PRF: Server Hang (Pre-Windows Server 2008+)

Published 03-16-2019 03:21 AM 212 Views
Microsoft
First published on TECHNET on Jan 15, 2010



Computer Hung/Unresponsive


(Pre-Windows Server 2008)



Description: A hang is typically defined as a condition where a machine is non-responsive over the network and\or at the console. This usually manifests itself in not being able to log onto the console or a session, or a session becoming unresponsive to input or network traffic. This is not to be confused with a crash or bugcheck, which indicates a software or kernel fault. This document is specific to instances where a machine hangs or becomes unresponsive during normal use. This does not apply to these symptoms (they are covered elsewhere):



Server hang during boot


Server hang after CTRL-ALT-DEL


Server hang at Applying Computer Settings


Server hang at Shutdown



This document applies to:



Windows 2000 Service Pack 4 with Update Rollup Package 1. (Mainstream support ended


6/30/2005)


Windows Server 2003 RTM (Mainstream support ended 3/30/2007)


Windows Server 2003 Service Pack 1 (Mainstream support ended 4/14/2009)


Windows Server 2003 Service Pack 2 (Mainstream support ends 7/13/2010)



Note: http://support.microsoft.com/gp/lifeselect




Scoping the Issue: Define the type of hang:



1.     Is the console hung or is it an issue with network connectivity?


2.     Does Ctrl-Alt-Delete bring up the Windows Security dialog?


3.     Can you toggle Caps Lock or Num Lock? If you can’t it could be a hardware or driver problem.


4.     Can you move the mouse?


5.     Is there a KVM in use?


6.     When did the issue start occurring?  DDMMYYYY, HH:MM:SS


7.     What changed?


8.     How long has the server being in production?


9.     How often does the issue occur?


10.  Under what conditions does the issue occur?


11.  What else is going on when the issue occurs?


12.  Does it happen at a particular time of day (users logging in, scheduled tasks, backup etc).


13.  Is there anything you can do to make the problem occur (repro steps)?


14.   Can you ping by Ip address, Netbios or Fully Qualified Domain Name?


15.   Can you open network shares?  Can users connect to file shares on the hung machine?  Are there any errors?


16.   Are you able to logon at the physical console?  If so, are there any errors?


17.   Are you able to logon at via Remote Desktop (RDP client)?  Are there any errors?


If this is a terminal server, are you observing this behavior from a session or at the console?


18.   Are you able to open Computer Management remotely?  Are there any errors?


19.   What do you do to recover from the hang?


20.   How long have you waited before rebooting the server?


21.   What have you tried to do to fix the problem?


22.   If it’s not completely hung and we can get to Task Manager, check resources:


CPU time - is there a specific process pegging the CPU?


If so and its third party, if we end it what happens?




Data Gathering: One of the most useful tools in diagnosing system hangs is Performance Monitor (Perfmon) logging. Perfmon allows the user to gather performance counters for various objects relating to system health, such as: Memory, Network Interface, Physical Disk, Processor, Process, etc.




In all instances, collect:



1. MPS Reports PFE version



Microsoft Premier Services Reporting Utility (PFE version)


http://www.microsoft.com/downloads/details.aspx?FamilyId=00AD0EAC-720F-4441-9EF6-EA9F657B5C2F&d...



2.       Perfmon logs should include the timeframe when the problem is happening on the system.


You can create the log parameters manually , or by using the Performance Monitor Wizard .



You should capture the logs remotely from another computer.



a.     Set up the remote Binary Circular performance log grab all core OS counters



·         Cache


·         Logical disk


·         Memory


·         NBT Connections


·         Network interface


·         Objects


·         Paging File


·         Physical disk


·         Process


·         Processor


·         Redirector


·         Server


·         Server Work Queues


·         System



The Perfmon capture interval is determined by the length of time it takes the server to go from a normal state, to a problem state.



Please gather two concurrent Perfmon logs:



b.      Short interval with a 5 seconds interval.




If the average time to issue is:


The capture interval should be:


Hourly


5 seconds



And



c.       Long interval


Please use the table below to set the capture interval.




If the average time to issue is:


The capture interval should be:


Daily


160 seconds


3 days


360 seconds


1 week


800 seconds


2 weeks


1600 seconds


3 weeks


2400 seconds


Monthly


7200onds



d.      In Windows 2000, a common problem encountered when attempting to collect Perfmon logs remotely is that by default, the Performance Logs and Alerts service is started under the local computer’s “System” account. For steps on how to enable a network account to have permissions on the Performance Logs and Alerts service, please refer to Microsoft KB Article 240389: Log is not started when you try to start a log with remote counter... .


e.      In Windows Server 2003, you can simply use the "RunAs" option when setting up the counters.




3.       Setup for a complete memory dump per KB 972110 .



Proactively, make sure that :


--------------------------------------



  1. Check with the OEM vendor for any known issues with their hardware or updates.

  2. Update the bios

  3. Update the drivers and firmware from the OEM server hardware vendor website.

  4. Update the remote management software i.e. iLO/DAC

  5. Update the HBA driver and firmware

  6. Update the Storage driver and firmware

  7. Verify that software drivers are up to date. This includes antivirus, quota management software, remote management software, etc.

  8. Verify that Windows security and reliability updates are up to date.



Troubleshooting / Resolution:


1.       In the "System Event Log" look for "Event ID 2019" and "Event ID 2020"



2.       In Perfmon, check for any Process --> NameofProcess --> Handles value larger than 15,000.


Note:  LSASS.exe on DC's is normal to see a value up to 50,000.


Note: Store.exe on Exchange servers is normal to see a value up to 65,000




Additional Resources:



972110 How to generate a kernel dump file or a complete memory dump file in Windows Server 2003


http://support.microsoft.com/?id=972110



177415 How to use Memory Pool Monitor (Poolmon.exe) to troubleshoot kernel mode memory leaks


http://support.microsoft.com/kb/177415



PoolMon Examples


http://msdn.microsoft.com/en-us/library/ms792885.aspx



Poolmon Overview


http://technet.microsoft.com/en-us/library/cc737099(WS.10).aspx



164933 How to allow Poolmon.exe to run by setting GlobalFlag value


http://support.microsoft.com/kb/164933



Using PoolMon to Find a Kernel-Mode Memory Leak


http://msdn.microsoft.com/en-us/library/cc267829.aspx



246758 How to Monitor Performance of a Remote Computer Without Logging on to It


http://support.microsoft.com/id=246758



969639 Error message when you try to access the Performance Monitor (Perfmon.exe) on a remote computer: "Access Is Denied"


Http://support.microsoft.com/?id=969639



888989 A Performance Monitor counter for the Physical Disk performance object may not be displayed in Windows 2000


Http://support.microsoft.com/?id=888989



248993 PRB: Performance Object Is Not Displayed in Performance Monitor


http://support.microsoft.com/?id=248993


%3CLINGO-SUB%20id%3D%22lingo-sub-374473%22%20slang%3D%22en-US%22%3EPRF%3A%20Server%20Hang%20(Pre-Windows%20Server%202008%2B)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-374473%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3E%20First%20published%20on%20TECHNET%20on%20Jan%2015%2C%202010%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%3CP%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F92462i3EB153AA2A957EB0%22%20%2F%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CB%3E%20Computer%20Hung%2FUnresponsive%20%3C%2FB%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CB%3E%20(Pre-Windows%20Server%202008)%20%3C%2FB%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CB%3E%20%3C%2FB%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CB%3EDescription%3A%20%3C%2FB%3E%20A%20hang%20is%20typically%20defined%20as%20a%20condition%20where%20a%20machine%20is%20non-responsive%20over%20the%20network%20and%5Cor%20at%20the%20console.%20This%20usually%20manifests%20itself%20in%20not%20being%20able%20to%20log%20onto%20the%20console%20or%20a%20session%2C%20or%20a%20session%20becoming%20unresponsive%20to%20input%20or%20network%20traffic.%20This%20is%20not%20to%20be%20confused%20with%20a%20crash%20or%20bugcheck%2C%20which%20indicates%20a%20software%20or%20kernel%20fault.%20This%20document%20is%20specific%20to%20instances%20where%20a%20machine%20hangs%20or%20becomes%20unresponsive%20during%20normal%20use.%20This%20does%20not%20apply%20to%20these%20symptoms%20(they%20are%20covered%20elsewhere)%3A%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EServer%20hang%20during%20boot%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EServer%20hang%20after%20CTRL-ALT-DEL%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EServer%20hang%20at%20Applying%20Computer%20Settings%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EServer%20hang%20at%20Shutdown%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EThis%20document%20applies%20to%3A%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EWindows%202000%20Service%20Pack%204%20with%20Update%20Rollup%20Package%201.%20(Mainstream%20support%20ended%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E6%2F30%2F2005)%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EWindows%20Server%202003%20RTM%20(Mainstream%20support%20ended%203%2F30%2F2007)%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EWindows%20Server%202003%20Service%20Pack%201%20(Mainstream%20support%20ended%204%2F14%2F2009)%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EWindows%20Server%202003%20Service%20Pack%202%20(Mainstream%20support%20ends%207%2F13%2F2010)%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3ENote%3A%20%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fgp%2Flifeselect%22%20mce_href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fgp%2Flifeselect%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20http%3A%2F%2Fsupport.microsoft.com%2Fgp%2Flifeselect%3C%2FA%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CB%3E%20%3C%2FB%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CB%3EScoping%20the%20Issue%3A%20%3C%2FB%3E%20Define%20the%20type%20of%20hang%3A%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CB%3E%20%3C%2FB%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E1.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Is%20the%20console%20hung%20or%20is%20it%20an%20issue%20with%20network%20connectivity%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E2.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Does%20Ctrl-Alt-Delete%20bring%20up%20the%20Windows%20Security%20dialog%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E3.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Can%20you%20toggle%20Caps%20Lock%20or%20Num%20Lock%3F%20If%20you%20can%E2%80%99t%20it%20could%20be%20a%20hardware%20or%20driver%20problem.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E4.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Can%20you%20move%20the%20mouse%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E5.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Is%20there%20a%20KVM%20in%20use%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E6.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20When%20did%20the%20issue%20start%20occurring%3F%26nbsp%3B%20DDMMYYYY%2C%20HH%3AMM%3ASS%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E7.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20What%20changed%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E8.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20How%20long%20has%20the%20server%20being%20in%20production%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E9.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20How%20often%20does%20the%20issue%20occur%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E10.%26nbsp%3B%20Under%20what%20conditions%20does%20the%20issue%20occur%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E11.%26nbsp%3B%20What%20else%20is%20going%20on%20when%20the%20issue%20occurs%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E12.%26nbsp%3B%20Does%20it%20happen%20at%20a%20particular%20time%20of%20day%20(users%20logging%20in%2C%20scheduled%20tasks%2C%20backup%20etc).%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E13.%26nbsp%3B%20Is%20there%20anything%20you%20can%20do%20to%20make%20the%20problem%20occur%20(repro%20steps)%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E14.%26nbsp%3B%26nbsp%3B%20Can%20you%20ping%20by%20Ip%20address%2C%20Netbios%20or%20Fully%20Qualified%20Domain%20Name%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E15.%26nbsp%3B%26nbsp%3B%20Can%20you%20open%20network%20shares%3F%26nbsp%3B%20Can%20users%20connect%20to%20file%20shares%20on%20the%20hung%20machine%3F%26nbsp%3B%20Are%20there%20any%20errors%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E16.%26nbsp%3B%26nbsp%3B%20Are%20you%20able%20to%20logon%20at%20the%20physical%20console%3F%26nbsp%3B%20If%20so%2C%20are%20there%20any%20errors%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E17.%26nbsp%3B%26nbsp%3B%20Are%20you%20able%20to%20logon%20at%20via%20Remote%20Desktop%20(RDP%20client)%3F%26nbsp%3B%20Are%20there%20any%20errors%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EIf%20this%20is%20a%20terminal%20server%2C%20are%20you%20observing%20this%20behavior%20from%20a%20session%20or%20at%20the%20console%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E18.%26nbsp%3B%26nbsp%3B%20Are%20you%20able%20to%20open%20Computer%20Management%20remotely%3F%26nbsp%3B%20Are%20there%20any%20errors%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E19.%26nbsp%3B%26nbsp%3B%20What%20do%20you%20do%20to%20recover%20from%20the%20hang%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E20.%26nbsp%3B%26nbsp%3B%20How%20long%20have%20you%20waited%20before%20rebooting%20the%20server%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E21.%26nbsp%3B%26nbsp%3B%20What%20have%20you%20tried%20to%20do%20to%20fix%20the%20problem%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E22.%26nbsp%3B%26nbsp%3B%20If%20it%E2%80%99s%20not%20completely%20hung%20and%20we%20can%20get%20to%20Task%20Manager%2C%20check%20resources%3A%3C%2FP%3E%3CBR%20%2F%3E%3CP%3ECPU%20time%20-%20is%20there%20a%20specific%20process%20pegging%20the%20CPU%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EIf%20so%20and%20its%20third%20party%2C%20if%20we%20end%20it%20what%20happens%3F%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CB%3E%20%3C%2FB%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CB%3EData%20Gathering%3A%20%3C%2FB%3E%20One%20of%20the%20most%20useful%20tools%20in%20diagnosing%20system%20hangs%20is%20Performance%20Monitor%20(Perfmon)%20logging.%20Perfmon%20allows%20the%20user%20to%20gather%20performance%20counters%20for%20various%20objects%20relating%20to%20system%20health%2C%20such%20as%3A%20Memory%2C%20Network%20Interface%2C%20Physical%20Disk%2C%20Processor%2C%20Process%2C%20etc.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EIn%20all%20instances%2C%20collect%3A%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E1.%20%3CA%20href%3D%22http%3A%2F%2Fblogs.technet.com%2Faskperf%2Farchive%2F2009%2F05%2F01%2Ftwo-minute-drill-the-new-mps-reports.aspx%22%20mce_href%3D%22http%3A%2F%2Fblogs.technet.com%2Faskperf%2Farchive%2F2009%2F05%2F01%2Ftwo-minute-drill-the-new-mps-reports.aspx%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EMPS%20Reports%20%3C%2FA%3E%20PFE%20version%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EMicrosoft%20Premier%20Services%20Reporting%20Utility%20(PFE%20version)%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyId%3D00AD0EAC-720F-4441-9EF6-EA9F657B5C2F%26amp%3Bdisplaylang%3Den%22%20mce_href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyId%3D00AD0EAC-720F-4441-9EF6-EA9F657B5C2F%26amp%3Bdisplaylang%3Den%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyId%3D00AD0EAC-720F-4441-9EF6-EA9F657B5C2F%26amp%3Bdisplaylang%3Den%20%3C%2FA%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E2.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Perfmon%20logs%20should%20include%20the%20timeframe%20when%20the%20problem%20is%20happening%20on%20the%20system.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F248345%22%20mce_href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F248345%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EYou%20can%20create%20the%20log%20parameters%20manually%20%3C%2FA%3E%20%2C%20or%20by%20using%20the%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyID%3D31fccd98-c3a1-4644-9622-faa046d69214%26amp%3BDisplayLang%3Den%22%20mce_href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyID%3D31fccd98-c3a1-4644-9622-faa046d69214%26amp%3BDisplayLang%3Den%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Performance%20Monitor%20Wizard%20%3C%2FA%3E%20.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EYou%20should%20capture%20the%20logs%20remotely%20from%20another%20computer.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Ea.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Set%20up%20the%20remote%20Binary%20Circular%20performance%20log%20grab%20all%20core%20OS%20counters%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Cache%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Logical%20disk%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Memory%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20NBT%20Connections%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Network%20interface%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Objects%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Paging%20File%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Physical%20disk%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Process%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Processor%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Redirector%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Server%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Server%20Work%20Queues%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20System%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EThe%20Perfmon%20capture%20interval%20is%20determined%20by%20the%20length%20of%20time%20it%20takes%20the%20server%20to%20go%20from%20a%20normal%20state%2C%20to%20a%20problem%20state.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EPlease%20gather%20two%20concurrent%20Perfmon%20logs%3A%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Eb.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Short%20interval%20with%20a%205%20seconds%20interval.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CTABLE%3E%0A%20%20%20%3CTBODY%3E%3CTR%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3EIf%20the%20average%20time%20to%20issue%20is%3A%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3EThe%20capture%20interval%20should%20be%3A%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%3C%2FTR%3E%0A%20%20%20%3CTR%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3EHourly%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3E5%20seconds%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%3C%2FTR%3E%0A%20%20%3C%2FTBODY%3E%3C%2FTABLE%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EAnd%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Ec.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Long%20interval%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EPlease%20use%20the%20table%20below%20to%20set%20the%20capture%20interval.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CTABLE%3E%0A%20%20%20%3CTBODY%3E%3CTR%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3EIf%20the%20average%20time%20to%20issue%20is%3A%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3EThe%20capture%20interval%20should%20be%3A%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%3C%2FTR%3E%0A%20%20%20%3CTR%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3EDaily%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3E160%20seconds%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%3C%2FTR%3E%0A%20%20%20%3CTR%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3E3%20days%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3E360%20seconds%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%3C%2FTR%3E%0A%20%20%20%3CTR%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3E1%20week%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3E800%20seconds%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%3C%2FTR%3E%0A%20%20%20%3CTR%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3E2%20weeks%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3E1600%20seconds%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%3C%2FTR%3E%0A%20%20%20%3CTR%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3E3%20weeks%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3E2400%20seconds%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%3C%2FTR%3E%0A%20%20%20%3CTR%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3EMonthly%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%20%3CTD%3E%3CBR%20%2F%3E%3CP%3E7200onds%3C%2FP%3E%0A%20%20%20%20%3C%2FTD%3E%0A%20%20%20%3C%2FTR%3E%0A%20%20%3C%2FTBODY%3E%3C%2FTABLE%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Ed.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20In%20Windows%202000%2C%20a%20common%20problem%20encountered%20when%20attempting%20to%20collect%20Perfmon%20logs%20remotely%20is%20that%20by%20default%2C%20the%20Performance%20Logs%20and%20Alerts%20service%20is%20started%20under%20the%20local%20computer%E2%80%99s%20%E2%80%9CSystem%E2%80%9D%20account.%20For%20steps%20on%20how%20to%20enable%20a%20network%20account%20to%20have%20permissions%20on%20the%20Performance%20Logs%20and%20Alerts%20service%2C%20please%20refer%20to%20%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F240389%22%20mce_href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F240389%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Microsoft%20KB%20Article%20240389%3A%20Log%20is%20not%20started%20when%20you%20try%20to%20start%20a%20log%20with%20remote%20counters%20in%20System%20Monitor%20%3C%2FA%3E%20.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3Ee.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20In%20Windows%20Server%202003%2C%20you%20can%20simply%20use%20the%20%22RunAs%22%20option%20when%20setting%20up%20the%20counters.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E3.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Setup%20for%20a%20complete%20memory%20dump%20per%20%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fdefault.aspx%3Fscid%3Dkb%3BEN-US%3B972110%22%20mce_href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fdefault.aspx%3Fscid%3Dkb%3BEN-US%3B972110%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20KB%20972110%20%3C%2FA%3E%20.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EProactively%2C%20make%20sure%20that%20%3A%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E--------------------------------------%3C%2FP%3E%3CBR%20%2F%3E%3COL%3E%3CBR%20%2F%3E%3CLI%3ECheck%20with%20the%20OEM%20vendor%20for%20any%20known%20issues%20with%20their%20hardware%20or%20updates.%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EUpdate%20the%20bios%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EUpdate%20the%20drivers%20and%20firmware%20from%20the%20OEM%20server%20hardware%20vendor%20website.%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EUpdate%20the%20remote%20management%20software%20i.e.%20iLO%2FDAC%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EUpdate%20the%20HBA%20driver%20and%20firmware%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EUpdate%20the%20Storage%20driver%20and%20firmware%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EVerify%20that%20software%20drivers%20are%20up%20to%20date.%20This%20includes%20antivirus%2C%20quota%20management%20software%2C%20remote%20management%20software%2C%20etc.%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EVerify%20that%20Windows%20security%20and%20reliability%20updates%20are%20up%20to%20date.%3C%2FLI%3E%0A%20%20%3C%2FOL%3E%3CBR%20%2F%3E%3CP%3E%3CB%3E%20%3C%2FB%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CB%3E%20%3C%2FB%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CB%3E%20Troubleshooting%20%2F%20Resolution%3A%20%3C%2FB%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E1.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20In%20the%20%22System%20Event%20Log%22%20look%20for%20%22Event%20ID%202019%22%20and%20%22Event%20ID%202020%22%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E2.%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20In%20Perfmon%2C%20check%20for%20any%20Process%20--%26gt%3B%20NameofProcess%20--%26gt%3B%20Handles%20value%20larger%20than%2015%2C000.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3ENote%3A%26nbsp%3B%20LSASS.exe%20on%20DC's%20is%20normal%20to%20see%20a%20value%20up%20to%2050%2C000.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3ENote%3A%20Store.exe%20on%20Exchange%20servers%20is%20normal%20to%20see%20a%20value%20up%20to%2065%2C000%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CB%3E%20%3C%2FB%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CB%3E%20%3C%2FB%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CB%3E%20Additional%20Resources%3A%20%3C%2FB%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E972110%20How%20to%20generate%20a%20kernel%20dump%20file%20or%20a%20complete%20memory%20dump%20file%20in%20Windows%20Server%202003%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2F%3Fid%3D972110%22%20mce_href%3D%22http%3A%2F%2Fsupport.microsoft.com%2F%3Fid%3D972110%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20http%3A%2F%2Fsupport.microsoft.com%2F%3Fid%3D972110%20%3C%2FA%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E177415%20How%20to%20use%20Memory%20Pool%20Monitor%20(Poolmon.exe)%20to%20troubleshoot%20kernel%20mode%20memory%20leaks%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F177415%22%20mce_href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F177415%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F177415%20%3C%2FA%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EPoolMon%20Examples%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fms792885.aspx%22%20mce_href%3D%22http%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fms792885.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20http%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fms792885.aspx%20%3C%2FA%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EPoolmon%20Overview%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fcc737099(WS.10).aspx%22%20mce_href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fcc737099(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fcc737099(WS.10).aspx%20%3C%2FA%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E164933%20How%20to%20allow%20Poolmon.exe%20to%20run%20by%20setting%20GlobalFlag%20value%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F164933%22%20mce_href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F164933%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F164933%20%3C%2FA%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EUsing%20PoolMon%20to%20Find%20a%20Kernel-Mode%20Memory%20Leak%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fcc267829.aspx%22%20mce_href%3D%22http%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fcc267829.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20http%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fcc267829.aspx%20%3C%2FA%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E246758%20How%20to%20Monitor%20Performance%20of%20a%20Remote%20Computer%20Without%20Logging%20on%20to%20It%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fid%3D246758%22%20mce_href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fid%3D246758%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20http%3A%2F%2Fsupport.microsoft.com%2Fid%3D246758%20%3C%2FA%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E969639%20Error%20message%20when%20you%20try%20to%20access%20the%20Performance%20Monitor%20(Perfmon.exe)%20on%20a%20remote%20computer%3A%20%22Access%20Is%20Denied%22%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2F%3Fid%3D969639%22%20mce_href%3D%22http%3A%2F%2Fsupport.microsoft.com%2F%3Fid%3D969639%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Http%3A%2F%2Fsupport.microsoft.com%2F%3Fid%3D969639%20%3C%2FA%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E888989%20A%20Performance%20Monitor%20counter%20for%20the%20Physical%20Disk%20performance%20object%20may%20not%20be%20displayed%20in%20Windows%202000%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2F%3Fid%3D888989%22%20mce_href%3D%22http%3A%2F%2Fsupport.microsoft.com%2F%3Fid%3D888989%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Http%3A%2F%2Fsupport.microsoft.com%2F%3Fid%3D888989%20%3C%2FA%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E248993%20PRB%3A%20Performance%20Object%20Is%20Not%20Displayed%20in%20Performance%20Monitor%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2F%3Fid%3D248993%22%20mce_href%3D%22http%3A%2F%2Fsupport.microsoft.com%2F%3Fid%3D248993%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20http%3A%2F%2Fsupport.microsoft.com%2F%3Fid%3D248993%20%3C%2FA%3E%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CB%3E%20%3C%2FB%3E%3C%2FP%3E%0A%20%0A%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-374473%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20TECHNET%20on%20Jan%2015%2C%202010%20%26nbsp%3BComputer%20Hung%2FUnresponsive%20(Pre-Windows%20Server%202008)%26nbsp%3BDescription%3A%20A%20hang%20is%20typically%20defined%20as%20a%20condition%20where%20a%20machine%20is%20non-responsive%20over%20the%20network%20and%5Cor%20at%20the%20console.%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-374473%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EPages%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Mar 16 2019 03:21 AM
Updated by: