Friday, March 4, 2011

Performance Analysis of Logs (PAL) and Server Performance Advisor (SPA) for Windows Server 2003

 If Performance Monitor Logs and Alerts is giving you an headache these tools will help you make your life easyer doing the performance analysis for you:

"Microsoft Windows Server 2003 Performance Advisor v2.0 is the latest version of Server Performance Advisor, which is a simple but robust tool that helps you diagnose the root causes of performance problems in a Microsoft Windows Server 2003 deployment. It measures the performance and use of resources by your computer to report on the parts that are stressed under workload. It does so by collecting performance data and generating comprehensive diagnostic reports that give you the data to easily analyze problems and develop corrective actions.
SPA provides several specialized reports, including a System Overview (focusing on CPU usage, Memory usage, busy files, busy TCP clients, top CPU consumers) and built-in template reports for server roles such as Active Directory, Internet Information System (IIS), DNS, Terminal Services, SQL, print spooler, and others. In fact, SPA is kind of a Performance Monitor tool that is integrated with Network Monitor and has a built-in logic that allows for easier understanding of the captured data and can help you identify clients or applications that are consuming resources on a server."

For more information click here : Petri IT Knowledgebase it is a great article. It was pointless for me to do the same article.

PAL (Performance Analysis of Logs) tool is a new and powerful tool that reads in a performance monitor counter log (any known format) and analyzes it using complex, but known thresholds (that are provided). The tool comes out-of-the-box with some predefined thresholds defined as high according to the Microsoft consulting/development but those can be adjusted to whatever you like.
The tool generates an HTML based report which graphically charts important performance counters and throws alerts when thresholds are exceeded. The thresholds are originally based on thresholds defined by the Microsoft product teams and members of Microsoft support, but continue to be expanded by this ongoing project. This tool is not a replacement of traditional performance analysis, but it automates the analysis of performance counter logs enough to save you time.


  • Thresholds files for most of the major Microsoft products such as IIS, MOSS, SQL Server, BizTalk, Exchange, and Active Directory.
  • An easy to use GUI interface which makes creating batch files for the PAL.vbs script.
  • A GUI editor for creating or editing your own threshold files.
  • Creates an HTML based report for ease of copy/pasting into other applications.
  • Analyzes performance counter logs for thresholds using thresholds that change their criteria based on the computer's role or hardware specs.
 You can download it from here.PAL is greater after me because you can use it on any operating system you like.(Tested on Windows 7, Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2)
Note: In Windows 2003 Server sp2 and Windows 2003 Server R2 sp2 it has a little bug that you can export the Treshold Files in html format only in the root folder of the application(C:\Program Files\PAL\PAL v2.0.7).
Another thing that is problematic is that you need to change your Regional and Language Options to Standards:English(United States) & Location:United States otherwise it won't run.

Both applications are free for home and business use.

Thursday, March 3, 2011


Read this article is soooo true : IT FACTS

How to start Windows Reliability and Performance Monitor with elevated privileges

To start Windows Reliability and Performance Monitor with elevated privileges
  1. Click Start-->click All Programs-->click Accessories-->right-click Command Prompt, and click Run as Administrator.
  2. Enter the user name and password of an account that is a member of the local Administrators group.
  3. At the command prompt, type perfmon.exe and press ENTER. Windows Reliability and Performance Monitor will start in the Resource View page.
You can also start Resource View in its own window by typing perfmon /res or resmon at a command prompt(in cmd).

Network Bottlenecks Performance Counters

Network Bottlenecks

Network Interface\ Bytes Total/sec - is the rate at which bytes are sent and received over each network adapter;Network Interface\Bytes Total/sec is a sum of Network Interface\Bytes Received/sec and Network Interface\Bytes Sent/sec
Network Interface\ Bytes Sent/sec -
this counter is self evident
Network Interface\ Bytes Received/sec - t
his counter is self evident
Network Interface\ Current Bandwidth -
is an estimate of the current bandwidth of the network interface in bits per second (BPS). For interfaces that do not vary in bandwidth or for those where no accurate estimation can be made, this value is the nominal bandwidth.
UDP\ Datagrams Received/sec - the rate at which UDP datagrams are delivered to UDP users
UDP\ Datagrams Sent/sec -
is the rate at which UDP datagrams are sent from the entity.
TCP\ Segments Sent/sec -
is the rate at which segments are sent, including those on current connections, but excluding those containing only retransmitted bytes
TCP\ Segments Received/sec -
is the rate at which segments are received, including those received in error. This count includes segments received on currently established connections
Server\ Bytes Total/sec - the number of bytes the server has sent to and received from the network. This value provides an overall indication of how busy the server is
Server\ Bytes Received/sec -
this counter is self evident
Server\ Bytes Transmitted/sec -
this counter is self evident
Network Interface\Output Queue Length - is the length of the output packet queue (in packets). If this is longer than two, there are delays and the bottleneck should be found and eliminated, if possible. Since the requests are queued by the Network Driver Interface Specification (NDIS) in this implementation, this will always be 0.
Network Interface\Packets Outbound Discarded -
is the number of outbound packets that were chosen to be discarded even though no errors had been detected to prevent transmission. One possible reason for discarding packets could be to free up buffer space.
Network Interface\Packets Outbound Errors -
is the number of outbound packets that could not be transmitted because of errors.You should check if someone upgraded the network driver recently.
Network Interface\Packets Received Discarded -
is the number of inbound packets that were chosen to be discarded even though no errors had been detected to prevent their delivery to a higher-layer protocol. One possible reason for discarding packets could be to free up buffer space.
Network Interface\Packets Received Errors -
is the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.

Hard Disk Bottlenecks Performance Counters

Hard Disk Bottlenecks

Physical Disk\Disk Transfers/sec – watch this counter for each physical disk and if it goes above 25 disk I/Os per second then you've got poor response time for your disk
Physical Disk\Idle Time - measures the percent time that your hard disk is idle during the measurement interval, and if you see this counter fall below 20% then you've likely got read/write requests queuing up for your disk which is unable to service these requests in a timely fashion;then is time for a new faster hard disk.
PhysicalDisk\Avg. Read Queue Length Should be less than 2
PhysicalDisk\Avg. Write Queue Length Should be less than 2
PhysicalDisk\ %Disk Time more than 50% indicates a bottleneck
diskperf - is a command line tool that can be used to start disk performance counters from cmd

Note. No counters should be monitored alone you need counters of all groups processor,memory,hard disk,network interface to make a valid decision .Otherwise you might be fulled by the results of only one counter

Memory Bottlenecks Performance Counters

Memory Bottlenecks

Memory\Available MBytes - if this counter is greater than 10% of the actual RAM in your machine then you probably have more than enough RAM and don't need to worry ;set an alert to trigger if it drops below 2% of the installed RAM ;
Memory\Pages/sec - indicates the number of paging operations to disk during the measuring interval ; you should create an Perfmon Alert for this counter when number of pages per second exceeds 50 per paging disk to alert you that you need more RAM.
Memory\PageFaults/sec - is the sum of hard and soft page faults
Process\Working Set - determine which process is consuming larger and larger amounts of RAM
Memory\Cache Bytes - which measures memory leaks; a reboot solves memory leakage into the non-paged pool;
Memory\Committed Bytes - If the value for committed bytes is greater than physical memory, then more RAM would help ;
Memory\Transition Faults/sec - which measures how often recently trimmed page on the standby
list are re-referenced ; if this counter value increases over time you have insufficient RAM
Page File\Usage (_Total) - create an alerter to notify if it exceeds 70.Then is the case to move the page file to another drive or split it across drives.

Hardware Bottlenecks Performance Counters

Hardware Bottlenecks

System\Context Switches/sec -measures how frequently the processor has to switch from user- to kernel-mode to handle a request from a thread running in user mode ; the heavier the workload running on your machine, the higher this counter will generally be, but over long term the value of this counter should remain fairly constant ;you should create a baseline and then create a Perfomance Monitor Alert for this counter.
Processor\Interrupts/sec (_Total) -if this counter with the above counter suddenly start increasing
it may be an indicating of a malfunctioning device ;over 40% you have a driver or hardware problem
Processor\Privileged Time (_Total) – if this counter increases too then you might have problemems with a device driver.

System Availability and Processor Performance Counters

System Avalilability

System\System Up Time - how many Seconds passed since your server's last restart
Process\Elapsed Time – time since winlogon process has started;monitor processes associated with specific applications and services to monitor the availability of these applications and services

Processor Bottlenecks

Processor\ Processor Time (_Total) - measures the total utilization of your processor by all running processes ;if you have a server with multiple processor then this counter measures the average processor utilization of your machine ;50%-healthy,50%-90% monitor or caution;over 91% critical the processor can't handle it.
Process\Processor Time – see what processes utilize most of the processors power;use all instances when you want to detect which process consumes most processor time;(Process Store – Excange,Process Inetinfo – IIS)
Processor\Privileged Time (_Total) - processor utilization for kernel processes;the server is underpowered;constantly over 75% indicates a bottleneck
Processor\User Time (_Total) - show processor utilization for user-mode processes ;if this counter is high you have to many roles installed on this server
System\Processor Queue Length - how many threads are waiting for execution ; if you have multiple roles installed and the counter value is over 8 you have a problem;if you have multiple processors or cores this number will be divided amongs them;then the queue lenght per processor/core must not be over 2;

How do I enable the NUM LOCK key for the logon screen in Windows 7?

In Windows 7 NUM LOCK is disabled by defaul at logon.To enable NUM LOCK before a user logs on, follow these steps:

Step 1 - Run Registry Editor.Open Run(windows key+R or Start-->AllPrograms--> Accessories-->Run) and type regedit.

Step 2 - find the following registry key: HKEY_USERS\.Default\Control Panel\Keyboard.

Step 3 - Change the value for InitialKeyboardIndicators from 2147483648(you may have value 0 here) to 2.
Done.Reboot your PC and presto!!Num Lock ON at welcome screen.

Post update 14.7.2011 if you install windows 7 sp1 the num lock is active at startup  by default