CLR Activation Debugging
Diagnose .NET Framework runtime activation issues by analyzing CLR activation logs (CLRLoad logs) produced by the shim (mscoree.dll). These logs record every decision the shim makes when selecting and loading a CLR version.
When to Use
- A process fails to load the CLR at all ("Unable to find a version of the runtime to use")
- The shim picks the wrong CLR version (e.g., v2.0 instead of v4.0)
- Unexpected .NET 3.5 Feature-on-Demand (FOD) install dialogs appear
- FOD dialogs are expected but do NOT appear
- Both CLR v2 and CLR v4 load into the same process, causing failures
- A COM object fails to activate because the shim can't resolve the runtime
- Legacy hosting APIs (CorBindToRuntime) bind to an unexpected version
When Not to Use
- Modern .NET (CoreCLR / .NET 5+) — this skill covers .NET Framework only (the mscoree.dll shim)
- Assembly binding failures — use Fusion logs (fuslogvw.exe), not CLR activation logs
- Runtime crashes after the CLR has loaded — activation succeeded; the problem is elsewhere
Background
The Shim Architecture
The .NET Framework shim has two layers:
- mscoree.dll (the "shell shim") — the public-facing DLL that is the registered for CLR-hosted COM objects and the entry point for , legacy APIs, etc.
- mscoreei.dll — the actual shim implementation where the runtime selection logic, logging, and activation decisions live. mscoree.dll forwards into mscoreei.dll.
When reading logs, the
in FOD command lines reflects this — it's mscoreei.dll doing the work.
.NET 3.5 / v2.0.50727 Version Mapping
.NET 2.0, 3.0, and 3.5 all share the same CLR runtime version: v2.0.50727. The "3.0" and "3.5" releases were library additions on top of CLR v2.0. For activation purposes, they are all "v2.0.50727." When the shim resolves to v2.0.50727 or FOD offers to install "NetFx3", it's installing the CLR v2.0 runtime (plus the 3.0/3.5 libraries). Similarly, CLR v4.0 (v4.0.30319) covers all .NET Framework versions from 4.0 through 4.8.x.
.NET 3.5 Availability on Recent Windows
On recent Windows versions (Windows 11 Insider Preview Build 27965 and future platform releases), .NET Framework 3.5 is
no longer available as a Windows optional component (Feature-on-Demand). It must be installed from a standalone MSI. This means the FOD dialog (
fondue.exe /enable-feature:NetFx3
) will not succeed on these systems even if it fires. On Windows 10 and Windows 11 through 25H2, FOD remains available. .NET Framework 3.5 reaches end of support on January 9, 2029.
Shim HRESULT Codes
When the shim fails, it returns specific HRESULTs in the
range. These are the errors you'll see from callers (not in the activation logs themselves, which log human-readable messages):
| HRESULT | Symbol | Meaning |
|---|
| | Cannot find or load a suitable runtime version. This is the most common shim error — it's what callers see when capped legacy activation fails on a v4-only machine. |
| | Found a runtime but failed to get a required export or interface from it. |
| | The .NET Framework install root is missing or invalid in the registry. |
| | A required component of the installation is missing. |
| CLR_E_SHIM_LEGACYRUNTIMEALREADYBOUND
| A different runtime is already bound as the legacy runtime. A legacy API tried to bind to a version that conflicts with the one already chosen. |
| CLR_E_SHIM_SHUTDOWNINPROGRESS
| The shim is shutting down and cannot service the request. |
If a user reports one of these HRESULTs (especially
), CLR activation logs are the right diagnostic tool.
Prerequisites
CLR activation logging must be enabled to produce log files. If the user doesn't have logs yet, instruct them to enable logging:
Via environment variable (recommended — scoped to current session):
set COMPLUS_CLRLoadLogDir=C:\CLRLoadLogs
Via registry (machine-wide — affects all .NET Framework processes):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework
CLRLoadLogDir = "C:\CLRLoadLogs" (REG_SZ)
On 64-bit systems, also set under
if 32-bit processes are involved.
⚠️ The log directory must already exist. The shim will not create it. If it doesn't exist, no logs will be written and there will be no error or indication of failure.
Logs are written as
{ProcessName}.CLRLoad{NN}.log
(NN = 00–99, one per process instance).
Logs cannot be read until the process exits — the file is held open.
After capturing, remove the env var or registry key to stop logging.
Inputs
| Input | Required | Description |
|---|
| CLR activation log files | Yes | One or more files |
| Symptom description | Recommended | What the user observed (FOD dialog, wrong runtime, failure, etc.) |
| Expected behavior | Recommended | What the user expected to happen |
Workflow
Step 1: Load Reference Material
Try to load the reference files in this order — they contain the detailed log format, decision flow, and CLSID registry documentation:
- — Log line format, fields, and all known log message types
references/activation-flow.md
references/com-activation.md
If reference files are not available, proceed using the inline knowledge below.
Step 2: Survey the Log Files
Get the big picture before diving into any single log:
- List all log files and group by process name — this shows which executables triggered CLR activation
- For each process, scan for outcome lines:
Decided on runtime: vX.Y.Z
- — failed resolution
Launching feature-on-demand
Could have launched feature-on-demand
V2.0 Capping is preventing consideration
grep -l "ERROR:\|Launching feature-on-demand\|Could have launched" *.log
grep -c "Launching feature-on-demand" *.log
- Build a summary table:
| Process | Log Files | Outcome | Runtime Selected | FOD? |
|---|
| ... | ... | ... | ... | ... |
Step 3: Analyze Problematic Logs
For each log file with an unexpected outcome, trace the full activation flow. Read the log top-to-bottom and identify:
⚠️
Nested log entries: The shim's own internal calls can trigger additional log entries within an activation sequence that is already being logged. For example, a
call may internally call
, which calls
, each generating log lines. When the FOD check runs ("Checking if feature-on-demand installation would help"), it re-runs the entire version computation — producing a second
block within the same activation. Don't mistake these nested/re-entrant entries for separate activation attempts.
3a. Entry Point
The first
or
line tells you how activation was triggered:
| Entry Point | Meaning |
|---|
| Managed EXE launch — the binary IS a .NET assembly |
DllGetClassObject. Clsid: {guid}
| COM activation — something CoCreated a COM class routed through mscoree.dll |
| Modern (v4+) hosting API |
| Legacy (v1/v2) hosting API — binds the process to one runtime |
ICLRMetaHostPolicy::GetRequestedRuntime
| Policy-based hosting API (often called internally after other entry points) |
| Legacy API to load a framework DLL by name |
3b. Input Parameters
Immediately after the entry point, the log dumps the version computation inputs:
- : Is this a legacy (pre-v4) activation path? If 1, the shim uses the single-runtime "legacy" view of the world. Legacy APIs (, for legacy COM, , etc.) set this.
- : If 1, the shim's roll-forward semantics are capped at Whidbey (v2.0.50727) — it will NOT consider v4.0+ when enumerating installed runtimes. This is the mechanism that makes v4 installation non-impactful: legacy codepaths continue to behave as if v4 doesn't exist. On a v4-only machine with no .NET 3.5, a capped enumeration sees no runtimes at all. Capping does NOT prevent loading v4+ if a specific v4 version string is explicitly provided (e.g., via
CorBindToRuntimeEx("v4.0.30319", ...)
useLegacyV2RuntimeActivationPolicy
- : Controls SKU (edition) compatibility checking.
- : Whether to pretend this is an EXE launch for policy purposes.
- : Whether a legacy bind is strictly required.
3c. Config File Processing
Look for config file parsing results:
Parsing config file: {path}
Config File (Open). Result:00000000
Config File (Open). Result:80070002
Found config file: {path}
UseLegacyV2RuntimeActivationPolicy is set to {0|1}
<startup useLegacyV2RuntimeActivationPolicy="true">
Config file includes SupportedRuntime entry. Version: vX.Y.Z, SKU: {sku}
Key insight: If a process has no config file AND is doing a capped legacy bind, the shim has nothing to direct it to v4.0. It will enumerate installed runtimes (capped to ≤v2.0), find nothing if 3.5 isn't installed, and fail. This is by design — v4 is intentionally invisible to these codepaths to keep v4 installation non-impactful.
3d. Version Resolution
Installed Runtime: vX.Y.Z. VERSION_ARCHITECTURE: N
{exe} was built with version: vX.Y.Z
Using supportedRuntime: vX.Y.Z
FindLatestVersion is returning the following version: vX.Y.Z ... V2.0 Capped: {0|1}
Default version of the runtime on the machine: vX.Y.Z
Decided on runtime: vX.Y.Z
3e. Failure and FOD Path
If version resolution fails:
ERROR: Unable to find a version of the runtime to use
SEM_FAILCRITICALERRORS is set to {value}
- Value 0: Error dialogs and FOD are ALLOWED
- Nonzero (any bit set, commonly 0x8001): Error dialogs and FOD are SUPPRESSED. The flag (0x0001) is inherited from the parent process.
Checking if feature-on-demand installation would help
- Then either:
Launching feature-on-demand installation. CmdLine: "...\fondue.exe" /enable-feature:NetFx3
Could have launched feature-on-demand installation if was not opted out.
3f. Multiple Activations in One Process
A single log can contain multiple activation sequences. Each begins with a new
or
entry. A common pattern:
- First activation via / → succeeds (loads v4.0 via config)
- Second activation via (COM) → legacy bind, capped → fails
This happens when a native EXE (like link.exe or mt.exe) loads the CLR successfully for its primary work, then a secondary COM activation request (e.g., for diasymreader) triggers a separate legacy resolution that can't find v2.0.
Step 4: Check System State (if needed)
When log analysis points to a registration or configuration issue, check:
CLSID Registration (for COM activation issues):
powershell
# Check the CLSID entry
Get-ItemProperty 'Registry::HKCR\CLSID\{guid}'
Get-ItemProperty 'Registry::HKCR\CLSID\{guid}\InprocServer32'
Get-ChildItem 'Registry::HKCR\CLSID\{guid}\InprocServer32' | ForEach-Object {
Write-Output "--- $($_.PSChildName) ---"
Get-ItemProperty "Registry::$($_.Name)"
}
- should be for CLR-hosted COM objects
- Version subkeys (e.g., , ) indicate which runtime versions registered this CLSID
- under a version subkey means that runtime version natively implements the COM class (not via managed interop)
- and under a version subkey indicate a managed COM interop registration
- under a version subkey specifies which CLR version should host this object
Installed runtimes:
powershell
Get-ChildItem 'Registry::HKLM\SOFTWARE\Microsoft\.NETFramework\policy'
Process error mode (why FOD did/didn't fire):
The
flag is inherited from the parent process. If a build system or script sets it (or calls
), all child processes inherit it.
Step 5: Diagnose and Report
Produce a clear diagnosis covering:
- What happened — which process(es) had activation issues and what the symptom was
- Why it happened — trace through the specific decision path in the shim that led to the outcome
- What controls the behavior — identify the specific inputs (config file presence, error mode, CLSID registration, capping state) that determined the outcome
- What changed (if applicable) — if the user says behavior changed, identify which input could have changed (error mode from parent process, config file, CLSID registration, installed runtimes)
Common Scenarios
Unexpected FOD Dialogs
Pattern: →
→ no config file →
→
SEM_FAILCRITICALERRORS: 0
→ FOD launched
Root cause: A native EXE is doing COM activation of a CLSID registered under mscoree.dll. This takes the legacy codepath, which is capped at v2.0. With no config file (and no
useLegacyV2RuntimeActivationPolicy
), v4 is invisible to this codepath. On a machine without .NET 3.5, there are no runtimes visible, and with
not set, the FOD dialog fires.
Key question: Why did
change? It's inherited from the parent. Different launch methods (script vs. direct invocation, different build systems) produce different error modes. The underlying capped-legacy-bind-on-v4-only-machine failure is always there — it's just that
controls whether it manifests as a visible dialog or a silent failure.
Wrong Runtime Selected
Pattern: entries in config list multiple versions; the shim picks the first one that's installed. If v2.0 is listed first and .NET 3.5 is installed, v2.0 wins even though v4.0 is also available.
Key insight: Config
entries are evaluated in order. First installed match wins.
Both v2 and v4 Loaded
Pattern: Multiple activation sequences in the same process log — one binds v4, another binds v2 (or vice versa). Side-by-side loading of CLR v2 and v4 in the same process IS supported but can cause issues with shared state.
Key insight: Look for separate
lines with different versions in the same log file.
Legacy Runtime Already Bound
Pattern: A legacy codepath succeeds early in the process (e.g.,
with an explicit v4 version, or config with
useLegacyV2RuntimeActivationPolicy
). This sets the legacy runtime to v4.0. All subsequent legacy activations — including capped COM activations that would otherwise fail — silently succeed by reusing the already-bound legacy runtime.
Key insight: The ORDER of activations within a process matters. If v4.0 is bound as the legacy runtime first, capped COM activations work. If the capped COM activation happens first (before any legacy runtime is bound), it fails. This means behavior can depend on which component activates first — a race condition in concurrent code can change the outcome.
Common Pitfalls
| Pitfall | Correct Approach |
|---|
| Assuming means v4.0 can never load | Capping only restricts roll-forward enumeration. v4.0 can still be loaded if: a specific version string is passed explicitly, config has useLegacyV2RuntimeActivationPolicy="true"
<supportedRuntime version="v4.0"/>
|
| Thinking capping is broken or a bug | Capping is intentional — it makes v4 installation non-impactful. On a v4-only machine, legacy codepaths correctly see no runtimes. This is working as designed. |
| Assuming FOD is controlled per-process | is inherited from the parent process. A change in the parent (build system, script, shell) changes behavior for all children. |
| Looking only at the first activation in a log | A single log can contain multiple independent activation sequences. The problematic one is often a secondary COM activation, not the initial CLR load. |
| Assuming a missing config file is benign | For native EXEs doing COM activation with legacy/capped bind, the config file (with useLegacyV2RuntimeActivationPolicy
|
Adding without useLegacyV2RuntimeActivationPolicy
| Without useLegacyV2RuntimeActivationPolicy="true"
|
Setting useLegacyV2RuntimeActivationPolicy
| This attribute turns off in-proc SxS — it locks pre-v4 runtimes out of the process. This is usually fine for build tools but should be considered for apps that need to host both v2 and v4. |
Validation
Before delivering a diagnosis, verify: