70-411 Exam Cram - Deploy, manage and maintain servers

Monitor servers

Configure Data Collector Sets

  • Data collector sets enable the collection of performance data, system configuration information and statistics into a single file
  • Data collector sets can include any of the following:
    • Performance counter data - Data generated by performance counters
    • Event trace data - Track events and system activities, useful for troubleshooting issues with applications or services
    • System configuration information - Track the state of registry keys and record any modifications
  • Windows Server 2012+ includes the following built-in data collector sets:
    • Active Directory diagnostics - Provides data on Active Directory health and reliability, only applies to DCs
    • System diagnostics - Enables you to troubleshoot problems with hardware, drivers and STOP errors
    • System performance - Enables you to diagnose problems with system performance
  • Data Collector Sets can have the following settings configured:
    • Stop condition - Based on the file size of the log or the duration
    • Schedule - When to start collecting
    • Data Manager - How to collect data and limits on the required disk space before collection is allowed

Configure Alerts

  • Performance counter alerts can be used to trigger an application or script to run when a performance counter reaches a threshold, either low or high. For example, low disk space or high CPU usage
  • A scheduled task can be triggered when an alert is triggered

Monitor Real-time performance

  • Real-time performance can be monitored using the Resource Monitor view of the Windows Performance Monitor
  • The command-line tool is: perfmon /res
  • When a problem process is found, the wait chain can be examined directly from Resource Monitor

Monitor Virtual Machines (VMs)

  • Requires a failover cluster
  • Resource pools can be monitored to monitor the aggregate usage of a resource by the guest VMs
  • The Get-VMResourcePool cmdlet can be used to view the resource pools
  • New resource pools can be created to monitor a subset of resources
  • The Enable-VMResourceMetering cmdlet is used to enable resource monitoring on pools
  • Only pools that have resources assigned are enabled when the Enable-VMResourceMetering is run
  • To create a new resource pool, run the New-VMResourcePool cmdlet and specify the parameters
  • The Measure-VM cmdlet can be use to return data collected by ResourceMetering, e.g. Get-VM | Measure-VM

Monitor events

  • VM Eventing keeps PowerShell objects updated without having to poll the virtual machine host, the cmdlet to enable VM Eventing is Enable-VMEventing
  • You can use custom views in Event Viewer to filter and view events across multiple logs. A view cannot filter across multiple logs. A PowerShell script could be used, but it would require too much administrative effort. A custom MMC console is not required, views can be stored in Event Viewer
  • You can attach tasks to events in Event Viewer to automatically remediate issues
  • Event logs can be filtered based on any number of attributes
  • Event log views can be used to create a customised view of events across any event log stored on a server, including events in the forwarded event log
  • Views differ from filters in the following ways:
    • Persistent
    • Include multiple logs
    • Exportable

Configure event subscriptions

  • Pull or Collector initiated configuration is best for small environments and it is the only method supported by workgroup scenarios
  • Push or Source initiated configuration is best for large environments as the source computers can be configured using Group Policy
  • wecutil qc must be run on the collector computer to configure event subscriptions
  • Event log forwarding uses Windows Remote Management (WinRM) and the Windows Event Collector (wecsvc). You need to enable these services on computers that function as event forwarders and event collectors
  • You configure WinRM using the winrm quickconfig command on source computers
  • You configure wecsvc using the wecutil qc command
  • If you want to configure subscriptions from the security event log, you need to add the computer account of the collector computer to the local Administrators group on the source computer
  • If you want to configure a source computer-initiated subscription, you need to configure the following group policies on the computers that will act as the event forwarders:
    • Configure Forwarder Resource Usage This policy determines the maximum event forwarding rate in events per second. If this policy is not configured, events will be transmitted as soon as they are recorded.
    • Configure Target Subscription Manager This policy enables you to set the location of the collector computer
    • Both of the above policies are located in: Configuration\Policies\Administrative Templates\Windows Components\Event Forwarding
  • Event Viewer is used to configure event subscriptions

Configure network monitoring

  • The two primary tools used for network monitoring are:
    • Resource Monitor
      • Provides real time information
      • Cannot perform traffic capture
      • Provides the following information:
        • Processes with Network Activity
        • Network activity
        • TCP connections
        • Listening ports
    • Message analyser
      • Replaces both Network Monitor and LogParser
      • Filters can be applied to traffic

Schedule performance monitoring

  • Windows Performance Monitor uses a consistent scheduling method for all data collection:
    • During Data Collector Set creation , you can configure the schedule by selecting Open properties for this data collector set at the end of the Create New Data Collector Set Wizard
    • After a Data Collector Set has been created , you can access the schedule options by right-clicking the Data Collector Set name in the Microsoft Management Console (MMC) navigation pane and selecting Properties

Popular posts from this blog

Get local computer UUID/GUID using Windows Powershell

Use the following syntax to get the local computer's UUID/GUID using Windows Powershell: get-wmiobject Win32_ComputerSystemProduct  | Select-Object -ExpandProperty UUID Add -computername after the WMI class to find a remote computer's UUID, example: get-wmiobject Win32_ComputerSystemProduct -computername RANTPC | Select-Object -ExpandProperty UUID
Read more

gPLink and gPOptions

gPLink is a property for sites, domains and organisational units that contains a prioritised list of GPOs linked to the node. gPOptions is a property that contains all Block Policy Inheritance settings for the node. To manage GPO links on a node, you must have read and write access to the gPLink and gPOptions properties.
Read more

PSLoggedOn Getting Started on Windows Server 2008 R2

Image
PSLoggedOn is a tool I downloaded to allow me to find out which computers a user is currently logged on to. Getting it up and running wasn’t exactly easy. I’m running a Windows Server 2008 R2 test environment. The first error I encountered was: Error browing network: The list of servers for this workgroup is not currently available. Note: I kept the spelling mistake from the error message to make it easier to find via search engines. To get past this error, you have to enable and start the “Computer Browser” service. Then I started getting the error telling me that the Administrator is not logged on. That’s simply not true because I am logged onto another server (Name: ELARA): I turned the firewall OFF OFF OFF (It is a test network after all). I enabled Network Discovery and to do that I went on a service starting frenzy: DNS Client, Function Discovery Resource Publication, SSDP Discovery, and UPnP Device Host, Computer Browser After all that, I ran the script against the se
Read more