Managing System Resources in Windows Server includes several tools that help identify potential issues with system resources.
The tools to identify performance bottlenecks in Windows Server are:

  • Task Manager, which displays current system resource usage.
  • Event Viewer, which logs specific events, including performance-related events.
  • Reliability Monitor, which tracks changes brought to the system, allowing you to  identify whether a change could be the cause of a new bottleneck.
  • Performance Monitor, which collects data in either real time or at specific intervals to identify potential issues.
  • Windows System Resource Manager (WSRM), which can be used to profile specific applications to indicate which resources they need at which time. You can also use it to  manage application resource allocation based on the profiles you generate.

You can use other tools as well, such as Microsoft System Center Operations Manager, to  monitor the state of a system continuously and automatically correct well-known issues. Operations Manager relies on custom management packs to monitor specific applications.

Using Task Manager
The simplest of all tools to use is Task Manager. This tool provides real-time system status information and covers several key aspects of a system’s performance, including:
– Running applications
– Running processes
– Running services
– Performance, including CPU and memory usage
– Networking, including network interface card (NIC) utilization
– Currently logged-on users
You can access Task Manager in a variety of ways, the most common of which is to right-click the taskbar and click Task Manager. Another common method is to use the Ctrl+Alt+Delete key combination and click Task Manager when the menu choices appear.
For example, this is how you would access Task Manager on Server Core because it does not
include a taskbar. You can also type Taskmgr.exe at the Command Prompt.
When you need information regarding system performance, the Performance tab, shown in Figure 13-7, is the most useful tab. This tab displays complete information about your system’s key resource usage. It details physical and kernel memory usage. This tab also includes a  button that gives you access to Resource Monitor. Clicking this button launches Resource Monitor while keeping Task Manager open.
Resource Monitor is a super Task Manager because it brings together the CPU, disk, memory, and network usage graphs in a single view. (See Figure 13-8.) In addition, it includes expandable components for each resource, displaying details of each component so that you
can identify which processes might be the culprit if issues are evident. These two tools are ideal for on-the-spot verification of resource usage. You should rely on them if you need to identify immediately whether something is wrong with a server.


Figure 13-7 Viewing real-time performance information in Task Manager


Figure 13-8 Viewing real-time performance information in Resource Monitor

For example, if the system does not have enough memory, you immediately see that memory usage is constantly high. In this case, Windows is forced to use on-disk virtual memory and must swap or page memory contents constantly between physical and virtual memory. Constant paging is a typical issue that servers with insufficient physical memory face and is often indicated by slow system behavior. One good indicator of insufficient memory is slow Server Manager operation.

Working with Event Viewer
Another excellent indicator of system health are the Windows event logs, which you can  explore using Event Viewer. Windows maintains several event logs to collect information about each of the services running on a server. By default, these include the Application, Security, Setup, System, and Forwarded Events logs, all located in the Windows Logs folder.
However, on a DC, you also have additional logs that are specifically related to AD DS  operation.
These are located in the Applications and Services Logs folder and include:
– DFS Replication, which is available in domains and forests operating in Windows Server 2008 R2 functional level. If you are running your domains or forests in one of the earlier modes, the log is for the FRS replication service.
– Directory Service, which focuses on the operations that are specifically related to AD DS.
– DNS Server, which lists all events related to the naming service that supports AD DS  operation.
However, one of the best features of Event Log is related to Server Manager. Because it acts as the central management location for each of the roles included in Windows Server 2008 R2, Server Manager provides custom log views that percolate all the events related to a specific server role. For example, if you click the Active Directory Domain Services role, Server Manager provides a log view that includes, among other things, a summary view of key events related to this service, shown in Figure 13-9.
Event Log lists three types of events: Information, Warning, and Errors. By default, the Summary view displayed under the server role lists Errors with a high priority, Warnings with
a medium priority, and Information messages with the lowest priority. Therefore, Errors
always appear at the top of the summary, alerting you immediately if there is an issue with your system. To drill down and see the event details, either double-click the event itself or move to the Event Viewer under the Diagnostics node of the tree pane in Server  Manager.


Figure 13-9 Viewing Summary events for AD DS in Server Manager

Events provide much more information in Windows Server 2008 R2 and Windows 7 than
ever before. In previous versions of Windows, events were arcane items that provided very
little information about an issue. Today, you get a full explanation on an event in Event Viewer, and you can link to an online database maintained by Microsoft for each event. You can look up an event in this database by clicking the Event Log Online Help link in the event’s Properties dialog box. You are prompted to send information about the event to Microsoft.
Click Yes if you want information specifically about this event.
This database does not provide information about every event in Windows, but it covers the most frequently viewed events. You can also use third-party event log databases to view information about events.

The more you know about Windows events, the easier it will be to deal with issues. You can
rely on the Microsoft online event database and free third-party event databases, and you can
supplement this information with online searches by using tools such as Windows Live Search
to locate information about an issue. Searching on the event ID returns the most results.

For more information on working with Event Log, download “Tracking Change in Windows
Vista,” a multi-page on the new features of Event Log that describes how it can be integrated with Task Manager to automate actions based on specific events and forward key events to a central collection system

Working with Windows Reliability Monitor
Another useful tool to identify potential issues on a system is Reliability Monitor. This tool,
located under the Diagnostic Reliability and Performance Monitoring Tools node in Server
Manager, tracks changes made to a system. Each time a change is performed on the system,
it is logged in Reliability Monitor. (See Figure 13-10.) Tracked changes include system changes,
software installs or uninstalls, application failures, hardware failures, and Windows failures.


Figure 13-10 Viewing system changes in Reliability Monitor

If an issue arises, one of the first places you should check is Reliability Monitor because it tracks every change to your system and reveals what might have happened to make your system unresponsive. For example, if the change is a new driver for a device, it might be a good idea to roll back the device installation to see whether the system becomes more responsive. Verify Reliability Monitor whenever an issue affecting performance arises on a server.


Working with Windows Performance Monitor
Sometimes problems and issues are not immediately recognizable, requiring further research
to identify them. In such cases, you need to rely on Performance Monitor. This tool, located
under the Diagnostic Reliability and Performance Monitoring Tools node in Server Manager,
tracks performance data on a system. You use Performance Monitor to track particular system
components either in real time or on a scheduled basis.
If you are familiar with previous versions of Windows Server, you’ll quickly note that Windows Server 2008 R2 Performance Monitor brings together several tools that you might be familiar with: Performance Logs And Alerts, Server Performance Advisor, and System Monitor. If you are new to Windows Server with the 2008 R2 release, you’ll quickly find that when it comes to performance management and analysis, Performance Monitor is the tool to use. Using  Performance Monitor, you create interactive collections of system counters or create reusable data collector sets. Performance Monitor is part of Windows Reliability And Performance Monitor (WRPM). Table 13-5 describes each of the tools in WRPM that support performance monitoring and the access rights required to work with them.


Windows Server 2008 R2 includes a new built-in group called Performance Log Users,
which allows server administrators who are not members of the local Administrators group

to perform tasks related to performance monitoring and logging. For this group to be able
to initiate data logging or modify data collector sets, it must have the Log On As A Batch Job
user right. Note that this user right is assigned to this group by default.
In addition, Windows Server 2008 R2 creates custom Data Collector Set templates when a role is installed. These templates are located under the System node of the Data Collector Sets node of WRPM. For example, with the AD DS role, four collector sets are created:
– The Active Directory Diagnostics set collects data from registry keys, performance counters, and trace events related to AD DS performance on a local DC.
– The LAN Diagnostics set collects data from network interface cards, registry keys, and other system hardware to identify issues related to network traffic on the local DC.
– The System Diagnostics set collects data from local hardware resources to generate data that helps streamline system performance on the local DC.

– The System Performance set focuses on the status of hardware resources and system response times and processes on the local DC.
Of the four, the most useful for AD DS is the first. This should be the data set you rely on the most. You can create your own personalized data set. If you do, focus on the items in Table 13-6 as the counters you should include in your data set.




To add counters to Performance Monitor, simply click the plus (+) sign on the toolbar
at the top of the details pane. This displays the Add Counters dialog box shown in Figure
13-11. Scroll through the counters to identify which ones you need. In some cases, you need
subcounters under a specific heading (as shown in Table 13-6); in others, you need the entire
subset of counters. When you need a subcounter, click the down arrow beside the heading,
locate the subcounter, and click Add. When you need the entire counter, click the counter and
click Add. This adds the counter with a star heading below it, indicating that all subcounters
have been added.


Important: T he Windows Server 2008 R2 interface
When using the classic interface in Windows Server 2008 R2, subcounters are accessed by clicking plus signs. When using the Desktop Experience feature in Windows Server 2008 R2, which simulates the Windows 7 interface, subcounters are accessed through down arrows


To obtain information about a counter, click Show Description. Then, when you click any
counter or subcounter, a short description appears at the bottom of the dialog box.
As soon as you are finished adding counters and you click OK, Performance Monitor starts tracking them in real time. Each counter you added is assigned a line of a specific color. To remove a counter, click the counter, and then click the Delete button (X) on the toolbar at the
top of the details pane.
You can start and stop Performance Monitor much like a media player, using the same
type of buttons. When Performance Monitor runs, it automatically overwrites data as it
collects more; therefore, it is more practical for real-time monitoring.
If you want to capture the counters you added into a custom data set, right-click Performance Monitor and click New; then choose New Data Collector Set. Follow the prompts to save your counter selections so that you can reuse them later.


Figure 13-11 Adding counters to Performance Monitor


Note: working with Performance Monitor, because it is an important part of the .
Also, note that there is no Server Performance Advisor (SPA) in Windows Server 2008 R2.
This Windows Server 2003 tool has been rolled into Windows Reliability And Performance
Monitor. Don’t get caught on questions regarding SPA on the exam.


Creating Baselines for AD DS and DNS
For long-term system monitoring, you must create data collector sets. These sets run automated collections at scheduled times. When you first install a system, it is a good idea to
create a performance baseline for that system. Then as load increases on the system, you can
compare the current load with the baseline to see what has changed. This helps you identify
whether additional resources are required for your systems to provide optimal performance.
For example, when working with DCs, it is a good idea to log performance at peak and nonpeak times. Peak times would be when users log on in the morning or after lunch, and nonpeak times would be periods such as mid-morning or mid-afternoon. To create a performance baseline, you need to take samples of counter values for 30 to 45 minutes for at least a week during peak, low, and normal operations. The general steps for creating a baseline include:
1. Identify resources to track.
2. Capture data at specific times.
3. Store the captured data for long-term access.


Important: Performance monitoring affects performance
Taking performance snapshots also affects system performance. The object with the worst
impact on performance is the logical disk object, especially if logical disk counters are
enabled. However, because this affects snapshots at any time, even with major loads on the
server, the baseline is still valid.


 You can create custom collector sets, but with Windows Server 2008 R2, use the default
templates that are added when the server role is installed. For example, to create a baseline
for a DC, simply create a user-defined data collector set that is based on the Active Directory
Diagnostics template and run it on a regular basis.
Then, when you are ready to view the results of your collection, you can rely on the
Reports section of the Windows Reliability And Performance node. Right-click the collector
set for which you want to view the report (either User Defined or System) and click Latest
Report. This generates the report if it isn’t already available and provides extensive information on the status of your DC. (See Figure 13-12.)