Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 50 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
50
Dung lượng
1,37 MB
Nội dung
Table 11-1 Process Statistics and How They Can Be Used Column Name Description Base Priority (BasePriority) Shows the priority of the process. Priority determines how much of the system resources are allocated to a process. The standard priorities are Low (4), Below Normal (6), Normal (8), Above Normal (10), High (13), and Real-Time (24). Most processes have a Normal priority by default, and the highest priority is given to real-time processes. CPU Time (TotalProcessor- Time) Shows the total amount of CPU time used by the process since it was started. Click the column header to quickly see the processes that are using the most CPU time. If a process is using a lot of CPU time, the related application might have a confi guration problem. This could also indicate a runaway or nonresponsive process that is unnecessarily tying up the CPU. CPU Usage (CPU) Shows the percentage of CPU utilization for the process. The System Idle Process shows what percentage of CPU power is idle. A 99 in the CPU column for the System Idle Process means 99 percent of the system resources currently aren’t being used. If the system has low idle time (meaning high CPU usage) during peak or average usage, you might consider upgrading to faster processors or adding processors. Handles (HandleCount) Shows the number of fi le handles maintained by the process. The number of handles used is an indicator of how dependent the process is on the fi le system. Some processes have thousands of open fi le handles. Each fi le handle requires system memory to maintain. Image Name (ProcessName) Shows the name of the process. Image Path Name (Path) Shows the full path to the executable for the process. Memory – Commit Size (Virtual- MemorySize) Shows the amount of virtual memory allocated to and reserved for a process. Virtual memory is memory on disk and is slower to access than pooled memory. By confi guring an application to use more physical RAM, you might be able to increase performance. To do this, however, the system must have available RAM. If it doesn’t, other processes running on the system might slow down. Memory – Non-Paged Pool (NonpagedSystem- MemorySize) Shows the amount of virtual memory for a process that cannot be written to disk. The nonpaged pool is an area of RAM for objects that can’t be written to disk. You should note processes that require a high amount of nonpaged pool memory. If there isn’t enough free memory on the server, these processes might be the reason for a high level of page faults. Memory – Paged Pool (PagedSystem - MemorySize) Shows the amount of committed virtual memory for a process that can be written to disk. The paged pool is an area of RAM for objects that can be written to disk when they aren’t used. As process activity increases, so does the amount of pool memory the process uses. Most processes have more paged pool than nonpaged pool requirements. Tracking a System’s General Health 317 Chapter 11 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Column Name Description Memory – Peak Working Set (PeakWorkingSet) Shows the maximum amount of memory the process used, including both the private working set and the non-private working set. If peak memory is exceptionally large, this can be an indicator of a memory leak. Memory – Working Set (WorkingSet) Shows the amount of memory the process is currently using, including both the private working set and the non-private working set. The private working set is memory the process is using that cannot be shared with other processes. The non-private working set is memory the process is using that can be shared with other processes. If memory usage for a process slowly grows over time and doesn’t go back to the baseline value, this can be an indicator of a memory leak. Memory – Working Set Delta Shows the change in memory usage for the process recorded since the last update. A constantly changing memory delta can be an indicator that a process is in use, but it could also indicate a problem. Generally, the memory delta might show increasing memory usage when a process is being used and then show a negative delta (indicated by parentheses in Task Manager) as activity slows. Page Fault Delta Shows the change in the number of page faults for the process recorded since the last update. As with memory usage, you might see an increase in page faults when a process is active and then a decrease as activity slows. Page Faults Shows page faults caused by the process. Page faults occur when a process requests a page in memory and the system can’t fi nd it at the requested location. If the requested page is elsewhere in memory, the fault is called a soft page fault. If the requested page must be retrieved from disk, the fault is called a hard page fault. Most processors can handle large numbers of soft faults. Hard faults, on the other hand, can cause signifi cant delays. If there are a lot of hard faults, you might need to increase the amount of memory or reduce the system cache size. PID (Id) Shows the run-time identifi cation number of the process. Session ID (SessionId) Shows the identifi cation number user (session) within which the process is running. This corresponds to the ID value listed on the Users tab. Threads (Threads) Shows the number of threads that the process is using. Most server applications are multithreaded, which allows concurrent execution of process requests. Some applications can dynamically control the number of concurrently executing threads to improve application performance. Too many threads, however, can actually reduce performance, because the operating system has to switch thread contexts too frequently. Chapter 11 318 Chapter 11 Performance Monitoring and Tuning Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. At a Windows PowerShell prompt, you can get key stats for all processes by following these steps: 1. Get all the processes running on the server and store them in the $a variable by entering: $a = get-process 2. Use the InputObject parameter to pass the process objects stored in $a to get- process and then pass the objects to the format-table cmdlet along with the list of properties you want to see by entering: get-process -inputobject $a | format-table –property ProcessName, BasePriority, HandleCount, Id, NonpagedSystemMemorySize, PagedSystemMemorySize, PeakPagedMemorySize, PeakVirtualMemorySize, PeakWorkingSet, SessionId, Threads, TotalProcessorTime, VirtualMemorySize, WorkingSet, CPU, Path Note The order of the properties in the comma-separated list determines the display order. If you want to change the display order, simply move the property to a different position in the list. When you know the process you want to examine, you don’t need to use this multistep procedure. Simply enter the name of the process without the .exe or .dll instead of using -inputobject $a. In this example, you list details about the explorer process: get-process explorer | format-table –property ProcessName, BasePriority, HandleCount, Id, NonpagedSystemMemorySize, PagedSystemMemorySize, PeakPagedMemorySize, PeakVirtualMemorySize, PeakWorkingSet, SessionId, Threads, TotalProcessorTime, VirtualMemorySize, WorkingSet, CPU, Path You can enter part of a process name as well using an asterisk as a wildcard to match a partial name. In this example, get-process lists any process with a name that starts with exp: get-process exp* | format-table –property ProcessName, BasePriority, HandleCount, Id, NonpagedSystemMemorySize, PagedSystemMemorySize, PeakPagedMemorySize, PeakVirtualMemorySize, PeakWorkingSet, SessionId, Threads, TotalProcessorTime, VirtualMemorySize, WorkingSet, CPU, Path Some interesting additional properties you can use with get-process include: MinWorkingSet The minimum amount of working set memory used by the process Modules The executables and dynamically linked libraries used by the process PeakVirtualMemorySize The peak amount of virtual memory used by the process Note The order of the properties in the comma-separated list determines the display order. If you want to change the display order, simply move the property to a different position in the list. Tracking a System’s General Health 319 Chapter 11 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. PriorityBoostEnabled A Boolean value that indicates whether the process has the PriorityBoost feature enabled PriorityClass The priority class of the process PrivilegedProcessorTime The amount of kernel-mode usage time for the process ProcessorAffi nity The processor affi nity setting for the process Responding A Boolean value that indicates whether the process responded when tested StartTime The date and time the process was started UserProcessorTime The amount of user-mode usage time for the process Description A description of the process FileVersion The fi le version of the process’s executable In Task Manager, you can stop processes that you suspect aren’t running properly. To do this, right-click the process, and choose End Process to stop the process or End Process Tree to stop the process as well as any other processes it started. To stop a pro- cess at the Windows PowerShell prompt, you can use stop-process. The best way to use stop-process is to identity the process ID of the process that you want to stop rather than a process name. This ensures that you stop only the intended process rather than all instances of processes with a particular process name. You should also have stop- process prompt you to confi rm how you want to proceed using the -confi rm parameter. In the following example, you stop the process with the process ID 4524: stop-process –id 4524 –confi rm As you are confi rming this action and passing through the output, you’ll see a prompt asking you to confi rm. You can then: Press Y to answer Yes and confi rm that you want to perform the action and continue. Press A to answer Yes to all prompts and confi rm that you want to perform all actions without further prompting. Press N to answer No and skip the action and continue to the next action. Press L to answer No to all prompts and confi rm that you do not want to perform any actions. Press N to answer No and confi rm that you do not want to perform the action. Press S to suspend the pipeline and return to the command prompt. To later return to the pipeline, type exit. Chapter 11 320 Chapter 11 Performance Monitoring and Tuning Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Monitoring and Troubleshooting Services You can view information about services running on a system by using the Services tab of Task Manager or by running get-service. By default, the Services tab shows all services confi gured on the system whether they are running, stopped, or in a different state. As shown in Figure 11-8, services are listed by name, process ID (PID), descrip- tion, status, and group. Figure 11-8 The Services tab provides detailed information on configured services. As multiple services typically run under the same process ID, you can quickly sort ser- vices by their associated process ID by clicking the related column heading. You can click the Status column heading to sort services according to their status as Running or Stopped. If you right-click a service’s listing in Task Manager, you display a short- cut menu that allows you to start a stopped service, stop a started service, or go to the related process on the Processes tab. The Group column provides additional information about related identities or service host contexts under which a service runs. Services running an identity with a restric- tion have the restriction appended. For example, a service running under the Local Ser- vice identity may be listed as LocalServiceNoNetwork to indicate that the service has no network access, or as LocalSystemNetworkRestricted to indicate that the service has restricted access to the network. Services that have svchost.exe list their associated context for the -k parameter. For example, the RemoteRegistry service runs with the command line svchost.exe -k regsvc and you’ll see an entry of regsvc in the Group column for this service. At a Windows PowerShell prompt, you can get the status of confi gured services simply by entering get-service. By default, only the service status, internal name, and display name are shown. Additional properties that you can display include: CanPauseAndContinue Indicates whether the service can be paused and resumed CanStop Indicates whether you can stop the service Tracking a System’s General Health 321 Chapter 11 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. DependentServices Lists the services that depend on this service ServicesDependedOn Lists the services on which this service depends At a Windows PowerShell prompt, you can get the available details for all services by following these steps: 1. Get all the services running on the server and store them in the $a variable by entering: $a = get-service 2. Use the InputObject parameter to pass the service objects stored in $a to get- service and then pass the objects to the format-table cmdlet along with the list of properties you want to see by entering: get-service -inputobject $a | format-table –property Name, DisplayName, CanPauseAndContinue, CanStop, DependentServices, ServicesDependedOn, Status When you know the service you want to examine, you don’t need to use this multistep procedure. Simply enter the internal name of the process instead of using -inputobject $a. In this example, you list details about the TermService process: get-service TermService | format-table –property Name, DisplayName, CanPauseAndContinue, CanStop, DependentServices, ServicesDependedOn, Status You can enter part of a service name as well using an asterisk as a wildcard to match a partial name. In this example, get-service lists any service with a name that starts with term: get-service Term* | format-table –property Name, DisplayName, CanPauseAndContinue, CanStop, DependentServices, ServicesDependedOn, Status To list services by display name, use the -displayname parameter and enclose the dis- play name in quotation marks, such as: get-service –displayname "Terminal Services" | format-table –property Name, DisplayName, CanPauseAndContinue, CanStop, DependentServices, ServicesDependedOn, Status You can use the following cmdlets to manage services: Suspend-Service Pauses a service Resume-Service Resumes a paused service Start-Service Starts a stopped service Stop-Service Stops a started service Restart-Service Stops and then starts a service Typically, you’ll use Restart-Service when you suspect a service is having a problem and you want to reset it. Chapter 11 322 Chapter 11 Performance Monitoring and Tuning Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Getting Network Usage Information As Figure 11-9 shows, the Networking tab in Task Manager displays current network usage for each of the system’s connections to the network. Figure 11-9 Use the Networking tab to track network activity. You can use the information provided to determine the following quickly: The number of network adapters installed on the computer The percentage of utilization of each network adapter The link speed of each network adapter The state of each network adapter The network activity graph shows traffi c going to and from the computer as well as how much of the network capacity is in use. If a system has one network adapter, the graph details network traffi c on this adapter over time. If a system has multiple network adapt- ers, the graph displays a composite index of all network connections, which represents all network traffi c. TROUBLESHOOTING Get separate views of bytes received and sent for troubleshooting For troubleshooting, it is sometimes useful to have separate views of traffi c going to the computer (Bytes Received) and traffi c going from the computer (Bytes Sent). To do this, click View, choose Network Adapter History, and then select Bytes Sent. Then click View, choose Network Adapter History, and then select Bytes Received. Afterward, Bytes Sent are shown in red, Bytes Received in yellow, and Bytes Total in green. OU S OO G Tracking a System’s General Health 323 Chapter 11 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. You can also get more detailed information for each adapter. This information is use- ful for troubleshooting. If you click View and choose Select Columns, you’ll see a dia- log box that will let you add columns for summary statistics to the Networking tab. Table 11-2 summarizes the key network statistics available. Table 11-2 Network Statistics and How They Can Be Used Column Name Description Bytes Sent Throughput Shows percentage of current connection bandwidth used by traffi c sent from the system. Bytes Received Throughput Shows percentage of current connection bandwidth used by traffi c received by the system. Bytes Throughput Shows percentage of current connection bandwidth used for all traffi c on the network adapter. If this shows 50 percent or more utilization consistently, you’ll want to monitor the system more closely and consider adding network adapters. Bytes Sent Shows cumulative total bytes sent on the connection since the system booted. Bytes Received Shows cumulative total bytes received on the connection since the system booted. Bytes Shows cumulative total bytes on the connection since the system booted. Unicasts Shows cumulative number of unicast packets received or sent since the system booted. Unicasts Sent Shows total packets sent by unicast since the system booted. Unicasts Received Shows total packets received by unicast since the system booted. Nonunicasts Shows total number of broadcast packets sent or received since the system booted. Too much broadcast traffi c on the network can be an indicator of networking problems. If you see a lot of nonunicast traffi c, monitor the amount received during the refresh interval. Nonunicasts Sent Shows total broadcast packets sent since the system booted. Nonunicasts Received Shows total broadcast packets received since the system booted. Getting Information on User and Remote User Sessions Members of the Administrators group and any users to which you specifi cally grant remote access can connect to systems using Terminal Services or Remote Desktop Con- nection. Both techniques allow users to access systems remotely and use the systems as if they were sitting at the keyboard. In the standard confi guration, however, remote access is disabled. You can enable the remote access feature by using the System utility in Control Panel, System And Maintenance. Open the System Properties dialog box by Chapter 11 324 Chapter 11 Performance Monitoring and Tuning Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. clicking Advanced System Settings, and then click the Remote tab. In the Remote Desk- top panel, select one of the following options and then click OK: Allow Connections From Computers Running Any Version Of Remote Desktop (Less Secure) Allow Connections Only From Computers Running Remote Desktop With Net- work Level Authentication (More Secure) NOTE Windows Vista, WindowsServer 2008, and later releases of Windows have Network Level Authentication. Most earlier releases of Windows do not. With Remote Desktop, WindowsServer2008 allows one console session and two remote administration sessions. Most remote sessions are created as console sessions. The reason for this is that the console session provides full functionality for adminis- tration. If you log on locally to the console and someone is logged on remotely to the console, you will be prompted to end his or her user session so that you can log on. If you click Yes, the user’s session is disconnected, halting all user-started applications without saving application data. If you click No, you will not be allowed to log on. See Chapter 19, “Using Remote Desktop for Administration,” for details on how you can use Remote Desktop to confi gure remote sessions for administration rather than console sessions. If you confi gure a server by using Terminal Services, multiple users can log on to a system up to the maximum allowed by licensing. To keep track of sessions after you’ve confi gured Terminal Services, you can use the Users tab of Task Manager. As shown in Figure 11-10, the Users tab lists user connections according to the following factors: User The pre–Windows 2000 logon name of the user account, such as Wrstanek or Administrator. If you want to see the logon domain as well as the logon name, select Show Full Account Name on the Options menu. ID The session ID. All user connections have a unique session ID. The session ID for any user logged on locally is 0. Status The status of the connection (Active or Disconnected). Client Name The name of the computer from which the user is connecting. This fi eld is blank for console sessions. Session The type of session. Console is used for users logged on locally. Oth- erwise, indicates the connection type and protocol, such as RDP-TCP for a con- nection using the Remote Desktop Protocol (RDP) with Transmission Control Protocol (TCP) as the transport protocol. NOTE Windows Vista, WindowsServer 2008, and later releases of Windows have Network Level Authentication. Most earlier releases of Windows do not. Tracking a System’s General Health 325 Chapter 11 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Figure 11-10 Use the Users tab to track and manage remote user sessions. The Users tab can help you determine who is logged on and whether that user’s status is either Active or Inactive. Right-click an active session and you can choose Send Mes- sage to send a console message to the user. This message is displayed on the screen of that user’s session. If you must end a user session, you can do this in one of two ways. Right-clicking the session and choosing Log Off logs the user off using the normal logoff process. This allows application data and system state information to be saved as during a normal logoff. Right-clicking the session and choosing Disconnect forcibly ends a user’s session without saving application data or system state information. You can also connect to an inactive session. Right-click the inactive session, and then choose Connect. When prompted, provide the user’s password. Finally, by default the shortcut keys used to end a remote control session are Ctrl+* (Ctrl+Shift+8). If you want a session to use different shortcut keys, right-click the ses- sion you want to work with, and then select Remote Control. You can then set the short- cut keys to end the remote control session. Tracking Events and Troubleshooting by Using Event Viewer The Windows operating system defi nes an event as any signifi cant occurrence in the operating system or an application that should be recorded for tracking purposes. Informational events can be tracked as well as events that record warnings, errors, and auditing. Critical errors that deserve immediate attention, such as when the server has run out of disk space or memory, are recorded in the logs and displayed on screen. Chapter 11 326 Chapter 11 Performance Monitoring and Tuning Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [...]... is usually configured with a maximum size of 131072 MB on domain controllers and 20480 MB on member servers Primarily, this is to allow the server to record a complete security audit trail for situations in which the server is under attack and a large number of security events are generated Windows Server2008 logs are configured to overwrite old events as needed by default So, when the log reaches its... you should see a list of all warning and error events for the server To view all errors and warnings for a specific server role, expand Custom Views, expand Server Roles, and then select the role to view In the main pane, you should now see a list of all events for the selected role To view summary information for Windows logs, select the Windows Logs node You’ll then see a list of available logs by... Using Subscriptions and Forwarded Events In an enterprise, you might also want servers to forward specific events to central event logging servers To do this, you configure and enable event forwarding on the applicable servers and then you create subscriptions to the forwarded events on your central event logging server or servers In a domain, you can configure forwarding and collection of forwarded events... running on a computer Processor Monitors processor idle time, idle states, usage, deferred procedure calls, and interrupts Server Monitors current server activity and important server usage statistics, including logon errors, access errors, and sessions Server Work Queues Monitors server threading and client requests System Monitors system-level counters, including processes, threads, context switching... instances of the embedded database management system used by Windows Server2008 DFS Replicated Folders Monitors conflicts, deletions, replication, and other performance factors related to DFS replication folders DFS Replication Connections Monitors the data sent and received and other performance statistics for DFS replication connections DHCPv6 Server Monitors DHCPv6 message broadcasts and other types... default, the logs are sized as appropriate for the type of system you are working with and its configuration In a standard configuration of Windows Server 2008, most logs are sized as listed previously As shown, most logs have a fairly large maximum size This includes the DNS Server, System, and Application logs Because they are less critical, the Directory Service and File Replication Service logs on domain... Event Viewer is an excellent tool to use and should be your tool of choice As you’ve seen, Event Viewer can also be used to access logs on remote systems No single commandline tool included with Windows Server2008 provides the same level of functionality, though the PowerShell cmdlet get-eventlog does come close You can use get-eventlog to obtain detailed information from the event logs Because get-eventlog... operating system or its components during setup and installation The default location is %SystemRoot%\System32\ Winevt\Logs\Setup.evtx The default log size is 1028 MB System Contains events logged by Windows Server2008 and its components You should routinely check this log for warnings and errors, especially those related to the failure of a service to start at bootup or the improper configuration of a service... can create subscriptions on the central event logging server by following these steps: 1 Open Event Viewer and connect to the central event logging server Afterward, right-click the Subscriptions node and select Create Subscription 2 In the Subscription Properties dialog box, shown in Figure 11-17, type a name for the subscription, such as All File Servers Optionally, enter a description Please purchase... changes to the server and compares them to changes in system stability In this way, you can see a graphical representation of the relationship between changes in the system configuration and changes in system stability By recording software installation, software removal, application failure, hardware failure, and Windows failure events, as well as key events regarding the configuration of the server, you . Secure) NOTE Windows Vista, Windows Server 2008, and later releases of Windows have Network Level Authentication. Most earlier releases of Windows do not protocol. NOTE Windows Vista, Windows Server 2008, and later releases of Windows have Network Level Authentication. Most earlier releases of Windows do not.