Thoughts from the EPS Windows Server Performance Team
PERFORMANCE MONITOR (Pre-Windows Vista)
Description: One of the most useful tools in diagnosing system performance issues is Performance Monitor (Perfmon) logging. Perfmon allows the user to turn on performance counters for various objects relating to system performance, such as: Memory, Network Interface, Physical Disk, Processor, Process, etc.
Scoping the Issue: Perfmon logs can be gathered on any Windows system to aid in troubleshooting poor system performance. If you suspect a performance related issue on the system, capturing Performance Monitor logs during the time the problem is happening on the system may help to determine the cause of the problem.
Data Gathering: In all instances, collecting either MPS Reports with the General, Internet and Networking, Business Networks and Server Components diagnostics, or a Performance-oriented MSDT manifest must be done.
Perfmon logs should include the timeframe when the problem is happening on the system. You can create the log parameters manually, or by using the Performance Monitor Wizard. You can capture the logs locally on the system, or remotely from another computer. The Perfmon capture interval is determined by the length of time it takes the server to go from a normal state, to a problem state. Please use the table below to set the capture interval.
If the average time to issue is:
The capture interval should be:
Troubleshooting / Resolution:
When using Performance Monitor, you may find that some counters are missing or do not contain any counter data. In this scenario, the counters may need to be re-enabled or rebuilt. There are three ways to accomplish this.
A common problem encountered when attempting to collect Perfmon logs remotely is that by default, the Performance Logs and Alerts service is started under the local computer’s “System” account. For steps on how to enable a network account to have permissions on the Performance Logs and Alerts service, please refer to Microsoft KB Article 240389: Log is not started when you try to start a log with remote counters in System Monitor.