From dotnet-diag
Analyzes CLRLoad logs to diagnose .NET Framework CLR activation issues: wrong runtime picks, FOD dialogs, mixed v2/v4 loads, or activation failures.
npx claudepluginhub dotnet/skills --plugin dotnet-diagThis skill uses the workspace's default tool permissions.
Diagnose .NET Framework runtime activation issues by analyzing CLR activation logs (CLRLoad logs) produced by the shim (mscoree.dll). These logs record every decision the shim makes when selecting and loading a CLR version.
Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.
Analyzes competition with Porter's Five Forces, Blue Ocean Strategy, and positioning maps to identify differentiation opportunities and market positioning for startups and pitches.
Diagnose .NET Framework runtime activation issues by analyzing CLR activation logs (CLRLoad logs) produced by the shim (mscoree.dll). These logs record every decision the shim makes when selecting and loading a CLR version.
The .NET Framework shim has two layers:
InprocServer32 for CLR-hosted COM objects and the entry point for _CorExeMain, legacy APIs, etc.When reading logs, the caller-name:mscoreei.dll in FOD command lines reflects this — it's mscoreei.dll doing the work.
.NET 2.0, 3.0, and 3.5 all share the same CLR runtime version: v2.0.50727. The "3.0" and "3.5" releases were library additions on top of CLR v2.0. For activation purposes, they are all "v2.0.50727." When the shim resolves to v2.0.50727 or FOD offers to install "NetFx3", it's installing the CLR v2.0 runtime (plus the 3.0/3.5 libraries). Similarly, CLR v4.0 (v4.0.30319) covers all .NET Framework versions from 4.0 through 4.8.x.
On recent Windows versions (Windows 11 Insider Preview Build 27965 and future platform releases), .NET Framework 3.5 is no longer available as a Windows optional component (Feature-on-Demand). It must be installed from a standalone MSI. This means the FOD dialog (fondue.exe /enable-feature:NetFx3) will not succeed on these systems even if it fires. On Windows 10 and Windows 11 through 25H2, FOD remains available. .NET Framework 3.5 reaches end of support on January 9, 2029.
When the shim fails, it returns specific HRESULTs in the 0x8013xxxx range. These are the errors you'll see from callers (not in the activation logs themselves, which log human-readable messages):
| HRESULT | Symbol | Meaning |
|---|---|---|
0x80131700 | CLR_E_SHIM_RUNTIMELOAD | Cannot find or load a suitable runtime version. This is the most common shim error — it's what callers see when capped legacy activation fails on a v4-only machine. |
0x80131701 | CLR_E_SHIM_RUNTIMEEXPORT | Found a runtime but failed to get a required export or interface from it. |
0x80131702 | CLR_E_SHIM_INSTALLROOT | The .NET Framework install root is missing or invalid in the registry. |
0x80131703 | CLR_E_SHIM_INSTALLCOMP | A required component of the installation is missing. |
0x80131704 | CLR_E_SHIM_LEGACYRUNTIMEALREADYBOUND | A different runtime is already bound as the legacy runtime. A legacy API tried to bind to a version that conflicts with the one already chosen. |
0x80131705 | CLR_E_SHIM_SHUTDOWNINPROGRESS | The shim is shutting down and cannot service the request. |
If a user reports one of these HRESULTs (especially 0x80131700), CLR activation logs are the right diagnostic tool.
CLR activation logging must be enabled to produce log files. If the user doesn't have logs yet, instruct them to enable logging:
Via environment variable (recommended — scoped to current session):
set COMPLUS_CLRLoadLogDir=C:\CLRLoadLogs
Via registry (machine-wide — affects all .NET Framework processes):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework
CLRLoadLogDir = "C:\CLRLoadLogs" (REG_SZ)
On 64-bit systems, also set under Wow6432Node if 32-bit processes are involved.
⚠️ The log directory must already exist. The shim will not create it. If it doesn't exist, no logs will be written and there will be no error or indication of failure.
Logs are written as {ProcessName}.CLRLoad{NN}.log (NN = 00–99, one per process instance). Logs cannot be read until the process exits — the file is held open.
After capturing, remove the env var or registry key to stop logging.
| Input | Required | Description |
|---|---|---|
| CLR activation log files | Yes | One or more .CLRLoad*.log files |
| Symptom description | Recommended | What the user observed (FOD dialog, wrong runtime, failure, etc.) |
| Expected behavior | Recommended | What the user expected to happen |
Try to load the reference files in this order — they contain the detailed log format, decision flow, and CLSID registry documentation:
references/log-format.md — Log line format, fields, and all known log message typesreferences/activation-flow.md — The shim's decision tree for runtime selectionreferences/com-activation.md — COM (DllGetClassObject) activation specifics, CLSID registry layoutIf reference files are not available, proceed using the inline knowledge below.
Get the big picture before diving into any single log:
Decided on runtime: vX.Y.Z — successful resolutionERROR: — failed resolutionLaunching feature-on-demand — FOD dialog was shownCould have launched feature-on-demand — FOD would have fired but was suppressedV2.0 Capping is preventing consideration — v4+ was skipped due to cappinggrep -l "ERROR:\|Launching feature-on-demand\|Could have launched" *.log
grep -c "Launching feature-on-demand" *.log
| Process | Log Files | Outcome | Runtime Selected | FOD? |
|---|---|---|---|---|
| ... | ... | ... | ... | ... |
For each log file with an unexpected outcome, trace the full activation flow. Read the log top-to-bottom and identify:
⚠️ Nested log entries: The shim's own internal calls can trigger additional log entries within an activation sequence that is already being logged. For example, a
DllGetClassObjectcall may internally callComputeVersionString, which callsFindLatestVersion, each generating log lines. When the FOD check runs ("Checking if feature-on-demand installation would help"), it re-runs the entire version computation — producing a secondComputeVersionStringblock within the same activation. Don't mistake these nested/re-entrant entries for separate activation attempts.
The first FunctionCall: or MethodCall: line tells you how activation was triggered:
| Entry Point | Meaning |
|---|---|
_CorExeMain | Managed EXE launch — the binary IS a .NET assembly |
DllGetClassObject. Clsid: {guid} | COM activation — something CoCreated a COM class routed through mscoree.dll |
ClrCreateInstance | Modern (v4+) hosting API |
CorBindToRuntimeEx | Legacy (v1/v2) hosting API — binds the process to one runtime |
ICLRMetaHostPolicy::GetRequestedRuntime | Policy-based hosting API (often called internally after other entry points) |
LoadLibraryShim | Legacy API to load a framework DLL by name |
Immediately after the entry point, the log dumps the version computation inputs:
IsLegacyBind: Is this a legacy (pre-v4) activation path? If 1, the shim uses the single-runtime "legacy" view of the world. Legacy APIs (CorBindToRuntimeEx, DllGetClassObject for legacy COM, LoadLibraryShim, etc.) set this.IsCapped: If 1, the shim's roll-forward semantics are capped at Whidbey (v2.0.50727) — it will NOT consider v4.0+ when enumerating installed runtimes. This is the mechanism that makes v4 installation non-impactful: legacy codepaths continue to behave as if v4 doesn't exist. On a v4-only machine with no .NET 3.5, a capped enumeration sees no runtimes at all. Capping does NOT prevent loading v4+ if a specific v4 version string is explicitly provided (e.g., via CorBindToRuntimeEx("v4.0.30319", ...) or via config with useLegacyV2RuntimeActivationPolicy).SkuCheckFlags: Controls SKU (edition) compatibility checking.ShouldEmulateExeLaunch: Whether to pretend this is an EXE launch for policy purposes.LegacyBindRequired: Whether a legacy bind is strictly required.Look for config file parsing results:
Parsing config file: {path} — the shim is looking for a .config fileConfig File (Open). Result:00000000 — config file found and opened successfullyConfig File (Open). Result:80070002 — config file not found (HRESULT for ERROR_FILE_NOT_FOUND)Found config file: {path} — config was successfully readUseLegacyV2RuntimeActivationPolicy is set to {0|1} — whether <startup useLegacyV2RuntimeActivationPolicy="true"> is present. When 1, all runtimes are treated as candidates for legacy codepaths — meaning legacy shim APIs can enumerate and choose v4+. This can be used with multiple <supportedRuntime> entries, with other config options, or even with no <supportedRuntime> entries at all (in which case legacy APIs can simply enumerate v4). Side effect: turns off in-proc SxS with pre-v4 runtimes — locks them out of the process.Config file includes SupportedRuntime entry. Version: vX.Y.Z, SKU: {sku} — each <supportedRuntime> found in configKey insight: If a process has no config file AND is doing a capped legacy bind, the shim has nothing to direct it to v4.0. It will enumerate installed runtimes (capped to ≤v2.0), find nothing if 3.5 isn't installed, and fail. This is by design — v4 is intentionally invisible to these codepaths to keep v4 installation non-impactful.
Installed Runtime: vX.Y.Z. VERSION_ARCHITECTURE: N — what's installed on the machine{exe} was built with version: vX.Y.Z — version from the binary's PE header (managed assemblies only; native EXEs won't have this)Using supportedRuntime: vX.Y.Z — the shim picked a version from the config's <supportedRuntime> listFindLatestVersion is returning the following version: vX.Y.Z ... V2.0 Capped: {0|1} — result of policy-based latest-version searchDefault version of the runtime on the machine: vX.Y.Z or (null) — what the shim settled on; (null) means nothing was foundDecided on runtime: vX.Y.Z — final decision — this is the version that will be loadedIf version resolution fails:
ERROR: Unable to find a version of the runtime to use — the shim found no suitable runtimeSEM_FAILCRITICALERRORS is set to {value} — checks the process error mode:
SEM_FAILCRITICALERRORS flag (0x0001) is inherited from the parent process.Checking if feature-on-demand installation would help — the shim re-runs version computation to see if installing .NET 3.5 would resolve the requestLaunching feature-on-demand installation. CmdLine: "...\fondue.exe" /enable-feature:NetFx3 — FOD dialog shownCould have launched feature-on-demand installation if was not opted out. — FOD suppressed because SEM_FAILCRITICALERRORS was setA single log can contain multiple activation sequences. Each begins with a new FunctionCall: or MethodCall: entry. A common pattern:
ClrCreateInstance / GetRequestedRuntime → succeeds (loads v4.0 via config)DllGetClassObject (COM) → legacy bind, capped → failsThis happens when a native EXE (like link.exe or mt.exe) loads the CLR successfully for its primary work, then a secondary COM activation request (e.g., for diasymreader) triggers a separate legacy resolution that can't find v2.0.
When log analysis points to a registration or configuration issue, check:
CLSID Registration (for COM activation issues):
# Check the CLSID entry
Get-ItemProperty 'Registry::HKCR\CLSID\{guid}'
Get-ItemProperty 'Registry::HKCR\CLSID\{guid}\InprocServer32'
Get-ChildItem 'Registry::HKCR\CLSID\{guid}\InprocServer32' | ForEach-Object {
Write-Output "--- $($_.PSChildName) ---"
Get-ItemProperty "Registry::$($_.Name)"
}
Key values under InprocServer32:
(Default) should be mscoree.dll for CLR-hosted COM objects2.0.50727, 4.0.30319) indicate which runtime versions registered this CLSIDImplementedInThisVersion under a version subkey means that runtime version natively implements the COM class (not via managed interop)Assembly and Class under a version subkey indicate a managed COM interop registrationRuntimeVersion under a version subkey specifies which CLR version should host this objectInstalled runtimes:
Get-ChildItem 'Registry::HKLM\SOFTWARE\Microsoft\.NETFramework\policy'
Process error mode (why FOD did/didn't fire):
The SEM_FAILCRITICALERRORS flag is inherited from the parent process. If a build system or script sets it (or calls SetErrorMode), all child processes inherit it.
Produce a clear diagnosis covering:
Pattern: DllGetClassObject → IsCapped: 1 → no config file → (null) → SEM_FAILCRITICALERRORS: 0 → FOD launched
Root cause: A native EXE is doing COM activation of a CLSID registered under mscoree.dll. This takes the legacy codepath, which is capped at v2.0. With no config file (and no useLegacyV2RuntimeActivationPolicy), v4 is invisible to this codepath. On a machine without .NET 3.5, there are no runtimes visible, and with SEM_FAILCRITICALERRORS not set, the FOD dialog fires.
Key question: Why did SEM_FAILCRITICALERRORS change? It's inherited from the parent. Different launch methods (script vs. direct invocation, different build systems) produce different error modes. The underlying capped-legacy-bind-on-v4-only-machine failure is always there — it's just that SEM_FAILCRITICALERRORS controls whether it manifests as a visible dialog or a silent failure.
Pattern: supportedRuntime entries in config list multiple versions; the shim picks the first one that's installed. If v2.0 is listed first and .NET 3.5 is installed, v2.0 wins even though v4.0 is also available.
Key insight: Config <supportedRuntime> entries are evaluated in order. First installed match wins.
Pattern: Multiple activation sequences in the same process log — one binds v4, another binds v2 (or vice versa). Side-by-side loading of CLR v2 and v4 in the same process IS supported but can cause issues with shared state.
Key insight: Look for separate Decided on runtime lines with different versions in the same log file.
Pattern: A legacy codepath succeeds early in the process (e.g., CorBindToRuntimeEx with an explicit v4 version, or config with useLegacyV2RuntimeActivationPolicy). This sets the legacy runtime to v4.0. All subsequent legacy activations — including capped COM activations that would otherwise fail — silently succeed by reusing the already-bound legacy runtime.
Key insight: The ORDER of activations within a process matters. If v4.0 is bound as the legacy runtime first, capped COM activations work. If the capped COM activation happens first (before any legacy runtime is bound), it fails. This means behavior can depend on which component activates first — a race condition in concurrent code can change the outcome.
| Pitfall | Correct Approach |
|---|---|
Assuming IsCapped: 1 means v4.0 can never load | Capping only restricts roll-forward enumeration. v4.0 can still be loaded if: a specific version string is passed explicitly, config has useLegacyV2RuntimeActivationPolicy="true" with <supportedRuntime version="v4.0"/>, or the legacy runtime is already bound to v4+. |
| Thinking capping is broken or a bug | Capping is intentional — it makes v4 installation non-impactful. On a v4-only machine, legacy codepaths correctly see no runtimes. This is working as designed. |
| Assuming FOD is controlled per-process | SEM_FAILCRITICALERRORS is inherited from the parent process. A change in the parent (build system, script, shell) changes behavior for all children. |
| Looking only at the first activation in a log | A single log can contain multiple independent activation sequences. The problematic one is often a secondary COM activation, not the initial CLR load. |
| Assuming a missing config file is benign | For native EXEs doing COM activation with legacy/capped bind, the config file (with useLegacyV2RuntimeActivationPolicy) is the primary way to make legacy codepaths see v4.0. No config = capped = v4 invisible. |
Adding <supportedRuntime> without useLegacyV2RuntimeActivationPolicy | Without useLegacyV2RuntimeActivationPolicy="true", rolling forward to v4 via config works for the primary EXE load, but legacy codepaths (COM activation, P/Invoke to mscoree.h APIs) remain capped at v2.0. Both are needed for legacy codepaths. |
Setting useLegacyV2RuntimeActivationPolicy without understanding the trade-off | This attribute turns off in-proc SxS — it locks pre-v4 runtimes out of the process. This is usually fine for build tools but should be considered for apps that need to host both v2 and v4. |
Before delivering a diagnosis, verify: