Hands-On Microsoft Windows Server 2003

Administration

Chapter 10

Monitoring and Troubleshooting Windows Server 2003

2

Objectives

• Monitor Windows Server 2003 health and performance

• Troubleshoot Windows Server 2003 startup procedures

• Use advanced startup options and other tools used in operating system recovery

• Use the Windows Server 2003 backup utility

3

Monitoring Windows Server 2003 Health and Performance

• Monitoring the health of a server can help alert an administrator to problems before they occur or become more serious

• Baseline performance– A performance benchmark– Used to determine

• What is normal server performance under a specific workload

• Whether or not the server is performing as it should

4

Monitoring Windows Server 2003 Health and Performance (Continued)

• Some Windows Server 2003 tools that can be used to monitor server health and performance– System Monitor

– Performance Logs and Alerts

– Event Viewer

– Task Manager

5

System Monitor

• System Monitor– Allows you to gather and view real-time

performance statistics of a computer

– Accessed through the Performance console

• Data collected using System Monitor can be used for– Server performance monitoring

– Problem diagnosis

– Capacity planning

– Testing

6

System Monitor (Continued)• Options for customizing the data collected

– Defining the components to be monitored and the type of data to be collected

• Performance objects– System components that can be monitored

• Performance counters– Data associated with performance objects

– Specifying the source or computer to be monitored• Use System Monitor to gather data from

– The local computer– A network computer

7

System Monitor (Continued)

• System Monitor can display information in– Graph view– Histogram view– Report view

• Options for viewing performance data in System Monitor include the ability to– Add additional performance counters as required– Switch between display views– Highlight a selected counter– Copy and paste selected information– Freeze the display for analysis purposes

8

System Monitor counters in graph view

9

System Monitor counters in histogram view

10

System Monitor counters in report view

11

System Monitor (Continued)

• Monitoring server performance should be a regular maintenance task

• Performance counters that should be included when monitoring server performance– % Processor Time

– % Interrupt Time

– Pages/Second

– Page Faults/Second

– % Disk Time

– Average Disk Queue Length

12

Performance Logs and Alerts

• Performance Logs and Alerts tool– Accessed through the Performance console

– Allows you to• Automatically collect data on the local computer or

from another computer on the network• View the collected information using System

Monitor or another program

13

Performance Logs and Alerts (Continued)• Tasks which can be performed using the

Performance Logs and Alerts tool– Collect data in a binary, comma-separated, or tab-

separated format– View data both while it is being collected and after

it has been collected– Configure parameters such as start and stop times

for log generation, file names, and file size– Configure and manage multiple logging sessions

from a single console window– Set up alerts so a message is sent, a program is

run, or a log file is started when a specific counter exceeds or drops below a configured value

14

Performance Logs and Alerts (Continued)

• Options available under Performance Logs and Alerts– Counter logs

• Take the information viewed using System Monitor and save it to a log file

– Trace logs• Similar to counter logs but are triggered to start

when an event occurs

– Alerts• Can be configured to occur when a counter meets a

predefined value

15

Performance Logs and Alerts tool

16

Performance Logs and Alerts (Continued)• Alerts

– Can be set up to notify you of a potential problem

– Needed because logging should not be running all the time

• Logging increases the overhead on a server

17

Event Viewer• Event Viewer can be used to

– Gather information– Troubleshoot software, hardware, and system

problems• Events are written to one of the following logs

– Application log• Contains information, warnings, and errors

generated by programs installed on the system– Security log

• Contains events pertaining to the audit policy– System log

• Contains information, warnings, and errors generated by Windows Server 2003 system components

18

Event Viewer (Continued)• Types of events displayed by system and

application logs– Information

• When a component or application successfully performs an operation

– Warning• When an event occurs that may not be a problem

at the current time, but may become a problem in the future

– Error• When a significant event has occurred, such as a

service failing to start or a device driver failing to load

19

Event Viewer tool

20

Task Manager

• Provides one of the fastest ways to– Check server performance

– Determine what processes are running on the system

21

Windows Task Manager tool

22

Task Manager (Continued)

• Consists of five different tabs– Applications

• Displays the interactive programs that are currently running and what their status is

– Processes• Displays information about the processes currently

running on a Windows Server 2003 system

– Performance• Provides a quick view of a system’s current

performance

23

Task Manager (Continued)

• Task Manager consists of five different tabs (Continued)– Networking

• Provides a graphical representation of the current network utilization for a given network connection

– Users• Displays users who can access the computer, and

session status and names

24

Performance Tab

25

Identify and Disable Unnecessary Services

• To optimize and secure a server, any unnecessary components, such as services should be disabled– Running unnecessary services adds overhead to

the system• Things to consider when deciding which services

should be disabled– The role the server plays on the network– Service dependencies

• Can be checked using the Dependencies tab of a service

26

Viewing dependencies of DHCP Server service

27

Identify and Disable Unnecessary Services (Continued)

• Services MMC– Can be used to configure a variety of settings

related to how services function and respond to potential problems

• Tabs in the properties dialog box of a service– General

• Displays a service’s name, description, the path to the executable file, service startup parameters, and buttons allowing you to start, stop, pause, and resume a service

28

Identify and Disable Unnecessary Services (Continued)• Tabs in the properties dialog box of a service

(Continued)– Log On

• Allows you to specify the user name that a service will run as, along with the hardware profiles for which the service will be enabled

– Recovery• Allows you to

– Configure the computer’s response when a service fails

– Specify a program that should be run when a service failure occurs

29

Identify and Disable Unnecessary Services (Continued)

• Tabs in the properties dialog box of a service (Continued)– Dependencies

• Specifies the services that a service depends upon to function correctly, as well as the services that depend on this service to function

30

Troubleshooting Windows Server 2003 Startup Procedures• System startup problems can occur for a variety of

reasons, including– Missing files– Corrupt files– Configuration errors

• Files required to be located on the system partition for a successful start up– Ntldr– Boot.ini– Ntdetect.com– Ntbootdd.sys

31

Troubleshooting Windows Server 2003 Startup Procedures (Continued)

• Files required to be located on the boot partition for a successful start up– Ntoskrnl.exe

– System

– Device drivers

– Hal.dll

32

The Windows Server 2003 Startup Process• Stages of the boot sequence

– Startup phase– Load phase

• Actions that occur during the startup phase– NTLDR switches from real mode to a 32-bit flat

memory model and starts the mini file system drivers required to load Windows Server 2003 from different file systems

– NTLDR accesses the boot.ini file to display the operating system selection menu

– If Windows Server 2003 is selected, NTLDR loads NTDETECT.COM

33

The Windows Server 2003 Startup Process (Continued)

• Actions that occur during the startup phase (Continued)– NTDETECT.COM scans the system to determine

installed hardware and passes this information to NTLDR to be added to the Registry

– NTLDR loads both the ntoskrnl.exe and hal.dll files

– NTLDR reads the registry files, selects a hardware profile, selects a control set, and then loads device drivers

34

The Windows Server 2003 Startup Process (Continued)• Steps of the load phase

– Kernel load– Kernel initialization– Services load– Win32 subsystem start

• boot.ini file– Can be

• Edited manually using a text editor such as Notepad

• Configured with the bootcfg.exe command• Changed using the Startup and Recovery settings

found in the System program in Control Panel

35

Boot.ini file

36

The Windows Server 2003 Startup Process (Continued)• bootcfg.exe utility

– A command-line tool for configuring the boot.ini file

37

Advanced Startup Options

• Advanced startup options– Can be used to troubleshoot the problem of

system start failure

– Can be accessed during system startup by pressing F8 while viewing the Boot Loader Operating System Selection menu

38

Advanced startup options

39

Last Known Good Configuration

• Last known good configuration– Allows you to recover your system from failed

driver and registry changes

– Useful in situations where Windows Server 2003 configuration changes have been made that negatively impact the system

• The last known good configuration information– Is stored in the registry

– Is updated each time the computer restarts and the user successfully logs on

40

Recovery Console

• Recovery Console– An advanced tool for experienced administrators

– Allows an administrator to gain access to a hard drive on computers running Windows Server 2003

– Can be used to perform the following tasks• Start and stop services• Format drives• Read and write data on a local hard drive• Copy files from a floppy or CD to a local hard drive• Perform administrative tasks

41

Installing the Recovery Console

• Ways of starting the Recovery Console– Run the Recovery Console from the Windows

Server 2003 CD once a serious error occurs by booting from the CD

– Install the Recovery Console on the computer permanently before a problem occurs

42

Installing the Recovery Console (Continued)

• Some of the common commands available through the Recovery Console– Copy– Disable– Enable– Exit– Fixboot– Fixmbr– Listsvc

43

The Automatic System Recovery Feature

• Automated System Recovery (ASR) feature– Allows you to restore system configuration

settings

– Used when a system cannot be repaired using various safe-mode startup options or the last known good configuration feature

– Does not restore user data files

44

The Automatic System Recovery Feature (Continued)

• Two elements of ASR on a Windows Server 2003 system– The ASR backup

• Accessed from the Backup Utility

– A floppy disk• Contains information about

– The backup

– Disk configuration

– How the restore should be performed

45

The Windows Server 2003 Backup Utility• Some tasks that can be performed using the

Windows Server 2003 Backup Utility– Back up and restore files and folders– Schedule a backup– Back up Windows 2003 System State data– Restore all or a portion of the Active Directory

database– Create an ASR backup

• The Windows Server 2003 Backup Utility supports a wide variety of– Storage devices– Media

46

Backing Up and Restoring Files and Folders

• The Windows Server 2003 Backup Utility supports a number of backup types

47

Backing Up the System State• Backing up the System State data on a Windows

Server 2003 system includes– Registry (always)– COM+ Class Registration database (always)– Boot files (always)– Certificate Services database (if Certificate

Services is installed)– Active Directory (only on domain controllers)– SYSVOL directory (only on domain controllers)– Cluster service (if the server is part of a cluster)– IIS Metadirectory (if IIS is installed)– System files (always)

48

Summary• Performance console has two tools for monitoring

server health and performance:– System Monitor– Performance Logs and Alerts

• Alerts– Can be configured for specific objects and

counters – Can send a message, start a counter log, write an

event to the application log, or run a program• Event Viewer can be used to view the contents of

the system logs, application logs, and security logs

49

Summary (Continued)

• Task Manager provides information on– Processes and applications running on a system– A system’s current performance

• When optimizing the performance of your computer, use the Services icon to disable any unnecessary services to eliminate overhead

• Windows Server 2003 startup process occurs in two phases:– Startup phase– Load phase

50

Summary (Continued)• Advanced startup options can be used to

troubleshoot and repair startup problems• The last known good configuration can be used

to restart the computer if the default configuration becomes damaged

• The Recovery Console allows an administrator to access the hard drive and carry out administrative tasks

• If you are unable to recover a system using any of the Windows Server 2003 utilities, a backup created by the Automated System Recovery feature can be used