Monitoring Windows Server 2012

Question 1

In task manager what are the tabs?

Answer 1

• Process
• Performance
• Users
• Details
• Services

Question 2

In Task Manager:

What information can you see on the Processes Tab?

Answer 2

• All of the Process that are currently running on the local computer
  
  • By default it is sorted by Name in Apps and Background Processes
• It shows the current process CPU utilization
• It shows the current process Memory utilization

Question 3

In Task Manager:

What information can you see on the Performance tab?

Answer 3

• You can view details about how CPU, Memory, and Ethernet are utilized at the current time

“Its similar to a Quick snapshot of Performance Manager”

Question 4

In Task Manager:

What information can you see on the Users tab?

What can you do?

Answer 4

• Lists currently active user accounts
  
  • You can quickly log off or disconnect users
  • Connect as the user if you know the password
  • Send a console message

Question 5

In Task Manager:

What information can you see on the Details tab?

What can you do from this view?

Answer 5

• Shows applications currently running on the system
  
  • You can stop applications
  • Set Affinity Level (Processors its allowed to run on)
  • Open the properties of the application
  • Open the file location of the application

Question 6

In Task Manager:

What information can you see/do on the Services tab?

Answer 6

• You can stop and start services from here
• You can open the services console

Question 7

1. What kind of data does Resource Monitor display?
   
   1. What does it show?
2. How do you start Resource Monitor from run and cmd?

Answer 7

1. A through view of real time data
   
   1. CPU
   2. Disk
   3. Network
   4. Memory
2. RUN: Resmon.exe CMD: perfmon /res

Question 8

1. How do you launch performance monitor from run and cmd?
2. What does performance monitor allow you to do?

Answer 8

1. RUN: perfmon CMD: perfmon /sysStart
2. Collect, store, and analyze information about the CPU, Memory, disk, and network

Question 9

What are the different kinds of Performance Monitors?

Answer 9

• Performance Counter
• Event Trace Data
• System Configuration information
• Performance Coutner Alert

Question 10

How do you create a Performance Data Collector Set from a tempalte?

Answer 10

1. Open Performance Monitor
2. Expand Data Collector Sets
3. Right-Click User Defined - Select Data Collector Set
4. Select from a Template or Manual

• Select the tempalte you want to use
• Select where you would like the data to be saved
• Select if you would like to run it under a certain account
• Select if you want to start, save, or open the properties of the data collector set

Question 11

How do you create a Data Collector Set (Manual)?

Answer 11

1. Open Performance Monitor
2. Expand Data Collector Sets
3. Right-Click User Defined - Select Data Collector Set
4. Select from a Template or Manual and assign a Name
5. Select the type of data you want to include
   
   1. Create Data Logs
      
      1. Performance Coutner - (Add the counters and intervals to collect data)
      2. Event trace data - (Select the Event Trace Provider)
      3. System configuration information - (Add the registry keys you want to record)
   2. Performance Counter Alert - (Add the counters and intervals to collect data)
6. Select where you would like to save it
7. Select if you would like to run it under a certain account
8. Select if you want to start, save, or open the properties of the data collector set

Question 12

Where would you change your directory for a Data Collector Set?

What else can you change?

Answer 12

1. The Data Collector Properties
2. Other items:
   
   1. Subdirectory
   2. subdirectory name format
   3. Perfexi subdirectory with computer name
   4. Serial number

Question 13

What does the Data Collector Set Schedule do?

Answer 13

Ability to add a schedule. This adds a start time and when the schedule expires

This does not stop the data collector set. It just expires the schedule

Question 14

How do you schedule when performance mornitoring is done for that day?

Answer 14

Go to the stop condition tab

• Select if it is a overal duration
• Maximum size of the log
• You can restart eh data collector set at limits

Question 15

What does the different performance monitors do?

• Performance counter
• Event Trace Data
• System configuration information
• Performance Counter Alert

Answer 15

• Performance counter - Computer Resources
• Event Trace Data - (Application information to troubleshoot specific problems )
• System configuration information - (Monitoring the Registery )
• Performance Counter Alert - (trigger to add an event to the event log and you can also configure a task)

Question 16

Can you stop individual data collector in a Data Collector Set?

Answer 16

No

Question 17

Where would you find the Event for a Performance Monitor Alert?

Answer 17

In the Applications under Microsoft under windows

Question 18

What can you configure in a Performance Counter Alert?

Answer 18

• Log an entry in the application event log
• Start a data collector set
• Run a task

Question 19

How do you forward events in event viewer?

Answer 19

• Open event viewer
• Expand Windows Logs
• Right-Click Forwarded Events
• Click Poperties
• Select the subscription tab
• Create a subscription
• Either collector initiated or Source computer initiated

Question 20

What is the difference between a Collector initiated and a Source computer initated Subscription?

Answer 20

• Collector: This computer contacts the selected source computers and provides the subscription
• Source: Source computers must be configured (through policy or local config) to contact this computer and

Question 21

Once a Data Collector set is set up in Performance Monitor. What do you need to do to Windows Event Collector Service?

Answer 21

Bullets are notes as to why these need to happen - helpful for remembering what to run

1. winrm qc
   
   • This enables the Windows Remote Management service, sets its initial network configuration, and prepares it for use by the Event Log.
2. Add permissions to Account getting logs: “Event Log Reader”
   
   • This allows the account to be able to access the event logs
3. wecutil qc
   
   • The following is used to configure the Windows Event Collector service to ensure event subscriptions can be created and sustained through computer restarts

Question 22

What does the following CMD do?

wecutil

Answer 22

Enables you to create and manage subscriptions to events that are forwarded from remote computers, which support WS-Management protocol. For examples of how to use this command

Question 23

What does the following CMD do?

1. wecutil qc
2. wecutil gs
3. wecutil ss
4. wecutil cs

Answer 23

1. wecutil qc
   
   • does quick config on subscriptions
2. wecutil gs
   
   • gives an output configuration information for a subscription
3. wecutil ss
   
   • Update the subscription configuration
4. wecutil cs
   
   • Create a subscription based on a config file

Question 24

Where would you monitor Network performance, activity, and connections?

Answer 24

Resource Monitor

Question 25

How and what resources can you monitor to detected bottlenecks in virtualized enviornments (Processor)?

How can you tell?

Answer 25

• You can use the following performance counters from the host:
  
  • Logical Processor Utilization - \Hyper-V Hypervisor Logical Processor(*)\% Total Run Time
  • Virtual Processor Utilization - \Hyper-V Hypervisor Virtual Processor(*)\% Total Run Time
  • Root Virtual Processor Utilization - \Hyper-V Hypervisor Root Virtual Processor(*)\% Total Run Time
• Hyper-V Hypervisor Logical Processor(_Total)\% Total Runtime counter is over 90%, the host is overloaded