Hey Admins! Let's explore Vista together. (Part 1)

Hey Admins! Let's explore Vista together. (Part 1)

  • Comments 24
  • Likes

 

Okay so let's look at some things in Vista from a sys-admin perspective that are good to know when your troubleshooting issues on your client's machines.  Your client could be your user base, your family, or yourself. 

Guided Help

You're Dad calls, he wants all the icons on the desktop to go away.  You could either waste your time trying to talk him through it or teach him how to fish...  If you haven't seen guided help, it's one of the WOW moments of Vista.  More and more guided help will be showing up which will help you fend off the masses with the easy questions, like finding a printer, etc.

1) Open Help and Support

2) Click Options|Settings and select "Include Windows Online Help and Support when you search for help"

3) Type in "icons guided help"

4) Click show me step-by-step and say "WOW"

 

Reliability Monitor

Start here when your Mom say's "I didn't do anything it just stopped working".  Just type perfmon in the start menu and click

"Reliability Monitor".

Mom, you didn't do anything?  Why must you lie to me, you know you're not qualified to run leakdiag.exe...

 

 

Slow bootup or shutdown issues?

Not to worry, we have that built in too now.  Just open eventvwr and browse to this event collection:  Applications and Services Log -> Microsoft -> Windows -> Diagnostics-Performance -> Operational.  Here you'll find some diagnostic logging that can help determine why you're system is taking a long time to boot or shutdown.  it also shows general performance issues that can help you speed up your system.

Log Name: Microsoft-Windows-Diagnostics-Performance/Operational
Source: Microsoft-Windows-Diagnostics-Performance
Date: 4/9/2007 1:09:52 PM
Event ID: 101
Task Category: Boot Performance Monitoring
Level: Warning
Keywords: Event Log
User: LOCAL SERVICE
Computer: Brad-DC-01
Description:
This application took longer than usual to start up, resulting in a performance degradation in the system startup process:
File Name : Start++.exe
Friendly Name : Start++
Version : 0.0.4.6
Total Time : 21494ms
Degradation Time : 16494ms
Incident Time (UTC) : 4/9/2007 8:06:00 PM

Data Collection Sets

You know how jazzed I am about SPA for Windows 2003, yes it is a wonderful thing and has saved me a lot of pain tracking down the user(s) that is slamming my server.  Well in Vista/LH we now have that functionality built in.  It also lives under perfmon.  Say you have a users system that is acting sluggish well click on the "system performance" setting under "data collection sets" and click the play button.  Repro.  Click stop.   Now you'll have a report with all your performance data during that period.  This is good for any type of resource issue from the CPU to the network.


The new Task Scheduler

Last topic for today.  The new beefed up task scheduler is quite handy now.  Gone are the days of AT jobs, hello robust functionality!  This is an area you'll want to explore on your own but I thought I'd give an example of how to attach a task to an event. 

What if we wanted to take an action when this event came in?

Log Name: System
Source: Tcpip
Date: 4/13/2007 1:44:41 PM
Event ID: 4226
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: brad-dc-01
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Just alt-click that event and select "Attach task to this event".   Fill in the details, point to your script that has the task you want to be performed (netstat, netmon, netstat, etc) and you're done! 

Comments
  • Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

    + <System>

     <Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{cfc18ec0-96b1-4eba-961b-622caee05b0a}" />

     <EventID>103</EventID>

     <Version>1</Version>

     <Level>3</Level>

     <Task>4002</Task>

     <Opcode>33</Opcode>

     <Keywords>0x8000000000010000</Keywords>

     <TimeCreated SystemTime="2009-07-20T07:08:26.257Z" />

     <EventRecordID>112</EventRecordID>

     <Correlation ActivityID="{00000000-66C8-0000-AB84-7C7C0809CA01}" />

     <Execution ProcessID="1516" ThreadID="1976" />

     <Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>

     <Computer>ROGERS-PC</Computer>

     <Security UserID="S-1-5-19" />

     </System>

    - <EventData>

     <Data Name="StartTime">2009-07-20T07:05:38.640Z</Data>

     <Data Name="NameLength">9</Data>

     <Data Name="Name">eventlog</Data>

     <Data Name="FriendlyNameLength">0</Data>

     <Data Name="FriendlyName" />

     <Data Name="VersionLength">0</Data>

     <Data Name="Version" />

     <Data Name="TotalTime">426</Data>

     <Data Name="DegradationTime">350</Data>

     <Data Name="PathLength">0</Data>

     <Data Name="Path" />

     <Data Name="ProductNameLength">0</Data>

     <Data Name="ProductName" />

     <Data Name="CompanyNameLength">0</Data>

     <Data Name="CompanyName" />

     </EventData>

     </Event>

  • My computer is bluescreen crashing on me, the only parts I have been able to read are that there is a corrupt driver, and then it does a memory dump and shuts down. When I go to the Event Log I can find this critical error. I am unsure if this is actually causing the problem or if it is somehting else. Most of the forums I have found find many people with similar issues and no solutions. Hope you can help!

    Log Name:      Microsoft-Windows-Diagnostics-Performance/Operational

    Source:        Microsoft-Windows-Diagnostics-Performance

    Date:          1/28/2010 6:15:34 PM

    Event ID:      100

    Task Category: Boot Performance Monitoring

    Level:         Critical

    Keywords:      Event Log

    User:          LOCAL SERVICE

    Computer:      Amy-Foster

    Description:

    Windows has started up:

        Boot Duration : 153934ms

        IsDegradation : false

        Incident Time (UTC) : 1/29/2010 12:12:51 AM

    Event Xml:

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

     <System>

       <Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{cfc18ec0-96b1-4eba-961b-622caee05b0a}" />

       <EventID>100</EventID>

       <Version>1</Version>

       <Level>1</Level>

       <Task>4002</Task>

       <Opcode>34</Opcode>

       <Keywords>0x8000000000010000</Keywords>

       <TimeCreated SystemTime="2010-01-29T00:15:34.079Z" />

       <EventRecordID>3181</EventRecordID>

       <Correlation ActivityID="{00000000-A6C8-0000-C999-EBCB77A0CA01}" />

       <Execution ProcessID="1968" ThreadID="2572" />

       <Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>

       <Computer>Amy-Foster</Computer>

       <Security UserID="S-1-5-19" />

     </System>

     <EventData>

       <Data Name="BootTsVersion">2</Data>

       <Data Name="BootStartTime">2010-01-29T00:12:51.624Z</Data>

       <Data Name="BootEndTime">2010-01-29T00:15:28.057Z</Data>

       <Data Name="SystemBootInstance">100</Data>

       <Data Name="UserBootInstance">91</Data>

       <Data Name="BootTime">153934</Data>

       <Data Name="MainPathBootTime">70230</Data>

       <Data Name="BootKernelInitTime">19</Data>

       <Data Name="BootDriverInitTime">1358</Data>

       <Data Name="BootDevicesInitTime">5562</Data>

       <Data Name="BootPrefetchInitTime">43306</Data>

       <Data Name="BootPrefetchBytes">366866432</Data>

       <Data Name="BootAutoChkTime">0</Data>

       <Data Name="BootSmssInitTime">8843</Data>

       <Data Name="BootCriticalServicesInitTime">1292</Data>

       <Data Name="BootUserProfileProcessingTime">580</Data>

       <Data Name="BootMachineProfileProcessingTime">1082</Data>

       <Data Name="BootExplorerInitTime">45427</Data>

       <Data Name="BootNumStartupApps">19</Data>

       <Data Name="BootPostBootTime">83704</Data>

       <Data Name="BootIsRebootAfterInstall">false</Data>

       <Data Name="BootRootCauseStepImprovementBits">0</Data>

       <Data Name="BootRootCauseGradualImprovementBits">0</Data>

       <Data Name="BootRootCauseStepDegradationBits">1024</Data>

       <Data Name="BootRootCauseGradualDegradationBits">0</Data>

       <Data Name="BootIsDegradation">false</Data>

       <Data Name="BootIsStepDegradation">false</Data>

       <Data Name="BootIsGradualDegradation">false</Data>

       <Data Name="BootImprovementDelta">0</Data>

       <Data Name="BootDegradationDelta">0</Data>

       <Data Name="BootIsRootCauseIdentified">true</Data>

     </EventData>

    </Event>

  • I know this is a Vista article but feel that it also applies to Windows 7. We would like to use the performance data collected in the Event Log with regards to  Bootup Time to benchmark our computers during build testing. You discuss this in the section “Slow bootup or shutdown issues?”. We were told by Microsoft that this data is not collected all the time and is only collected in the event of slow response. Is there a registry key that we can lower the threshold so that it will collect the data all the time during our testing process?

  • I don't understand why I am gettint this Critical error.  I don't know what to do about it.  

    Nancy

    Log Name:      Microsoft-Windows-Diagnostics-Performance/Operational

    Source:        Microsoft-Windows-Diagnostics-Performance

    Date:          3/10/2010 2:11:40 PM

    Event ID:      100

    Task Category: Boot Performance Monitoring

    Level:         Critical

    Keywords:      Event Log

    User:          LOCAL SERVICE

    Computer:      Nancy-PC

    Description:

    Windows has started up:

        Boot Duration : 110633ms

        IsDegradation : false

        Incident Time (UTC) : 3/10/2010 6:57:46 PM

    Event Xml:

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

     <System>

       <Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{cfc18ec0-96b1-4eba-961b-622caee05b0a}" />

       <EventID>100</EventID>

       <Version>1</Version>

       <Level>1</Level>

       <Task>4002</Task>

       <Opcode>34</Opcode>

       <Keywords>0x8000000000010000</Keywords>

       <TimeCreated SystemTime="2010-03-10T19:11:40.460Z" />

       <EventRecordID>769</EventRecordID>

       <Correlation ActivityID="{00000000-36C8-0000-0B0A-9E9283C0CA01}" />

       <Execution ProcessID="1700" ThreadID="284" />

       <Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>

       <Computer>Nancy-PC</Computer>

       <Security UserID="S-1-5-19" />

     </System>

     <EventData>

       <Data Name="BootTsVersion">2</Data>

       <Data Name="BootStartTime">2010-03-10T18:57:46.656Z</Data>

       <Data Name="BootEndTime">2010-03-10T19:10:43.863Z</Data>

       <Data Name="SystemBootInstance">35</Data>

       <Data Name="UserBootInstance">31</Data>

       <Data Name="BootTime">110633</Data>

       <Data Name="MainPathBootTime">41033</Data>

       <Data Name="BootKernelInitTime">20</Data>

       <Data Name="BootDriverInitTime">3711</Data>

       <Data Name="BootDevicesInitTime">9327</Data>

       <Data Name="BootPrefetchInitTime">23895</Data>

       <Data Name="BootPrefetchBytes">301826048</Data>

       <Data Name="BootAutoChkTime">0</Data>

       <Data Name="BootSmssInitTime">4926</Data>

       <Data Name="BootCriticalServicesInitTime">1157</Data>

       <Data Name="BootUserProfileProcessingTime">6114</Data>

       <Data Name="BootMachineProfileProcessingTime">533</Data>

       <Data Name="BootExplorerInitTime">12447</Data>

       <Data Name="BootNumStartupApps">21</Data>

       <Data Name="BootPostBootTime">69600</Data>

       <Data Name="BootIsRebootAfterInstall">false</Data>

       <Data Name="BootRootCauseStepImprovementBits">0</Data>

       <Data Name="BootRootCauseGradualImprovementBits">0</Data>

       <Data Name="BootRootCauseStepDegradationBits">8388616</Data>

       <Data Name="BootRootCauseGradualDegradationBits">0</Data>

       <Data Name="BootIsDegradation">false</Data>

       <Data Name="BootIsStepDegradation">false</Data>

       <Data Name="BootIsGradualDegradation">false</Data>

       <Data Name="BootImprovementDelta">0</Data>

       <Data Name="BootDegradationDelta">0</Data>

       <Data Name="BootIsRootCauseIdentified">true</Data>

     </EventData>

    </Event>

  • I have the same problem as Amy, when this happen, my computer totally shut off. I don't really have too many problems with the computer other than a slow start up, but this bothered me. I was on a public wifi at the time, if that was part of it.

    + System

     - Provider

      [ Name]  Microsoft-Windows-Diagnostics-Performance

      [ Guid]  {cfc18ec0-96b1-4eba-961b-622caee05b0a}

      EventID 100

      Version 1

      Level 1

      Task 4002

      Opcode 34

      Keywords 0x8000000000010000

     - TimeCreated

      [ SystemTime]  2010-04-05T19:47:34.766Z

      EventRecordID 2859

     - Correlation

      [ ActivityID]  {00000000-86C8-0000-2E9C-DB50F8D4CA01}

     - Execution

      [ ProcessID]  1856

      [ ThreadID]  1312

      Channel Microsoft-Windows-Diagnostics-Performance/Operational

      Computer APRIL-PC

     - Security

      [ UserID]  S-1-5-19

    - EventData

     BootTsVersion 2

     BootStartTime 2010-04-05T19:43:50.702Z

     BootEndTime 2010-04-05T19:47:11.990Z

     SystemBootInstance 103

     UserBootInstance 91

     BootTime 156487

     MainPathBootTime 127716

     BootKernelInitTime 25

     BootDriverInitTime 13982

     BootDevicesInitTime 6499

     BootPrefetchInitTime 59076

     BootPrefetchBytes 471920640

     BootAutoChkTime 0

     BootSmssInitTime 10780

     BootCriticalServicesInitTime 3085

     BootUserProfileProcessingTime 25303

     BootMachineProfileProcessingTime 1088

     BootExplorerInitTime 63718

     BootNumStartupApps 14

     BootPostBootTime 28771

     BootIsRebootAfterInstall false

     BootRootCauseStepImprovementBits 0

     BootRootCauseGradualImprovementBits 0

     BootRootCauseStepDegradationBits 0

     BootRootCauseGradualDegradationBits 0

     BootIsDegradation false

     BootIsStepDegradation false

     BootIsGradualDegradation false

     BootImprovementDelta 0

     BootDegradationDelta 0

     BootIsRootCauseIdentified false

  • Hi, I have a very similar problem with a few of the people above. Although, I've really not had any Blue screens or serious slow startup times as of yet. It is, however, getting a bit slower day after day and all I can find is this Critical Error in my Event Log. Windows Help seems to have no clue (Big surprise) as to what to do. Hoping an expert might have some ideas, thx!

    - System

     - Provider

      [ Name]  Microsoft-Windows-Diagnostics-Performance

      [ Guid]  {CFC18EC0-96B1-4EBA-961B-622CAEE05B0A}

      EventID 100

      Version 2

      Level 1

      Task 4002

      Opcode 34

      Keywords 0x8000000000010000

     - TimeCreated

      [ SystemTime]  2010-04-20T21:51:05.036095000Z

      EventRecordID 2004

     - Correlation

      [ ActivityID]  {00000100-0000-0001-6725-4442D3E0CA01}

     - Execution

      [ ProcessID]  1716

      [ ThreadID]  4948

      Channel Microsoft-Windows-Diagnostics-Performance/Operational

      Computer Zack

     + Security

      [ UserID]  S-1-5-19

    - EventData

     BootTsVersion 2

     BootStartTime 2010-04-20T21:48:48.796400500Z

     BootEndTime 2010-04-20T21:51:01.916089700Z

     SystemBootInstance 111

     UserBootInstance 106

     BootTime 127406

     MainPathBootTime 40490

     BootKernelInitTime 32

     BootDriverInitTime 8901

     BootDevicesInitTime 6247

     BootPrefetchInitTime 33685

     BootPrefetchBytes 381489152

     BootAutoChkTime 0

     BootSmssInitTime 5363

     BootCriticalServicesInitTime 1873

     BootUserProfileProcessingTime 1100

     BootMachineProfileProcessingTime 3

     BootExplorerInitTime 14440

     BootNumStartupApps 14

     BootPostBootTime 86916

     BootIsRebootAfterInstall false

     BootRootCauseStepImprovementBits 0

     BootRootCauseGradualImprovementBits 0

     BootRootCauseStepDegradationBits 0

     BootRootCauseGradualDegradationBits 0

     BootIsDegradation false

     BootIsStepDegradation false

     BootIsGradualDegradation false

     BootImprovementDelta 0

     BootDegradationDelta 0

     BootIsRootCauseIdentified false

     OSLoaderDuration 3854

     BootPNPInitStartTimeMS 32

     BootPNPInitDuration 6277

     OtherKernelInitDuration 2358

     SystemPNPInitStartTimeMS 8600

     SystemPNPInitDuration 8870

     SessionInitStartTimeMS 17506

     Session0InitDuration 2601

     Session1InitDuration 1185

     SessionInitOtherDuration 1575

     WinLogonStartTimeMS 22869

     OtherLogonInitActivityDuration 2076

     UserLogonWaitDuration 6632

  • Could someone please explain to me what I should do to prevent my computer from crashing-  see the below. Thanks, Ray

    Log Name:      Microsoft-Windows-Diagnostics-Performance/Operational

    Source:        Microsoft-Windows-Diagnostics-Performance

    Date:          4/20/2010 10:41:21 PM

    Event ID:      100

    Task Category: Boot Performance Monitoring

    Level:         Critical

    Keywords:      Event Log

    User:          LOCAL SERVICE

    Computer:      Home-PC

    Description:

    Windows has started up:

        Boot Duration : 187894ms

        IsDegradation : false

        Incident Time (UTC) : 4/21/2010 2:37:51 AM

    Event Xml:

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

     <System>

       <Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{cfc18ec0-96b1-4eba-961b-622caee05b0a}" />

       <EventID>100</EventID>

       <Version>1</Version>

       <Level>1</Level>

       <Task>4002</Task>

       <Opcode>34</Opcode>

       <Keywords>0x8000000000010000</Keywords>

       <TimeCreated SystemTime="2010-04-21T02:41:21.205Z" />

       <EventRecordID>3093</EventRecordID>

       <Correlation ActivityID="{00000000-A6C8-0000-8B82-6AA3FBE0CA01}" />

       <Execution ProcessID="1844" ThreadID="588" />

       <Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>

       <Computer>Home-PC</Computer>

       <Security UserID="S-1-5-19" />

     </System>

     <EventData>

       <Data Name="BootTsVersion">2</Data>

       <Data Name="BootStartTime">2010-04-21T02:37:51.656Z</Data>

       <Data Name="BootEndTime">2010-04-21T02:41:12.250Z</Data>

       <Data Name="SystemBootInstance">364</Data>

       <Data Name="UserBootInstance">337</Data>

       <Data Name="BootTime">187894</Data>

       <Data Name="MainPathBootTime">95360</Data>

       <Data Name="BootKernelInitTime">18</Data>

       <Data Name="BootDriverInitTime">5119</Data>

       <Data Name="BootDevicesInitTime">13671</Data>

       <Data Name="BootPrefetchInitTime">41807</Data>

       <Data Name="BootPrefetchBytes">471351296</Data>

       <Data Name="BootAutoChkTime">0</Data>

       <Data Name="BootSmssInitTime">58505</Data>

       <Data Name="BootCriticalServicesInitTime">1879</Data>

       <Data Name="BootUserProfileProcessingTime">1822</Data>

       <Data Name="BootMachineProfileProcessingTime">177</Data>

       <Data Name="BootExplorerInitTime">8015</Data>

       <Data Name="BootNumStartupApps">19</Data>

       <Data Name="BootPostBootTime">92534</Data>

       <Data Name="BootIsRebootAfterInstall">false</Data>

       <Data Name="BootRootCauseStepImprovementBits">0</Data>

       <Data Name="BootRootCauseGradualImprovementBits">0</Data>

       <Data Name="BootRootCauseStepDegradationBits">0</Data>

       <Data Name="BootRootCauseGradualDegradationBits">0</Data>

       <Data Name="BootIsDegradation">false</Data>

       <Data Name="BootIsStepDegradation">false</Data>

       <Data Name="BootIsGradualDegradation">false</Data>

       <Data Name="BootImprovementDelta">0</Data>

       <Data Name="BootDegradationDelta">0</Data>

       <Data Name="BootIsRootCauseIdentified">false</Data>

     </EventData>

    </Event>

  • Ray, you need to see if there is a dmp file under c:\windows.  If ther crash is a stop 0x80, that is a hardware failure and you need to contact the vendor who made the hardware.   It's called a 'machine check':

    http://msdn.microsoft.com/en-us/library/ff559250(VS.85).aspx

  • 微軟產品: Windows操作系統;版本: 6.0.6001.18000;識別碼: 102;事件來源: 微軟 Windows的診斷,性能;

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment