Hands-On Microsoft Windows Server 2003 Administration Chapter 10 Monitoring and Troubleshooting Windows Server 2003
2 Objectives Monitor Windows Server 2003 health and performance Troubleshoot Windows Server 2003 startup procedures Use advanced startup options and other tools used in operating system recovery Use the Windows Server 2003 backup utility
3 Monitoring Windows Server 2003 Health and Performance Monitoring the health of a server can help alert an administrator to problems before they occur or become more serious Baseline performance –A performance benchmark –Used to determine What is normal server performance under a specific workload Whether or not the server is performing as it should
4 Monitoring Windows Server 2003 Health and Performance (Continued) Some Windows Server 2003 tools that can be used to monitor server health and performance –System Monitor –Performance Logs and Alerts –Event Viewer –Task Manager
5 System Monitor –Allows you to gather and view real-time performance statistics of a computer –Accessed through the Performance console Data collected using System Monitor can be used for –Server performance monitoring –Problem diagnosis –Capacity planning –Testing
6 System Monitor (Continued) Options for customizing the data collected –Defining the components to be monitored and the type of data to be collected Performance objects –System components that can be monitored Performance counters –Data associated with performance objects –Specifying the source or computer to be monitored Use System Monitor to gather data from –The local computer –A network computer
7 System Monitor (Continued) System Monitor can display information in –Graph view –Histogram view –Report view Options for viewing performance data in System Monitor include the ability to –Add additional performance counters as required –Switch between display views –Highlight a selected counter –Copy and paste selected information –Freeze the display for analysis purposes
8 System Monitor counters in graph view
9 System Monitor counters in histogram view
10 System Monitor counters in report view
11 System Monitor (Continued) Monitoring server performance should be a regular maintenance task Performance counters that should be included when monitoring server performance –% Processor Time –% Interrupt Time –Pages/Second –Page Faults/Second –% Disk Time –Average Disk Queue Length
12 Performance Logs and Alerts Performance Logs and Alerts tool –Accessed through the Performance console –Allows you to Automatically collect data on the local computer or from another computer on the network View the collected information using System Monitor or another program
13 Performance Logs and Alerts (Continued) Tasks which can be performed using the Performance Logs and Alerts tool –Collect data in a binary, comma-separated, or tab-separated format –View data both while it is being collected and after it has been collected –Configure parameters such as start and stop times for log generation, file names, and file size –Configure and manage multiple logging sessions from a single console window –Set up alerts so a message is sent, a program is run, or a log file is started when a specific counter exceeds or drops below a configured value
14 Performance Logs and Alerts (Continued) Options available under Performance Logs and Alerts –Counter logs Take the information viewed using System Monitor and save it to a log file –Trace logs Similar to counter logs but are triggered to start when an event occurs –Alerts Can be configured to occur when a counter meets a predefined value
15 Performance Logs and Alerts tool
16 Performance Logs and Alerts (Continued) Alerts –Can be set up to notify you of a potential problem –Needed because logging should not be running all the time Logging increases the overhead on a server
17 Event Viewer Event Viewer can be used to –Gather information –Troubleshoot software, hardware, and system problems Events are written to one of the following logs –Application log Contains information, warnings, and errors generated by programs installed on the system –Security log Contains events pertaining to the audit policy –System log Contains information, warnings, and errors generated by Windows Server 2003 system components
18 Event Viewer (Continued) Types of events displayed by system and application logs –Information When a component or application successfully performs an operation –Warning When an event occurs that may not be a problem at the current time, but may become a problem in the future –Error When a significant event has occurred, such as a service failing to start or a device driver failing to load
19 Event Viewer tool
20 Task Manager Provides one of the fastest ways to –Check server performance –Determine what processes are running on the system
21 Windows Task Manager tool
22 Task Manager (Continued) Consists of five different tabs –Applications Displays the interactive programs that are currently running and what their status is –Processes Displays information about the processes currently running on a Windows Server 2003 system –Performance Provides a quick view of a system’s current performance
23 Task Manager (Continued) Task Manager consists of five different tabs (Continued) –Networking Provides a graphical representation of the current network utilization for a given network connection –Users Displays users who can access the computer, and session status and names
24 Performance Tab
25 Identify and Disable Unnecessary Services To optimize and secure a server, any unnecessary components, such as services should be disabled –Running unnecessary services adds overhead to the system Things to consider when deciding which services should be disabled –The role the server plays on the network –Service dependencies Can be checked using the Dependencies tab of a service
26 Viewing dependencies of DHCP Server service
27 Identify and Disable Unnecessary Services (Continued) Services MMC –Can be used to configure a variety of settings related to how services function and respond to potential problems Tabs in the properties dialog box of a service –General Displays a service’s name, description, the path to the executable file, service startup parameters, and buttons allowing you to start, stop, pause, and resume a service
28 Identify and Disable Unnecessary Services (Continued) Tabs in the properties dialog box of a service (Continued) –Log On Allows you to specify the user name that a service will run as, along with the hardware profiles for which the service will be enabled –Recovery Allows you to –Configure the computer’s response when a service fails –Specify a program that should be run when a service failure occurs
29 Identify and Disable Unnecessary Services (Continued) Tabs in the properties dialog box of a service (Continued) –Dependencies Specifies the services that a service depends upon to function correctly, as well as the services that depend on this service to function
30 Troubleshooting Windows Server 2003 Startup Procedures System startup problems can occur for a variety of reasons, including –Missing files –Corrupt files –Configuration errors Files required to be located on the system partition for a successful start up –Ntldr –Boot.ini –Ntdetect.com –Ntbootdd.sys
31 Troubleshooting Windows Server 2003 Startup Procedures (Continued) Files required to be located on the boot partition for a successful start up –Ntoskrnl.exe –System –Device drivers –Hal.dll
32 The Windows Server 2003 Startup Process Stages of the boot sequence –Startup phase –Load phase Actions that occur during the startup phase –NTLDR switches from real mode to a 32-bit flat memory model and starts the mini file system drivers required to load Windows Server 2003 from different file systems –NTLDR accesses the boot.ini file to display the operating system selection menu –If Windows Server 2003 is selected, NTLDR loads NTDETECT.COM
33 The Windows Server 2003 Startup Process (Continued) Actions that occur during the startup phase (Continued) –NTDETECT.COM scans the system to determine installed hardware and passes this information to NTLDR to be added to the Registry –NTLDR loads both the ntoskrnl.exe and hal.dll files –NTLDR reads the registry files, selects a hardware profile, selects a control set, and then loads device drivers
34 The Windows Server 2003 Startup Process (Continued) Steps of the load phase –Kernel load –Kernel initialization –Services load –Win32 subsystem start boot.ini file –Can be Edited manually using a text editor such as Notepad Configured with the bootcfg.exe command Changed using the Startup and Recovery settings found in the System program in Control Panel
35 Boot.ini file
36 The Windows Server 2003 Startup Process (Continued) bootcfg.exe utility –A command-line tool for configuring the boot.ini file
37 Advanced Startup Options Advanced startup options –Can be used to troubleshoot the problem of system start failure –Can be accessed during system startup by pressing F8 while viewing the Boot Loader Operating System Selection menu
38 Advanced startup options
39 Last Known Good Configuration Last known good configuration –Allows you to recover your system from failed driver and registry changes –Useful in situations where Windows Server 2003 configuration changes have been made that negatively impact the system The last known good configuration information –Is stored in the registry –Is updated each time the computer restarts and the user successfully logs on
40 Recovery Console –An advanced tool for experienced administrators –Allows an administrator to gain access to a hard drive on computers running Windows Server 2003 –Can be used to perform the following tasks Start and stop services Format drives Read and write data on a local hard drive Copy files from a floppy or CD to a local hard drive Perform administrative tasks
41 Installing the Recovery Console Ways of starting the Recovery Console –Run the Recovery Console from the Windows Server 2003 CD once a serious error occurs by booting from the CD –Install the Recovery Console on the computer permanently before a problem occurs
42 Installing the Recovery Console (Continued) Some of the common commands available through the Recovery Console –Copy –Disable –Enable –Exit –Fixboot –Fixmbr –Listsvc
43 The Automatic System Recovery Feature Automated System Recovery (ASR) feature –Allows you to restore system configuration settings –Used when a system cannot be repaired using various safe-mode startup options or the last known good configuration feature –Does not restore user data files
44 The Automatic System Recovery Feature (Continued) Two elements of ASR on a Windows Server 2003 system –The ASR backup Accessed from the Backup Utility –A floppy disk Contains information about –The backup –Disk configuration –How the restore should be performed
45 The Windows Server 2003 Backup Utility Some tasks that can be performed using the Windows Server 2003 Backup Utility –Back up and restore files and folders –Schedule a backup –Back up Windows 2003 System State data –Restore all or a portion of the Active Directory database –Create an ASR backup The Windows Server 2003 Backup Utility supports a wide variety of –Storage devices –Media
46 Backing Up and Restoring Files and Folders The Windows Server 2003 Backup Utility supports a number of backup types
47 Backing Up the System State Backing up the System State data on a Windows Server 2003 system includes –Registry (always) –COM+ Class Registration database (always) –Boot files (always) –Certificate Services database (if Certificate Services is installed) –Active Directory (only on domain controllers) –SYSVOL directory (only on domain controllers) –Cluster service (if the server is part of a cluster) –IIS Metadirectory (if IIS is installed) –System files (always)
48 Summary Performance console has two tools for monitoring server health and performance: –System Monitor –Performance Logs and Alerts Alerts –Can be configured for specific objects and counters –Can send a message, start a counter log, write an event to the application log, or run a program Event Viewer can be used to view the contents of the system logs, application logs, and security logs
49 Summary (Continued) Task Manager provides information on –Processes and applications running on a system –A system’s current performance When optimizing the performance of your computer, use the Services icon to disable any unnecessary services to eliminate overhead Windows Server 2003 startup process occurs in two phases: –Startup phase –Load phase
50 Summary (Continued) Advanced startup options can be used to troubleshoot and repair startup problems The last known good configuration can be used to restart the computer if the default configuration becomes damaged The Recovery Console allows an administrator to access the hard drive and carry out administrative tasks If you are unable to recover a system using any of the Windows Server 2003 utilities, a backup created by the Automated System Recovery feature can be used