Freigeben über


Hey Admins! Let's explore Vista together. (Part 1)

 

Okay so let's look at some things in Vista from a sys-admin perspective that are good to know when your troubleshooting issues on your client's machines.  Your client could be your user base, your family, or yourself. 

Guided Help

You're Dad calls, he wants all the icons on the desktop to go away.  You could either waste your time trying to talk him through it or teach him how to fish...  If you haven't seen guided help, it's one of the WOW moments of Vista.  More and more guided help will be showing up which will help you fend off the masses with the easy questions, like finding a printer, etc.

1) Open Help and Support

2) Click Options|Settings and select "Include Windows Online Help and Support when you search for help"

3) Type in "icons guided help"

4) Click show me step-by-step and say "WOW"

 

Reliability Monitor

Start here when your Mom say's "I didn't do anything it just stopped working".  Just type perfmon in the start menu and click

"Reliability Monitor".

Mom, you didn't do anything?  Why must you lie to me, you know you're not qualified to run leakdiag.exe...

 

 

Slow bootup or shutdown issues?

Not to worry, we have that built in too now.  Just open eventvwr and browse to this event collection:  Applications and Services Log -> Microsoft -> Windows -> Diagnostics-Performance -> Operational.  Here you'll find some diagnostic logging that can help determine why you're system is taking a long time to boot or shutdown.  it also shows general performance issues that can help you speed up your system.

Log Name: Microsoft-Windows-Diagnostics-Performance/Operational
Source: Microsoft-Windows-Diagnostics-Performance
Date: 4/9/2007 1:09:52 PM
Event ID: 101
Task Category: Boot Performance Monitoring
Level: Warning
Keywords: Event Log
User: LOCAL SERVICE
Computer: Brad-DC-01
Description:
This application took longer than usual to start up, resulting in a performance degradation in the system startup process:
File Name : Start++.exe
Friendly Name : Start++
Version : 0.0.4.6
Total Time : 21494ms
Degradation Time : 16494ms
Incident Time (UTC) : 4/9/2007 8:06:00 PM

Data Collection Sets

You know how jazzed I am about SPA for Windows 2003, yes it is a wonderful thing and has saved me a lot of pain tracking down the user(s) that is slamming my server.  Well in Vista/LH we now have that functionality built in.  It also lives under perfmon.  Say you have a users system that is acting sluggish well click on the "system performance" setting under "data collection sets" and click the play button.  Repro.  Click stop.   Now you'll have a report with all your performance data during that period.  This is good for any type of resource issue from the CPU to the network.

The new Task Scheduler

Last topic for today.  The new beefed up task scheduler is quite handy now.  Gone are the days of AT jobs, hello robust functionality!  This is an area you'll want to explore on your own but I thought I'd give an example of how to attach a task to an event. 

What if we wanted to take an action when this event came in?

Log Name: System
Source: Tcpip
Date: 4/13/2007 1:44:41 PM
Event ID: 4226
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: brad-dc-01
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Just alt-click that event and select "Attach task to this event".   Fill in the details, point to your script that has the task you want to be performed (netstat, netmon, netstat, etc) and you're done!

Comments

  • Anonymous
    January 01, 2003
    Background: In an earlier post I talked about some new features for Windows 2008 and Vista.  One

  • Anonymous
    January 01, 2003
    Hi Paul, run chkdsk from an elevated (alt-click, then run as administrator) cmd prompt.  You should be able to find the cmd prompt shortcut under accessories in the start menu.

  • Anonymous
    January 01, 2003
    Ray, you need to see if there is a dmp file under c:windows.  If ther crash is a stop 0x80, that is a hardware failure and you need to contact the vendor who made the hardware.   It's called a 'machine check': http://msdn.microsoft.com/en-us/library/ff559250(VS.85).aspx

  • Anonymous
    January 01, 2003
    Performance Analysis of Logs (PAL) tool Project Description: Ever have a performance problem, but don't

  • Anonymous
    January 01, 2003
    Hi Lew, There should be an option in your BIOS to turn off this prompting about your HDD going to fail.  Look for something along the lines of SMART capability. In all likelihood, your drive is going to fail, so back it up and get it replaced!

  • Anonymous
    January 01, 2003
    I know this is a Vista article but feel that it also applies to Windows 7. We would like to use the performance data collected in the Event Log with regards to  Bootup Time to benchmark our computers during build testing. You discuss this in the section “Slow bootup or shutdown issues?”. We were told by Microsoft that this data is not collected all the time and is only collected in the event of slow response. Is there a registry key that we can lower the threshold so that it will collect the data all the time during our testing process?

  • Anonymous
    January 01, 2003
    I'll post something shortly for SPA for sure.

  • Anonymous
    April 14, 2007
    Hey Brad great blog! I saw this post then had to read all your others some very cool stuff in there! One thing you say "SPA for Windows 2003" whats SPA??

  • Anonymous
    April 14, 2007
    doh! should have googled that one.. checking it out now! But I love the switch to turn on netlogon logging using nltest!!

  • Anonymous
    May 08, 2007
    Hello! Great site! I've found a lot information here. I don't know how to thank you. I hope you'll be writing more and more. Thank you again. Bye.

  • Anonymous
    May 09, 2007
    Hello! Very interesting. Thank you.

  • Anonymous
    May 09, 2007
    Hello! Very interesting. Thank you.

  • Anonymous
    June 14, 2008
    I wanted to find out how to fix the microsoft-windows-diagnostics-performance/operational (event ID 100)boot performance montoring problem.  Can you offer a suggestion, please? Thank you for your time!!

  • Anonymous
    June 27, 2008
    I have the same problem as Joel...My computer also continually freezes when on the Internet...usually when I am trying to access a link on a site.  What's up with that...please be advised I am not computer literate in terms of the lingo.

  • Anonymous
    January 13, 2009
    I have a problem, i get a notice on my screen every now and again saying that the Hard Disk has predicted it will fail but everything is working fine and when i checked computer management the report goes like this,Logname:system Source Disk logged:13/01/2009 12:43:21 Event ID:52 Task category:none Level:Warning Keywords:Classic User N/A Computer: me-pc OpCode: I am not very savvy with computers but trying to learn. I get a notice on my screen every once in a while since yesterday afternoon saying that the Hard Disk predicted imminent failure so i backed up my files and it is now about 01;30 in the morning and everything works fine. I was wondering, is it possible that it might not be as catastrophic as windows says it is and maybe i don't have to replace the Hard Drive just yet? I was also wondering, is it possible to replace the internal Hard  Drive with an external one? I am using an Acer Aspire 3690 with Vista Basic, Can anyone please advise? Thankyou.

  • Anonymous
    June 13, 2009
    Similar problem to Paul H. only I get message every time I boot up and in normal mode, the hard drive freezes up after a few minutes.  When I start up again same thing happens.  Only way I can keep hard drive running  is in safe mode.  Cannot back anything up in safe mode.  Gateway technician said to reload factore defaults which will wipe installed programs and data files that I cannot back up. Any recommendations?  Lew.

  • Anonymous
    June 13, 2009
    Some additional info to first message.  Error message states- Failure Predicted on Hard Drive 2.  WDC WD3200BEVT-22ZCTD-(S1)            Press F1 to contunue.  

  • Anonymous
    July 20, 2009
    Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  • <System>  <Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{cfc18ec0-96b1-4eba-961b-622caee05b0a}" />  <EventID>103</EventID>  <Version>1</Version>  <Level>3</Level>  <Task>4002</Task>  <Opcode>33</Opcode>  <Keywords>0x8000000000010000</Keywords>  <TimeCreated SystemTime="2009-07-20T07:08:26.257Z" />  <EventRecordID>112</EventRecordID>  <Correlation ActivityID="{00000000-66C8-0000-AB84-7C7C0809CA01}" />  <Execution ProcessID="1516" ThreadID="1976" />  <Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>  <Computer>ROGERS-PC</Computer>  <Security UserID="S-1-5-19" />  </System>
  • <EventData>  <Data Name="StartTime">2009-07-20T07:05:38.640Z</Data>  <Data Name="NameLength">9</Data>  <Data Name="Name">eventlog</Data>  <Data Name="FriendlyNameLength">0</Data>  <Data Name="FriendlyName" />  <Data Name="VersionLength">0</Data>  <Data Name="Version" />  <Data Name="TotalTime">426</Data>  <Data Name="DegradationTime">350</Data>  <Data Name="PathLength">0</Data>  <Data Name="Path" />  <Data Name="ProductNameLength">0</Data>  <Data Name="ProductName" />  <Data Name="CompanyNameLength">0</Data>  <Data Name="CompanyName" />  </EventData>  </Event>
  • Anonymous
    January 28, 2010
    My computer is bluescreen crashing on me, the only parts I have been able to read are that there is a corrupt driver, and then it does a memory dump and shuts down. When I go to the Event Log I can find this critical error. I am unsure if this is actually causing the problem or if it is somehting else. Most of the forums I have found find many people with similar issues and no solutions. Hope you can help! Log Name:      Microsoft-Windows-Diagnostics-Performance/Operational Source:        Microsoft-Windows-Diagnostics-Performance Date:          1/28/2010 6:15:34 PM Event ID:      100 Task Category: Boot Performance Monitoring Level:         Critical Keywords:      Event Log User:          LOCAL SERVICE Computer:      Amy-Foster Description: Windows has started up:     Boot Duration : 153934ms     IsDegradation : false     Incident Time (UTC) : 1/29/2010 12:12:51 AM Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">  <System>    <Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{cfc18ec0-96b1-4eba-961b-622caee05b0a}" />    <EventID>100</EventID>    <Version>1</Version>    <Level>1</Level>    <Task>4002</Task>    <Opcode>34</Opcode>    <Keywords>0x8000000000010000</Keywords>    <TimeCreated SystemTime="2010-01-29T00:15:34.079Z" />    <EventRecordID>3181</EventRecordID>    <Correlation ActivityID="{00000000-A6C8-0000-C999-EBCB77A0CA01}" />    <Execution ProcessID="1968" ThreadID="2572" />    <Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>    <Computer>Amy-Foster</Computer>    <Security UserID="S-1-5-19" />  </System>  <EventData>    <Data Name="BootTsVersion">2</Data>    <Data Name="BootStartTime">2010-01-29T00:12:51.624Z</Data>    <Data Name="BootEndTime">2010-01-29T00:15:28.057Z</Data>    <Data Name="SystemBootInstance">100</Data>    <Data Name="UserBootInstance">91</Data>    <Data Name="BootTime">153934</Data>    <Data Name="MainPathBootTime">70230</Data>    <Data Name="BootKernelInitTime">19</Data>    <Data Name="BootDriverInitTime">1358</Data>    <Data Name="BootDevicesInitTime">5562</Data>    <Data Name="BootPrefetchInitTime">43306</Data>    <Data Name="BootPrefetchBytes">366866432</Data>    <Data Name="BootAutoChkTime">0</Data>    <Data Name="BootSmssInitTime">8843</Data>    <Data Name="BootCriticalServicesInitTime">1292</Data>    <Data Name="BootUserProfileProcessingTime">580</Data>    <Data Name="BootMachineProfileProcessingTime">1082</Data>    <Data Name="BootExplorerInitTime">45427</Data>    <Data Name="BootNumStartupApps">19</Data>    <Data Name="BootPostBootTime">83704</Data>    <Data Name="BootIsRebootAfterInstall">false</Data>    <Data Name="BootRootCauseStepImprovementBits">0</Data>    <Data Name="BootRootCauseGradualImprovementBits">0</Data>    <Data Name="BootRootCauseStepDegradationBits">1024</Data>    <Data Name="BootRootCauseGradualDegradationBits">0</Data>    <Data Name="BootIsDegradation">false</Data>    <Data Name="BootIsStepDegradation">false</Data>    <Data Name="BootIsGradualDegradation">false</Data>    <Data Name="BootImprovementDelta">0</Data>    <Data Name="BootDegradationDelta">0</Data>    <Data Name="BootIsRootCauseIdentified">true</Data>  </EventData> </Event>

  • Anonymous
    March 10, 2010
    I don't understand why I am gettint this Critical error.  I don't know what to do about it.   Nancy Log Name:      Microsoft-Windows-Diagnostics-Performance/Operational Source:        Microsoft-Windows-Diagnostics-Performance Date:          3/10/2010 2:11:40 PM Event ID:      100 Task Category: Boot Performance Monitoring Level:         Critical Keywords:      Event Log User:          LOCAL SERVICE Computer:      Nancy-PC Description: Windows has started up:     Boot Duration : 110633ms     IsDegradation : false     Incident Time (UTC) : 3/10/2010 6:57:46 PM Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">  <System>    <Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{cfc18ec0-96b1-4eba-961b-622caee05b0a}" />    <EventID>100</EventID>    <Version>1</Version>    <Level>1</Level>    <Task>4002</Task>    <Opcode>34</Opcode>    <Keywords>0x8000000000010000</Keywords>    <TimeCreated SystemTime="2010-03-10T19:11:40.460Z" />    <EventRecordID>769</EventRecordID>    <Correlation ActivityID="{00000000-36C8-0000-0B0A-9E9283C0CA01}" />    <Execution ProcessID="1700" ThreadID="284" />    <Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>    <Computer>Nancy-PC</Computer>    <Security UserID="S-1-5-19" />  </System>  <EventData>    <Data Name="BootTsVersion">2</Data>    <Data Name="BootStartTime">2010-03-10T18:57:46.656Z</Data>    <Data Name="BootEndTime">2010-03-10T19:10:43.863Z</Data>    <Data Name="SystemBootInstance">35</Data>    <Data Name="UserBootInstance">31</Data>    <Data Name="BootTime">110633</Data>    <Data Name="MainPathBootTime">41033</Data>    <Data Name="BootKernelInitTime">20</Data>    <Data Name="BootDriverInitTime">3711</Data>    <Data Name="BootDevicesInitTime">9327</Data>    <Data Name="BootPrefetchInitTime">23895</Data>    <Data Name="BootPrefetchBytes">301826048</Data>    <Data Name="BootAutoChkTime">0</Data>    <Data Name="BootSmssInitTime">4926</Data>    <Data Name="BootCriticalServicesInitTime">1157</Data>    <Data Name="BootUserProfileProcessingTime">6114</Data>    <Data Name="BootMachineProfileProcessingTime">533</Data>    <Data Name="BootExplorerInitTime">12447</Data>    <Data Name="BootNumStartupApps">21</Data>    <Data Name="BootPostBootTime">69600</Data>    <Data Name="BootIsRebootAfterInstall">false</Data>    <Data Name="BootRootCauseStepImprovementBits">0</Data>    <Data Name="BootRootCauseGradualImprovementBits">0</Data>    <Data Name="BootRootCauseStepDegradationBits">8388616</Data>    <Data Name="BootRootCauseGradualDegradationBits">0</Data>    <Data Name="BootIsDegradation">false</Data>    <Data Name="BootIsStepDegradation">false</Data>    <Data Name="BootIsGradualDegradation">false</Data>    <Data Name="BootImprovementDelta">0</Data>    <Data Name="BootDegradationDelta">0</Data>    <Data Name="BootIsRootCauseIdentified">true</Data>  </EventData> </Event>

  • Anonymous
    April 05, 2010
    I have the same problem as Amy, when this happen, my computer totally shut off. I don't really have too many problems with the computer other than a slow start up, but this bothered me. I was on a public wifi at the time, if that was part of it.

  • System  - Provider   [ Name]  Microsoft-Windows-Diagnostics-Performance   [ Guid]  {cfc18ec0-96b1-4eba-961b-622caee05b0a}   EventID 100   Version 1   Level 1   Task 4002   Opcode 34   Keywords 0x8000000000010000  - TimeCreated   [ SystemTime]  2010-04-05T19:47:34.766Z   EventRecordID 2859  - Correlation   [ ActivityID]  {00000000-86C8-0000-2E9C-DB50F8D4CA01}  - Execution   [ ProcessID]  1856   [ ThreadID]  1312   Channel Microsoft-Windows-Diagnostics-Performance/Operational   Computer APRIL-PC  - Security   [ UserID]  S-1-5-19
  • EventData  BootTsVersion 2  BootStartTime 2010-04-05T19:43:50.702Z  BootEndTime 2010-04-05T19:47:11.990Z  SystemBootInstance 103  UserBootInstance 91  BootTime 156487  MainPathBootTime 127716  BootKernelInitTime 25  BootDriverInitTime 13982  BootDevicesInitTime 6499  BootPrefetchInitTime 59076  BootPrefetchBytes 471920640  BootAutoChkTime 0  BootSmssInitTime 10780  BootCriticalServicesInitTime 3085  BootUserProfileProcessingTime 25303  BootMachineProfileProcessingTime 1088  BootExplorerInitTime 63718  BootNumStartupApps 14  BootPostBootTime 28771  BootIsRebootAfterInstall false  BootRootCauseStepImprovementBits 0  BootRootCauseGradualImprovementBits 0  BootRootCauseStepDegradationBits 0  BootRootCauseGradualDegradationBits 0  BootIsDegradation false  BootIsStepDegradation false  BootIsGradualDegradation false  BootImprovementDelta 0  BootDegradationDelta 0  BootIsRootCauseIdentified false
  • Anonymous
    April 20, 2010
    Hi, I have a very similar problem with a few of the people above. Although, I've really not had any Blue screens or serious slow startup times as of yet. It is, however, getting a bit slower day after day and all I can find is this Critical Error in my Event Log. Windows Help seems to have no clue (Big surprise) as to what to do. Hoping an expert might have some ideas, thx!
  • System  - Provider   [ Name]  Microsoft-Windows-Diagnostics-Performance   [ Guid]  {CFC18EC0-96B1-4EBA-961B-622CAEE05B0A}   EventID 100   Version 2   Level 1   Task 4002   Opcode 34   Keywords 0x8000000000010000  - TimeCreated   [ SystemTime]  2010-04-20T21:51:05.036095000Z   EventRecordID 2004  - Correlation   [ ActivityID]  {00000100-0000-0001-6725-4442D3E0CA01}  - Execution   [ ProcessID]  1716   [ ThreadID]  4948   Channel Microsoft-Windows-Diagnostics-Performance/Operational   Computer Zack  + Security   [ UserID]  S-1-5-19
  • EventData  BootTsVersion 2  BootStartTime 2010-04-20T21:48:48.796400500Z  BootEndTime 2010-04-20T21:51:01.916089700Z  SystemBootInstance 111  UserBootInstance 106  BootTime 127406  MainPathBootTime 40490  BootKernelInitTime 32  BootDriverInitTime 8901  BootDevicesInitTime 6247  BootPrefetchInitTime 33685  BootPrefetchBytes 381489152  BootAutoChkTime 0  BootSmssInitTime 5363  BootCriticalServicesInitTime 1873  BootUserProfileProcessingTime 1100  BootMachineProfileProcessingTime 3  BootExplorerInitTime 14440  BootNumStartupApps 14  BootPostBootTime 86916  BootIsRebootAfterInstall false  BootRootCauseStepImprovementBits 0  BootRootCauseGradualImprovementBits 0  BootRootCauseStepDegradationBits 0  BootRootCauseGradualDegradationBits 0  BootIsDegradation false  BootIsStepDegradation false  BootIsGradualDegradation false  BootImprovementDelta 0  BootDegradationDelta 0  BootIsRootCauseIdentified false  OSLoaderDuration 3854  BootPNPInitStartTimeMS 32  BootPNPInitDuration 6277  OtherKernelInitDuration 2358  SystemPNPInitStartTimeMS 8600  SystemPNPInitDuration 8870  SessionInitStartTimeMS 17506  Session0InitDuration 2601  Session1InitDuration 1185  SessionInitOtherDuration 1575  WinLogonStartTimeMS 22869  OtherLogonInitActivityDuration 2076  UserLogonWaitDuration 6632
  • Anonymous
    April 21, 2010
    Could someone please explain to me what I should do to prevent my computer from crashing-  see the below. Thanks, Ray Log Name:      Microsoft-Windows-Diagnostics-Performance/Operational Source:        Microsoft-Windows-Diagnostics-Performance Date:          4/20/2010 10:41:21 PM Event ID:      100 Task Category: Boot Performance Monitoring Level:         Critical Keywords:      Event Log User:          LOCAL SERVICE Computer:      Home-PC Description: Windows has started up:     Boot Duration : 187894ms     IsDegradation : false     Incident Time (UTC) : 4/21/2010 2:37:51 AM Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">  <System>    <Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{cfc18ec0-96b1-4eba-961b-622caee05b0a}" />    <EventID>100</EventID>    <Version>1</Version>    <Level>1</Level>    <Task>4002</Task>    <Opcode>34</Opcode>    <Keywords>0x8000000000010000</Keywords>    <TimeCreated SystemTime="2010-04-21T02:41:21.205Z" />    <EventRecordID>3093</EventRecordID>    <Correlation ActivityID="{00000000-A6C8-0000-8B82-6AA3FBE0CA01}" />    <Execution ProcessID="1844" ThreadID="588" />    <Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>    <Computer>Home-PC</Computer>    <Security UserID="S-1-5-19" />  </System>  <EventData>    <Data Name="BootTsVersion">2</Data>    <Data Name="BootStartTime">2010-04-21T02:37:51.656Z</Data>    <Data Name="BootEndTime">2010-04-21T02:41:12.250Z</Data>    <Data Name="SystemBootInstance">364</Data>    <Data Name="UserBootInstance">337</Data>    <Data Name="BootTime">187894</Data>    <Data Name="MainPathBootTime">95360</Data>    <Data Name="BootKernelInitTime">18</Data>    <Data Name="BootDriverInitTime">5119</Data>    <Data Name="BootDevicesInitTime">13671</Data>    <Data Name="BootPrefetchInitTime">41807</Data>    <Data Name="BootPrefetchBytes">471351296</Data>    <Data Name="BootAutoChkTime">0</Data>    <Data Name="BootSmssInitTime">58505</Data>    <Data Name="BootCriticalServicesInitTime">1879</Data>    <Data Name="BootUserProfileProcessingTime">1822</Data>    <Data Name="BootMachineProfileProcessingTime">177</Data>    <Data Name="BootExplorerInitTime">8015</Data>    <Data Name="BootNumStartupApps">19</Data>    <Data Name="BootPostBootTime">92534</Data>    <Data Name="BootIsRebootAfterInstall">false</Data>    <Data Name="BootRootCauseStepImprovementBits">0</Data>    <Data Name="BootRootCauseGradualImprovementBits">0</Data>    <Data Name="BootRootCauseStepDegradationBits">0</Data>    <Data Name="BootRootCauseGradualDegradationBits">0</Data>    <Data Name="BootIsDegradation">false</Data>    <Data Name="BootIsStepDegradation">false</Data>    <Data Name="BootIsGradualDegradation">false</Data>    <Data Name="BootImprovementDelta">0</Data>    <Data Name="BootDegradationDelta">0</Data>    <Data Name="BootIsRootCauseIdentified">false</Data>  </EventData> </Event>

  • Anonymous
    April 24, 2010
    微軟產品: Windows操作系統;版本: 6.0.6001.18000;識別碼: 102;事件來源: 微軟 Windows的診斷,性能;