Using Autoruns to validate system drivers

Recently, one of my enterprise customers had a system crash popularly known as a “blue screen of death” and this reminded me of the importance to validate drivers. Validating drivers is something I commonly do with my non-techie friends and family as well, simply because poorly written drivers are the most common cause of system…

2

Convert a performance counter data collector template into a PAL threshold file

If you want to have all of the counters in a counter log be represented in a PAL report, then use the AllCounterStats feature in the PAL Wizard. This will use all of the thresholds in the PAL threshold files as well as ensure that all of the counters are in the report at Stats…

3

Tracking page file reads and writes

  The only real way of knowing if a page file is actually being “read from” is to get a file IO trace. This can be collected and/or viewed with tools such as the Microsoft Performance Recorder/Analyzer, Microsoft Resource Monitor, or Sysinternals Process Monitor. Using Resource Monitor Resource Monitor is built into the operating system…

2

Full debugging of VBScripts using Visual Studio 2005

Want to do *full* debugging of a VBScripts, then use this procedure. One of the hardest parts about scripting is getting to know the properties and methods of objects and state of a script during execution.  In this procedure, I show you how to modify Microsoft Visual Studio 2005 for full debugging of VBScripts. I…

0

Out of Pool Paged memory on 32-bit Windows Server 2003

Lately, I have been assisting customers who are still using 32-bit Windows Server 2003 and inevitably running out of kernel pool memory. When one of the kernel pools (Pool Paged and Pool Nonpaged) are full (meaning a memory allocation to one of these pools fails due to a lack of free space), then applications or…

2

My personal reminder of common debugging commands

I don’t get as many opportunities to debug as I would like, but when I do, I always forget the command that I like to use, so this is my personal document to remind me of those commands. !sym noisy This gives me details of symbol resolution. .reload /f This forces all of the symbols…

1

Detecting ephemeral port exhaustion

Symptoms When Windows or Windows Server is out of ephemeral/outbound/dynamic network ports, it will not be able to establish any outbound network connections. This results in a lot of connection failures such as database and/or domain controller connections. If the system is not responding, then try increasing the port range (discussed below) – this change is…

19

Physical memory overwhelmed PAL analysis – holy grail found!

I just wrote a very complicated PAL analysis that determines if physical memory is overwhelmed. This analysis takes into consideration the amount of available physical memory and the disk queue length, IO size, and response times of the logical disks hosting the paging files. Also, if no paging files are configured, then it simply has…

5

Should the paging file be moved from C: drive?

Should the paging file be moved from C: drive to another drive? This was the question I received today and thought I’d share my response to this. There is no general answer for all situations, so this question needs more information about the environment. This is why you will not (and should not) find any…

15

PAL processing, processors, and threads

I commonly get questioned on what response should be given to the NumberOfProcessors question variable in the PAL tool, so I thought I might try to explain it a bit… PAL is designed to be a stand-alone tool where the analysis of a performance counter log can be analyzed on a workstation where an administrator…

1