Hey Admins! Let's explore Vista together. (Part 1)
Okay so let's look at some things in Vista from a sys-admin perspective that are good to know when your troubleshooting issues on your client's machines. Your client could be your user base, your family, or yourself.
Guided Help
You're Dad calls, he wants all the icons on the desktop to go away. You could either waste your time trying to talk him through it or teach him how to fish... If you haven't seen guided help, it's one of the WOW moments of Vista. More and more guided help will be showing up which will help you fend off the masses with the easy questions, like finding a printer, etc.
1) Open Help and Support
2) Click Options|Settings and select "Include Windows Online Help and Support when you search for help"
3) Type in "icons guided help"
4) Click show me step-by-step and say "WOW"
Reliability Monitor
Start here when your Mom say's "I didn't do anything it just stopped working". Just type perfmon in the start menu and click
"Reliability Monitor".
Mom, you didn't do anything? Why must you lie to me, you know you're not qualified to run leakdiag.exe...
Slow bootup or shutdown issues?
Not to worry, we have that built in too now. Just open eventvwr and browse to this event collection: Applications and Services Log -> Microsoft -> Windows -> Diagnostics-Performance -> Operational. Here you'll find some diagnostic logging that can help determine why you're system is taking a long time to boot or shutdown. it also shows general performance issues that can help you speed up your system.
Log Name: Microsoft-Windows-Diagnostics-Performance/Operational
Source: Microsoft-Windows-Diagnostics-Performance
Date: 4/9/2007 1:09:52 PM
Event ID: 101
Task Category: Boot Performance Monitoring
Level: Warning
Keywords: Event Log
User: LOCAL SERVICE
Computer: Brad-DC-01
Description:
This application took longer than usual to start up, resulting in a performance degradation in the system startup process:
File Name : Start++.exe
Friendly Name : Start++
Version : 0.0.4.6
Total Time : 21494ms
Degradation Time : 16494ms
Incident Time (UTC) : 4/9/2007 8:06:00 PM
Data Collection Sets
You know how jazzed I am about SPA for Windows 2003, yes it is a wonderful thing and has saved me a lot of pain tracking down the user(s) that is slamming my server. Well in Vista/LH we now have that functionality built in. It also lives under perfmon. Say you have a users system that is acting sluggish well click on the "system performance" setting under "data collection sets" and click the play button. Repro. Click stop. Now you'll have a report with all your performance data during that period. This is good for any type of resource issue from the CPU to the network.
The new Task Scheduler
Last topic for today. The new beefed up task scheduler is quite handy now. Gone are the days of AT jobs, hello robust functionality! This is an area you'll want to explore on your own but I thought I'd give an example of how to attach a task to an event.
What if we wanted to take an action when this event came in?
Log Name: System
Source: Tcpip
Date: 4/13/2007 1:44:41 PM
Event ID: 4226
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: brad-dc-01
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Just alt-click that event and select "Attach task to this event". Fill in the details, point to your script that has the task you want to be performed (netstat, netmon, netstat, etc) and you're done!
Comments
Anonymous
January 01, 2003
Background: In an earlier post I talked about some new features for Windows 2008 and Vista.  OneAnonymous
January 01, 2003
Hi Paul, run chkdsk from an elevated (alt-click, then run as administrator) cmd prompt. You should be able to find the cmd prompt shortcut under accessories in the start menu.Anonymous
January 01, 2003
Ray, you need to see if there is a dmp file under c:windows. If ther crash is a stop 0x80, that is a hardware failure and you need to contact the vendor who made the hardware. It's called a 'machine check': http://msdn.microsoft.com/en-us/library/ff559250(VS.85).aspxAnonymous
January 01, 2003
Performance Analysis of Logs (PAL) tool Project Description: Ever have a performance problem, but don'tAnonymous
January 01, 2003
Hi Lew, There should be an option in your BIOS to turn off this prompting about your HDD going to fail. Look for something along the lines of SMART capability. In all likelihood, your drive is going to fail, so back it up and get it replaced!Anonymous
January 01, 2003
I know this is a Vista article but feel that it also applies to Windows 7. We would like to use the performance data collected in the Event Log with regards to Bootup Time to benchmark our computers during build testing. You discuss this in the section “Slow bootup or shutdown issues?”. We were told by Microsoft that this data is not collected all the time and is only collected in the event of slow response. Is there a registry key that we can lower the threshold so that it will collect the data all the time during our testing process?Anonymous
January 01, 2003
I'll post something shortly for SPA for sure.Anonymous
April 14, 2007
Hey Brad great blog! I saw this post then had to read all your others some very cool stuff in there! One thing you say "SPA for Windows 2003" whats SPA??Anonymous
April 14, 2007
doh! should have googled that one.. checking it out now! But I love the switch to turn on netlogon logging using nltest!!Anonymous
May 08, 2007
Hello! Great site! I've found a lot information here. I don't know how to thank you. I hope you'll be writing more and more. Thank you again. Bye.Anonymous
May 09, 2007
Hello! Very interesting. Thank you.Anonymous
May 09, 2007
Hello! Very interesting. Thank you.Anonymous
June 14, 2008
I wanted to find out how to fix the microsoft-windows-diagnostics-performance/operational (event ID 100)boot performance montoring problem. Can you offer a suggestion, please? Thank you for your time!!Anonymous
June 27, 2008
I have the same problem as Joel...My computer also continually freezes when on the Internet...usually when I am trying to access a link on a site. What's up with that...please be advised I am not computer literate in terms of the lingo.Anonymous
January 13, 2009
I have a problem, i get a notice on my screen every now and again saying that the Hard Disk has predicted it will fail but everything is working fine and when i checked computer management the report goes like this,Logname:system Source Disk logged:13/01/2009 12:43:21 Event ID:52 Task category:none Level:Warning Keywords:Classic User N/A Computer: me-pc OpCode: I am not very savvy with computers but trying to learn. I get a notice on my screen every once in a while since yesterday afternoon saying that the Hard Disk predicted imminent failure so i backed up my files and it is now about 01;30 in the morning and everything works fine. I was wondering, is it possible that it might not be as catastrophic as windows says it is and maybe i don't have to replace the Hard Drive just yet? I was also wondering, is it possible to replace the internal Hard Drive with an external one? I am using an Acer Aspire 3690 with Vista Basic, Can anyone please advise? Thankyou.Anonymous
June 13, 2009
Similar problem to Paul H. only I get message every time I boot up and in normal mode, the hard drive freezes up after a few minutes. When I start up again same thing happens. Only way I can keep hard drive running is in safe mode. Cannot back anything up in safe mode. Gateway technician said to reload factore defaults which will wipe installed programs and data files that I cannot back up. Any recommendations? Lew.Anonymous
June 13, 2009
Some additional info to first message. Error message states- Failure Predicted on Hard Drive 2. WDC WD3200BEVT-22ZCTD-(S1) Press F1 to contunue.Anonymous
July 20, 2009
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System> <Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{cfc18ec0-96b1-4eba-961b-622caee05b0a}" /> <EventID>103</EventID> <Version>1</Version> <Level>3</Level> <Task>4002</Task> <Opcode>33</Opcode> <Keywords>0x8000000000010000</Keywords> <TimeCreated SystemTime="2009-07-20T07:08:26.257Z" /> <EventRecordID>112</EventRecordID> <Correlation ActivityID="{00000000-66C8-0000-AB84-7C7C0809CA01}" /> <Execution ProcessID="1516" ThreadID="1976" /> <Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel> <Computer>ROGERS-PC</Computer> <Security UserID="S-1-5-19" /> </System>
- <EventData> <Data Name="StartTime">2009-07-20T07:05:38.640Z</Data> <Data Name="NameLength">9</Data> <Data Name="Name">eventlog</Data> <Data Name="FriendlyNameLength">0</Data> <Data Name="FriendlyName" /> <Data Name="VersionLength">0</Data> <Data Name="Version" /> <Data Name="TotalTime">426</Data> <Data Name="DegradationTime">350</Data> <Data Name="PathLength">0</Data> <Data Name="Path" /> <Data Name="ProductNameLength">0</Data> <Data Name="ProductName" /> <Data Name="CompanyNameLength">0</Data> <Data Name="CompanyName" /> </EventData> </Event>
Anonymous
January 28, 2010
My computer is bluescreen crashing on me, the only parts I have been able to read are that there is a corrupt driver, and then it does a memory dump and shuts down. When I go to the Event Log I can find this critical error. I am unsure if this is actually causing the problem or if it is somehting else. Most of the forums I have found find many people with similar issues and no solutions. Hope you can help! Log Name: Microsoft-Windows-Diagnostics-Performance/Operational Source: Microsoft-Windows-Diagnostics-Performance Date: 1/28/2010 6:15:34 PM Event ID: 100 Task Category: Boot Performance Monitoring Level: Critical Keywords: Event Log User: LOCAL SERVICE Computer: Amy-Foster Description: Windows has started up: Boot Duration : 153934ms IsDegradation : false Incident Time (UTC) : 1/29/2010 12:12:51 AM Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{cfc18ec0-96b1-4eba-961b-622caee05b0a}" /> <EventID>100</EventID> <Version>1</Version> <Level>1</Level> <Task>4002</Task> <Opcode>34</Opcode> <Keywords>0x8000000000010000</Keywords> <TimeCreated SystemTime="2010-01-29T00:15:34.079Z" /> <EventRecordID>3181</EventRecordID> <Correlation ActivityID="{00000000-A6C8-0000-C999-EBCB77A0CA01}" /> <Execution ProcessID="1968" ThreadID="2572" /> <Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel> <Computer>Amy-Foster</Computer> <Security UserID="S-1-5-19" /> </System> <EventData> <Data Name="BootTsVersion">2</Data> <Data Name="BootStartTime">2010-01-29T00:12:51.624Z</Data> <Data Name="BootEndTime">2010-01-29T00:15:28.057Z</Data> <Data Name="SystemBootInstance">100</Data> <Data Name="UserBootInstance">91</Data> <Data Name="BootTime">153934</Data> <Data Name="MainPathBootTime">70230</Data> <Data Name="BootKernelInitTime">19</Data> <Data Name="BootDriverInitTime">1358</Data> <Data Name="BootDevicesInitTime">5562</Data> <Data Name="BootPrefetchInitTime">43306</Data> <Data Name="BootPrefetchBytes">366866432</Data> <Data Name="BootAutoChkTime">0</Data> <Data Name="BootSmssInitTime">8843</Data> <Data Name="BootCriticalServicesInitTime">1292</Data> <Data Name="BootUserProfileProcessingTime">580</Data> <Data Name="BootMachineProfileProcessingTime">1082</Data> <Data Name="BootExplorerInitTime">45427</Data> <Data Name="BootNumStartupApps">19</Data> <Data Name="BootPostBootTime">83704</Data> <Data Name="BootIsRebootAfterInstall">false</Data> <Data Name="BootRootCauseStepImprovementBits">0</Data> <Data Name="BootRootCauseGradualImprovementBits">0</Data> <Data Name="BootRootCauseStepDegradationBits">1024</Data> <Data Name="BootRootCauseGradualDegradationBits">0</Data> <Data Name="BootIsDegradation">false</Data> <Data Name="BootIsStepDegradation">false</Data> <Data Name="BootIsGradualDegradation">false</Data> <Data Name="BootImprovementDelta">0</Data> <Data Name="BootDegradationDelta">0</Data> <Data Name="BootIsRootCauseIdentified">true</Data> </EventData> </Event>Anonymous
March 10, 2010
I don't understand why I am gettint this Critical error. I don't know what to do about it. Nancy Log Name: Microsoft-Windows-Diagnostics-Performance/Operational Source: Microsoft-Windows-Diagnostics-Performance Date: 3/10/2010 2:11:40 PM Event ID: 100 Task Category: Boot Performance Monitoring Level: Critical Keywords: Event Log User: LOCAL SERVICE Computer: Nancy-PC Description: Windows has started up: Boot Duration : 110633ms IsDegradation : false Incident Time (UTC) : 3/10/2010 6:57:46 PM Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{cfc18ec0-96b1-4eba-961b-622caee05b0a}" /> <EventID>100</EventID> <Version>1</Version> <Level>1</Level> <Task>4002</Task> <Opcode>34</Opcode> <Keywords>0x8000000000010000</Keywords> <TimeCreated SystemTime="2010-03-10T19:11:40.460Z" /> <EventRecordID>769</EventRecordID> <Correlation ActivityID="{00000000-36C8-0000-0B0A-9E9283C0CA01}" /> <Execution ProcessID="1700" ThreadID="284" /> <Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel> <Computer>Nancy-PC</Computer> <Security UserID="S-1-5-19" /> </System> <EventData> <Data Name="BootTsVersion">2</Data> <Data Name="BootStartTime">2010-03-10T18:57:46.656Z</Data> <Data Name="BootEndTime">2010-03-10T19:10:43.863Z</Data> <Data Name="SystemBootInstance">35</Data> <Data Name="UserBootInstance">31</Data> <Data Name="BootTime">110633</Data> <Data Name="MainPathBootTime">41033</Data> <Data Name="BootKernelInitTime">20</Data> <Data Name="BootDriverInitTime">3711</Data> <Data Name="BootDevicesInitTime">9327</Data> <Data Name="BootPrefetchInitTime">23895</Data> <Data Name="BootPrefetchBytes">301826048</Data> <Data Name="BootAutoChkTime">0</Data> <Data Name="BootSmssInitTime">4926</Data> <Data Name="BootCriticalServicesInitTime">1157</Data> <Data Name="BootUserProfileProcessingTime">6114</Data> <Data Name="BootMachineProfileProcessingTime">533</Data> <Data Name="BootExplorerInitTime">12447</Data> <Data Name="BootNumStartupApps">21</Data> <Data Name="BootPostBootTime">69600</Data> <Data Name="BootIsRebootAfterInstall">false</Data> <Data Name="BootRootCauseStepImprovementBits">0</Data> <Data Name="BootRootCauseGradualImprovementBits">0</Data> <Data Name="BootRootCauseStepDegradationBits">8388616</Data> <Data Name="BootRootCauseGradualDegradationBits">0</Data> <Data Name="BootIsDegradation">false</Data> <Data Name="BootIsStepDegradation">false</Data> <Data Name="BootIsGradualDegradation">false</Data> <Data Name="BootImprovementDelta">0</Data> <Data Name="BootDegradationDelta">0</Data> <Data Name="BootIsRootCauseIdentified">true</Data> </EventData> </Event>Anonymous
April 05, 2010
I have the same problem as Amy, when this happen, my computer totally shut off. I don't really have too many problems with the computer other than a slow start up, but this bothered me. I was on a public wifi at the time, if that was part of it.
- System - Provider [ Name] Microsoft-Windows-Diagnostics-Performance [ Guid] {cfc18ec0-96b1-4eba-961b-622caee05b0a} EventID 100 Version 1 Level 1 Task 4002 Opcode 34 Keywords 0x8000000000010000 - TimeCreated [ SystemTime] 2010-04-05T19:47:34.766Z EventRecordID 2859 - Correlation [ ActivityID] {00000000-86C8-0000-2E9C-DB50F8D4CA01} - Execution [ ProcessID] 1856 [ ThreadID] 1312 Channel Microsoft-Windows-Diagnostics-Performance/Operational Computer APRIL-PC - Security [ UserID] S-1-5-19
- EventData BootTsVersion 2 BootStartTime 2010-04-05T19:43:50.702Z BootEndTime 2010-04-05T19:47:11.990Z SystemBootInstance 103 UserBootInstance 91 BootTime 156487 MainPathBootTime 127716 BootKernelInitTime 25 BootDriverInitTime 13982 BootDevicesInitTime 6499 BootPrefetchInitTime 59076 BootPrefetchBytes 471920640 BootAutoChkTime 0 BootSmssInitTime 10780 BootCriticalServicesInitTime 3085 BootUserProfileProcessingTime 25303 BootMachineProfileProcessingTime 1088 BootExplorerInitTime 63718 BootNumStartupApps 14 BootPostBootTime 28771 BootIsRebootAfterInstall false BootRootCauseStepImprovementBits 0 BootRootCauseGradualImprovementBits 0 BootRootCauseStepDegradationBits 0 BootRootCauseGradualDegradationBits 0 BootIsDegradation false BootIsStepDegradation false BootIsGradualDegradation false BootImprovementDelta 0 BootDegradationDelta 0 BootIsRootCauseIdentified false
- Anonymous
April 20, 2010
Hi, I have a very similar problem with a few of the people above. Although, I've really not had any Blue screens or serious slow startup times as of yet. It is, however, getting a bit slower day after day and all I can find is this Critical Error in my Event Log. Windows Help seems to have no clue (Big surprise) as to what to do. Hoping an expert might have some ideas, thx!
- System - Provider [ Name] Microsoft-Windows-Diagnostics-Performance [ Guid] {CFC18EC0-96B1-4EBA-961B-622CAEE05B0A} EventID 100 Version 2 Level 1 Task 4002 Opcode 34 Keywords 0x8000000000010000 - TimeCreated [ SystemTime] 2010-04-20T21:51:05.036095000Z EventRecordID 2004 - Correlation [ ActivityID] {00000100-0000-0001-6725-4442D3E0CA01} - Execution [ ProcessID] 1716 [ ThreadID] 4948 Channel Microsoft-Windows-Diagnostics-Performance/Operational Computer Zack + Security [ UserID] S-1-5-19
- EventData BootTsVersion 2 BootStartTime 2010-04-20T21:48:48.796400500Z BootEndTime 2010-04-20T21:51:01.916089700Z SystemBootInstance 111 UserBootInstance 106 BootTime 127406 MainPathBootTime 40490 BootKernelInitTime 32 BootDriverInitTime 8901 BootDevicesInitTime 6247 BootPrefetchInitTime 33685 BootPrefetchBytes 381489152 BootAutoChkTime 0 BootSmssInitTime 5363 BootCriticalServicesInitTime 1873 BootUserProfileProcessingTime 1100 BootMachineProfileProcessingTime 3 BootExplorerInitTime 14440 BootNumStartupApps 14 BootPostBootTime 86916 BootIsRebootAfterInstall false BootRootCauseStepImprovementBits 0 BootRootCauseGradualImprovementBits 0 BootRootCauseStepDegradationBits 0 BootRootCauseGradualDegradationBits 0 BootIsDegradation false BootIsStepDegradation false BootIsGradualDegradation false BootImprovementDelta 0 BootDegradationDelta 0 BootIsRootCauseIdentified false OSLoaderDuration 3854 BootPNPInitStartTimeMS 32 BootPNPInitDuration 6277 OtherKernelInitDuration 2358 SystemPNPInitStartTimeMS 8600 SystemPNPInitDuration 8870 SessionInitStartTimeMS 17506 Session0InitDuration 2601 Session1InitDuration 1185 SessionInitOtherDuration 1575 WinLogonStartTimeMS 22869 OtherLogonInitActivityDuration 2076 UserLogonWaitDuration 6632
Anonymous
April 21, 2010
Could someone please explain to me what I should do to prevent my computer from crashing- see the below. Thanks, Ray Log Name: Microsoft-Windows-Diagnostics-Performance/Operational Source: Microsoft-Windows-Diagnostics-Performance Date: 4/20/2010 10:41:21 PM Event ID: 100 Task Category: Boot Performance Monitoring Level: Critical Keywords: Event Log User: LOCAL SERVICE Computer: Home-PC Description: Windows has started up: Boot Duration : 187894ms IsDegradation : false Incident Time (UTC) : 4/21/2010 2:37:51 AM Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{cfc18ec0-96b1-4eba-961b-622caee05b0a}" /> <EventID>100</EventID> <Version>1</Version> <Level>1</Level> <Task>4002</Task> <Opcode>34</Opcode> <Keywords>0x8000000000010000</Keywords> <TimeCreated SystemTime="2010-04-21T02:41:21.205Z" /> <EventRecordID>3093</EventRecordID> <Correlation ActivityID="{00000000-A6C8-0000-8B82-6AA3FBE0CA01}" /> <Execution ProcessID="1844" ThreadID="588" /> <Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel> <Computer>Home-PC</Computer> <Security UserID="S-1-5-19" /> </System> <EventData> <Data Name="BootTsVersion">2</Data> <Data Name="BootStartTime">2010-04-21T02:37:51.656Z</Data> <Data Name="BootEndTime">2010-04-21T02:41:12.250Z</Data> <Data Name="SystemBootInstance">364</Data> <Data Name="UserBootInstance">337</Data> <Data Name="BootTime">187894</Data> <Data Name="MainPathBootTime">95360</Data> <Data Name="BootKernelInitTime">18</Data> <Data Name="BootDriverInitTime">5119</Data> <Data Name="BootDevicesInitTime">13671</Data> <Data Name="BootPrefetchInitTime">41807</Data> <Data Name="BootPrefetchBytes">471351296</Data> <Data Name="BootAutoChkTime">0</Data> <Data Name="BootSmssInitTime">58505</Data> <Data Name="BootCriticalServicesInitTime">1879</Data> <Data Name="BootUserProfileProcessingTime">1822</Data> <Data Name="BootMachineProfileProcessingTime">177</Data> <Data Name="BootExplorerInitTime">8015</Data> <Data Name="BootNumStartupApps">19</Data> <Data Name="BootPostBootTime">92534</Data> <Data Name="BootIsRebootAfterInstall">false</Data> <Data Name="BootRootCauseStepImprovementBits">0</Data> <Data Name="BootRootCauseGradualImprovementBits">0</Data> <Data Name="BootRootCauseStepDegradationBits">0</Data> <Data Name="BootRootCauseGradualDegradationBits">0</Data> <Data Name="BootIsDegradation">false</Data> <Data Name="BootIsStepDegradation">false</Data> <Data Name="BootIsGradualDegradation">false</Data> <Data Name="BootImprovementDelta">0</Data> <Data Name="BootDegradationDelta">0</Data> <Data Name="BootIsRootCauseIdentified">false</Data> </EventData> </Event>Anonymous
April 24, 2010
微軟產品: Windows操作系統;版本: 6.0.6001.18000;識別碼: 102;事件來源: 微軟 Windows的診斷,性能;