Monitoring and Troubleshooting Windows Server 2003

1
Chapter 10

• Monitoring and Troubleshooting Windows Server 2003

2
Objectives

• Monitor Windows Server 2003 health and
  performance
• Troubleshoot Windows Server 2003 startup
  procedures
• Use advanced startup options and other tools used
  in operating system recovery
• Use the Windows Server 2003 backup utility

3
Monitoring Windows Server 2003 Health and
Performance

• Monitoring the health of a server can help alert
  an administrator to problems before they occur or
  become more serious
• Baseline performance
• A performance benchmark
• Used to determine
• What is normal server performance under a
  specific workload
• Whether or not the server is performing as it
  should

4
Monitoring Windows Server 2003 Health and
Performance (Continued)

• Some Windows Server 2003 tools that can be used
  to monitor server health and performance
• System Monitor
• Performance Logs and Alerts
• Event Viewer
• Task Manager

5
System Monitor

• System Monitor
• Allows you to gather and view real-time
  performance statistics of a computer
• Accessed through the Performance console
• Data collected using System Monitor can be used
  for
• Server performance monitoring
• Problem diagnosis
• Capacity planning
• Testing

6
System Monitor (Continued)

• Options for customizing the data collected
• Defining the components to be monitored and the
  type of data to be collected
• Performance objects
• System components that can be monitored
• Performance counters
• Data associated with performance objects
• Specifying the source or computer to be monitored
• Use System Monitor to gather data from
• The local computer
• A network computer

7
System Monitor (Continued)

• System Monitor can display information in
• Graph view
• Histogram view
• Report view
• Options for viewing performance data in System
  Monitor include the ability to
• Add additional performance counters as required
• Switch between display views
• Highlight a selected counter
• Copy and paste selected information
• Freeze the display for analysis purposes

8
System Monitor counters in graph view
9
System Monitor counters in histogram view
10
System Monitor counters in report view
11
System Monitor (Continued)

• Monitoring server performance should be a regular
  maintenance task
• Performance counters that should be included when
  monitoring server performance
• Processor Time
• Interrupt Time
• Pages/Second
• Page Faults/Second
• Disk Time
• Average Disk Queue Length

12
Performance Logs and Alerts

• Performance Logs and Alerts tool
• Accessed through the Performance console
• Allows you to
• Automatically collect data on the local computer
  or from another computer on the network
• View the collected information using System
  Monitor or another program

13
Performance Logs and Alerts (Continued)

• Tasks which can be performed using the
  Performance Logs and Alerts tool
• Collect data in a binary, comma-separated, or
  tab-separated format
• View data both while it is being collected and
  after it has been collected
• Configure parameters such as start and stop times
  for log generation, file names, and file size
• Configure and manage multiple logging sessions
  from a single console window
• Set up alerts so a message is sent, a program is
  run, or a log file is started when a specific
  counter exceeds or drops below a configured value

14
Performance Logs and Alerts (Continued)

• Options available under Performance Logs and
  Alerts
• Counter logs
• Take the information viewed using System Monitor
  and save it to a log file
• Trace logs
• Similar to counter logs but are triggered to
  start when an event occurs
• Alerts
• Can be configured to occur when a counter meets a
  predefined value

15
Performance Logs and Alerts tool
16
Performance Logs and Alerts (Continued)

• Alerts
• Can be set up to notify you of a potential
  problem
• Needed because logging should not be running all
  the time
• Logging increases the overhead on a server

17
Event Viewer

• Event Viewer can be used to
• Gather information
• Troubleshoot software, hardware, and system
  problems
• Events are written to one of the following logs
• Application log
• Contains information, warnings, and errors
  generated by programs installed on the system
• Security log
• Contains events pertaining to the audit policy
• System log
• Contains information, warnings, and errors
  generated by Windows Server 2003 system components

18
Event Viewer (Continued)

• Types of events displayed by system and
  application logs
• Information
• When a component or application successfully
  performs an operation
• Warning
• When an event occurs that may not be a problem at
  the current time, but may become a problem in the
  future
• Error
• When a significant event has occurred, such as a
  service failing to start or a device driver
  failing to load

19
Event Viewer tool
20
Task Manager

• Provides one of the fastest ways to
• Check server performance
• Determine what processes are running on the system

21
Windows Task Manager tool
22
Task Manager (Continued)

• Consists of five different tabs
• Applications
• Displays the interactive programs that are
  currently running and what their status is
• Processes
• Displays information about the processes
  currently running on a Windows Server 2003 system
• Performance
• Provides a quick view of a systems current
  performance

23
Task Manager (Continued)

• Task Manager consists of five different tabs
  (Continued)
• Networking
• Provides a graphical representation of the
  current network utilization for a given network
  connection
• Users
• Displays users who can access the computer, and
  session status and names

24
Performance Tab
25
Identify and Disable Unnecessary Services

• To optimize and secure a server, any unnecessary
  components, such as services should be disabled
• Running unnecessary services adds overhead to the
  system
• Things to consider when deciding which services
  should be disabled
• The role the server plays on the network
• Service dependencies
• Can be checked using the Dependencies tab of a
  service

26
Viewing dependencies of DHCP Server service
27
Identify and Disable Unnecessary Services
(Continued)

• Services MMC
• Can be used to configure a variety of settings
  related to how services function and respond to
  potential problems
• Tabs in the properties dialog box of a service
• General
• Displays a services name, description, the path
  to the executable file, service startup
  parameters, and buttons allowing you to start,
  stop, pause, and resume a service

28
Identify and Disable Unnecessary Services
(Continued)

• Tabs in the properties dialog box of a service
  (Continued)
• Log On
• Allows you to specify the user name that a
  service will run as, along with the hardware
  profiles for which the service will be enabled
• Recovery
• Allows you to
• Configure the computers response when a service
  fails
• Specify a program that should be run when a
  service failure occurs

29
Identify and Disable Unnecessary Services
(Continued)

• Tabs in the properties dialog box of a service
  (Continued)
• Dependencies
• Specifies the services that a service depends
  upon to function correctly, as well as the
  services that depend on this service to function

30
Troubleshooting Windows Server 2003 Startup
Procedures

• System startup problems can occur for a variety
  of reasons, including
• Missing files
• Corrupt files
• Configuration errors
• Files required to be located on the system
  partition for a successful start up
• Ntldr
• Boot.ini
• Ntdetect.com
• Ntbootdd.sys

31
Troubleshooting Windows Server 2003 Startup
Procedures (Continued)

• Files required to be located on the boot
  partition for a successful start up
• Ntoskrnl.exe
• System
• Device drivers
• Hal.dll

32
The Windows Server 2003 Startup Process

• Stages of the boot sequence
• Startup phase
• Load phase
• Actions that occur during the startup phase
• NTLDR switches from real mode to a 32-bit flat
  memory model and starts the mini file system
  drivers required to load Windows Server 2003 from
  different file systems
• NTLDR accesses the boot.ini file to display the
  operating system selection menu
• If Windows Server 2003 is selected, NTLDR loads
  NTDETECT.COM

33
The Windows Server 2003 Startup Process
(Continued)

• Actions that occur during the startup phase
  (Continued)
• NTDETECT.COM scans the system to determine
  installed hardware and passes this information to
  NTLDR to be added to the Registry
• NTLDR loads both the ntoskrnl.exe and hal.dll
  files
• NTLDR reads the registry files, selects a
  hardware profile, selects a control set, and then
  loads device drivers

34
The Windows Server 2003 Startup Process
(Continued)

• Steps of the load phase
• Kernel load
• Kernel initialization
• Services load
• Win32 subsystem start
• boot.ini file
• Can be
• Edited manually using a text editor such as
  Notepad
• Configured with the bootcfg.exe command
• Changed using the Startup and Recovery settings
  found in the System program in Control Panel

35
Boot.ini file
36
The Windows Server 2003 Startup Process
(Continued)

• bootcfg.exe utility
• A command-line tool for configuring the boot.ini
  file

37
Advanced Startup Options

• Advanced startup options
• Can be used to troubleshoot the problem of system
  start failure
• Can be accessed during system startup by pressing
  F8 while viewing the Boot Loader Operating System
  Selection menu

38
Advanced startup options
39
Last Known Good Configuration

• Last known good configuration
• Allows you to recover your system from failed
  driver and registry changes
• Useful in situations where Windows Server 2003
  configuration changes have been made that
  negatively impact the system
• The last known good configuration information
• Is stored in the registry
• Is updated each time the computer restarts and
  the user successfully logs on

40
Recovery Console

• Recovery Console
• An advanced tool for experienced administrators
• Allows an administrator to gain access to a hard
  drive on computers running Windows Server 2003
• Can be used to perform the following tasks
• Start and stop services
• Format drives
• Read and write data on a local hard drive
• Copy files from a floppy or CD to a local hard
  drive
• Perform administrative tasks

41
Installing the Recovery Console

• Ways of starting the Recovery Console
• Run the Recovery Console from the Windows Server
  2003 CD once a serious error occurs by booting
  from the CD
• Install the Recovery Console on the computer
  permanently before a problem occurs

42
Installing the Recovery Console (Continued)

• Some of the common commands available through the
  Recovery Console
• Copy
• Disable
• Enable
• Exit
• Fixboot
• Fixmbr
• Listsvc

43
The Automatic System Recovery Feature

• Automated System Recovery (ASR) feature
• Allows you to restore system configuration
  settings
• Used when a system cannot be repaired using
  various safe-mode startup options or the last
  known good configuration feature
• Does not restore user data files

44
The Automatic System Recovery Feature (Continued)

• Two elements of ASR on a Windows Server 2003
  system
• The ASR backup
• Accessed from the Backup Utility
• A floppy disk
• Contains information about
• The backup
• Disk configuration
• How the restore should be performed

45
The Windows Server 2003 Backup Utility

• Some tasks that can be performed using the
  Windows Server 2003 Backup Utility
• Back up and restore files and folders
• Schedule a backup
• Back up Windows 2003 System State data
• Restore all or a portion of the Active Directory
  database
• Create an ASR backup
• The Windows Server 2003 Backup Utility supports a
  wide variety of
• Storage devices
• Media

46
Backing Up and Restoring Files and Folders

• The Windows Server 2003 Backup Utility supports a
  number of backup types

47
Backing Up the System State

• Backing up the System State data on a Windows
  Server 2003 system includes
• Registry (always)
• COM Class Registration database (always)
• Boot files (always)
• Certificate Services database (if Certificate
  Services is installed)
• Active Directory (only on domain controllers)
• SYSVOL directory (only on domain controllers)
• Cluster service (if the server is part of a
  cluster)
• IIS Metadirectory (if IIS is installed)
• System files (always)

48
Summary

• Performance console has two tools for monitoring
  server health and performance
• System Monitor
• Performance Logs and Alerts
• Alerts
• Can be configured for specific objects and
  counters
• Can send a message, start a counter log, write an
  event to the application log, or run a program
• Event Viewer can be used to view the contents of
  the system logs, application logs, and security
  logs

49
Summary (Continued)

• Task Manager provides information on
• Processes and applications running on a system
• A systems current performance
• When optimizing the performance of your computer,
  use the Services icon to disable any unnecessary
  services to eliminate overhead
• Windows Server 2003 startup process occurs in two
  phases
• Startup phase
• Load phase

50
Summary (Continued)

• Advanced startup options can be used to
  troubleshoot and repair startup problems
• The last known good configuration can be used to
  restart the computer if the default configuration
  becomes damaged
• The Recovery Console allows an administrator to
  access the hard drive and carry out
  administrative tasks
• If you are unable to recover a system using any
  of the Windows Server 2003 utilities, a backup
  created by the Automated System Recovery feature
  can be used