Setting a remote perfmon in a Windows client or Windows Server.


Applies to:
Windows Server 2012 R2
Windows 8.1
Windows Server 2012
Windows 8
Windows Server 2008 R2
Windows 7
Windows Server 2008
Windows Vista

First published: May 16, 2015

 

This is the third (3rd) method of enabling perfmon.

When is this usually useful?  Do you have a Windows client or Windows Server that randomly become unresponsive to a local login or a domain login?  You are able to ping the machine but cannot open a UNC share (\\MachineName\ShareName)?  Where the only method to recover is to power off the machine and restart?

 

This is the perfmon that you need for those type of issues.

 

On the machine having problems (64-bit Windows Vista/Server 2008/7/Server 2008 R2/8/Server 2012/8.1/Server 2012 R2):

Step 1.  Make sure that you have the latest hotfixes that are Perfmon related installed.

TIP:  Include these hotfixes in your base image.

Step 2.  Make sure that WMI is working properly

Step 3.  Have the “Remote Registry” service started.

Step 4.  Have the “Performance Logs and Alerts” unblocked in the Windows Firewall or your Antivirus Network Protection software.

 

From your remote 64-bit Windows Vista/Server 2008/7/Server 2008 R2/8/Server 2012/8.1/Server 2012 R2 tools machine:

Step 5.  Setup the two perfmon’s, one short interval and the other one, long interval.

Long-interval:
==========
Start, CMD (Run as admin)
logman.exe create counter %ComputerName%_long_interval -f bincirc -v mmddhhmm -max 350 -c "\\MachineName\Cache\*" "\\MachineName\IPv4\*" "\\MachineName\LogicalDisk(*)\*" "\\MachineName\Memory\*" "\\MachineName\Netlogon\*" "\\MachineName\Network Interface(*)\*" "\\MachineName\Paging File(*)\*" "\\MachineName\Per Processor Network Activity Cycles(*)\*" "\\MachineName\Per Processor Network Interface Card Activity(*)\*" "\\MachineName\Processor(*)\*" "\\MachineName\Processor Information(*)\*" "\\MachineName\PhysicalDisk(*)\*" "\\MachineName\Process(*)\*" "\\MachineName\Physical Network Interface Card Activity(*)\*" "\\MachineName\Redirector\*" "\\MachineName\SMB Client Shares\*" "\\MachineName\SMB Server Shares(*)\*" "\\MachineName\SMB Server Sessions\*" "\Server\*" "\\MachineName\Server Work Queues(*)\*" "\\MachineName\System\*" "\\MachineName\VM Memory(*)\*" "\\MachineName\VM Processor(*)\*" "\\MachineName\TCPv4\*" -si 00:05:00

Note:  Replace \\MachineName with your actual machine name that you want to monitor.

Note 2:  I personally like to capture all the counters and instances.  The reason is, I cannot tell you how many times, where I was looking at a perfmon, that I went, ok, the bread crumbs lead this way, let me look at that counter, just to find out, it wasn’t collected.  And then having to wait for the problem to reoccur.

Note 3:  You could change the interval for the long from to -si 00:05:00 to anything depending on how long you want to capture.  For more info on the sample interval that you need to choose, check out:  How often should Perfmon Sample?

logman.exe start %ComputerName%_long_interval
< reproduce the issue>
logman.exe stop %ComputerName%_long_interval

Short-interval:
==========
logman.exe create counter %ComputerName%_short_interval -f bincirc -v mmddhhmm -max 350 -c "\\MachineName\Cache\*" "\\MachineName\IPv4\*" "\\MachineName\LogicalDisk(*)\*" "\\MachineName\Memory\*" "\\MachineName\Netlogon\*" "\\MachineName\Network Interface(*)\*" "\\MachineName\Paging File(*)\*" "\\MachineName\Per Processor Network Activity Cycles(*)\*" "\\MachineName\Per Processor Network Interface Card Activity(*)\*" "\Processor(*)\*" "\\MachineName\Processor Information(*)\*" "\\MachineName\PhysicalDisk(*)\*" "\\MachineName\Process(*)\*" "\\MachineName\Physical Network Interface Card Activity(*)\*" "\\MachineName\Redirector\*" "\\MachineName\SMB Client Shares\*" "\\MachineName\SMB Server Shares(*)\*" "\\MachineName\SMB Server Sessions\*" "\\MachineName\Server\*" "\\MachineName\Server Work Queues(*)\*" "\\MachineName\System\*" "\\MachineName\VM Memory(*)\*" "\\MachineName\VM Processor(*)\*" "\\MachineName\TCPv4\*" -si 00:00:05

Note:  Replace \\MachineName with your actual machine name that you want to monitor.

logman.exe start %ComputerName%_short_interval
< reproduce the issue>
logman.exe stop %ComputerName%_short_interval

 

More information:

============

Setting a local perfmon in a Windows client or Windows Server.

An alternative method, when you want to enable ‘local perfmon’s’ from a ‘remote machine’:

Setting a remote perfmon Windows Server 2012 style…

 

*  If you use my colleague Clint Huffman’s Performance Analysis of Logs (PAL), the “base” performance is named “System Overview”.

 

How to setup an in-flight recorder:

 

By the way, if you want to figure out why the machine is becoming unresponsive, besides the perfmon log, get a manual memory dump using:

Coming soon: How to generate a kernel or a complete memory dump file in Windows Server 2012 and Windows Server 2012 R2

Comments (2)

  1. Anonymous says:

    Hi all, There are at least three (3) methods of enabling a perfmon log using logman.   Method Description

  2. Anonymous says:

      Applies to: Windows Server 2012 R2 Windows 8.1 Windows Server 2012 Windows 8 Windows Server 2008

Skip to main content