Troubleshooting & Analyzing Windows with Perfmon.exe

Perfmon.exe

2

Performance Measurements

• 5 major hardware subsystems impacted by the operating systems and applications
• CPU
• Memory
• Storage
• Network
• GPU

3

Default analysis of your system

4

Perfmon reports and files

• C:\PerfLogs

5

Real-time, logging or debugging (event trace)

6

Windows Performance Counters

• collecting various kinds of system data such as processor, memory, and disk usage statistics. 
• System administrators use performance counters to monitor for performance or behavior problems. 
• Software developers use performance counters to inspect the resource usage of their components.
• Hardware engineers use it to confirm or troubleshoot hardware behavior.

7

Warning use them sparingly

• Use a few as possible to avoid server impact
• they are not designed to be collected more than once per second

8

Perfmon:  Two critical components

• Choosing the correct counters to monitor
• Understanding the threshold values for your server/desktop/application/hardware configuration

​

9

When using Perfmon use technical references

• When selecting counters and threshold values for analysis or troubleshooting:  
• Use Microsoft documentation 
• Use Developer documentation
• Use Hardware documentation
• Vendor documentation
• Use third party if necessary

10

Proper sizing of a virtual machine memory

11

• Microsoft's recommendation for analyzing a virtual machine's proper memory allocation.

Perfmon can collect 2 types of data

• Performance counters are measurements of system state or activity. 
• They can be included in the operating system or can be part of individual applications.
• Event trace data (think of this as debug) is collected from trace providers, which are components of the operating system or of individual applications that report actions or events. 

​

12

Performance counters

• Performance counters:
• are simple numeric metrics that give you a high-level summary of how a particular system is behaving
• example, % Processor Time is a performance counter that tells you how much of the processor's time is being used to execute user-mode code.
• Performance counters are generally used to monitor system health and to diagnose specific performance issues
• NOTE:  they don't give you much detail as to why a particular issue is happening

13

Performance Counters are used by:

• Perfmon.exe
• Task Manager
• Process Explorer
• Process Monitor
• Process Hacker
• Resource Monitor (resmon.exe)
• Log manager (logman.exe)
• Typeperf.exe
• 3-party software

14

Event Tracing for Windows (ETW)

• ETW is a tracing system built into Windows. 
• Essentially, any component (e.g. a user application, or even the Windows kernel itself) can send out diagnostic trace information about specific events that occur that the component cares about. 
• For example, the kernel sends out ETW events when a process starts and stops
• when an image (e.g. DLL) is loaded and unloaded
• when a thread is created or destroyed
• when a thread does a context switch.
• ETW is meant to be fast and should not materially impact the system's performance when logging is not enabled.

15

Event Trace files: *.etl

16

*.etl files on my video editor

17

Better way:

IT professionals should use two tools for recording trace events and displaying and analyzing.

18

Effective tool for recording trace events

19

Windows Performance Analyzer

• WPA allows a more effective way to analyze trace events

20

Performance Monitoring

How many performance counters are built into Windows 10?

21

3840 counters

22

Why hasn't Microsoft invested in a better PM?

23

15-30 major vendors provide this service

• Microsoft's Operations Manager
• Solarwinds
• Paessler
• Atera
• Sematext
• Site24x7

​

​

​

​

24

Low budget/free tools to help the poor?

• GitHub
• Free tool allowing analysis of performance counters using industry threshold data 

25

https://github.com/clinthuffman/PAL

26

• Thresholds files for most of the major Microsoft products such as IIS, MOSS, SQL Server, BizTalk, Exchange, and Active Directory.
• An easy to use GUI interface which makes creating batch files for the PAL.ps1 script.
• A GUI editor for creating or editing your own threshold files.
• Creates an HTML based report for ease of copy/pasting into other applications.
• Analyzes performance counter logs for thresholds using thresholds that change their criteria based on the computer's role or hardware specs.

​

27

ETW is a part of WMI

28

CONTACT US�mrvanderpool@techsavvyproductions.com��

SOCIAL MEDIA

• YouTube: https://www.youtube.com/user/vanderl2796/featured

​

• Twitter: @_TechSavvyTeam
• Facebook: https://www.facebook.com/Tech-Savvy-Productions-105287381500897
• Follow on Instagram: techsavvyproductions
• https://www.instagram.com/techsavvyproductions/

​

• Mr.V: https://www.linkedin.com/in/lowell-vanderpool-57970623/

CREDITS

• Social media logos and “Tech Savvy Productions” teaser created by The 11th Hour: https://www.youtube.com/user/The11thH...

​

29

Become a member

30

Check out our website: �https://www.techsavvyproductions.com

31

Want an easy and free way to support this Channel?�Please Subscribe!�80% of the individuals who watch our content do not subscribe.�

32

We have subtitles for in many languages:

We provide subtitles on our videos into the many languages:

33

�A BIG THANK YOU TO ALL OF OUR VIEWERS AND SUBSCRIBERS!�

34