microsoft StorDiag.exe: New Windows 10 Storage Diagnostic Tool

[vissha]

StorDiag.exe: New Windows 10 Storage Diagnostic Tool

 

StorDiag.exe is a new command line drive tool to analyze storage on devices running Windows 10 that Microsoft added silently to the Anniversary Update.

 

The program is a diagnostic tool that you may use to identify storage related issues. Issues that it may detect including corruption of the NTFS file system.

 

There is more to the program than that though. You may use it to run a an ETW trace as well, and check the logs, Registry files and event files StorDiag.exe creates when it is done with the processing.

 

The application runs several tools in the background for that, including CheckDisk, fsutil and fltmc.

 

Using StorDiag.exe

 

 

The application can only be run from an elevated command prompt. Since it is only available in Windows 10's Anniversary Edition, instructions are only provided for this particular version of Windows.

 

Step 1: Open an elevated command prompt

 

 

First thing you need to do is open an elevated command prompt.

1. Tap on the Windows-key, type cmd.exe, hold down the Ctrl and Shift keys, and hammer on the Return key.
2. Confirm the UAC prompt that is displayed afterwards.
3. The elevated command prompt window should open. If it reads Administrator in the title, all is well.

Step 2: The command

 

 

The program supports three parameters that you can run it with. You may run stordiag.exe /? first to display them on the screen.

StorDiag [-collectEtw] [-out <PATH>]
-collectEtw           Collect a 30-second long ETW trace if run from an elevated session
-checkFSConsistency   Checks for the consistency of the NTFS file system
-out <PATH>           Specify the output path. If not specified, logs are saved to %TEMP%\StorDiag

Step 3: Running storage diagnostics

 

 

You may run the application with all commands, or only some of them.

 

If you want to run them all, use the following command to do so:

stordiag.exe -collectEtw -checkFSConsistency -out c:\users\martin\desktop

Note: You need to change "martin" in the out path to the username on your system. You may also leave the -out path part. If you do, all logs are saved to a StorDiag folder on the system's temp folder. Simply copy and paste %TEMP%\StorDiag in the Explorer address bar and the location should open.

 

The processing takes a couple of minutes tops. It depends largely on the number of storage devices connected to the Windows 10 machine at the time.

 

The program will check all drives for corruption using CheckDisk, and will collect a 30 second ETW trace. It runs several tools in the background and logs their output.

 

You find the massive list of log files and event files in the -out directory afterwards.

 

CDROM.reg
ChkDsk C.txt
ChkDsk O.txt
ChkDsk P.txt
ChkDsk S.txt
ChkDsk T.txt
DiskDrive.reg
FileSystem.reg
HDC.reg
<DIR> LocaleMetaData
Microsoft-Windows-DataIntegrityScan-Admin.evtx
Microsoft-Windows-DataIntegrityScan-CrashRecovery.evtx
Microsoft-Windows-DiskDiagnostic.evtx
Microsoft-Windows-Ntfs.evtx
Microsoft-Windows-Partition.evtx
Microsoft-Windows-Storage-ATAPort.evtx
Microsoft-Windows-Storage-ClassPnp.evtx
Microsoft-Windows-Storage-Storport.evtx
Microsoft-Windows-StorageManagement-Operational.evtx
Microsoft-Windows-StorageSpaces-Driver-Diagnostic.evtx
Microsoft-Windows-StorageSpaces-Driver-Operational.evtx
Microsoft-Windows-StorageSpaces-SpaceManager-Operational.evtx
Microsoft-Windows-Volume.evtx
Microsoft-Windows-VolumeSnapshot-Driver.evtx
perflog.etl
PSLogs.txt
SCSIAdapter.reg
System.evtx
VolMgr.reg
VolSnap.reg
Volume C Corruption.txt
Volume O Corruption.txt
Volume P Corruption.txt
Volume S Corruption.txt
Volume T Corruption.txt
Volume.reg

 

The CheckDisk information about each drive and potential corruption are probably most useful to users of the operating system.

 

System administrators find lots of information in the other files that they may use to analyze storage related issues.

 

StorDiag.exe does not resolve any of the issues that it may report. It is up to you or the system administrator to correct those.

 

Source