Top 10 Topics for MSCOM Ops…The TOOL MAN Cometh!! (Part 3)


Well we were rummaging around in our collective tool box and we came up with the following:

FILEMON – Used for tracking down which processes are accessing particular files or particular drives on your system.
http://www.sysinternals.com/Utilities/Filemon.html
 


KERNRATE – Very useful for tracking down (right down to the line of code) which module in a usermode process or system driver is causing high CPU usage on a machine. 


http://www.microsoft.com/downloads/details.aspx?FamilyID=d6e95259-8d9d-4c22-89c4-fad382eddcd1&DisplayLang=en
            Example


‘General kernel sampling to determine which driver is consuming CPU cycles on a specific CPU


kernrate –m 0x1
‘Zoom in on a particular module that is shown as consuming a high number of cycles from the general kernel sampling.  Note: symbol path is needed to resolve function names
kernrate –z foodriver –z ntdll –j srv*c:\symbols*http://msdl.microsoft.com/download/symbols


 


‘General usermode sampling on a particular process (using the PID) to see which modules are consuming CPU cycles


kernrate –p 1234


 


‘Zoom in on a particular module that is shown as consuming a high number of cycles in a particular usermode process.  Note: symbol path is needed to resolve function names


kernrate –z foomodule –z ntdll –j srv*c:\symbols*http://msdl.microsoft.com/download/symbols


 


LOGMAN – Command line performance log creation / management


Ships with Windows.


Example:


‘create a binary circular perf log on SERVERNAME that can grow up to 300MB, logging every 3 seconds and using counters from counters.config on a UNC share


logman create counter <LOGFILE NAME> -s SERVERNAME -f bincirc -max 300 -si 3 --v -o "e:\perflogs\<LOGFILE NAME>" –cf "\\<your_server_name>\Performance\PerflogCollection\counters.config"   


‘start the log on SERVERNAME


logman start <LOGFILE NAME>  -s SERVERNAME


 


 


NETCAP + NETMON – Useful command line tool to interface and automate netmon captures.


http://support.microsoft.com/?id=310875


 


PROCESS EXPLORER – Useful for looking at a processes dependencies and any open handles a process has.  Handy in cases where a file is in use, and you’re not sure what’s still holding on to it.


http://www.sysinternals.com/Utilities/ProcessExplorer.html


 


PSEXEC – Used to spawn processes (such as cmd.exe) on remote servers


http://www.sysinternals.com/utilities/psexec.html


 


 Example:


‘Open up a cmd.exe process on a remote server for command line access


Psexec \\servername cmd.exe


 


REGMON – Same as FILEMON except for the registry.  Useful for hunting down config keys that a process may be using, or understanding registry access behaviors.


http://www.sysinternals.com/Utilities/Regmon.html


 


ROBOCOPY – Very “robust” file copy tool for mirroring data trees in restartable mode


W2K3 Resource Kit: http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en


 


Example:


mirror c:\foo to d:\foo, copying security attributes, in restartable mode with a maximum of 10 retry attempts if the destination become unavailable


Robocopy c:\foo d:\foo *.* /MIR /SEC /Z /R:10


 


SCHTASKS.EXE – used for managing scheduled tasks. 


Ships with Windows.


 


Example:


‘ Create a job named JOBNAME that runs “cscript \\server\unc\script.vbs” at 5:00AM every day on SERVERNAME machine


schtasks /CREATE /F /TN JOBNAME /TR “cscript \\server\unc\script.vbs" /ST 05:00 /SC DAILY /S SERVERNAME


 


SSLDIAG – used for troubleshooting SSL cert issues on an IIS server.  Will quickly point out any problems with the SSL configuration (IIS config, cert problem, cert store problem)


http://www.microsoft.com/downloads/details.aspx?FamilyId=CABEA1D0-5A10-41BC-83D4-06C814265282&displaylang=en

Skip to main content