Chapter 10 - PowerPoint PPT Presentation

Chapter 10

Monitoring and Troubleshooting Windows Server 2003

• Monitor Windows Server 2003 health and performance
• Troubleshoot Windows Server 2003 startup procedures
• Use advanced startup options and other tools used in operating system recovery
• Use the Windows Server 2003 backup utility

• Monitoring the health of a server can help alert an administrator to problems before they occur or become more serious
• Baseline performance
• A performance benchmark
• Used to determine
• What is normal server performance under a specific workload
• Whether or not the server is performing as it should

• Some Windows Server 2003 tools that can be used to monitor server health and performance
• System Monitor
• Performance Logs and Alerts
• Event Viewer
• Task Manager

• System Monitor
• Allows you to gather and view real-time performance statistics of a computer
• Accessed through the Performance console
• Data collected using System Monitor can be used for
• Server performance monitoring
• Problem diagnosis
• Capacity planning
• Testing

• Options for customizing the data collected
• Defining the components to be monitored and the type of data to be collected
• Performance objects
• System components that can be monitored
• Performance counters
• Data associated with performance objects
• Specifying the source or computer to be monitored
• Use System Monitor to gather data from
• The local computer
• A network computer

• System Monitor can display information in
• Graph view
• Histogram view
• Report view
• Options for viewing performance data in System Monitor include the ability to
• Add additional performance counters as required
• Switch between display views
• Highlight a selected counter
• Copy and paste selected information
• Freeze the display for analysis purposes

• Monitoring server performance should be a regular maintenance task
• Performance counters that should be included when monitoring server performance
• % Processor Time
• % Interrupt Time
• Pages/Second
• Page Faults/Second
• % Disk Time
• Average Disk Queue Length

• Performance Logs and Alerts tool
• Accessed through the Performance console
• Allows you to
• Automatically collect data on the local computer or from another computer on the network
• View the collected information using System Monitor or another program

• Tasks which can be performed using the Performance Logs and Alerts tool
• Collect data in a binary, comma-separated, or tab-separated format
• View data both while it is being collected and after it has been collected
• Configure parameters such as start and stop times for log generation, file names, and file size
• Configure and manage multiple logging sessions from a single console window
• Set up alerts so a message is sent, a program is run, or a log file is started when a specific counter exceeds or drops below a configured value

• Options available under Performance Logs and Alerts
• Counter logs
• Take the information viewed using System Monitor and save it to a log file
• Trace logs
• Similar to counter logs but are triggered to start when an event occurs
• Alerts
• Can be configured to occur when a counter meets a predefined value

• Alerts
• Can be set up to notify you of a potential problem
• Needed because logging should not be running all the time
• Logging increases the overhead on a server

• Event Viewer can be used to
• Gather information
• Troubleshoot software, hardware, and system problems
• Events are written to one of the following logs
• Application log
• Contains information, warnings, and errors generated by programs installed on the system
• Security log
• Contains events pertaining to the audit policy
• System log
• Contains information, warnings, and errors generated by Windows Server 2003 system components

• Types of events displayed by system and application logs
• Information
• When a component or application successfully performs an operation
• Warning
• When an event occurs that may not be a problem at the current time, but may become a problem in the future
• Error
• When a significant event has occurred, such as a service failing to start or a device driver failing to load

• Provides one of the fastest ways to
• Check server performance
• Determine what processes are running on the system

• Consists of five different tabs
• Applications
• Displays the interactive programs that are currently running and what their status is
• Processes
• Displays information about the processes currently running on a Windows Server 2003 system
• Performance
• Provides a quick view of a system’s current performance

• Task Manager consists of five different tabs (Continued)
• Networking
• Provides a graphical representation of the current network utilization for a given network connection
• Users
• Displays users who can access the computer, and session status and names

• To optimize and secure a server, any unnecessary components, such as services should be disabled
• Running unnecessary services adds overhead to the system
• Things to consider when deciding which services should be disabled
• The role the server plays on the network
• Service dependencies
• Can be checked using the Dependencies tab of a service

• Services MMC
• Can be used to configure a variety of settings related to how services function and respond to potential problems
• Tabs in the properties dialog box of a service
• General
• Displays a service’s name, description, the path to the executable file, service startup parameters, and buttons allowing you to start, stop, pause, and resume a service

• Tabs in the properties dialog box of a service (Continued)
• Log On
• Allows you to specify the user name that a service will run as, along with the hardware profiles for which the service will be enabled
• Recovery
• Allows you to
• Configure the computer’s response when a service fails
• Specify a program that should be run when a service failure occurs

• Tabs in the properties dialog box of a service (Continued)
• Dependencies
• Specifies the services that a service depends upon to function correctly, as well as the services that depend on this service to function

• System startup problems can occur for a variety of reasons, including
• Missing files
• Corrupt files
• Configuration errors
• Files required to be located on the system partition for a successful start up
• Ntldr
• Boot.ini
• Ntdetect.com
• Ntbootdd.sys

• Files required to be located on the boot partition for a successful start up
• Ntoskrnl.exe
• System
• Device drivers
• Hal.dll

• Stages of the boot sequence
• Startup phase
• Load phase
• Actions that occur during the startup phase
• NTLDR switches from real mode to a 32-bit flat memory model and starts the mini file system drivers required to load Windows Server 2003 from different file systems
• NTLDR accesses the boot.ini file to display the operating system selection menu
• If Windows Server 2003 is selected, NTLDR loads NTDETECT.COM

• Actions that occur during the startup phase (Continued)
• NTDETECT.COM scans the system to determine installed hardware and passes this information to NTLDR to be added to the Registry
• NTLDR loads both the ntoskrnl.exe and hal.dll files
• NTLDR reads the registry files, selects a hardware profile, selects a control set, and then loads device drivers

• Steps of the load phase
• Kernel load
• Kernel initialization
• Services load
• Win32 subsystem start
• boot.ini file
• Can be
• Edited manually using a text editor such as Notepad
• Configured with the bootcfg.exe command
• Changed using the Startup and Recovery settings found in the System program in Control Panel

• bootcfg.exe utility
• A command-line tool for configuring the boot.ini file

• Advanced startup options
• Can be used to troubleshoot the problem of system start failure
• Can be accessed during system startup by pressing F8 while viewing the Boot Loader Operating System Selection menu

• Last known good configuration
• Allows you to recover your system from failed driver and registry changes
• Useful in situations where Windows Server 2003 configuration changes have been made that negatively impact the system
• The last known good configuration information
• Is stored in the registry
• Is updated each time the computer restarts and the user successfully logs on

• Recovery Console
• An advanced tool for experienced administrators
• Allows an administrator to gain access to a hard drive on computers running Windows Server 2003
• Can be used to perform the following tasks
• Start and stop services
• Format drives
• Read and write data on a local hard drive
• Copy files from a floppy or CD to a local hard drive
• Perform administrative tasks

• Ways of starting the Recovery Console
• Run the Recovery Console from the Windows Server 2003 CD once a serious error occurs by booting from the CD
• Install the Recovery Console on the computer permanently before a problem occurs

• Some of the common commands available through the Recovery Console
• Copy
• Disable
• Enable
• Exit
• Fixboot
• Fixmbr
• Listsvc

• Automated System Recovery (ASR) feature
• Allows you to restore system configuration settings
• Used when a system cannot be repaired using various safe-mode startup options or the last known good configuration feature
• Does not restore user data files

• Two elements of ASR on a Windows Server 2003 system
• The ASR backup
• Accessed from the Backup Utility
• A floppy disk
• Contains information about
• The backup
• Disk configuration
• How the restore should be performed

• Some tasks that can be performed using the Windows Server 2003 Backup Utility
• Back up and restore files and folders
• Schedule a backup
• Back up Windows 2003 System State data
• Restore all or a portion of the Active Directory database
• Create an ASR backup
• The Windows Server 2003 Backup Utility supports a wide variety of
• Storage devices
• Media

• The Windows Server 2003 Backup Utility supports a number of backup types

• Backing up the System State data on a Windows Server 2003 system includes
• Registry (always)
• COM+ Class Registration database (always)
• Boot files (always)
• Certificate Services database (if Certificate Services is installed)
• Active Directory (only on domain controllers)
• SYSVOL directory (only on domain controllers)
• Cluster service (if the server is part of a cluster)
• IIS Metadirectory (if IIS is installed)
• System files (always)

• Performance console has two tools for monitoring server health and performance:
• System Monitor
• Performance Logs and Alerts
• Alerts
• Can be configured for specific objects and counters
• Can send a message, start a counter log, write an event to the application log, or run a program
• Event Viewer can be used to view the contents of the system logs, application logs, and security logs

• Task Manager provides information on
• Processes and applications running on a system
• A system’s current performance
• When optimizing the performance of your computer, use the Services icon to disable any unnecessary services to eliminate overhead
• Windows Server 2003 startup process occurs in two phases:
• Startup phase
• Load phase

• Advanced startup options can be used to troubleshoot and repair startup problems
• The last known good configuration can be used to restart the computer if the default configuration becomes damaged
• The Recovery Console allows an administrator to access the hard drive and carry out administrative tasks
• If you are unable to recover a system using any of the Windows Server 2003 utilities, a backup created by the Automated System Recovery feature can be used