IE Diagnostics

June 7th, 2010

In recent posts we talked about giving feedback and filing a great bug using a tool called IE Diagnostics that is included with the publically available Internet Explorer Platform Preview releases. We encourage you to include IE Diagnostics reports with every bug submission. This blog post sheds more light on the IE Diagnostics tool by detailing the data included in an IE Diagnostics report, what you can learn from it, and how you can use this information to debug problems you see in IE.

What is IE Diagnostics?

IE Diagnostics is a tool that gathers comprehensive dynamic and static data related to Internet Explorer. The data gathered is packaged up into a .cab file and stored on your machine at a location you specify. If you open the cab, you will find an IEDiag.xml file which contains detailed information related to IE add-ons, registry settings, network configurations, and more. (Click here to view a sample IE Diagnostics report). This data is invaluable when we need to debug a problem in IE without having direct access to the computer, such as, when trying to reproduce and investigate root causes of bugs reported by users.

What can I learn from an IE Diagnostics Report?


Imagine the following scenario: Your mom calls you up saying her IE has been running really slow for the past few days and she doesn’t know why. You suspect that the culprit is probably the last add-on she had installed but you can’t be sure until you see, first-hand, the list of add-ons installed on her machine. The problem is that she is across the country and you don’t want to spend all your mobile-to-mobile minutes debugging the issue over the phone. With an IE Diagnostics report, you can easily get all the information you need to fix the problem. All your mom has to do is save an IE Diagnostics report and send you the cab file.

Once you have the report on your machine, click on ‘View saved report’ in IE Diagnostics.

From the report formatting options, choose the “All Enabled and Disabled Add-ons” and click ‘Apply Format’. This view will show you information about every IE add-on on your machine. You can scan the Installed On column to see which was last add-on installed and easily disable it using the Manage Add-ons feature in IE.

You can also use the “All Enabled and Disabled Add-ons” format to view version numbers of various add-ons. If you know that a certain version of a particular add-on is outdated and/or causes problems in Internet Explorer, and you see that it has been installed, then you can take note of that and choose to upgrade to a newer version of that add-on or disable it. 


An IE Diagnostics report gives you information about crashes in IE. Often times a bad add-on is the root cause of a crash in IE and an IE Diagnostics report can help you pinpoint which add-on is the actual culprit.

To get crash information, view an IE Diagnostics report that has been saved on your machine and from the drop down of applicable formats, choose the “Events” viewer. In the list displayed, scan for entries where Provider = “Windows Error Reporting” and Event Name (under Message) = “APPCRASH”. If such an entry is found, get the filename in position P4 under the Problem signature portion of the Message. This will be the name of the add-on binary (most likely) causing IE to crash.

If you know which add-on the binary is associated to, you can go into Manage add-ons to disable the particular add-on. If you can’t tell which add-on the binary is part of, then you can pull up the “All Enabled and Disabled add-ons” view for an IE Diagnostics report, scan the module name column for the filename in question and see which add-on (in the name column) it corresponds to.

Security Zone Settings

An IE Diagnostics report allows you to view your security settings in all zones (local machine, Intranet, Internet, Trusted, Restricted) at a glance and compare changes you made to what the default settings were when you first installed IE. If your computer is infected with Malware, oftentimes security zone settings are compromised, as this user discovered.  The zone view in IE Diagnostics is useful when you want to know which settings have changed from the default so you can undo specific ones without having to Reset IE and undo all other configuration changes.

To view security zone settings, view an IE Diagnostics report that has been saved on your machine and from the drop down of applicable formats, choose the “Zone View” viewer and click ‘Apply Format’. This displays settings in each zone- both settings for the machine and those for the particular user – for all security options in Internet Options. You can scan pairs of columns (for example, Intranet vs. userIntranet) to see if there are any differences between what you (the user) have set  vs. what was default on the machine.

Browsing Issues

The live network capture feature of IE Diagnostics allows you to debug broken functionality on a website. By enabling the Network Captures feature in an IE Diagnostics report you can capture network traffic, view and analyze it to identify any potential issues. This is especially useful in remote debugging scenarios where you don’t have direct access to a user’s (like your mom’s) machine to run fiddler traces or use the new Network tab in IE9 Dev Tools.

Some things to look out for in network capture data include:

  1. Cookies being passed, for session related issues – cookie related issues are typically seen when people are unable to successfully login to a website even when using the correct credentials
  2. Websites 302 or 303 redirects – examples here include why a particular site is not rendered in Compat View even though it is in the user’s Compatibility View List (e.g. does a 302 redirect to say, so the domain that should be added to the CV List should be!)
  3. Cache related issues to see which resource is refreshed – IE may not see certain dynamic page updates occur, if they are not refreshed correctly, and a network trace helps dig deeper into why this is the case- for example, a trace will tell you when a cached page is set to expire and will be re-downloaded from the server.
  4. Network hangs to see if the client is waiting on the server or vice versa.
  5. Watch AJAX activity- to see if HTTP requests and responses are being sent across the wire as expected
  6. Examine to see if HTTP compression is being used- knowing whether compression is being used may help you diagnose problems of this nature.

What data is stored in an IE Diagnostics report?

When you look at an IEDiag.xml report for the first time, you’ll notice the sheer volume of data collected. This section describes exactly what is in an IE Diagnostics report.

IE Diagnostics contains 2 major tool sets to perform its operations:

Data Collectors: Collects static data such as Registry settings, Set up info, Installed add-ons and DxDiag output.

Captures: Collects Network and/or Process information dynamically as you browse the web using Internet Explorer or Internet Explorer Platform Preview.

By default, when you choose to save an IE Diagnostics report, the tool will collect only static data unless you opt-in to collect dynamic data by enabling one (or both) of the captures. For more information on how to run IE Diagnostics to gather Captures data, please refer to the IE Diagnostics User Guide.

Data Collectors

IE Diagnostics contains eight Data Collector tools that gather exhaustive data about your machine settings and operating environment.

  • Add-ons Enumerator: The Add-ons Data Collector looks in known locations of the registry and gathers information about all the add-ons, extensions, toolbars and BHOs currently installed for IE. This is meta information about the add-ons such as, the add-on type, version number, publisher, and whether the add-on is enabled or disabled.
  • DxDiag: The DxDiag data collector runs the DxDiag tool in Windows Vista and Windows 7 and gathers the output. This data collector generates a comprehensive report containing information about DirectX components and drivers installed on your system. You can access the DxDiag tool on your machine by typing DxDiag in Windows Search (or you can run the application from C:\Windows\System32\dxdiag.exe). More information about DxDiag can be found here.
  • Event Log Information: The Event Log Data Collector looks through the Application event log, searching for all the events that related to IE. It picks up all application errors and Windows Error Reporting buckets. The criteria used in selecting events are simply if the string “iexplore.exe” or “iepreview.exe” (for IEDiag in Platform Previews) exists in the message portion of the event.  It keeps the most recent 100 events.
  • File Information: The file information data collector gathers metadata like file size, creation time, attributes and last write time for a set of files related to IE that are guaranteed to be present on your machine with any IE installation.
  • Networking: The networking data collector gathers information about your current network settings. It collects static network data, for example, the output from running IPConfig -all and data about the operational network adapters on your machine and their IP addresses. It also gathers data to help diagnose the health of your network connection. For example, it pings the server to see if there is any activity over the network. This is useful information when debugging a scenario where you do not have physical access to a machine and are trying to debug an error of the “Page cannot be displayed” variety, where you are able to connect to the internet but see that no packets are being transferred. An accidentally misconfigured firewall or malicious software that corrupted Windows socket settings can be detected from this section of an IEDiag log report as well.
  • Registry Settings: The registry settings data collector gathers a mass of registry settings information under the Internet Explorer and Internet Settings hives.
  • Security Settings: The security settings data collector gathers the ACLs of Favorites, Cookies, Internet Cache, and History in Internet Explorer.
  • Setup Information: This data collector collects various set-up log files generated during the course of an IE install. Copies of files gathered by this data collector are included in the .cab file generated by IEDiag. These files can help diagnose installation issues.


IE Diagnostics contains two capture tools that collect data specific to your browsing activity within the time range you specify. The best way to get the most detailed diagnostic information when debugging a specific browsing scenario is by enabling the capture tools. The depth of data gathered around the specific problem you are experiencing makes pin-pointing the root cause of the issue that much easier.

  • Network Capture: This feature runs Unified tracing (on Windows 7) or Netmon 3.3 (on Vista if installed) to get a complete trace of network activity while you are reproducing an issue in IE.

    The official Netmon blog has many tips and tricks on troubleshooting network problems and using Netmon. There are also helpful videos on channel 9 on the same topic.

    Note: If you are on the Windows Vista operating system, you may not see the Network Capture feature in IE Diagnostics if you don’t have Netmon 3.3 installed. You can install Netmon 3.3 from here.

  • Process Logger: The process logger feature captures the creation, modification and deletion of system events during the time span that the feature is running. For each process, the tool will gather its name and creation, modification or deletion time, and more.


As mentioned previously, IE Diagnostics reports are extremely valuable in remote debugging scenarios- when one doesn’t have immediate access to the faulty machine. We urge you to include an IE Diagnostics report with your bug submission on Connect. IE Diagnostics reports contain valuable information that helps the IE team reproduce issues reported by you, and find and fix them faster. For more information on how to generate an IE Diagnostics report, please refer to the user guide.

Swathi Ganapathi
Program Manager