Antony Hawkins

Perfmon Services troubleshooting DataSource

Recommended Posts

For Remote Perfmon to work, there are six Windows Services that must be present on a machine, two of which must be set to auto startup and the other four set to at least manual startup - as detailed here:

https://www.logicmonitor.com/support/monitoring/os-virtualization/troubleshooting-perfmon-access/

If you're having Perfmon collection issues this is the first place to look, but that involves logging on to the machine and looking, or running a fairly complex collector debug command, such as:

!wmi h=<hostname> select displayname,startmode,state from win32_Service where displayname = 'Performance Counter DLL Host' OR displayname = 'Performance Logs & Alerts' OR displayname = 'Remote Access Auto Connection Manager' OR displayname = 'Remote Registry' OR displayname = 'Remote Procedure Call (RPC) Locator' OR displayname = 'WMI Performance Adapter'

This datasource will rapidly determine the presence and setup of the six required services on any monitored Windows device.

Each Service is discovered if present, and grouped according to startmode (auto, manual, disabled). Additionally, the startmode, state and status at time of discovery are added as instance level properties, for each service, with state and status then monitored.

This gives a very rapid (as soon as Active Discovery has run) visual indication for this first troubleshooting step.

The DataSource as presented has the AppliesTo rule of 'false()', i.e. disabled. This will need to be edited to apply to any Devices you are looking to troubleshoot.

Examples of Active Discovery results as seen in the Device tree:

Device with "Remote Registry" disabled:

59df98529f8f9_ScreenShot2017-10-12at17_18_22.png.e28443fd8cca1f66ab39afacfdf36879.png

Device with "Remote Registry" set to auto, but then stopped, and with "Remote Procedure Call (RPC) Locator" incorrectly set to manual startmode:

59df98533d3f8_ScreenShot2017-10-12at17_19_01.png.51dd9eff2fa94799513fe87e61cc2159.png

Once the necessary changes are made, the DataSource can be disabled, or left running as an ongoing check.

No alerting is currently configured.

v1.1.0: DR9MDK

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.