Working with Microsoft Windows 2000's Performance Monitor

Do you know what's going on inside your server? Is it running at peak performance? In this Daily Drill Down, Troy Thompson introduces you to Windows 2000's Performance Monitor.

In the Daily Drill Down entitled “Understanding NT's Performance Monitor,” I looked at Windows NT’s Performance Monitor and showed you how to use it to track your server’s performance. In this article, I’ll look at Microsoft Windows 2000’s Performance Monitor. It now runs under the Microsoft Management Console and has a different look and feel.

Why use Performance Monitor?
Monitoring your server’s performance is an important part of maintaining and administering your Windows 2000 installation. Performance data can help you understand your workload and the effect it has on your system’s resources. You can observe changes and trends over time, which will help you plan for future upgrades. Some counters in Performance Monitor will help you diagnose problems and target components or processes for optimization.

Using Performance Monitor
To start Performance Monitor, go to Start | Programs | Administrative Tools | Performance Monitor. Windows 2000 uses the Microsoft Management Console (MMC) to administer Performance Monitor, as shown in Figure A, so the screen has a different look than it does in Windows NT.

Figure A
Windows 2000’s Performance Monitor runs under the Microsoft Management Console.

You should configure the performance logs and alerts to report data for the counters at regular intervals. The logs should be retained over an extended period of time. A database can use this data to perform queries.

To get a good snapshot of your server’s performance, you should take the following actions:
  • Disable any screensaver program that is running on the server.
  • Stop any services that are not essential.
  • Increase the size of the paging file to the total amount of RAM plus 100 Mb.

Performance Monitor itself can create unnecessary overhead. You should not run Performance Monitor in Graph view all of the time. Monitoring too many counters at once or sampling at intervals less than three seconds apart can degrade system performance. It’s also a good idea to log your information to a disk other than the one you’re monitoring.

Performance objects and counters
Windows 2000 gathers performance data from components in your computer. A performance object is usually named for the component that generates the data. Some of the objects you will typically monitor are cache, memory, paging file, process, processor, server, and system. Some software applications, such as SQL Server, add additional objects that can be monitored.

Each object has multiple counters that represent data on specific aspects of a system. For information about a specific counter, click Explain in the Add Counters dialog box. While Performance Monitor has many different counters that you can monitor, you should monitor the activity of the following components first:
  • Memory
  • Processors
  • Disk
  • Network

While in the Performance Monitor application, click the plus (+) sign in the right-hand pane to add a performance counter. When you do, you’ll see the screen shown in Figure B.

Figure B
You can easily add performance counters.

At a minimum, you should start monitoring the following objects:

  • Available bytes
  • Cache bytes
  • Pages/sec
  • Page Reads/sec

  • % Processor Time (all instances)
  • Interrupts/sec

  • Physical Disk\Avg. Disk Queue Length (all instances)
  • Physical Disk\Disk Reads/sec
  • Physical Disk\Disk Writes/sec

  • Network Segment\% Net Utilization
  • Network Interface\Bytes Total/sec
  • Network Interface\Packets/sec
  • Server\Bytes Total/sec

  • Paging File\% Usage Object (all instances)
  • Cache\Data Map Hits %
  • Server\System\Processor Queue Length (all instances)
Some network counters require that you install the Network Monitor driver for Network Monitor in order to use them.
Some of the counters listed here may not be available on your computer because a necessary service has not been installed or you have not activated the counters. For instance, in order to capture logical-disk counter data, you must type diskperf –yv at the command prompt, which allows the disk performance statistics driver to report data for logical drives.

After you’ve selected your counters and start tracking events, you can watch Performance Monitor track the counters and draw a graph representing them. A graph of performance data may look like Figure C.

Figure C
Performance Monitor displays a graph of the activity.

Establishing a baseline
A baseline is a performance level that you determine to be acceptable. You should monitor your server over a period of time during normal work conditions to begin creating your baseline. Once you gather the data, you can analyze it to determine where there might be problems or bottlenecks. Microsoft has outlined some recommended baselines for different counters. The ones below will give you a good start for creating a baseline that meets your needs.
  • Disk—Physical Disk\% Disk Time: 90%
  • Disk—Physical Disk\Disk Reads/sec, Physical Disk\Disk Writes/sec: Depends on manufacturer's specifications (Check the specified transfer rate for your disks to verify that this rate doesn't exceed the specifications. In general, Ultra Wide SCSI disks can handle 50 I/O operations per second.)
  • Disk—Physical Disk\Current Disk Queue Length: Number of spindles plus 2 (This is an instantaneous counter; observe its value over several intervals. For an average over time, use Physical Disk\Avg. Disk Queue Length.)
  • Memory—Memory\Available Bytes: Less than 4 MB (Research memory usage and add memory if needed.)
  • Memory—Memory\Pages/sec: 20 (Research the paging activity.)
  • Network—Network Segment\% Net Utilization: Depends on the type of network (You must determine the threshold based on the type of network you are running. For Ethernet networks, 30% is the recommended threshold.)
  • Paging File—Paging File\% Usage: 99% (Review this value in conjunction with Available Bytes and Pages/sec to understand paging activity on your computer.)
  • Processor—Processor\% Processor Time: 85% (Find the process that is using a high percentage of processor time. Upgrade to a faster processor or install an additional processor.)
  • Processor—Processor\Interrupts/sec: Depends on the processor (A dramatic increase in this counter value without a corresponding increase in system activity indicates a hardware problem. Identify the network adapter that’s causing the interrupts.)
  • Server—Server\Bytes Total/sec: If the sum of Bytes Total/sec for all servers is roughly equal to the maximum transfer rates of your network, you may need to segment the network.
  • Server—Server\Pool Paged Peak: Amount of physical RAM (This value is an indicator of the maximum paging file size and the amount of physical memory.)
  • Server—Server Work Queues\Queue Length: 4 (If the value reaches this threshold, there may be a processor bottleneck. This is an instantaneous counter; observe its value over several intervals.)
  • Multiple Processors—System\Processor Queue Length: 2 (This is also an instantaneous counter; observe its value over several intervals.)

Addressing performance problems identified by Performance Monitor
Performance Monitor can help you identify performance problems and allow you to analyze the data. If your servers’ resources are insufficient, you may need to upgrade components such as RAM, hard disks, paging files, etc. It may also be necessary to balance workloads among resources. Some programs monopolize a resource and won’t allow other programs to use it. Those programs may need to be reconfigured or rewritten. The premier problem that your server will experience is a lack of memory.

It’s important that you approach any performance problem systematically. Make only one change at a time. If you make too many changes at once, it may be impossible to accurately assess the impact of each change. Many performance problems generate errors that you can display using Event Viewer.

After you make a change, you should resume monitoring and compare the before and after data to determine if the change made an impact on the problem. If you think that performance problems may be due to network components, you can compare the performance of applications run over the network with the performance of locally run applications.

The type of performance problems you are having determines the type of corrective action you should take. Let’s look at some problems and common performance tweaks you can make.
  • You can correct disk problems by installing additional drives or upgrading to faster drives.
  • Use Windows 2000 Distributed File System (DFS) to balance the workload.
  • Run disk defragmenters to optimize your disk space.
  • Overcome memory problems by increasing physical memory, increasing the page file size, or creating multiple paging files.
  • Add or upgrade processors to improve performance.
  • Network problems can be the result of unneeded protocols. Remove protocols that are not used and be sure to place the protocol used most frequently at the top of the binding list.
  • Use a 32-bit adapter instead of a 16-bit adapter for a significant increase in network performance.

Troubleshooting Performance Monitor
In this section, I’ll discuss some of the common problems you may experience and some solutions and explanations.

If you set up a counter but receive no data, you should check to see if the counter’s associated DLL file has been deleted. Performance Monitor will not detect if the counter has been deleted once it is in use, but it will continue to report the counter data as zeros.

A counter may also report zeros if you do not have the appropriate permissions with which to monitor the computer. You’ll get an error message when you attempt to set up the counter, but if you ignore the message, it will allow you to proceed.

You may notice gaps in your line graphs if the processing activity on a system becomes too heavy. The graphing will resume when adequate resources are available. The graph is also limited to 100 samples, so all values recorded in a log may not appear in the Graph view.

If Task Manager shows that a process is running but is still not reporting data, you can use the Exctrlst.exe utility on the Windows 2000 Resource Kit companion CD to verify that the counter DLL is enabled.

To monitor a 16-bit application, you must monitor the application via the NTVDM process. Only 32-bit processes appear in the Instances list. If you plan to use Microsoft Excel to analyze the log files, you will have to stop the performance logs and alerts because Excel requires exclusive access to the log files.

The look and feel of Windows 2000 Performance Monitor separates it from the Windows NT Performance Monitor. Both programs use a set of objects and counters to help measure the performance of your computer. You can still find the Windows NT 4.0 version of Performance Monitor (Perfomon4.exe) on the Windows 2000 Resource Kit, but in most cases you’ll want to use the MMC version of Performance Monitor native to Windows 2000. In this Daily Drill Down, I’ve pointed out the differences between the two versions and shown you the advantages of using the MMC version.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

Editor's Picks