Applies to:

Windows Server 2012 R2

Windows 8.1

Windows Server 2012

Windows 8

 

My old team had the following blog post Two Minute Drill: LOGMAN.EXE written for Windows Vista and Windows Server 2008 that goes over the “base”* performance counters.

With new perfmon counters to troubleshoot performance issues, I decided to write this post that shows you how to gather perfmon remotely on our newer Windows versions.  

Have the “Remote Registry” service started

Have the “Performance Logs and Alerts” unblocked in the Windows Firewall or your Antivirus Network Protection software.

From a 64-bit Windows Vista/Server 2008/7/Server 2008 R2/8/Server 2012/8.1/Server 2012 R2 ‘tools machine’:

Long-interval:

==========

Start, CMD (Run as admin)

logman.exe create counter %ComputerName%_long_interval -f bincirc -v mmddhhmm -max 350 -c "\Cache\*" "\IPv4\*" "\LogicalDisk(*)\*" "\Memory\*" "\Netlogon\*" "\Network Interface(*)\*" "\Paging File(*)\*" "\Per Processor Network Activity Cycles(*)\*" "\Per Processor Network Interface Card Activity(*)\*" "\Processor(*)\*" "\Processor Information(*)\*" "\PhysicalDisk(*)\*" "\Process(*)\*" "\Physical Network Interface Card Activity(*)\*" "\Redirector\*" "\SMB Client Shares\*" "\SMB Server Shares(*)\*" "\SMB Server Sessions\*" "\Server\*" "\Server Work Queues(*)\*" "\System\*" "\TCPv4\*" -si 00:05:00 -s YourServerName -u DomainName\Username *

Note:  Where "YourServerName" is the actual server name.

Note 2:  Where "DomainName" is your actual domain name.

Note 3:  Where "Username" is a user account that has local admin rights on the target machine.

Note 5:  You could change the interval for the long from to -si 00:05:00 to anything depending on how long you want to capture.  For more info on the sample interval that you need to choose, check out:  How often should Perfmon Sample?


logman.exe start %ComputerName%_long_interval -s YourServerName -u DomainName\Username Password

<reproduce the issue>

logman.exe stop %ComputerName%_long_interval -s YourServerName -u DomainName\Username Password

Short-interval:

==========

logman.exe create counter %ComputerName%_short_interval -f bincirc -v mmddhhmm -max 350 -c "\Cache\*" "\IPv4\*" "\LogicalDisk(*)\*" "\Memory\*" "\Netlogon\*" "\Network Interface(*)\*" "\Paging File(*)\*" "\Per Processor Network Activity Cycles(*)\*" "\Per Processor Network Interface Card Activity(*)\*" "\Processor(*)\*" "\Processor Information(*)\*" "\PhysicalDisk(*)\*" "\Process(*)\*" "\Physical Network Interface Card Activity(*)\*" "\Redirector\*" "\SMB Client Shares\*" "\SMB Server Shares(*)\*" "\SMB Server Sessions\*" "\Server\*" "\Server Work Queues(*)\*" "\System\*" "\TCPv4\*" -si 00:00:05 -s YourServerName -u DomainName\Username *

Note:  Where "YourServerName" is the actual server name.

Note 2:  Where "DomainName" is your actual domain name.

Note 3:  Where "Username" is a user account that has local admin rights on the target machine.

logman.exe start %ComputerName%_short_interval -s YourServerName -u DomainName\Username Password

<reproduce the issue>

logman.exe stop %ComputerName%_short_interval -s YourServerName -u DomainName\Username Password

 

More information:

*  If you use my colleague Clint Huffman’s Performance Analysis of Logs (PAL), the “base” performance is named “System Overview”.

Thanks for Roger Southgate for tech. reviewing.