Transcript System Monitor

Hands-On Microsoft
Windows Server 2003
Administration
Chapter 10
Monitoring and Troubleshooting Windows
Server 2003
Objectives
• Monitor Windows Server 2003 health and
performance
• Troubleshoot Windows Server 2003 startup
procedures
• Use advanced startup options and other tools
used in operating system recovery
• Use the Windows Server 2003 backup utility
2
Monitoring Windows Server 2003
Health and Performance
• Monitoring the health of a server can help alert
an administrator to problems before they occur
or become more serious
• Baseline performance
– A performance benchmark
– Used to determine
• What is normal server performance under a
specific workload
• Whether or not the server is performing as it
should
3
Monitoring Windows Server 2003
Health and Performance (Continued)
• Some Windows Server 2003 tools that can be
used to monitor server health and performance
–
–
–
–
System Monitor
Performance Logs and Alerts
Event Viewer
Task Manager
4
System Monitor
• System Monitor
– Allows you to gather and view real-time
performance statistics of a computer
– Accessed through the Performance console
• Data collected using System Monitor can be
used for
–
–
–
–
Server performance monitoring
Problem diagnosis
Capacity planning
Testing
5
System Monitor (Continued)
• Options for customizing the data collected
– Defining the components to be monitored and the
type of data to be collected
• Performance objects
– System components that can be monitored
• Performance counters
– Data associated with performance objects
– Specifying the source or computer to be
monitored
• Use System Monitor to gather data from
– The local computer
– A network computer
6
System Monitor (Continued)
• System Monitor can display information in
– Graph view
– Histogram view
– Report view
• Options for viewing performance data in System
Monitor include the ability to
–
–
–
–
–
Add additional performance counters as required
Switch between display views
Highlight a selected counter
Copy and paste selected information
Freeze the display for analysis purposes
7
System Monitor counters in graph
view
8
System Monitor counters in
histogram view
9
System Monitor counters in report
view
10
System Monitor (Continued)
• Monitoring server performance should be a
regular maintenance task
• Performance counters that should be included
when monitoring server performance
–
–
–
–
–
–
% Processor Time
% Interrupt Time
Pages/Second
Page Faults/Second
% Disk Time
Average Disk Queue Length
11
Performance Logs and Alerts
• Performance Logs and Alerts tool
– Accessed through the Performance console
– Allows you to
• Automatically collect data on the local computer or
from another computer on the network
• View the collected information using System
Monitor or another program
12
Performance Logs and Alerts
(Continued)
• Tasks which can be performed using the
Performance Logs and Alerts tool
– Collect data in a binary, comma-separated, or
tab-separated format
– View data both while it is being collected and
after it has been collected
– Configure parameters such as start and stop
times for log generation, file names, and file size
– Configure and manage multiple logging sessions
from a single console window
– Set up alerts so a message is sent, a program is
run, or a log file is started when a specific counter
exceeds or drops below a configured value
13
Performance Logs and Alerts
(Continued)
• Options available under Performance Logs and
Alerts
– Counter logs
• Take the information viewed using System Monitor
and save it to a log file
– Trace logs
• Similar to counter logs but are triggered to start
when an event occurs
– Alerts
• Can be configured to occur when a counter meets
a predefined value
14
Performance Logs and Alerts tool
15
Performance Logs and Alerts
(Continued)
• Alerts
– Can be set up to notify you of a potential problem
– Needed because logging should not be running
all the time
• Logging increases the overhead on a server
16
Event Viewer
• Event Viewer can be used to
– Gather information
– Troubleshoot software, hardware, and system
problems
• Events are written to one of the following logs
– Application log
• Contains information, warnings, and errors
generated by programs installed on the system
– Security log
• Contains events pertaining to the audit policy
– System log
• Contains information, warnings, and errors
generated by Windows Server 2003 system
components
17
Event Viewer (Continued)
• Types of events displayed by system and
application logs
– Information
• When a component or application successfully
performs an operation
– Warning
• When an event occurs that may not be a problem
at the current time, but may become a problem in
the future
– Error
• When a significant event has occurred, such as a
service failing to start or a device driver failing to
load
18
Event Viewer tool
19
Task Manager
• Provides one of the fastest ways to
– Check server performance
– Determine what processes are running on the
system
20
Windows Task Manager tool
21
Task Manager (Continued)
• Consists of five different tabs
– Applications
• Displays the interactive programs that are currently
running and what their status is
– Processes
• Displays information about the processes currently
running on a Windows Server 2003 system
– Performance
• Provides a quick view of a system’s current
performance
22
Task Manager (Continued)
• Task Manager consists of five different tabs
(Continued)
– Networking
• Provides a graphical representation of the current
network utilization for a given network connection
– Users
• Displays users who can access the computer, and
session status and names
23
Performance Tab
24
Identify and Disable Unnecessary
Services
• To optimize and secure a server, any
unnecessary components, such as services
should be disabled
– Running unnecessary services adds overhead to
the system
• Things to consider when deciding which
services should be disabled
– The role the server plays on the network
– Service dependencies
• Can be checked using the Dependencies tab of a
service
25
Viewing dependencies of DHCP
Server service
26
Identify and Disable Unnecessary
Services (Continued)
• Services MMC
– Can be used to configure a variety of settings
related to how services function and respond to
potential problems
• Tabs in the properties dialog box of a service
– General
• Displays a service’s name, description, the path to
the executable file, service startup parameters,
and buttons allowing you to start, stop, pause, and
resume a service
27
Identify and Disable Unnecessary
Services (Continued)
• Tabs in the properties dialog box of a service
(Continued)
– Log On
• Allows you to specify the user name that a service
will run as, along with the hardware profiles for
which the service will be enabled
– Recovery
• Allows you to
– Configure the computer’s response when a service
fails
– Specify a program that should be run when a
service failure occurs
28
Identify and Disable Unnecessary
Services (Continued)
• Tabs in the properties dialog box of a service
(Continued)
– Dependencies
• Specifies the services that a service depends upon
to function correctly, as well as the services that
depend on this service to function
29
Troubleshooting Windows Server
2003 Startup Procedures
• System startup problems can occur for a variety
of reasons, including
– Missing files
– Corrupt files
– Configuration errors
• Files required to be located on the system
partition for a successful start up
–
–
–
–
Ntldr
Boot.ini
Ntdetect.com
Ntbootdd.sys
30
Troubleshooting Windows Server
2003 Startup Procedures
(Continued)
• Files required to be located on the boot partition
for a successful start up
–
–
–
–
Ntoskrnl.exe
System
Device drivers
Hal.dll
31
The Windows Server 2003 Startup
Process
• Stages of the boot sequence
– Startup phase
– Load phase
• Actions that occur during the startup phase
– NTLDR switches from real mode to a 32-bit flat
memory model and starts the mini file system
drivers required to load Windows Server 2003
from different file systems
– NTLDR accesses the boot.ini file to display the
operating system selection menu
– If Windows Server 2003 is selected, NTLDR
loads NTDETECT.COM
32
The Windows Server 2003 Startup
Process (Continued)
• Actions that occur during the startup phase
(Continued)
– NTDETECT.COM scans the system to determine
installed hardware and passes this information to
NTLDR to be added to the Registry
– NTLDR loads both the ntoskrnl.exe and hal.dll
files
– NTLDR reads the registry files, selects a
hardware profile, selects a control set, and then
loads device drivers
33
The Windows Server 2003 Startup
Process (Continued)
• Steps of the load phase
–
–
–
–
Kernel load
Kernel initialization
Services load
Win32 subsystem start
• boot.ini file
– Can be
• Edited manually using a text editor such as
Notepad
• Configured with the bootcfg.exe command
• Changed using the Startup and Recovery settings
found in the System program in Control Panel
34
Boot.ini file
35
The Windows Server 2003 Startup
Process (Continued)
• bootcfg.exe utility
– A command-line tool for configuring the boot.ini
file
36
Advanced Startup Options
• Advanced startup options
– Can be used to troubleshoot the problem of
system start failure
– Can be accessed during system startup by
pressing F8 while viewing the Boot Loader
Operating System Selection menu
37
Advanced startup options
38
Last Known Good Configuration
• Last known good configuration
– Allows you to recover your system from failed
driver and registry changes
– Useful in situations where Windows Server 2003
configuration changes have been made that
negatively impact the system
• The last known good configuration information
– Is stored in the registry
– Is updated each time the computer restarts and
the user successfully logs on
39
Recovery Console
• Recovery Console
– An advanced tool for experienced administrators
– Allows an administrator to gain access to a hard
drive on computers running Windows Server
2003
– Can be used to perform the following tasks
•
•
•
•
•
Start and stop services
Format drives
Read and write data on a local hard drive
Copy files from a floppy or CD to a local hard drive
Perform administrative tasks
40
Installing the Recovery Console
• Ways of starting the Recovery Console
– Run the Recovery Console from the Windows
Server 2003 CD once a serious error occurs by
booting from the CD
– Install the Recovery Console on the computer
permanently before a problem occurs
41
Installing the Recovery Console
(Continued)
• Some of the common commands available
through the Recovery Console
–
–
–
–
–
–
–
Copy
Disable
Enable
Exit
Fixboot
Fixmbr
Listsvc
42
The Automatic System Recovery
Feature
• Automated System Recovery (ASR) feature
– Allows you to restore system configuration
settings
– Used when a system cannot be repaired using
various safe-mode startup options or the last
known good configuration feature
– Does not restore user data files
43
The Automatic System Recovery
Feature (Continued)
• Two elements of ASR on a Windows Server
2003 system
– The ASR backup
• Accessed from the Backup Utility
– A floppy disk
• Contains information about
– The backup
– Disk configuration
– How the restore should be performed
44
The Windows Server 2003 Backup
Utility
• Some tasks that can be performed using the
Windows Server 2003 Backup Utility
–
–
–
–
Back up and restore files and folders
Schedule a backup
Back up Windows 2003 System State data
Restore all or a portion of the Active Directory
database
– Create an ASR backup
• The Windows Server 2003 Backup Utility
supports a wide variety of
– Storage devices
– Media
45
Backing Up and Restoring Files and
Folders
• The Windows Server 2003 Backup Utility
supports a number of backup types
46
Backing Up the System State
• Backing up the System State data on a Windows
Server 2003 system includes
–
–
–
–
–
–
–
–
–
Registry (always)
COM+ Class Registration database (always)
Boot files (always)
Certificate Services database (if Certificate
Services is installed)
Active Directory (only on domain controllers)
SYSVOL directory (only on domain controllers)
Cluster service (if the server is part of a cluster)
IIS Metadirectory (if IIS is installed)
System files (always)
47
Summary
• Performance console has two tools for
monitoring server health and performance:
– System Monitor
– Performance Logs and Alerts
• Alerts
– Can be configured for specific objects and
counters
– Can send a message, start a counter log, write an
event to the application log, or run a program
• Event Viewer can be used to view the contents
of the system logs, application logs, and security
logs
48
Summary (Continued)
• Task Manager provides information on
– Processes and applications running on a system
– A system’s current performance
• When optimizing the performance of your
computer, use the Services icon to disable any
unnecessary services to eliminate overhead
• Windows Server 2003 startup process occurs in
two phases:
– Startup phase
– Load phase
49
Summary (Continued)
• Advanced startup options can be used to
troubleshoot and repair startup problems
• The last known good configuration can be used
to restart the computer if the default
configuration becomes damaged
• The Recovery Console allows an administrator
to access the hard drive and carry out
administrative tasks
• If you are unable to recover a system using any
of the Windows Server 2003 utilities, a backup
created by the Automated System Recovery
feature can be used
50