostazioni locali: 1040

    Informazioni aggiuntive 1: fd00

    Ulteriori informazioni 2: ea6f5fe8924aaa756324d57f87834160

    Ulteriori informazioni 3: fd00

    Ulteriori informazioni 4: ea6f5fe8924aaa756324d57f87834160

    Ulteriori informazioni sul problema

    ID bucket: 1069040454

  6. Anonymous says:

    Given the recent firestorm between Apple and Adobe over the inclusion of flash in the iPhone (which has been discussed here extensively (blogs.msdn.com/…/html5-video.aspx, and blogs.msdn.com/…/follow-up-on-html5-video-in-ie9.aspx), specifying flash as the source of a crash is indeed a humorous choice.  It has been my experience that many flash problems are caused by poor coding on the part of flash authors, so all this flash hating is kind of pointless if you ask me.  That said, there are clearly several parties bent on obsoleting flash, and it's days are numbered.  Hopefully whatever replaces it (HTML5? Silverlight?) will be less "black box", (Tim Berners lee rejoice)…

  7. Anonymous says:

    I have a lot of crashes in IE8 like this:

    Prodotto

    Internet Explorer

    Problema

    Ha smesso di funzionare

    Data

    08/06/2010 9.20

    Stato

    Segnalazione inviata

    Firma del problema

    Nome evento problema: BEX

    Nome applicazione: iexplore.exe

    Versione applicazione: 8.0.6001.18904

    Timestamp applicazione: 4b835fec

    Nome modulo con errori: StackHash_fd00

    Versione modulo con errori: 0.0.0.0

    Timestamp modulo con errori: 00000000

    Offset eccezione: 5e5fd6ff

    Codice eccezione: c0000005

    Dati eccezione: 00000008

    Versione SO: 6.0.6002.2.2.0.768.3

    ID impostazioni locali: 1040

    Informazioni aggiuntive 1: fd00

    Ulteriori informazioni 2: ea6f5fe8924aaa756324d57f87834160

    Ulteriori informazioni 3: fd00

    Ulteriori informazioni 4: ea6f5fe8924aaa756324d57f87834160

    Ulteriori informazioni sul problema

    ID bucket: 1069040454

  8. Anonymous says:

    @Steve: If a "flash author" can crash the browser, that's a very clear bug in the Flash player itself. But yours was a bogus claim anyway, most of the crashes in Flash clearly have nothing to do with the specific SWF content and everything to do with Adobe's bugs.

  9. Neil Dunensach says:

    @Matt – once again you only read what you want to see.  He didn't blame CONTENT.  He blamed CODE.  Quote – "flash problems are caused by poor coding on the part of flash authors".  Doesn't sounds like he's point the finger at SWF content to me.

  10. Anonymous says:

    @Neil – "poor coding on the part of flash authors" would mean the SWF content (code == part of content). However I agree with Matt, it's more Adobe's bugs than bad code from Flash authors.

  11. Anonymous says:

    @Neil: You've never coded in Flash before, have you?

    "Flash authors" compile their code into SWF files.

    You may sit down.

  12. Neil Dunensach says:

    @Matt – no because I'm really Steve Jobs.

  13. Wurst says:

    The screenshots are PNG this time, that's nice, but it would be even nicer if they were created using Window Clippings (a screenshot tool by a fellow colleague) and well compressed using OptiPNG and/or PNGOUT.

  14. Anonymous says:

    I too find some humor in using Flash as an example of reporting IE crashes, given a) how frequently IE crashes (IE8 on Win7 has been scary-unstable…crashes every hour on a fresh installation), and b) how ubiquitous Flash is. The simple "solution" is to, of course, disable Flash, but then what? Even with HTML5, a VERY large chunk of the web is rendered unusable by doing this. IMO, a much better option than telling me what crashed (and even better than restoring my crashed tab) is to make the host (IE) more resilient to its bad guests. Win3.1 crashed all the time due to bad application authors not properly cleaning up memory, but it was still the responsibility of the OS not to crash.

  15. Anonymous says:

    Keith: Correct, IE is an application, not an operating system. Very astute point.

  16. Anonymous says:

    IE provides OS-like services, so in many ways it is an operating system (it hosts external code, it provides memory to these external modules, it attempts to protect one from affecting the other). IIRC, Microsoft Research is working on a browser project that is designed more like an OS – Gazelle; hopefully, designing the browser as such at its gut level will help bring the browser stability up to OS quality. It still doesn't let Adobe off the hook for writing what has been really a horrible and undeservedly ubiquitous plug-in, but it should be easier for MS to harden their browser than for the millions of web pages out there to quit serving up Flash-based UIs or ads.

  17. Anonymous says:

    Keith: "OS-like" is a good non-technical explanation of ie. If you had a technical background in operating systems, you would call it "Not-OS-Like" since its implementation doesn't contain any of the core primitives used in operating systems.

    Gazelle attempts to impose OS concepts when running web content (not plugins) but it's an academic project which will never actually result in a released project as it is utterly impractical and incompatible with the web as it exists. It is sad but not unexpected that the lazy press never seems to figure out that the papers from MSR aren't any indication of microsoft's future plans.

  18. Anonymous says:

    yet another crash:

    Prodotto

    Internet Explorer

    Problema

    Ha smesso di funzionare

    Data

    09/06/2010 16.09

    Stato

    Segnalazione inviata

    Firma del problema

    Nome evento problema: APPCRASH

    Nome applicazione: iexplore.exe

    Versione applicazione: 8.0.6001.18928

    Timestamp applicazione: 4bdfa327

    Nome modulo con errori: mshtml.dll

    Versione modulo con errori: 8.0.6001.18928

    Timestamp modulo con errori: 4bdfb76d

    Codice eccezione: c0000005

    Offset eccezione: 000697d7

    Versione SO: 6.0.6002.2.2.0.768.3

    ID impostazioni locali: 1040

    Informazioni aggiuntive 1: fd00

    Ulteriori informazioni 2: ea6f5fe8924aaa756324d57f87834160

    Ulteriori informazioni 3: fd00

    Ulteriori informazioni 4: ea6f5fe8924aaa756324d57f87834160

    Ulteriori informazioni sul problema

    ID bucket: 1904205785

  19. Anonymous says:

    We have a HTA software works under IE8,

    But not in IE9

    When I look into details, under IE9 (HTA), xmldom.save(xmlfile) not working, without any error message.

  20. Anonymous says:

    Actually I saw one error like this: ( when I open hta with IE9),

    Error: Number:-2146828237 Description:Internal error

  21. Anonymous says:

    @John: The Internet Explorer Platform Preview does not include an updated version of MSHTA.exe, which is used to render HTML Application (HTA) files. Hence, if you open a HTA file in the Platform Preview, it runs as if it were a normal (low trust) Internet Page instead of a local HTML Application (higher trust). You will not be able to test your HTA with IE9 until the IE9 beta is available.