In our previous post on Preparing to Troubleshoot we referred to several different tools and basic troubleshooting questions. In our upcoming posts we will be discussing several troubleshooting techniques, so this seemed like an ideal time to discuss useful troubleshooting tools. We’re not going to discuss usage of the individual tools here – think of this as more of a checklist for a troubleshooting toolkit. So let’s dive right in …
Let’s start out with a set of tools with which many administrators are already familiar – those created by Sysinternals. The tools we most commonly use from this toolset are:
- Autoruns: Examine the startup environment of a system including registry entries and file locations
- Handle: Find out what files are open by what process
- Process Explorer: Dig down into what files, registry keys, and other objects (including DLL’s) are being used by a process as well as who owns the process
- Process Monitor: The new Process Monitor combines the functionality of the old Process Monitor, which allowed you to monitor process, thread and DLL activity in real-time, with the functionality of RegMon and FileMon
- PsFile: Allows you to view the list of files opened on a remote system. You can also force opened files to be closed – either by name or file identifier
- TCPView: View the detailed information of all TCP and UDP endpoints on a system
Back when I was an Administrator, there were two sets of tools that were installed on every server as part of the build process – the Support Tools and the Resource Kit. The Windows Server 2003 Resource Kit has useful tools for just about any troubleshooting or data gathering exercise. The Windows Server 2003 Support Tools includes one of the most useful tools in troubleshooting Network Connectivity issues – PortQry. PortQry version 2.0 is an update to the original version released with the Support Tools.
Since we’ve broached the subject of Network Connectivity, more often than not, troubleshooting will require capturing a trace of Network Traffic. Utilities such as Network Monitor 3.0 are an essential component in your troubleshooting toolkit. Even if you can’t read the traces yourself, knowing how to set up and capture a trace of the problem is a huge first step!
Moving on from Network traces, the next item in our toolkit is the Performance Monitor Wizard (aka PerfWiz). PerfWiz simplifies the process of setting up and gathering Performance Monitor Logs on both the local machine and remote servers.
Before we move on to the Debugging Tools themselves, one very useful utility to have stashed away is the Debug Diagnostic Tool v1.1 (DebugDiag) which we use to capture dump files resulting from application crashes.
And finally – the Debugging Tools for Windows. The main reason we need to keep the Debugging Tools handy is to generate dumps using ADPlus. ADPlus allows us to capture a process dump when the process is hung. ADPlus can also be used to capture process dumps if an application crashes. That having been said, we will be looking at some very basic troubleshooting using the debugger in future posts, so if you ever felt the urge to start learning debugging – this might be the time to do it! After you install the Debugging tools, there are two documents in the install folder that are invaluable – the kernel_debugging_tutorial.doc file which is a guide to help get you started, and the debugger.chm file which is the help file & reference manual.
So that wraps up our post on putting together your troubleshooting toolkit. This isn’t an exhaustive list of tools by any means, but having these tools at your disposal will help you get started with troubleshooting issues in your environment. Until next time …
- CPR Blog: Getting Ready for Windows Debugging
- Windows Sysinternals site
- Download: Network Monitor 3.0
- Netmon Team Blog
- Download: Performance Monitor Wizard
- Download: Debug Diagnostic Tool v1.1
- Debugging Tools for Windows
- How to use ADPlus to troubleshoot “Hangs” and “Crashes”