diff --git a/education/windows/images/1812_Add_Apps_SUSPC.png b/education/windows/images/1812_Add_Apps_SUSPC.png
new file mode 100644
index 0000000000..b494aea2dd
Binary files /dev/null and b/education/windows/images/1812_Add_Apps_SUSPC.png differ
diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md
index 4a0081092e..ecfbf5b1fc 100644
--- a/education/windows/set-up-school-pcs-azure-ad-join.md
+++ b/education/windows/set-up-school-pcs-azure-ad-join.md
@@ -9,7 +9,7 @@ ms.pagetype: edu
ms.localizationpriority: medium
author: lenewsad
ms.author: lanewsad
-ms.date: 07/13/2018
+ms.date: 01/11/2019
---
# Azure AD Join for school PCs
@@ -75,7 +75,7 @@ to delete.
3. Select and delete inactive and expired user accounts.
### How do I know if my package expired?
-Automated Azure AD tokens expire after 30 days. The expiration date for each token is appended to the end of the saved provisioning package, on the USB drive. After this date, you must create a new package. Be careful that you don't delete active accounts.
+Automated Azure AD tokens expire after 180 days. The expiration date for each token is appended to the end of the saved provisioning package, on the USB drive. After this date, you must create a new package. Be careful that you don't delete active accounts.
diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md
index e362f372b9..030e698372 100644
--- a/education/windows/set-up-school-pcs-provisioning-package.md
+++ b/education/windows/set-up-school-pcs-provisioning-package.md
@@ -82,23 +82,21 @@ For a more detailed look of each policy listed, see [Policy CSP](https://docs.mi
|Updates Windows | Nightly | Sets Windows to update on a nightly basis. |
## Apps uninstalled from Windows 10 devices
-Set up School PCs app uses the Universal app uninstall policy. This policy identifies default apps that are not relevant to the classroom experience, and uninstalls them from each device. The following table lists all apps uninstalled from Windows 10 devices.
+Set up School PCs app uses the Universal app uninstall policy. This policy identifies default apps that are not relevant to the classroom experience, and uninstalls them from each device. ALl apps uninstalled from Windows 10 devices include:
-|App name |Application User Model ID |
-|---------|---------|
-|3D Builder | Microsoft.3DBuilder_8wekyb3d8bbwe |
-|Bing Weather | Microsoft.BingWeather_8wekyb3d8bbwe |
-|Desktop App Installer|Microsoft.DesktopAppInstaller_8wekyb3d8bbwe|
-|Get Started | Microsoft.Getstarted_8wekyb3d8bbw |
-|Messaging|Microsoft.Messaging_8wekyb3d8bbwe
-|Microsoft Office Hub| Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe |
-|Microsoft Solitaire Collection | Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe |
-|One Connect|Microsoft.OneConnect_8wekyb3d8bbwe|
-|Paid Wi-Fi & Cellular | Microsoft.OneConnect_8wekyb3d8bbwe |
-|Feedback Hub | Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe |
-|Xbox | Microsoft.XboxApp_8wekyb3d8bbwe |
-|Mail/Calendar | microsoft.windowscommunicationsapps_8wekyb3d8bbwe|
+* Mixed Reality Viewer
+* Weather
+* Desktop App Installer
+* Tips
+* Messaging
+* My Office
+* Microsoft Solitaire Collection
+* Mobile Plans
+* Feedback Hub
+* Xbox
+* Mail/Calendar
+* Skype
## Apps installed on Windows 10 devices
Set up School PCs uses the Universal app install policy to install school-relevant apps on all Windows 10 devices. Apps that are installed include:
diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md
index b1f56ae163..4d555813ad 100644
--- a/education/windows/set-up-school-pcs-whats-new.md
+++ b/education/windows/set-up-school-pcs-whats-new.md
@@ -9,11 +9,22 @@ ms.pagetype: edu
ms.localizationpriority: medium
author: lenewsad
ms.author: lanewsad
-ms.date: 10/23/2018
+ms.date: 01/11/2019
---
# What's new in Set up School PCs
-Learn what’s new with the Set up School PCs app each week. Find out about new app features and functionality, and see updated screenshots. You'll also find information about past releases.
+Learn what’s new with the Set up School PCs app each week. Find out about new app features and functionality, and see updated screenshots. You'll also find information about past releases.
+
+## Week of December 31, 2019
+
+### Add Microsoft Whiteboard to provisioning package
+Microsoft Whiteboard has been added to the list of Microsoft-recommended apps for schools. Whiteboard is a freeform digital canvas where ideas, content, and people come together so students can create and collaborate in real time in the classroom. You can add Whiteboard to your provisioning package in Set up School PCs, on the **Add apps** page. For more information see [Use Set up School PCs app](use-set-up-school-pcs-app.md#create-the-provisioning-package).
+
+## Week of November 5, 2018
+
+### Sync school app inventory from Microsoft Store
+During setup, you can now add apps from your school's Microsoft Store inventory. After you sign in with your school's Office 365 account, Set up School PCs will sync the apps from Microsoft Store, and make them visible on the **Add apps** page. For more information about adding apps, see [Use Set Up School PCs app](use-set-up-school-pcs-app.md#create-the-provisioning-package).
+
## Week of October 15, 2018
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index 46f5b99026..6a1a7946ef 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -212,22 +212,25 @@ Set up the Take a Test app to give online quizzes and high-stakes assessments. D
3. Enter the URL where the test is hosted. When students log in to the Take a Test account, they'll be able to click or enter the link to view the assessment.
4. Click **Next**.
-### Recommended apps
-Choose from a list of recommended Microsoft Store apps to install on student PCs. Then click **Next**. After they're assigned, apps are pinned to the student's Start menu.
+### Add apps
+Choose from Microsoft recommended apps and your school's own Microsoft Store inventory. The apps you select here are added to the provisioning package and installed on student PCs. After they're assigned, apps are pinned to the device's Start menu.
- 
+If there aren't any apps in your Microsoft Store inventory, or you don't have the permissions to add apps, you'll need to contact your school admin for help. If you receive a message that you can't add the selected apps, click **Continue without apps**. Contact your school admin to get these apps later.
+
+After you've made your selections, click **Next**.
+
+
+ 
The following table lists the recommended apps you'll see.
|App |Note |
|---------|---------|
|Office 365 for Windows 10 in S mode (Education Preview) | Setup is only successful on student PCs that run Windows 10 in S mode. The PC you running the Set up School PCs app is not required to have Windows 10 in S mode. |
+|Microsoft Whiteboard | None|
|Minecraft: Education Edition | Free trial|
-|Other apps fit for the classroom |Select from WeDo 2.0 LEGO®, Arduino IDE, Ohbot, Sesavis Visual, and EV3 Programming|
-If you receive an error and are unable to add the selected apps, click **Continue without apps**. Contact your IT admin to get these apps later.
- 
### Personalization
Upload custom images to replace the student devices' default desktop and lock screen backgrounds. Click **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png.
diff --git a/mdop/appv-v4/best-practices-for-the-application-virtualization-sequencer-sp1.md b/mdop/appv-v4/best-practices-for-the-application-virtualization-sequencer-sp1.md
index 899bf80cdd..f36bf3a87b 100644
--- a/mdop/appv-v4/best-practices-for-the-application-virtualization-sequencer-sp1.md
+++ b/mdop/appv-v4/best-practices-for-the-application-virtualization-sequencer-sp1.md
@@ -67,7 +67,7 @@ The following best practices should be considered when sequencing a new applicat
- **Sequence to a unique directory that follows the 8.3 naming convention.**
+- **Sequence to a unique directory that follows the 8.3 naming convention.**
You should sequence all applications to a directory that follows the 8.3 naming convention. The specified directory name cannot contain more than eight characters, followed by a three-character file name extension—for example, **Q:\\MYAPP.ABC**.
diff --git a/windows/client-management/TOC.md b/windows/client-management/TOC.md
index 1ae7911088..d3c28bfc73 100644
--- a/windows/client-management/TOC.md
+++ b/windows/client-management/TOC.md
@@ -12,19 +12,19 @@
## [Windows 10 Mobile deployment and management guide](windows-10-mobile-and-mdm.md)
## [Windows libraries](windows-libraries.md)
## [Troubleshoot Windows 10 clients](windows-10-support-solutions.md)
-### [Advanced troubleshooting for Windows networking issues](troubleshoot-networking.md)
-#### [Advanced troubleshooting Wireless Network Connectivity](advanced-troubleshooting-wireless-network-connectivity.md)
-#### [Data collection for troubleshooting 802.1x Authentication](data-collection-for-802-authentication.md)
-#### [Advanced troubleshooting 802.1x authentication](advanced-troubleshooting-802-authentication.md)
-### [Advanced troubleshooting for TCP/IP](troubleshoot-tcpip.md)
-#### [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md)
-#### [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md)
-#### [Troubleshoot port exhaustion issues](troubleshoot-tcpip-port-exhaust.md)
-#### [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md)
-### [Advanced troubleshooting for Windows start-up issues](troubleshoot-windows-startup.md)
+### [Advanced troubleshooting for Windows networking](troubleshoot-networking.md)
+#### [Advanced troubleshooting Wireless network connectivity](advanced-troubleshooting-wireless-network-connectivity.md)
+#### [Advanced troubleshooting 802.1X authentication](advanced-troubleshooting-802-authentication.md)
+##### [Data collection for troubleshooting 802.1X authentication](data-collection-for-802-authentication.md)
+#### [Advanced troubleshooting for TCP/IP](troubleshoot-tcpip.md)
+##### [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md)
+##### [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md)
+##### [Troubleshoot port exhaustion](troubleshoot-tcpip-port-exhaust.md)
+##### [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md)
+### [Advanced troubleshooting for Windows startup](troubleshoot-windows-startup.md)
#### [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
-#### [Advanced troubleshooting for Windows-based computer freeze issues](troubleshoot-windows-freeze.md)
-#### [Advanced troubleshooting for Stop error or blue screen error issue](troubleshoot-stop-errors.md)
-#### [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](troubleshoot-inaccessible-boot-device.md)
+#### [Advanced troubleshooting for Windows-based computer freeze](troubleshoot-windows-freeze.md)
+#### [Advanced troubleshooting for stop error or blue screen error](troubleshoot-stop-errors.md)
+#### [Advanced troubleshooting for stop error 7B or Inaccessible_Boot_Device](troubleshoot-inaccessible-boot-device.md)
## [Mobile device management for solution providers](mdm/index.md)
## [Change history for Client management](change-history-for-client-management.md)
diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md
index b1ab9770a3..24681f6db4 100644
--- a/windows/client-management/advanced-troubleshooting-802-authentication.md
+++ b/windows/client-management/advanced-troubleshooting-802-authentication.md
@@ -1,87 +1,118 @@
---
-title: Advanced Troubleshooting 802.1x Authentication
-description: Learn how 802.1x Authentication works
-keywords: advanced troubleshooting, 802.1x authentication, troubleshooting, authentication, Wi-Fi
+title: Advanced Troubleshooting 802.1X Authentication
+description: Learn how 802.1X Authentication works
+keywords: advanced troubleshooting, 802.1X authentication, troubleshooting, authentication, Wi-Fi
ms.prod: w10
ms.mktglfcycl:
ms.sitesec: library
author: kaushika-msft
ms.localizationpriority: medium
-ms.author: mikeblodge
-ms.date: 10/29/2018
+ms.author: greg-lindsay
---
-# Advanced Troubleshooting 802.1x Authentication
+# Advanced troubleshooting 802.1X authentication
## Overview
-This is a general troubleshooting of 802.1x wireless and wired clients. With
-802.1x and Wireless troubleshooting, it's important to know how the flow of authentication works, and then figuring out where it's breaking. It involves a lot of third party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. Since we don't make Access Points or Switches, it won't be an end-to-end Microsoft solution.
+
+This is a general troubleshooting of 802.1X wireless and wired clients. With 802.1X and wireless troubleshooting, it's important to know how the flow of authentication works, and then figuring out where it's breaking. It involves a lot of third party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. Since we don't make access points or wwitches, it won't be an end-to-end Microsoft solution.
-### Scenarios
+## Scenarios
+
This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 - 10 for clients, and Windows Server 2008 R2 - 2012 R2 for NPS.
-### Known Issues
-N/A
-
-### Data Collection
-[Advanced Troubleshooting 802.1x Authentication Data Collection](https://docs.microsoft.com/en-us/windows/client-management/data-collection-for-802-authentication)
-
-### Troubleshooting
-- Viewing the NPS events in the Windows Security Event log is one of the most useful troubleshooting methods to obtain information about failed authentications.
+## Known Issues
-NPS event log entries contain information on the connection attempt, including the name of the connection request policy that matched the connection attempt and the network policy that accepted or rejected the connection attempt. NPS event logging for rejected or accepted connection is enabled by default.
-Check Windows Security Event log on the NPS Server for NPS events corresponding to rejected (event ID 6273) or accepted (event ID 6272) connection attempts.
+None
-In the event message, scroll to the very bottom, and check the **Reason Code** field and the text associated with it.
+## Data Collection
+
+See [Advanced troubleshooting 802.1X authentication data collection](data-collection-for-802-authentication.md).
-
-*Example: event ID 6273 (Audit Failure)*
+## Troubleshooting
+
+Viewing [NPS authentication status events](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735320(v%3dws.10)) in the Windows Security [event log](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc722404(v%3dws.11)) is one of the most useful troubleshooting methods to obtain information about failed authentications.
+
+NPS event log entries contain information on the connection attempt, including the name of the connection request policy that matched the connection attempt and the network policy that accepted or rejected the connection attempt. If you are not seeing both success and failure events, see the section below on [NPS audit policy](#audit-policy).
+
+Check Windows Security Event log on the NPS Server for NPS events corresponding to rejected ([event ID 6273](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735399(v%3dws.10))) or accepted ([event ID 6272](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735388(v%3dws.10))) connection attempts.
+
+In the event message, scroll to the very bottom, and check the [Reason Code](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v%3dws.10)) field and the text associated with it.
+
+ 
+ *Example: event ID 6273 (Audit Failure)*
-
-*Example: event ID 6272 (Audit Success)*
+ 
+ *Example: event ID 6272 (Audit Success)*
-
-- The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, in the event of connectivity problems, the reason for the failure. For wired network access, Wired AutoConfig operational log is equivalent one.
+The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, in the event of connectivity problems, the reason for the failure. For wired network access, Wired AutoConfig operational log is equivalent one.
-On client side, navigate to the Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational for wireless issue (for wired network access, ..\Wired-AutoConfig/Operational).
+On the client side, navigate to **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational** for wireless issues. For wired network access issues, navigate to **..\Wired-AutoConfig/Operational**. See the following example:
-- Most 802.1X authentication issues is due to problems with the certificate which is used for client or server authentication (e.g. invalid certificate, expiration, chain verification failure, revocation check failure, etc.).
+Most 802.1X authentication issues are due to problems with the certificate that is used for client or server authentication (e.g. invalid certificate, expiration, chain verification failure, revocation check failure, etc.).
-First, make sure which type of EAP method is being used.
+First, validate the type of EAP method being used:
-- If a certificate is used for its authentication method, check if the certificate is valid. For server (NPS) side, you can confirm what certificate is being used from EAP property menu. See figure below.
+If a certificate is used for its authentication method, check if the certificate is valid. For server (NPS) side, you can confirm what certificate is being used from the EAP property menu:
-- The CAPI2 event log will be useful for troubleshooting certificate-related issues.
-This log is not enabled by default. You can enable this log by navigating to the Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2 directory and expand it, then right-click on the Operational view and click the Enable Log menu.
+The CAPI2 event log will be useful for troubleshooting certificate-related issues.
+This log is not enabled by default. You can enable this log by expanding **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2**, right-clicking **Operational** and then clicking **Enable Log**.
-
+
-You can refer to this article about how to analyze CAPI2 event logs.
-[Troubleshooting PKI Problems on Windows Vista](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc749296%28v=ws.10%29)
-For detailed troubleshooting 802.1X authentication issues, it's important to understand 802.1X authentication process. The figure below is an example of wireless connection process with 802.1X authentication.
+The following article explains how to analyze CAPI2 event logs:
+[Troubleshooting PKI Problems on Windows Vista](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc749296%28v=ws.10%29).
-
-
-- If you collect network packet capture on both a client and a NPS side, you can see the flow like below. Type **EAPOL** in Display Filter menu in Network Monitor for a client side and **EAP** for a NPS side.
-
-> [!NOTE]
-> info not critical to a task If you also enable wireless scenario trace with network packet capture, you can see more detailed information on Network Monitor with **ONEX\_MicrosoftWindowsOneX** and **WLAN\_MicrosoftWindowsWLANAutoConfig** Network Monitor filtering applied.
+When troubleshooting complex 802.1X authentication issues, it is important to understand the 802.1X authentication process. The following figure is an example of wireless connection process with 802.1X authentication:
+
+
+If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both the client and the server (NPS) side, you can see a flow like the one below. Type **EAPOL** in the Display Filter in for a client side capture, and **EAP** for an NPS side capture. See the following examples:
-*Client-side packet capture data*
+*Client-side packet capture data*
-*NPS-side packet capture data*
-
+*NPS-side packet capture data*
+
+
+> [!NOTE]
+> If you have a wireless trace, you can also [view ETL files with network monitor](https://docs.microsoft.com/windows/desktop/ndf/using-network-monitor-to-view-etl-files) and apply the **ONEX_MicrosoftWindowsOneX** and **WLAN_MicrosoftWindowsWLANAutoConfig** Network Monitor filters. Follow the instructions under the **Help** menu in Network Monitor to load the reqired [parser](https://blogs.technet.microsoft.com/netmon/2010/06/04/parser-profiles-in-network-monitor-3-4/) if needed. See the example below.
+
+
+
+## Audit policy
+
+NPS audit policy (event logging) for connection success and failure is enabled by default. If you find that one or both types of logging are disabled, use the following steps to troubleshoot.
+
+View the current audit policy settings by running the following command on the NPS server:
+```
+auditpol /get /subcategory:"Network Policy Server"
+```
+
+If both success and failure events are enabled, the output should be:
+
+System audit policy
+Category/Subcategory Setting
+Logon/Logoff
+ Network Policy Server Success and Failure
+
+
+If it shows ‘No auditing’, you can run this command to enable it:
+
+```
+auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
+```
+
+Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing via Group Policy. The success/failure setting can be found under **Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Logon/Logoff -> Audit Network Policy Server**.
+
## Additional references
-[Troubleshooting Windows Vista 802.11 Wireless Connections](https://technet.microsoft.com/ja-jp/library/cc766215%28v=ws.10%29.aspx)
-[Troubleshooting Windows Vista Secure 802.3 Wired Connections](https://technet.microsoft.com/de-de/library/cc749352%28v=ws.10%29.aspx)
+[Troubleshooting Windows Vista 802.11 Wireless Connections](https://technet.microsoft.com/library/cc766215%28v=ws.10%29.aspx)
+[Troubleshooting Windows Vista Secure 802.3 Wired Connections](https://technet.microsoft.com/library/cc749352%28v=ws.10%29.aspx)
diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
index 5647279113..412bbb99bc 100644
--- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
+++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
@@ -7,30 +7,31 @@ ms.mktglfcycl:
ms.sitesec: library
author: kaushika-msft
ms.localizationpriority: medium
-ms.author: mikeblodge
-ms.date: 10/29/2018
+ms.author: greg-lindsay
---
-# Advanced Troubleshooting Wireless Network Connectivity
+
+# Advanced troubleshooting wireless network connectivity
> [!NOTE]
> Home users: This article is intended for use by support agents and IT professionals. If you're looking for more general information about Wi-Fi problems in Windows 10, check out this [Windows 10 Wi-Fi fix article](https://support.microsoft.com/en-in/help/4000432/windows-10-fix-wi-fi-problems).
## Overview
-This is a general troubleshooting of establishing Wi-Fi connections from Windows Clients.
+
+This is a general troubleshooting of establishing Wi-Fi connections from Windows clients.
Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine. Understanding this flow makes it easier to determine the starting point in a repro scenario in which a different behavior is found.
This workflow involves knowledge and use of [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases), an extensive text filtering tool that is useful with complex traces with numerous ETW providers such as wireless_dbg trace scenario.
## Scenarios
-Any scenario in which Wi-Fi connections are attempted and fail to establish. The troubleshooter is developed with Windows 10 clients in focus, but also may be useful with traces as far back as Windows 7.
+This article applies to any scenario in which Wi-Fi connections fail to establish. The troubleshooter is developed with Windows 10 clients in focus, but also may be useful with traces as far back as Windows 7.
> [!NOTE]
-> This troubleshooter uses examples that demonstrate a general strategy for navigating and interpreting wireless component ETW. It is not meant to be representative of every wireless problem scenario.
+> This troubleshooter uses examples that demonstrate a general strategy for navigating and interpreting wireless component [Event Tracing for Windows](https://docs.microsoft.com/windows/desktop/etw/event-tracing-portal) (ETW). It is not meant to be representative of every wireless problem scenario.
-Wireless ETW is incredibly verbose and calls out lots of innocuous errors (i.e. Not really errors so much as behaviors that are flagged and have nothing to do with the problem scenario). Simply searching for or filtering on "err", "error", and "fail" will seldom lead you to the root cause of a problematic Wi-Fi scenario. Instead it will flood the screen with meaningless logs that will obfuscate the context of the actual problem.
+Wireless ETW is incredibly verbose and calls out a lot of innocuous errors (rather flagged behaviors that have little or nothing to do with the problem scenario). Simply searching for or filtering on "err", "error", and "fail" will seldom lead you to the root cause of a problematic Wi-Fi scenario. Instead it will flood the screen with meaningless logs that will obfuscate the context of the actual problem.
It is important to understand the different Wi-Fi components involved, their expected behaviors, and how the problem scenario deviates from those expected behaviors.
-The intention of this troubleshooter is to show how to find a starting point in the verbosity of wireless_dbg ETW and home in on the responsible component(s) causing the connection problem.
+The intention of this troubleshooter is to show how to find a starting point in the verbosity of wireless_dbg ETW and home in on the responsible components that are causing the connection problem.
### Known Issues and fixes
** **
@@ -41,6 +42,7 @@ The intention of this troubleshooter is to show how to find a starting point in
| **Windows 10, version 1703** | [KB4338827](https://support.microsoft.com/help/4338827) |
Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update-history webpage for your system:
+- [Windows 10 version 1809](https://support.microsoft.com/help/4464619)
- [Windows 10 version 1803](https://support.microsoft.com/help/4099479)
- [Windows 10 version 1709](https://support.microsoft.com/en-us/help/4043454)
- [Windows 10 version 1703](https://support.microsoft.com/help/4018124)
@@ -50,35 +52,47 @@ Make sure that you install the latest Windows updates, cumulative updates, and r
- [Windows Server 2012](https://support.microsoft.com/help/4009471)
- [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/40009469)
-### Data Collection
-1. Network Capture with ETW. Use the following command:
+## Data Collection
- **netsh trace start wireless\_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl**
+1. Network Capture with ETW. Enter the following at an elevated command prompt:
-2. Reproduce the issue if:
- - There is a failure to establish connection, try to manually connect
- - It is intermittent but easily reproducible, try to manually connect until it fails. Include timestamps of each connection attempt (successes and failures)
- - Tue issue is intermittent but rare, netsh trace stop command needs to be triggered automatically (or at least alerted to admin quickly) to ensure trace doesn’t overwrite the repro data.
- - Intermittent connection drops trigger stop command on a script (ping or test network constantly until fail, then netsh trace stop).
+ ```
+ netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl
+ ```
+2. Reproduce the issue.
+ - If there is a failure to establish connection, try to manually connect.
+ - If it is intermittent but easily reproducible, try to manually connect until it fails. Record the time of each connection attempt, and whether it was a success or failure.
+ - If the issue is intermittent but rare, netsh trace stop command needs to be triggered automatically (or at least alerted to admin quickly) to ensure trace doesn’t overwrite the repro data.
+ - If intermittent connection drops trigger stop command on a script (ping or test network constantly until fail, then netsh trace stop).
+3. Stop the trace by entering the following command:
+
+ ```
+ netsh trace stop
+ ```
+4. To convert the output file to text format:
+
+ ```
+ netsh trace convert c:\tmp\wireless.etl
+ ```
+
+See the [example ETW capture](#example-etw-capture) at the bottom of this article for an example of the command output. After running these commands, you will have three files: wireless.cab, wireless.etl, and wireless.txt.
+
+## Troubleshooting
-3. Run this command to stop the trace: **netsh trace stop**
-4. To convert the output file to text format: **netsh trace convert c:\tmp\wireless.etl**
-
-### Troubleshooting
The following is a high-level view of the main wifi components in Windows.
-
-
-The Windows Connection Manager (Wcmsvc) is closely associated with the UI controls (see taskbar icon) to connect to various networks including wireless. It accepts and processes input from the user and feeds it to the core wireless service (Wlansvc). The Wireless Autoconfig Service (Wlansvc) handles the core functions of wireless networks in windows:
+
+ | The Windows Connection Manager (Wcmsvc) is closely associated with the UI controls (taskbar icon) to connect to various networks, including wireless networks. It accepts and processes input from the user and feeds it to the core wireless service. |
+ | The WLAN Autoconfig Service (WlanSvc) handles the following core functions of wireless networks in windows:
- Scanning for wireless networks in range
-- Managing connectivity of wireless networks
+- Managing connectivity of wireless networks |
+ | The Media Specific Module (MSM) handles security aspects of connection being established. |
+ | The Native Wifi stack consists of drivers and wireless APIs to interact with wireless miniports and the supporting user-mode Wlansvc. |
+ | Third-party wireless miniport drivers interface with the upper wireless stack to provide notifications to and receive commands from Windows. |
+
-The Media Specific Module (MSM) handles security aspects of connection being established.
-The Native Wifi stack consists of drivers and wireless APIs to interact with wireless miniports and the supporting user-mode Wlansvc.
-
-Third-party wireless miniport drivers interface with the upper wireless stack to provide notifications to and receive commands from Windows.
The wifi connection state machine has the following states:
- Reset
- Ihv_Configuring
@@ -99,86 +113,105 @@ Reset --> Ihv_Configuring --> Configuring --> Associating --> Authenticating -->
Connected --> Roaming --> Wait_For_Disconnected --> Disconnected --> Reset
-- Filtering the ETW trace with the provided [TextAnalyisTool (TAT)](Missing wifi.tat file) filter is an easy first step to determine where a failed connection setup is breaking down:
-Use the **FSM transition** trace filter to see the connection state machine.
-Example of a good connection setup:
+>Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases) (TAT) is an easy first step to determine where a failed connection setup is breaking down. A useful [wifi filter file](#wifi-filter-file) is included at the bottom of this article.
-```
+Use the **FSM transition** trace filter to see the connection state machine. You can see [an example](#textanalysistool-example) of this filter applied in the TAT at the bottom of this page.
+
+The following is an example of a good connection setup:
+
+
44676 [2]0F24.1020::2018-09-17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
-45473 [1]0F24.1020::2018-09-17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv\_Configuring
-45597 [3]0F24.1020::2018-09-17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv\_Configuring to State: Configuring
+45473 [1]0F24.1020::2018-09-17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
+45597 [3]0F24.1020::2018-09-17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
46085 [2]0F24.17E0::2018-09-17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
47393 [1]0F24.1020::2018-09-17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
49465 [2]0F24.17E0::2018-09-17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Connected
-```
-Example of a failed connection setup:
-```
+
+
+The following is an example of a failed connection setup:
+
+
44676 [2]0F24.1020::2018-09-17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
-45473 [1]0F24.1020::2018-09-17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv\_Configuring
-45597 [3]0F24.1020::2018-09-17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv\_Configuring to State: Configuring
+45473 [1]0F24.1020::2018-09-17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
+45597 [3]0F24.1020::2018-09-17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
46085 [2]0F24.17E0::2018-09-17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
47393 [1]0F24.1020::2018-09-17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
49465 [2]0F24.17E0::2018-09-17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Roaming
-```
-By identifying the state at which the connection fails, one can focus more specifically in the trace on logs just prior to the last known good state. Examining **[Microsoft-Windows-WLAN-AutoConfig]** logs just prior to the bad state change should show evidence of error. Often, however, the error is propagated up through other wireless components.
+
+
+By identifying the state at which the connection fails, one can focus more specifically in the trace on logs just prior to the last known good state.
+
+Examining **[Microsoft-Windows-WLAN-AutoConfig]** logs just prior to the bad state change should show evidence of error. Often, however, the error is propagated up through other wireless components.
In many cases the next component of interest will be the MSM, which lies just below Wlansvc.
-
-
The important components of the MSM include:
- Security Manager (SecMgr) - handles all pre and post-connection security operations.
- Authentication Engine (AuthMgr) – Manages 802.1x auth requests
+
+ 
+
Each of these components has their own individual state machines which follow specific transitions.
Enable the **FSM transition, SecMgr Transition,** and **AuthMgr Transition** filters in TextAnalysisTool for more detail.
+
Continuing with the example above, the combined filters look like this:
-```
+
[2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Reset to State: Ihv_Configuring
[2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Ihv_Configuring to State: Configuring
[1] 0C34.2FE8::08/28/17-13:24:28.711 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Configuring to State: Associating
-[0] 0C34.275C::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]Port<13> Peer 8A:15:14:B6:25:10 SecMgr Transition INACTIVE (1) --> ACTIVE (2)
-[0] 0C34.275C::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]Port<13> Peer 8A:15:14:B6:25:10 SecMgr Transition ACTIVE (2) --> START AUTH (3)
+[0] 0C34.275C::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition INACTIVE (1) --> ACTIVE (2)
+[0] 0C34.275C::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition ACTIVE (2) --> START AUTH (3)
[4] 0EF8.0708::08/28/17-13:24:28.928 [Microsoft-Windows-WLAN-AutoConfig]Port (14) Peer 0x186472F64FD2 AuthMgr Transition ENABLED --> START_AUTH
[3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Associating to State: Authenticating
-[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port<13> Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
+[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
[4] 0EF8.0708::08/28/17-13:24:28.962 [Microsoft-Windows-WLAN-AutoConfig]Port (14) Peer 0x186472F64FD2 AuthMgr Transition START_AUTH --> AUTHENTICATING
-[2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port<13> Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
-[2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port<13> Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
+[2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
+[2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Authenticating to State: Roaming
-```
+
+
> [!NOTE]
-> In this line the SecMgr transition is suddenly deactivating. This transition is what eventually propagates to the main connection state machine and causes the Authenticating phase to devolve to Roaming state. As before, it makes sense to focus on tracing just prior to this SecMgr behavior to determine the reason for the deactivation.
+> In the next to last line the SecMgr transition is suddenly deactivating:
+>\[2\] 0C34.2FF0::08/28/17-13:24:29.7512788 \[Microsoft-Windows-WLAN-AutoConfig\]Port\[13\] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
+>This transition is what eventually propagates to the main connection state machine and causes the Authenticating phase to devolve to Roaming state. As before, it makes sense to focus on tracing just prior to this SecMgr behavior to determine the reason for the deactivation.
-- Enabling the **Microsoft-Windows-WLAN-AutoConfig** filter will show more detail leading to the DEACTIVATE transition:
+Enabling the **Microsoft-Windows-WLAN-AutoConfig** filter will show more detail leading to the DEACTIVATE transition:
-```
+
[3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Associating to State: Authenticating
-[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port<13> Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
+[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
[4] 0EF8.0708::08/28/17-13:24:28.962 [Microsoft-Windows-WLAN-AutoConfig]Port (14) Peer 0x186472F64FD2 AuthMgr Transition START_AUTH --> AUTHENTICATING
[0]0EF8.2EF4::08/28/17-13:24:29.549 [Microsoft-Windows-WLAN-AutoConfig]Received Security Packet: PHY_STATE_CHANGE
[0]0EF8.2EF4::08/28/17-13:24:29.549 [Microsoft-Windows-WLAN-AutoConfig]Change radio state for interface = Intel(R) Centrino(R) Ultimate-N 6300 AGN : PHY = 3, software state = on , hardware state = off )
[0] 0EF8.1174::08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]Received Security Packet: PORT_DOWN
[0] 0EF8.1174::08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]FSM Current state Authenticating , event Upcall_Port_Down
[0] 0EF8.1174:: 08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]Received IHV PORT DOWN, peer 0x186472F64FD2
-[2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port<13> Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
- [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port<13> Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
+[2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
+ [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Authenticating to State: Roaming
-```
-- The trail backwards reveals a Port Down notification. Port events indicate changes closer to the wireless hardware. The trail can be followed by continuing to see the origin of this indication.
-Below, the MSM is the native wifi stack (as seen in Figure 1). These are Windows native wifi drivers which talk to the wifi miniport driver(s). It is responsible for converting Wi-Fi (802.11) packets to 802.3 (Ethernet) so that TCPIP and other protocols and can use it.
+
+
+The trail backwards reveals a **Port Down** notification:
+
+\[0\] 0EF8.1174:: 08/28/17-13:24:29.705 \[Microsoft-Windows-WLAN-AutoConfig\]Received IHV PORT DOWN, peer 0x186472F64FD2
+
+Port events indicate changes closer to the wireless hardware. The trail can be followed by continuing to see the origin of this indication.
+
+Below, the MSM is the native wifi stack. These are Windows native wifi drivers which talk to the wifi miniport drivers. It is responsible for converting Wi-Fi (802.11) packets to 802.3 (Ethernet) so that TCPIP and other protocols and can use it.
+
Enable trace filter for **[Microsoft-Windows-NWifi]:**
-```
+
[3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Associating to State: Authenticating
-[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port<13> Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
+[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
[4] 0EF8.0708::08/28/17-13:24:28.962 [Microsoft-Windows-WLAN-AutoConfig]Port (14) Peer 0x8A1514B62510 AuthMgr Transition START_AUTH --> AUTHENTICATING
[0]0000.0000::08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4
[0]0EF8.2EF4::08/28/17-13:24:29.549 [Microsoft-Windows-WLAN-AutoConfig]Received Security Packet: PHY_STATE_CHANGE
@@ -186,14 +219,108 @@ Associating to State: Authenticating
[0] 0EF8.1174::08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]Received Security Packet: PORT_DOWN
[0] 0EF8.1174::08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]FSM Current state Authenticating , event Upcall_Port_Down
[0] 0EF8.1174:: 08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]Received IHV PORT DOWN, peer 0x186472F64FD2
-[2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port<13> Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
- [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port<13> Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
+[2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
+ [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
-Authenticating to State: Roaming
+Authenticating to State: Roaming
+
+In the trace above, we see the line:
+
+
+[0]0000.0000::08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4
+
+This is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disassociate coming from the Access Point (AP), as an indication to deny the connection. This could be due to invalid credentials, connection parameters, loss of signal/roaming, and various other reasons for aborting a connection. The action here would be to examine the reason for the disassociate sent from the indicated AP MAC (8A:15:14:B6:25:10). This would be done by examining internal logging/tracing from the AP.
+
+### Resources
+
+[802.11 Wireless Tools and Settings](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc755892(v%3dws.10))
+[Understanding 802.1X authentication for wireless networks](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759077%28v%3dws.10%29)
+
+## Example ETW capture
+
+
+C:\tmp>netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl
+
+Trace configuration:
+-------------------------------------------------------------------
+Status: Running
+Trace File: C:\tmp\wireless.etl
+Append: Off
+Circular: On
+Max Size: 4096 MB
+Report: Off
+
+C:\tmp>netsh trace stop
+Correlating traces ... done
+Merging traces ... done
+Generating data collection ... done
+The trace file and additional troubleshooting information have been compiled as "c:\tmp\wireless.cab".
+File location = c:\tmp\wireless.etl
+Tracing session was successfully stopped.
+
+C:\tmp>netsh trace convert c:\tmp\wireless.etl
+
+Input file: c:\tmp\wireless.etl
+Dump file: c:\tmp\wireless.txt
+Dump format: TXT
+Report file: -
+Generating dump ... done
+
+C:\tmp>dir
+ Volume in drive C has no label.
+ Volume Serial Number is 58A8-7DE5
+
+ Directory of C:\tmp
+
+01/09/2019 02:59 PM [DIR] .
+01/09/2019 02:59 PM [DIR] ..
+01/09/2019 02:59 PM 4,855,952 wireless.cab
+01/09/2019 02:56 PM 2,752,512 wireless.etl
+01/09/2019 02:59 PM 2,786,540 wireless.txt
+ 3 File(s) 10,395,004 bytes
+ 2 Dir(s) 46,648,332,288 bytes free
+
+
+## Wifi filter file
+
+Copy and paste all the lines below and save them into a text file named "wifi.tat." Load the filter file into the TextAnalysisTool by clicking **File > Load Filters**.
+
+```
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
```
-The port down event is occurring due to a Disassociate coming Access Point as an indication to deny the connection. This could be due to invalid credentials, connection parameters, loss of signal/roaming, and various other reasons for aborting a connection. The action here would be to examine the reason for the disassociate sent from the indicated AP MAC (8A:15:14:B6:25:10). This would be done by examining internal logging/tracing from MAC device.
-### **Resources**
-### [802.11 Wireless Tools and Settings](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc755892(v%3dws.10))
-### [Understanding 802.1X authentication for wireless networks](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759077%28v%3dws.10%29)
+## TextAnalysisTool example
+In the following example, the **View** settings are configured to **Show Only Filtered Lines**.
+
+
\ No newline at end of file
diff --git a/windows/client-management/data-collection-for-802-authentication.md b/windows/client-management/data-collection-for-802-authentication.md
index 60a255a2b6..82b0d1b33c 100644
--- a/windows/client-management/data-collection-for-802-authentication.md
+++ b/windows/client-management/data-collection-for-802-authentication.md
@@ -1,78 +1,72 @@
---
-title: Data Collection for Troubleshooting 802.1x Authentication
-description: Data needed for reviewing 802.1x Authentication issues
-keywords: troubleshooting, data collection, data, 802.1x authentication, authentication, data
+title: Data collection for troubleshooting 802.1X authentication
+description: Data needed for reviewing 802.1X Authentication issues
+keywords: troubleshooting, data collection, data, 802.1X authentication, authentication, data
ms.prod: w10
ms.mktglfcycl:
ms.sitesec: library
author: kaushika-msft
ms.localizationpriority: medium
ms.author: mikeblodge
-ms.date: 10/29/2018
---
-# Data Collection for Troubleshooting 802.1x Authentication
-
+# Data collection for troubleshooting 802.1X authentication
+
+Use the following steps to collect data that can be used to troubleshoot 802.1X authentication issues. When you have collected data, see [Advanced troubleshooting 802.1X authentication](advanced-troubleshooting-802-authentication.md).
## Capture wireless/wired functionality logs
Use the following steps to collect wireless and wired logs on Windows and Windows Server:
1. Create C:\MSLOG on the client machine to store captured logs.
-2. Launch a command prompt as an administrator on the client machine, and run the following commands to start RAS trace log and Wireless/Wired scenario log.
+2. Launch an elevated command prompt on the client machine, and run the following commands to start a RAS trace log and a Wireless/Wired scenario log.
**Wireless Windows 8.1 and Windows 10:**
-
```
netsh ras set tracing * enabled
netsh trace start scenario=wlan,wlan_wpp,wlan_dbg,wireless_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl
```
-
- **Wireless Windows 7 and Windows 8:**
+
+
**Wireless Windows 7 and Windows 8:**
```
netsh ras set tracing * enabled
netsh trace start scenario=wlan,wlan_wpp,wlan_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl
```
-
- **Wired client, regardless of version**
+
+
**Wired client, regardless of version**
```
netsh ras set tracing * enabled
netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_cli.etl
```
3. Run the following command to enable CAPI2 logging:
-
```
wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true
```
4. Create C:\MSLOG on the NPS to store captured logs.
-5. Launch a command prompt as an administrator on the NPS and run the following commands to start RAS trace log and Wireless/Wired scenario log:
+5. Launch an elevated command prompt on the NPS server and run the following commands to start a RAS trace log and a Wireless/Wired scenario log:
**Windows Server 2012 R2, Windows Server 2016 wireless network:**
-
```
netsh ras set tracing * enabled
netsh trace start scenario=wlan,wlan_wpp,wlan_dbg,wireless_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_nps.etl
```
-
- **Windows Server 2008 R2, Windows Server 2012 wireless network**
-
+
+
**Windows Server 2008 R2, Windows Server 2012 wireless network**
```
netsh ras set tracing * enabled
netsh trace start scenario=wlan,wlan_wpp,wlan_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_nps.etl
```
- **Wired network**
-
+
**Wired network**
```
netsh ras set tracing * enabled
netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_nps.etl
```
6. Run the following command to enable CAPI2 logging:
-
```
wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true
```
@@ -82,16 +76,16 @@ Use the following steps to collect wireless and wired logs on Windows and Window
> When the mouse button is clicked, the cursor will blink in red while capturing a screen image.
```
- psr /start /output c:\MSLOG\%computername%_psr.zip /maxsc 100
+ psr /start /output c:\MSLOG\%computername%_psr.zip /maxsc 100
```
8. Repro the issue.
9. Run the following command on the client PC to stop the PSR capturing:
```
- psr /stop
+ psr /stop
```
-10. Run the following commands from the command prompt on the NPS.
+10. Run the following commands from the command prompt on the NPS server.
- To stop RAS trace log and wireless scenario log:
@@ -134,14 +128,14 @@ Use the following steps to collect wireless and wired logs on Windows and Window
- C:\MSLOG\%COMPUTERNAME%_wireless_nps.cab (%COMPUTERNAME%_wired_nps.cab for wired scenario)
- All log files and folders in %Systemroot%\Tracing
-## Save environmental and configuration information
+## Save environment and configuration information
### On Windows client
1. Create C:\MSLOG to store captured logs.
2. Launch a command prompt as an administrator.
3. Run the following commands.
- - Environmental information and Group Policies application status
+ - Environment information and Group Policy application status
```
gpresult /H C:\MSLOG\%COMPUTERNAME%_gpresult.htm
@@ -299,7 +293,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
4. Save the logs stored in C:\MSLOG.
-### Certificate Authority (CA) (OPTIONAL)
+## Certification Authority (CA) (OPTIONAL)
1. On a CA, launch a command prompt as an administrator. Create C:\MSLOG to store captured logs.
2. Run the following commands.
@@ -378,7 +372,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
```powershell
Import-Module ActiveDirectory
- Get-ADObject -SearchBase ";CN=Public Key Services,CN=Services,CN=Configuration,DC=test,DC=local"; -Filter \* -Properties \* | fl \* > C:\MSLOG\Get-ADObject_$Env:COMPUTERNAME.txt
+ Get-ADObject -SearchBase ";CN=Public Key Services,CN=Services,CN=Configuration,DC=test,DC=local"; -Filter * -Properties * | fl * > C:\MSLOG\Get-ADObject_$Env:COMPUTERNAME.txt
```
7. Save the following logs.
- All files in C:\MSLOG on the CA
diff --git a/windows/client-management/images/capi.png b/windows/client-management/images/capi.png
new file mode 100644
index 0000000000..76bbcd0650
Binary files /dev/null and b/windows/client-management/images/capi.png differ
diff --git a/windows/client-management/images/etl.png b/windows/client-management/images/etl.png
new file mode 100644
index 0000000000..14a62c6450
Binary files /dev/null and b/windows/client-management/images/etl.png differ
diff --git a/windows/client-management/images/eventviewer.png b/windows/client-management/images/eventviewer.png
index 76bbcd0650..e0aa5d1721 100644
Binary files a/windows/client-management/images/eventviewer.png and b/windows/client-management/images/eventviewer.png differ
diff --git a/windows/client-management/images/miniport.png b/windows/client-management/images/miniport.png
new file mode 100644
index 0000000000..ba1b2fed2d
Binary files /dev/null and b/windows/client-management/images/miniport.png differ
diff --git a/windows/client-management/images/msm.png b/windows/client-management/images/msm.png
new file mode 100644
index 0000000000..397df3e350
Binary files /dev/null and b/windows/client-management/images/msm.png differ
diff --git a/windows/client-management/images/msmdetails.png b/windows/client-management/images/msmdetails.png
index ad146b102e..cbcf20e114 100644
Binary files a/windows/client-management/images/msmdetails.png and b/windows/client-management/images/msmdetails.png differ
diff --git a/windows/client-management/images/nm-adapters.png b/windows/client-management/images/nm-adapters.png
new file mode 100644
index 0000000000..f4e25fdbc8
Binary files /dev/null and b/windows/client-management/images/nm-adapters.png differ
diff --git a/windows/client-management/images/nm-start.png b/windows/client-management/images/nm-start.png
new file mode 100644
index 0000000000..ec92f013a2
Binary files /dev/null and b/windows/client-management/images/nm-start.png differ
diff --git a/windows/client-management/images/tat.png b/windows/client-management/images/tat.png
new file mode 100644
index 0000000000..90eb328c38
Binary files /dev/null and b/windows/client-management/images/tat.png differ
diff --git a/windows/client-management/images/wcm.png b/windows/client-management/images/wcm.png
new file mode 100644
index 0000000000..6c26a3aeb7
Binary files /dev/null and b/windows/client-management/images/wcm.png differ
diff --git a/windows/client-management/images/wifi-stack.png b/windows/client-management/images/wifi-stack.png
new file mode 100644
index 0000000000..cf94f491c4
Binary files /dev/null and b/windows/client-management/images/wifi-stack.png differ
diff --git a/windows/client-management/images/wlan.png b/windows/client-management/images/wlan.png
new file mode 100644
index 0000000000..fea20f7272
Binary files /dev/null and b/windows/client-management/images/wlan.png differ
diff --git a/windows/client-management/troubleshoot-networking.md b/windows/client-management/troubleshoot-networking.md
index 6865732607..184a70c8f0 100644
--- a/windows/client-management/troubleshoot-networking.md
+++ b/windows/client-management/troubleshoot-networking.md
@@ -1,20 +1,34 @@
---
-title: Advanced troubleshooting for Windows networking issues
-description: Learn how to troubleshoot networking issues.
+title: Advanced troubleshooting for Windows networking
+description: Learn how to troubleshoot networking
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
author: kaushika-msft
ms.localizationpriority: medium
ms.author: kaushika
-ms.date:
---
-# Advanced troubleshooting for Windows networking issues
+# Advanced troubleshooting for Windows networking
-In these topics, you will learn how to troubleshoot common problems related to Windows networking.
+The following topics are available to help you troubleshoot common problems related to Windows networking.
-- [Advanced troubleshooting Wireless Network](advanced-troubleshooting-wireless-network-connectivity.md)
-- [Data collection for troubleshooting 802.1x authentication](data-collection-for-802-authentication.md)
-- [Advanced troubleshooting 802.1x authentication](advanced-troubleshooting-802-authentication.md)
-- [Advanced troubleshooting for TCP/IP issues](troubleshoot-tcpip.md)
+- [Advanced troubleshooting for wireless network connectivity](advanced-troubleshooting-wireless-network-connectivity.md)
+- [Advanced troubleshooting 802.1X authentication](advanced-troubleshooting-802-authentication.md)
+ - [Data collection for troubleshooting 802.1X authentication](data-collection-for-802-authentication.md)
+- [Advanced troubleshooting for TCP/IP](troubleshoot-tcpip.md)
+ - [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md)
+ - [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md)
+ - [Troubleshoot port exhaustion issues](troubleshoot-tcpip-port-exhaust.md)
+ - [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md)
+
+## Concepts and technical references
+
+[802.1X authenticated wired access overview](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831831(v=ws.11))
+[802.1X authenticated wireless access overview](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh994700(v%3dws.11))
+[Wireless cccess deployment overview](https://docs.microsoft.com/windows-server/networking/core-network-guide/cncg/wireless/b-wireless-access-deploy-overview)
+[TCP/IP technical reference](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd379473(v=ws.10))
+[Network Monitor](https://docs.microsoft.com/windows/desktop/netmon2/network-monitor)
+[RPC and the network](https://docs.microsoft.com/windows/desktop/rpc/rpc-and-the-network)
+[How RPC works](https://docs.microsoft.com/windows/desktop/rpc/how-rpc-works)
+[NPS reason codes](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v=ws.10))
\ No newline at end of file
diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md
index a82076e8d9..5863c1b847 100644
--- a/windows/client-management/troubleshoot-tcpip-netmon.md
+++ b/windows/client-management/troubleshoot-tcpip-netmon.md
@@ -16,29 +16,27 @@ In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is
To get started, [download and run NM34_x64.exe](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image.
-
+
When the driver gets hooked to the network interface card (NIC) during installation, the NIC is reinitialized, which might cause a brief network glitch.
**To capture traffic**
-1. Click **Start** and enter **Netmon**.
+1. Run netmon in an elevated status by choosing Run as Administrator.
-2. For **netmon run command**,select **Run as administrator**.
+ 
- 
-
-3. Network Monitor opens with all network adapters displayed. Select **New Capture**, and then select **Start**.
+2. Network Monitor opens with all network adapters displayed. Select the network adapters where you want to capture traffic, click **New Capture**, and then click **Start**.
-4. Reproduce the issue, and you will see that Network Monitor grabs the packets on the wire.
+3. Reproduce the issue, and you will see that Network Monitor grabs the packets on the wire.
-5. Select **Stop**, and go to **File > Save as** to save the results. By default, the file will be saved as a ".cap" file.
+4. Select **Stop**, and go to **File > Save as** to save the results. By default, the file will be saved as a ".cap" file.
-The saved file has captured all the traffic that is flowing to and from the network adapters of this machine. However, your interest is only to look into the traffic/packets that are related to the specific connectivity problem you are facing. So you will need to filter the network capture to see only the related traffic.
+The saved file has captured all the traffic that is flowing to and from the selected network adapters on the local computer. However, your interest is only to look into the traffic/packets that are related to the specific connectivity problem you are facing. So you will need to filter the network capture to see only the related traffic.
**Commonly used filters**
@@ -56,5 +54,11 @@ The saved file has captured all the traffic that is flowing to and from the netw
Network traces which are collected using the **netsh** commands built in to Windows are of the extension "ETL". However, these ETL files can be opened using Network Monitor for further analysis.
+## More information
-
+[Intro to Filtering with Network Monitor 3.0](https://blogs.technet.microsoft.com/netmon/2006/10/17/intro-to-filtering-with-network-monitor-3-0/)
+[Network Monitor Filter Examples](https://blogs.technet.microsoft.com/rmilne/2016/08/11/network-monitor-filter-examples/)
+[Network Monitor Wireless Filtering](https://social.technet.microsoft.com/wiki/contents/articles/1900.network-monitor-wireless-filtering.aspx)
+[Network Monitor TCP Filtering](https://social.technet.microsoft.com/wiki/contents/articles/1134.network-monitor-tcp-filtering.aspx)
+[Network Monitor Conversation Filtering](https://social.technet.microsoft.com/wiki/contents/articles/1829.network-monitor-conversation-filtering.aspx)
+[How to setup and collect network capture using Network Monitor tool](https://blogs.technet.microsoft.com/msindiasupp/2011/08/10/how-to-setup-and-collect-network-capture-using-network-monitor-tool/)
diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md
index d540b098dd..f6620bd9c5 100644
--- a/windows/client-management/windows-10-support-solutions.md
+++ b/windows/client-management/windows-10-support-solutions.md
@@ -7,12 +7,34 @@ ms.sitesec: library
ms.author: elizapo
author: kaushika-msft
ms.localizationpriority: medium
-ms.date: 11/08/2018
---
-# Top support solutions for Windows 10
+
+# Troubleshoot Windows 10 clients
+
+This section contains advanced troubleshooting topics and links to help you resolve issues with Windows 10 clients. Additional topics will be added as they become available.
+
+## Troubleshooting support topics
+
+- [Advanced troubleshooting for Windows networking](troubleshoot-networking.md)
+ - [Advanced troubleshooting wireless network connectivity](advanced-troubleshooting-wireless-network-connectivity.md)
+ - [Advanced troubleshooting 802.1X authentication](advanced-troubleshooting-802-authentication.md)
+ - [Data collection for troubleshooting 802.1X authentication](data-collection-for-802-authentication.md)
+ - [Advanced troubleshooting for TCP/IP](troubleshoot-tcpip.md)
+ - [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md)
+ - [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md)
+ - [Troubleshoot port exhaustion](troubleshoot-tcpip-port-exhaust.md)
+ - [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md)
+- [Advanced troubleshooting for Windows startup](troubleshoot-windows-startup.md)
+ - [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
+ - [Advanced troubleshooting for Windows-based computer issues](troubleshoot-windows-freeze.md)
+ - [Advanced troubleshooting for stop errors or blue screen errors](troubleshoot-stop-errors.md)
+ - [Advanced troubleshooting for stop error 7B or Inaccessible_Boot_Device](troubleshoot-inaccessible-boot-device.md)
+
+## Windows 10 update history
Microsoft regularly releases both updates and solutions for Windows 10. To ensure your computers can receive future updates, including security updates, it's important to keep them updated. Check out the following links for a complete list of released updates:
+- [Windows 10 version 1809 update history](https://support.microsoft.com/help/4464619)
- [Windows 10 version 1803 update history](https://support.microsoft.com/help/4099479)
- [Windows 10 version 1709 update history](https://support.microsoft.com/help/4043454)
- [Windows 10 Version 1703 update history](https://support.microsoft.com/help/4018124)
@@ -23,6 +45,7 @@ Microsoft regularly releases both updates and solutions for Windows 10. To ensur
These are the top Microsoft Support solutions for the most common issues experienced when using Windows 10 in an enterprise or IT pro environment. The links below include links to KB articles, updates, and library articles.
## Solutions related to installing Windows Updates
+
- [How does Windows Update work](https://docs.microsoft.com/en-us/windows/deployment/update/how-windows-update-works)
- [Windows Update log files](https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-logs)
- [Windows Update troubleshooting](https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-troubleshooting)
@@ -34,7 +57,7 @@ These are the top Microsoft Support solutions for the most common issues experie
- [Quick Fixes](https://docs.microsoft.com/en-us/windows/deployment/upgrade/quick-fixes)
- [Troubleshooting upgrade errors](https://docs.microsoft.com/en-us/windows/deployment/upgrade/troubleshoot-upgrade-errors)
- [Resolution procedures](https://docs.microsoft.com/en-us/windows/deployment/upgrade/resolution-procedures)
-- ["0xc1800118" error when you push Windows 10 Version 1607 by using WSUS](https://support.microsoft.com/en-in/help/3194588/0xc1800118-error-when-you-push-windows-10-version-1607-by-using-wsus)
+- [0xc1800118 error when you push Windows 10 Version 1607 by using WSUS](https://support.microsoft.com/en-in/help/3194588/0xc1800118-error-when-you-push-windows-10-version-1607-by-using-wsus)
- [0xC1900101 error when Windows 10 upgrade fails after the second system restart](https://support.microsoft.com/en-in/help/3208485/0xc1900101-error-when-windows-10-upgrade-fails-after-the-second-system)
## Solutions related to BitLocker
diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index 00acdc9318..cd3b522585 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -2,7 +2,7 @@
## [Deploy Windows 10 with Microsoft 365](deploy-m365.md)
## [What's new in Windows 10 deployment](deploy-whats-new.md)
## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
-
+## [Windows Autopilot](windows-autopilot/windows-autopilot.md)
## [Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md)
### [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md)
### [Configure VDA for Subscription Activation](vda-subscription-activation.md)
@@ -19,13 +19,14 @@
## [Deploy Windows 10](deploy.md)
-### [Overview of Windows Autopilot](windows-autopilot/windows-autopilot.md)
-### [Windows 10 in S mode](s-mode.md)
-#### [Switch to Windows 10 Pro/Enterprise from S mode](windows-10-pro-in-s-mode.md)
+### [Windows Autopilot](windows-autopilot/windows-autopilot.md)
### [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
### [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md)
### [Windows 10 volume license media](windows-10-media.md)
+### [Windows 10 in S mode](s-mode.md)
+#### [Switch to Windows 10 Pro/Enterprise from S mode](windows-10-pro-in-s-mode.md)
+
### [Windows 10 deployment test lab](windows-10-poc.md)
#### [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
#### [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)
@@ -212,9 +213,10 @@
### [Change history for deploy Windows 10](change-history-for-deploy-windows-10.md)
## [Update Windows 10](update/index.md)
-### [Quick guide to Windows as a service](update/waas-quick-start.md)
-#### [Servicing stack updates](update/servicing-stack-updates.md)
-### [Overview of Windows as a service](update/waas-overview.md)
+### [Windows as a service](update/windows-as-a-service.md)
+#### [Quick guide to Windows as a service](update/waas-quick-start.md)
+##### [Servicing stack updates](update/servicing-stack-updates.md)
+#### [Overview of Windows as a service](update/waas-overview.md)
### [Understand how servicing differs in Windows 10](update/waas-servicing-differences.md)
### [Prepare servicing strategy for Windows 10 updates](update/waas-servicing-strategy-windows-10-updates.md)
### [Build deployment rings for Windows 10 updates](update/waas-deployment-rings-windows-10-updates.md)
diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml
index 826492af20..9e17a20e8b 100644
--- a/windows/deployment/index.yml
+++ b/windows/deployment/index.yml
@@ -49,6 +49,7 @@ sections:
| [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) | Check out the new Modern Deskop Deployment Center and discover content to help you with your Windows 10 and Office 365 ProPlus deployments. |
| [What's new in Windows 10 deployment](deploy-whats-new.md) | See this topic for a summary of new features and some recent changes related to deploying Windows 10 in your organization. |
| [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) | To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. |
+
| [Windows Autopilot](windows-autopilot/windows-autopilot.md) | Windows Autopilot enables an IT department to pre-configure new devices and repurpose existing devices with a simple process that requires little to no infrastructure. |
| [Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) | Windows 10 Enterprise has traditionally been sold as on premises software, however, with Windows 10 version 1703 (also known as the Creator’s Update), both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as true online services via subscription. You can move from Windows 10 Pro to Windows 10 Enterprise with no keys and no reboots. If you are using a Cloud Service Providers (CSP) see the related topic: [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md). |
| [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) | This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. |
diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md
index 25fac89570..b6828c6943 100644
--- a/windows/deployment/update/update-compliance-monitor.md
+++ b/windows/deployment/update/update-compliance-monitor.md
@@ -34,12 +34,12 @@ See the following topics in this guide for detailed information about configurin
## Update Compliance architecture
-The Update Compliance architecture and data flow is summarized by the following five-step process:
+The Update Compliance architecture and data flow is summarized by the following four-step process:
-**(1)** User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.
-**(2)** Diagnostic data is analyzed by the Update Compliance Data Service.
-**(3)** Diagnostic data is pushed from the Update Compliance Data Service to your Azure Monitor workspace.
-**(4)** Diagnostic data is available in the Update Compliance solution.
+1. User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.
+2. Diagnostic data is analyzed by the Update Compliance Data Service.
+3. Diagnostic data is pushed from the Update Compliance Data Service to your Azure Monitor workspace.
+4. Diagnostic data is available in the Update Compliance solution.
>[!NOTE]
@@ -51,4 +51,4 @@ The Update Compliance architecture and data flow is summarized by the following
## Related topics
[Get started with Update Compliance](update-compliance-get-started.md)
-[Use Update Compliance to monitor Windows Updates](update-compliance-using.md)
\ No newline at end of file
+[Use Update Compliance to monitor Windows Updates](update-compliance-using.md)
diff --git a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md
index 5c83f04180..a5337198d6 100644
--- a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md
+++ b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md
@@ -129,7 +129,7 @@ Error creating or updating registry key: **CommercialId** at **HKLM:\SOFTWARE\Mi
| 42 - Function **StartImpersonatingLoggedOnUser** failed with an unexpected exception. | Check the logs for the exception message and HResult. |
| 43 - Function **EndImpersonatingLoggedOnUser** failed with an unexpected exception. | Check the logs for the exception message and HResult. |
| 44 - Diagtrack.dll version is old, so Auth Proxy will not work. | Update the device using Windows Update or Windows Server Update Services. |
-| 45 - Diagrack.dll was not found. | Update the device using Windows Update or Windows Server Update Services. |
+| 45 - Diagtrack.dll was not found. | Update the device using Windows Update or Windows Server Update Services. |
| 48 - **CommercialID** mentioned in RunConfig.bat should be a GUID. | Copy the commercialID from your workspace. To find the commercialID, in the OMS portal click **Upgrade Readiness > Settings**. |
| 50 - Diagtrack Service is not running. | The Diagtrack service is required to send data to Microsoft. Enable and run the "Connected User Experiences and Telemetry" service. |
| 51 - RunCensus failed with an unexpected exception. | RunCensus explitly runs the process used to collect device information. The method failed with an unexpected exception. Check the ExceptionHResult and ExceptionMessage for more details. |
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index ccbb1809a4..515338ce7e 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -51,7 +51,7 @@ For information about Windows Defender Remote Credential Guard hardware and soft
## Application requirements
-When Windows Defender Credential Guard is enabled, specific authentication capabilities are blocked, so applications that require such capabilities will break. Applications should be tested prior to deployment to ensure compatiblity with the reduced functionality.
+When Windows Defender Credential Guard is enabled, specific authentication capabilities are blocked, so applications that require such capabilities will break. Applications should be tested prior to deployment to ensure compatibility with the reduced functionality.
>[!WARNING]
> Enabling Windows Defender Credential Guard on domain controllers is not supported.
diff --git a/windows/security/identity-protection/hello-for-business/hello-features.md b/windows/security/identity-protection/hello-for-business/hello-features.md
index d3128c154a..09530fefa8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-features.md
+++ b/windows/security/identity-protection/hello-for-business/hello-features.md
@@ -202,9 +202,9 @@ Active Directory Domain Services uses AdminSDHolder to secure privileged users a
Sign-in to a domain controller or management workstation with access equivalent to _domain administrator_.
1. Type the following command to add the **allow** read and write property permissions for msDS-KeyCredentialLink attribute for the **Key Admins** (or **KeyCredential Admins**) group on the AdminSDHolder object.
-```dsacls "CN=AdminSDHolder,CN=System,**DC=domain,DC=com**" /g "**[domainName\keyAdminGroup]**":RPWP,msDS-KeyCredentialLink```
+```dsacls "CN=AdminSDHolder,CN=System,DC=domain,DC=com" /g "[domainName\keyAdminGroup]":RPWP;msDS-KeyCredentialLink```
where **DC=domain,DC=com** is the LDAP path of your Active Directory domain and **domainName\keyAdminGroup]** is the NetBIOS name of your domain and the name of the group you use to give access to keys based on your deployment. For example:
-```dsacls "CN=AdminSDHolder,CN=System,DC=corp,DC=mstepdemo,DC=net /g "mstepdemo\Key Admins":RPWP,msDS-KeyCredentialLink```
+```dsacls "CN=AdminSDHolder,CN=System,DC=corp,DC=mstepdemo,DC=net" /g "mstepdemo\Key Admins":RPWP;msDS-KeyCredentialLink```
2. To trigger security descriptor propagation, open **ldp.exe**.
3. Click **Connection** and select **Connect...** Next to **Server**, type the name of the domain controller that holds the PDC role for the domain. Next to **Port**, type **389** and click **OK**.
4. Click **Connection** and select **Bind...** Click **OK** to bind as the currently signed-in user.
@@ -266,4 +266,4 @@ Users appreciate convenience of biometrics and administrators value the security
- [Windows Hello and password changes](hello-and-password-changes.md)
- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
- [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
-- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
\ No newline at end of file
+- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
index 9145280789..063a6f0ffc 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
@@ -29,7 +29,7 @@ When using a key, the on-premises environment needs an adequate distribution of
When using a certificate, the on-premises environment can use Windows Server 2008 R2 and later domain controllers, which removes the Windows Server 2016 domain controller requirement. However, single-sign on using a key requires additional infrastructure to issue a certificate when the user enrolls for Windows Hello for Business. Azure AD joined devices enroll certificates using Microsoft Intune or a compatible Mobile Device Management (MDM). Microsoft Intune and Windows Hello for Business use the Network Device Enrollment Services (NDES) role and support Microsoft Intune connector.
To deploy single sign-on for Azure AD joined devices using keys, read and follow [Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business](hello-hybrid-aadj-sso-base.md).
-To deploy single sign-on for Azure AD joined devices using, read and follow [Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business](hello-hybrid-aadj-sso-base.md) and then [Using Certificates for AADJ On-premises Single-sign On](hello-hybrid-aadj-sso-cert.md).
+To deploy single sign-on for Azure AD joined devices using certificates, read and follow [Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business](hello-hybrid-aadj-sso-base.md) and then [Using Certificates for AADJ On-premises Single-sign On](hello-hybrid-aadj-sso-cert.md).
## Related topics
diff --git a/windows/security/threat-protection/auditing/event-5031.md b/windows/security/threat-protection/auditing/event-5031.md
index b0f14b177b..55ce54d4ee 100644
--- a/windows/security/threat-protection/auditing/event-5031.md
+++ b/windows/security/threat-protection/auditing/event-5031.md
@@ -7,7 +7,6 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: Mir0sh
-ms.date: 04/19/2017
---
# 5031(F): The Windows Firewall Service blocked an application from accepting incoming connections on the network.
@@ -15,6 +14,8 @@ ms.date: 04/19/2017
**Applies to**
- Windows 10
- Windows Server 2016
+- Windows Server 2012 R2
+- Windows Server 2012
diff --git a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
index 511904d283..d2602326e1 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
@@ -25,7 +25,7 @@ You can see how an employee would use standalone mode with Application Guard.
**To test Application Guard in Standalone mode**
-1. Install Application Guard, using the [installation](#install-set-up-and-turn-on-application-guard) steps in this guide.
+1. Install Application Guard, using the [installation](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard) steps in this guide.
2. Restart the device, start Microsoft Edge, and then click **New Application Guard window** from the menu.
@@ -46,7 +46,7 @@ How to install, set up, turn on, and configure Application Guard for Enterprise-
### Install, set up, and turn on Application Guard
Before you can use Application Guard in enterprise mode, you must install Windows 10 Enterprise edition, version 1709, which includes the functionality. Then, you must use Group Policy to set up the required settings.
-1. Install Application Guard, using the [installation](#install-set-up-and-turn-on-application-guard) steps in this guide.
+1. Install Application Guard, using the [installation](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard) steps in this guide.
2. Restart the device and then start Microsoft Edge.
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
index 707a5887a8..7780c8b9eb 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
@@ -11,7 +11,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 04/24/2018
+ms.date: 12/11/2018
---
# Onboard Windows 10 machines using System Center Configuration Manager
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
index 54976ad8b9..79b21babce 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,6 @@ ms.sitesec: library
ms.pagetype: security
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 12/14/2018
---
# Onboard servers to the Windows Defender ATP service
@@ -41,7 +40,23 @@ For a practical guidance on what needs to be in place for licensing and infrastr
## Windows Server 2012 R2 and Windows Server 2016
-To onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP, you’ll need to:
+There are two options to onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP:
+- **Option 1**: Onboard through Azure Security Center
+- **Option 2**: Onboard through Windows Defender Security Center
+
+
+### Option 1: Onboard servers through Azure Security Center
+1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
+
+2. Select **Windows server 2012R2 and 2016** as the operating system.
+
+3. Click **Go to Azure Security Center to onboard servers**.
+
+4. Follow the onboarding steps in Azure Security Center. For more information, see [Windows Defender Advanced Threat Protection with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp).
+
+
+### Option 2: Onboard servers through Windows Defender Security Center
+You'll need to take the following steps if you opt to onboard servers through Windows Defender Security Center.
- For Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
@@ -54,7 +69,18 @@ To onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender AT
>[!TIP]
> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
-### Configure and update System Center Endpoint Protection clients
+
+#### Turn on Server monitoring from the Windows Defender Security Center portal
+
+1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
+
+2. Select **Windows server 2012R2 and 2016** as the operating system.
+
+3. Select **Onboard Servers through Windows Defender ATP**.
+4. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
+
+
+#### Configure and update System Center Endpoint Protection clients
>[!IMPORTANT]
>This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2.
@@ -64,17 +90,8 @@ The following steps are required to enable this integration:
- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie)
- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting
-
-### Turn on Server monitoring from the Windows Defender Security Center portal
-
-1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
-
-2. Select Windows server 2012, 2012R2 and 2016 as the operating system.
-
-3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
-
-### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP
+#### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP
1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603).
@@ -88,7 +105,7 @@ The following steps are required to enable this integration:
Once completed, you should see onboarded servers in the portal within an hour.
-### Configure server proxy and Internet connectivity settings
+#### Configure server proxy and Internet connectivity settings
- Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-gateway).
- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service:
@@ -108,6 +125,28 @@ Agent Resource | Ports
| winatp-gw-aus.microsoft.com | 443|
| winatp-gw-aue.microsoft.com |443 |
+
+## Integration with Azure Security Center
+Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers.
+
+>[!NOTE]
+>You'll need to have the appropriate license to enable this feature.
+
+The following capabilities are included in this integration:
+- Automated onboarding - Windows Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
+
+ >[!NOTE]
+ > Automated onboarding is only applicable for Windows Server 2012 R2 and Windows Server 2016.
+
+- Servers monitored by Azure Security Center will also be available in Windows Defender ATP - Azure Security Center seamlessly connects to the Windows Defender ATP tenant, providing a single view across clients and servers. In addition, Windows Defender ATP alerts will be available in the Azure Security Center console.
+- Server investigation - Azure Security Center customers can access Windows Defender Security Center to perform detailed investigation to uncover the scope of a potential breach
+
+>[!IMPORTANT]
+>- When you use Azure Security Center to monitor servers, a Windows Defender ATP tenant is automatically created. The Windows Defender ATP data is stored in Europe by default.
+>- If you use Windows Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
+
+
+
## Windows Server, version 1803 and Windows Server 2019
To onboard Windows Server, version 1803 or Windows Server 2019, use the same method used when onboarding Windows 10 machines.
@@ -143,26 +182,6 @@ Supported tools include:
If the result is ‘The specified service does not exist as an installed service’, then you'll need to install Windows Defender AV. For more information, see [Windows Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10).
-## Integration with Azure Security Center
-Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers.
-
->[!NOTE]
->You'll need to have the appropriate license to enable this feature.
-
-The following capabilities are included in this integration:
-- Automated onboarding - Windows Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
-
- >[!NOTE]
- > Automated onboarding is only applicable for Windows Server 2012 R2 and Windows Server 2016.
-
-- Servers monitored by Azure Security Center will also be available in Windows Defender ATP - Azure Security Center seamlessly connects to the Windows Defender ATP tenant, providing a single view across clients and servers. In addition, Windows Defender ATP alerts will be available in the Azure Security Center console.
-- Server investigation - Azure Security Center customers can access Windows Defender Security Center to perform detailed investigation to uncover the scope of a potential breach
-
->[!IMPORTANT]
->- When you use Azure Security Center to monitor servers, a Windows Defender ATP tenant is automatically created. The Windows Defender ATP data is stored in Europe by default.
->- If you use Windows Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
-
-
## Offboard servers
You can offboard Windows Server, version 1803 and Windows 2019 in the same method available for Windows 10 client machines.