From 85659a6587926cc0b355c5a8d8348427f63ed6a6 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 21 Jul 2020 12:45:36 -0700
Subject: [PATCH 1/4] Acrolinx improvements

---
 .../smart-card-debugging-information.md       | 36 +++++++++----------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
index 9ee26abcab..cff2a3a415 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
@@ -1,12 +1,12 @@
 ---
-title: Smart Cards Debugging Information (Windows 10)
-description: This topic explains tools and services that smart card developers can use to help identify certificate issues with the smart card deployment.
+title: Smart Card Troubleshooting (Windows 10)
+description: Describes the tools and services that smart card developers can use to help identify certificate issues with the smart card deployment.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
@@ -16,11 +16,11 @@ ms.date: 04/19/2017
 ms.reviewer: 
 ---
 
-# Smart Cards Debugging Information
+# Smart Card Troubleshooting
 
 Applies To: Windows 10, Windows Server 2016
 
-This topic explains tools and services that smart card developers can use to help identify certificate issues with the smart card deployment.
+This article explains tools and services that smart card developers can use to help identify certificate issues with the smart card deployment.
 
 Debugging and tracing smart card issues requires a variety of tools and approaches. The following sections provide guidance about tools and approaches you can use.
 
@@ -28,7 +28,7 @@ Debugging and tracing smart card issues requires a variety of tools and approach
 
 -   [Debugging and tracing using WPP](#debugging-and-tracing-using-wpp)
 
--   [Kerberos protocol, KDC and NTLM debugging and tracing](#kerberos-protocol-kdc-and-ntlm-debugging-and-tracing)
+-   [Kerberos protocol, KDC, and NTLM debugging and tracing](#kerberos-protocol-kdc-and-ntlm-debugging-and-tracing)
 
 -   [Smart Card service](#smart-card-service)
 
@@ -56,7 +56,7 @@ To delete a container, type **certutil -delkey -csp "Microsoft Base Smart Card C
 
 ## Debugging and tracing using WPP
 
-Windows software trace preprocessor (WPP) simplifies tracing the operation of the trace provider, and it provides a mechanism for the trace provider to log real-time binary messages. Logged messages can subsequently be converted to a human-readable trace of the operation of the trace provider. For more information about WPP, see [Diagnostics with WPP - The NDIS blog](https://blogs.msdn.com/b/ndis/archive/2011/04/06/diagnostics-with-wpp.aspx).
+Windows software trace preprocessor (WPP) simplifies tracing the operation of the trace provider. It provides a mechanism for the trace provider to log real-time binary messages. Logged messages can be converted to a human-readable trace of the operation. For more information, see [Diagnostics with WPP - The NDIS blog](https://blogs.msdn.com/b/ndis/archive/2011/04/06/diagnostics-with-wpp.aspx).
 
 ### Enable the trace
 
@@ -112,13 +112,13 @@ To stop a trace:
 
 <!-- It's difficult to find any Kerberos content any more. If they reinstate some content that's more relevant and detailed than what's below, link to it instead. -->
 
-You can use the following resources to begin troubleshooting these protocols and the KDC:
+You can use these resources to troubleshoot these protocols and the KDC:
 
 -   [Kerberos and LDAP Troubleshooting Tips](https://technet.microsoft.com/library/bb463167.aspx)
 
 -   [Windows Driver Kit (WDK) and Debugging Tools for Windows (WinDbg)](https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit)  You can use the trace log tool in this SDK to debug Kerberos authentication failures.
 
-To begin tracing, you can use Tracelog. Different components use different control GUIDs as explained in the following examples. For more information, see [Tracelog](https://msdn.microsoft.com/library/windows/hardware/ff552994.aspx).
+To begin tracing, you can use Tracelog. Different components use different control GUIDs as explained in these examples. For more information, see [Tracelog](https://msdn.microsoft.com/library/windows/hardware/ff552994.aspx).
 
 ### NTLM
 
@@ -126,17 +126,17 @@ To enable tracing for NTLM authentication, run the following at the command line
 
 tracelog.exe -kd -rt -start ntlm -guid \#5BBB6C18-AA45-49b1-A15F-085F7ED0AA90 -f .\\ntlm.etl -flags 0x15003 -ft 1
 
-To stop tracing for NTLM authentication, run the following at the command line:
+To stop tracing for NTLM authentication, run this command:
 
 tracelog -stop ntlm
 
 ### Kerberos authentication
 
-To enable tracing for Kerberos authentication, run the following at the command line:
+To enable tracing for Kerberos authentication, run this command:
 
 tracelog.exe -kd -rt -start kerb -guid \#6B510852-3583-4e2d-AFFE-A67F9F223438 -f .\\kerb.etl -flags 0x43 -ft 1
 
-To stop tracing for Kerberos authentication, run the following at the command line:
+To stop tracing for Kerberos authentication, run this command:
 
 tracelog.exe -stop kerb
 
@@ -150,7 +150,7 @@ To stop tracing for the KDC, run the following at the command line:
 
 tracelog.exe -stop kdc
 
-To stop tracing from a remote computer, run the following at the command line: logman.exe -s *&lt;ComputerName&gt;*.
+To stop tracing from a remote computer, run this command: logman.exe -s *&lt;ComputerName&gt;*.
 
 > **Note**&nbsp;&nbsp;The default location for logman.exe is %systemroot%system32\\. Use the **-s** option to supply a computer name.
 
@@ -166,7 +166,7 @@ You can also configure tracing by editing the Kerberos registry values shown in
 
 If you used Tracelog, look for the following log file in your current directory: kerb.etl/kdc.etl/ntlm.etl.
 
-Otherwise, if you used the registry key settings shown in the previous table, look for the generated trace log files in the following locations:
+If you used the registry key settings shown in the previous table, look for the trace log files in the following locations:
 
 -   NTLM: %systemroot%\\tracing\\msv1\_0
 
@@ -178,7 +178,7 @@ To decode event trace files, you can use Tracefmt (tracefmt.exe). Tracefmt is a
 
 ## Smart Card service
 
-The smart card resource manager service runs in the context of a local service, and it is implemented as a shared service of the services host (svchost) process.
+The smart card resource manager service runs in the context of a local service. It's implemented as a shared service of the services host (svchost) process.
 
 **To check if Smart Card service is running**
 
@@ -202,7 +202,7 @@ The smart card resource manager service runs in the context of a local service,
 
 You can use the following command at the command prompt to check whether the service is running: **sc queryex scardsvr**.
 
-The following is example output from running this command:
+This is an example output from this command:
 
 ```
 SERVICE_NAME: scardsvr
@@ -236,9 +236,9 @@ As with any device connected to a computer, Device Manager can be used to view p
 
 ## CryptoAPI 2.0 Diagnostics
 
-CryptoAPI 2.0 Diagnostics is a feature that is available in Windows operating systems that supports CryptoAPI 2.0. This feature can help you troubleshoot public key infrastructure (PKI) issues.
+CryptoAPI 2.0 Diagnostics is available in Windows versions that support CryptoAPI 2.0 and can help you troubleshoot public key infrastructure (PKI) issues.
 
-CryptoAPI 2.0 Diagnostics logs events in the Windows event log, which contain detailed information about certificate chain validation, certificate store operations, and signature verification. This information makes it easier to identify the causes of issues and reduces the time required for diagnosis.
+CryptoAPI 2.0 Diagnostics logs events in the Windows event log. The logs contain detailed information about certificate chain validation, certificate store operations, and signature verification. This information makes it easier to identify the causes of issues and reduces the time required for diagnosis.
 
 For more information about CryptoAPI 2.0 Diagnostics, see [Troubleshooting an Enterprise PKI](https://technet.microsoft.com/library/cc771463.aspx).
 

From f9b22f388a759d50f1b809ed898df0c73934b580 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 21 Jul 2020 13:54:39 -0700
Subject: [PATCH 2/4] Applied [!NOTE] styles, added bold to command lines

---
 .../smart-card-debugging-information.md       | 38 ++++++++++---------
 1 file changed, 20 insertions(+), 18 deletions(-)

diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
index cff2a3a415..93756bb9ff 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
@@ -44,7 +44,8 @@ For a complete description of Certutil including examples that show how to use i
 
 To list certificates that are available on the smart card, type certutil -scinfo.
 
-> **Note**&nbsp;&nbsp;Entering a PIN is not required for this operation. You can press ESC if you are prompted for a PIN.
+> [!NOTE]
+> Entering a PIN is not required for this operation. You can press ESC if you are prompted for a PIN.
 
 ### Delete certificates on the smart card
 
@@ -68,7 +69,7 @@ Using WPP, use one of the following commands to enable tracing:
 
 You can use the parameters in the following table.
 
-| **Friendly name** | **GUID**          | **Flags** |
+| Friendly name | GUID           | Flags |
 |-------------------|--------------------------------------|-----------|
 | scardsvr          | 13038e47-ffec-425d-bc69-5707708075fe | 0xffff    |
 | winscard          | 3fce7c5f-fb3b-4bce-a9d8-55cc0ce1cf01 | 0xffff    |
@@ -84,13 +85,13 @@ Examples
 
 To enable tracing for the SCardSvr service:
 
--   tracelog.exe -kd -rt -start scardsvr -guid \#13038e47-ffec-425d-bc69-5707708075fe -f .\\scardsvr.etl -flags 0xffff -ft 1
+-   **tracelog.exe -kd -rt -start scardsvr -guid \#13038e47-ffec-425d-bc69-5707708075fe -f .\\scardsvr.etl -flags 0xffff -ft 1**
 
--   logman start scardsvr -ets -p {13038e47-ffec-425d-bc69-5707708075fe} 0xffff -ft 1 -rt -o .\\scardsvr.etl -mode 0x00080000
+-   **logman start scardsvr -ets -p {13038e47-ffec-425d-bc69-5707708075fe} 0xffff -ft 1 -rt -o .\\scardsvr.etl -mode 0x00080000**
 
 To enable tracing for scfilter.sys:
 
-tracelog.exe -kd -rt -start scfilter -guid \#eed7f3c9-62ba-400e-a001-658869df9a91 -f .\\scfilter.etl -flags 0xffff -ft 1
+**tracelog.exe -kd -rt -start scfilter -guid \#eed7f3c9-62ba-400e-a001-658869df9a91 -f .\\scfilter.etl -flags 0xffff -ft 1**
 
 ### Stop the trace
 
@@ -104,9 +105,9 @@ Examples
 
 To stop a trace:
 
--   tracelog.exe -stop scardsvr
+-   **tracelog.exe -stop scardsvr**
 
--   logman -stop scardsvr -ets
+-   **logman -stop scardsvr -ets**
 
 ## Kerberos protocol, KDC and NTLM debugging and tracing
 
@@ -114,9 +115,9 @@ To stop a trace:
 
 You can use these resources to troubleshoot these protocols and the KDC:
 
--   [Kerberos and LDAP Troubleshooting Tips](https://technet.microsoft.com/library/bb463167.aspx)
+-   [Kerberos and LDAP Troubleshooting Tips](https://technet.microsoft.com/library/bb463167.aspx).
 
--   [Windows Driver Kit (WDK) and Debugging Tools for Windows (WinDbg)](https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit)  You can use the trace log tool in this SDK to debug Kerberos authentication failures.
+-   [Windows Driver Kit (WDK) and Debugging Tools for Windows (WinDbg)](https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit).  You can use the trace log tool in this SDK to debug Kerberos authentication failures.
 
 To begin tracing, you can use Tracelog. Different components use different control GUIDs as explained in these examples. For more information, see [Tracelog](https://msdn.microsoft.com/library/windows/hardware/ff552994.aspx).
 
@@ -124,41 +125,42 @@ To begin tracing, you can use Tracelog. Different components use different contr
 
 To enable tracing for NTLM authentication, run the following at the command line:
 
-tracelog.exe -kd -rt -start ntlm -guid \#5BBB6C18-AA45-49b1-A15F-085F7ED0AA90 -f .\\ntlm.etl -flags 0x15003 -ft 1
+**tracelog.exe -kd -rt -start ntlm -guid \#5BBB6C18-AA45-49b1-A15F-085F7ED0AA90 -f .\\ntlm.etl -flags 0x15003 -ft 1**
 
 To stop tracing for NTLM authentication, run this command:
 
-tracelog -stop ntlm
+**tracelog -stop ntlm**
 
 ### Kerberos authentication
 
 To enable tracing for Kerberos authentication, run this command:
 
-tracelog.exe -kd -rt -start kerb -guid \#6B510852-3583-4e2d-AFFE-A67F9F223438 -f .\\kerb.etl -flags 0x43 -ft 1
+**tracelog.exe -kd -rt -start kerb -guid \#6B510852-3583-4e2d-AFFE-A67F9F223438 -f .\\kerb.etl -flags 0x43 -ft 1**
 
 To stop tracing for Kerberos authentication, run this command:
 
-tracelog.exe -stop kerb
+**tracelog.exe -stop kerb**
 
 ### KDC
 
 To enable tracing for the Key Distribution Center (KDC), run the following at the command line:
 
-tracelog.exe -kd -rt -start kdc -guid \#1BBA8B19-7F31-43c0-9643-6E911F79A06B -f .\\kdc.etl -flags 0x803 -ft 1
+**tracelog.exe -kd -rt -start kdc -guid \#1BBA8B19-7F31-43c0-9643-6E911F79A06B -f .\\kdc.etl -flags 0x803 -ft 1**
 
 To stop tracing for the KDC, run the following at the command line:
 
-tracelog.exe -stop kdc
+**tracelog.exe -stop kdc**
 
 To stop tracing from a remote computer, run this command: logman.exe -s *&lt;ComputerName&gt;*.
 
-> **Note**&nbsp;&nbsp;The default location for logman.exe is %systemroot%system32\\. Use the **-s** option to supply a computer name.
+> [!NOTE]
+> The default location for logman.exe is %systemroot%system32\\. Use the **-s** option to supply a computer name.
 
 ### Configure tracing with the registry
 
 You can also configure tracing by editing the Kerberos registry values shown in the following table.
 
-| **Element** | **Registry Key Setting**       |
+| Element | Registry Key Setting       |
 |-------------|----------------------------------------------------|
 | NTLM        | HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1\_0<br>Value name: NtLmInfoLevel<br>Value type: DWORD<br>Value data: c0015003          |
 | Kerberos    | HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos<br>Value name: LogToFile<br>Value type: DWORD<br>Value data: 00000001<br><br>HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Parameters<br>Value name: KerbDebugLevel<br>Value type: DWORD<br>Value data: c0000043<br><br>HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Parameters<br>Value name: LogToFile<br>Value type: DWORD<br>Value data: 00000001 |
@@ -204,7 +206,7 @@ You can use the following command at the command prompt to check whether the ser
 
 This is an example output from this command:
 
-```
+```console
 SERVICE_NAME: scardsvr
     TYPE        : 20 WIN32_SHARE_PROCESS
     STATE       : 4 RUNNING

From 4372f79714aae0b286501e48813944dff9704d64 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 21 Jul 2020 14:14:57 -0700
Subject: [PATCH 3/4] Applied [!NOTE], markup for command lines

---
 .../smart-card-debugging-information.md       | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
index 93756bb9ff..5e7c2ded4f 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
@@ -91,7 +91,7 @@ To enable tracing for the SCardSvr service:
 
 To enable tracing for scfilter.sys:
 
-**tracelog.exe -kd -rt -start scfilter -guid \#eed7f3c9-62ba-400e-a001-658869df9a91 -f .\\scfilter.etl -flags 0xffff -ft 1**
+ - **tracelog.exe -kd -rt -start scfilter -guid \#eed7f3c9-62ba-400e-a001-658869df9a91 -f .\\scfilter.etl -flags 0xffff -ft 1**
 
 ### Stop the trace
 
@@ -101,7 +101,7 @@ Using WPP, use one of the following commands to stop the tracing:
 
 -   **logman -stop** &lt;*FriendlyName*&gt; **-ets**
 
-Examples
+#### Examples
 
 To stop a trace:
 
@@ -125,31 +125,31 @@ To begin tracing, you can use Tracelog. Different components use different contr
 
 To enable tracing for NTLM authentication, run the following at the command line:
 
-**tracelog.exe -kd -rt -start ntlm -guid \#5BBB6C18-AA45-49b1-A15F-085F7ED0AA90 -f .\\ntlm.etl -flags 0x15003 -ft 1**
+> **tracelog.exe -kd -rt -start ntlm -guid \#5BBB6C18-AA45-49b1-A15F-085F7ED0AA90 -f .\\ntlm.etl -flags 0x15003 -ft 1**
 
 To stop tracing for NTLM authentication, run this command:
 
-**tracelog -stop ntlm**
+> **tracelog -stop ntlm**
 
 ### Kerberos authentication
 
 To enable tracing for Kerberos authentication, run this command:
 
-**tracelog.exe -kd -rt -start kerb -guid \#6B510852-3583-4e2d-AFFE-A67F9F223438 -f .\\kerb.etl -flags 0x43 -ft 1**
+> **tracelog.exe -kd -rt -start kerb -guid \#6B510852-3583-4e2d-AFFE-A67F9F223438 -f .\\kerb.etl -flags 0x43 -ft 1**
 
 To stop tracing for Kerberos authentication, run this command:
 
-**tracelog.exe -stop kerb**
+> **tracelog.exe -stop kerb**
 
 ### KDC
 
 To enable tracing for the Key Distribution Center (KDC), run the following at the command line:
 
-**tracelog.exe -kd -rt -start kdc -guid \#1BBA8B19-7F31-43c0-9643-6E911F79A06B -f .\\kdc.etl -flags 0x803 -ft 1**
+> **tracelog.exe -kd -rt -start kdc -guid \#1BBA8B19-7F31-43c0-9643-6E911F79A06B -f .\\kdc.etl -flags 0x803 -ft 1**
 
 To stop tracing for the KDC, run the following at the command line:
 
-**tracelog.exe -stop kdc**
+> **tracelog.exe -stop kdc**
 
 To stop tracing from a remote computer, run this command: logman.exe -s *&lt;ComputerName&gt;*.
 
@@ -234,7 +234,8 @@ As with any device connected to a computer, Device Manager can be used to view p
 
 4.  In Device Manager, expand **Smart card readers**, select the name of the smart card reader you want to check, and then click **Properties**.
 
-> **Note**&nbsp;&nbsp;If the smart card reader is not listed in Device Manager, in the **Action** menu, click **Scan for hardware changes**.
+> [!NOTE]
+> If the smart card reader is not listed in Device Manager, in the **Action** menu, click **Scan for hardware changes**.
 
 ## CryptoAPI 2.0 Diagnostics
 

From c5a95a5f6eb56768894585454b56820a70bc1125 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 21 Jul 2020 14:35:05 -0700
Subject: [PATCH 4/4] Standardized presentation of command lines in this
 article

---
 .../smart-cards/smart-card-debugging-information.md  | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
index 5e7c2ded4f..4bf706bbbc 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
@@ -125,31 +125,31 @@ To begin tracing, you can use Tracelog. Different components use different contr
 
 To enable tracing for NTLM authentication, run the following at the command line:
 
-> **tracelog.exe -kd -rt -start ntlm -guid \#5BBB6C18-AA45-49b1-A15F-085F7ED0AA90 -f .\\ntlm.etl -flags 0x15003 -ft 1**
+ - **tracelog.exe -kd -rt -start ntlm -guid \#5BBB6C18-AA45-49b1-A15F-085F7ED0AA90 -f .\\ntlm.etl -flags 0x15003 -ft 1**
 
 To stop tracing for NTLM authentication, run this command:
 
-> **tracelog -stop ntlm**
+ - **tracelog -stop ntlm**
 
 ### Kerberos authentication
 
 To enable tracing for Kerberos authentication, run this command:
 
-> **tracelog.exe -kd -rt -start kerb -guid \#6B510852-3583-4e2d-AFFE-A67F9F223438 -f .\\kerb.etl -flags 0x43 -ft 1**
+ - **tracelog.exe -kd -rt -start kerb -guid \#6B510852-3583-4e2d-AFFE-A67F9F223438 -f .\\kerb.etl -flags 0x43 -ft 1**
 
 To stop tracing for Kerberos authentication, run this command:
 
-> **tracelog.exe -stop kerb**
+ - **tracelog.exe -stop kerb**
 
 ### KDC
 
 To enable tracing for the Key Distribution Center (KDC), run the following at the command line:
 
-> **tracelog.exe -kd -rt -start kdc -guid \#1BBA8B19-7F31-43c0-9643-6E911F79A06B -f .\\kdc.etl -flags 0x803 -ft 1**
+ - **tracelog.exe -kd -rt -start kdc -guid \#1BBA8B19-7F31-43c0-9643-6E911F79A06B -f .\\kdc.etl -flags 0x803 -ft 1**
 
 To stop tracing for the KDC, run the following at the command line:
 
-> **tracelog.exe -stop kdc**
+ - **tracelog.exe -stop kdc**
 
 To stop tracing from a remote computer, run this command: logman.exe -s *&lt;ComputerName&gt;*.