The fastest, easiest way to track a system's general health is to use Task Manager or Process Resource Monitor. Unlike some of the other performance tools that require some prepara tion before you can use them, you can start and use these tools without any preparation. This makes them very useful when you want to see what's going on with a system right now.
By using Task Manager, you can track running applications and processes and determine resource usage. This can help you understand how a server is performing and whether there are any problems, such as applications that aren't running or processes that are hogging sys tem resources. Task Manager is available on both workstations and servers by pressing Ctrl+Alt+End.
To work with Task Manager, the key issue you must understand is the distinction between an application, an image name, and a process. Basically, the executable name of an application, such as Taskmgr.exe, is known to the operating system as its image name, and any time that you start an application the operating system starts one or more processes to support it. As Figure 15-1 shows, Task Manager has five tabs:
Applications Shows programs run in a user context on the system and displays whether they're running or not responding. Also allows you to interact with applica tions and halt their execution
Processes Lists the image name of the processes running on the system, including those run by the operating system and users. Includes usage statistics for system resources allocated to each process and allows you to interact with and stop processes
Performance Displays current processor and memory usage. Includes graphs as well as detailed statistics
Networking Displays current network usage for each of the system's connections to the network
Users Details the users currently logged on to the system. Includes local users as well as users connected through Remote Desktop sessions and allows you to disconnect, log off, and send console messages to these users
Figure 15-1. Use the Task Manager to track running applications and processes and to determine resource usage
Caution
Task Manager uses system resources while it's running. Because of this, you should run it only while you are tracking performance.
No single command-line tool performs all the same functions as Task Manager. The closest tool in functionality is Process Resource Manager (Pmon.exe). Pmon is included in the Sup port Tools and performs the following tasks:
Displays current processor and memory usage
Lists the image name of the processes running on the system
Shows current perprocess resource usage statistics and activity
As Figure 15-2 shows, Pmon is much more detailed than the default Task Manager view, especially when it comes to current perprocess resource usage and activity. To run Pmon, access a command prompt, and then type pmon.
Figure 15-2. Use the Process Resource Manager to track running applications and processes and to determine resource usage
Tip
Use Pmon to reduce resource usage
Because Pmon is a textbased rather than graphical utility, it will, in most cases, use fewer system resources than Task Manager. On systems for which you are very concerned about resource usage and the possibility of bogging down a system by tracking performance infor mation, you might initially want to start tracking performance by using Pmon.
Unlike most commands that run and then exit, Pmon runs continuously until you press the Q key to quit. While it is running, Pmon gathers resource and process statistics every 5 seconds and redisplays them automatically. If you press any key other than Q, Pmon updates the sta tistics, allowing for more frequent refreshes if desired. Like Task Manager, Pmon can be run only locally, so if you wanted to work with a remote system, you must start a Remote Desktop Connection.
The sections that follow discuss how to use these tools to gather information about systems and resolve problems. The focus of the discussion is on Task Manager, which should be your primary tool for tracking a system's general health.
The Performance tab in Task Manager, shown in Figure 15-3, should be the first tab you check if you suspect a performance issue with a system. It shows current processor and mem ory usage and also graphs some historical usage statistics based on data collected since you started Task Manager.
Figure 15-3. The Performance tab provides a summary of current processor and memory usage as well as some historical usage statistics based on data collected since you started Task Manager
Some of the performance data is fairly selfexplanatory. The CPU Usage and CPU Usage His tory graphs show the percentage of processor resources being used. The PF Usage and Page File Usage History graphs show the size of the paging file being used by the system. The paging file is an area of memory written to disk, also referred to as virtual memory. The tough data to interpret here is the information below the graphs.
Totals shows summary statistics for input/output (I/O), threads, and processes. Handles shows the number of I/O file handles in use. Because each handle requires system memory to maintain, this is important to note. Threads shows the number of threads in use. Threads allows concurrent execution of process requests. Processes shows the number of processes in use.
Commit Charge shows how much memory is committed to processes currently and is not available for other processes. Total lists all physical and virtual memory currently in use. Limit lists the total physical and virtual memory available. Peak lists the maximum memory used by the system since it was started.
Physical Memory shows the total RAM on the system. Total shows the amount of physical RAM. Available shows the RAM not currently being used and available for use. System Cache shows the amount of memory used for system caching.
Kernel Memory shows the memory used by the operating system kernel. Total lists all memory being used by the operating system kernel, including physical memory (RAM) and virtual memory. Nonpaged reflects memory used by the operating system kernel that can't be written to disk. Paged reflects memory that can be paged to virtual memory if necessary.
In Figure 15-3 on the previous page, you see an example of a system with moderate to fairly high central processing unit (CPU) usage but with very little ongoing paging file activity. A system with CPU usage consistently at these levels would warrant some additional monitoring to determine whether resources should be added to the system. Basically, you'd want to determine whether these were average usage conditions or whether you were seeing peak usage.
If these are average usage conditions, increasing the processor speed or adding processors could improve performance and allow for better handling of peak usage situations. If these statistics represent peak usage conditions, the system probably wouldn't need additional resources. Sometimes the CPU usage can be high if the system has too little memory as well. A quick check of the memory usage of the server, including its current and peak usage, shows, however, that this isn't the case for this particular system.
Figure 15-4 shows performance data for a different system. This system has high CPU usage and in many cases, CPU usage is at 100 percent. If CPU usage were consistent at 100 percent, I might suspect a runaway process and look for a process that is causing the problem. Here, however, there are times when CPU usage isn't maxed out, and you'd definitely want to take a closer look at what's going on starting with memory usage. One thing to note right away is that the system has very little available RAM—around 45 MB—and the paging file (as shown in the Commit Charge section) is quite large—around 550 MB.
Such a small amount of available RAM would be a concern, and if this level of usage were consistent, you might consider changing the way applications use RAM, adding RAM, or both. Such a large amount of virtual memory being used (relative to available physical RAM) is also an area of possible concern that might make you consider adding physical RAM. Although increasing the amount of RAM could offer some relief to the CPU, it might not be enough, so you could consider increasing the processor speed or adding processors. You might also consider offloading some of the system's load. For example, you could move one of its roles or applications to a different server.
The Applications Tab in Task Manager, shown in Figure 15-5, lists applications being run by users on the computer along with status details that show whether the applications are running or not responding. If an application has an open file, such as a Microsoft Word document, the name of the file is shown as well.
To work with an application, select it by clicking it in the Task list. You can then right-click the application name to select the Switch To, Bring To Front, Minimize, or Maximize options. Don't overlook the usefulness of the Go To Process option when you right-click: Use this when you're trying to find the primary process for a particular application because selecting this option highlights the related process in the Processes tab.
If you see an application with a status of Not Responding, that's an indicator that an application might be frozen, and you might want to select it and then click End Task. Keep in mind that the Not Responding message can also be an indicator that an application is busy and should be left alone until it finishes. Generally, don't use End Task to stop an application that is running without errors. Instead, select the Switch To option to switch to the application and then exit as you normally would.
You can view information about processes running on a system by using the Processes tab of Task Manager or by running Pmon. The Task Manager display differs greatly from the output provided by Pmon. By default, the Processes tab shows only processes run by the operating system, local services, network services, and the interactive user. The interactive user is the user account logged on to the local console. To see processes run by remote users, such as those users connecting by using a Remote Desktop Connection, you must select the Show Processes From All Users option.
The default view of the Processes tab shows each running process by image name and user name. The CPU column shows the percentage of processor utilization for each process. The Mem Usage column shows the amount of memory the process is currently using. By default, processes are sorted by user name, but you can change this by clicking any of the available column headers to sort the information based on that column. Clicking again on the same column reverses the sort order. For example, click Image Name to alphabetically sort the image names. Click Image Name again to reverse sort the image names.
Troubleshooting: Isolate 32-bit or 64-bit processes
By default, 32-bit Windows systems show both 16-bit and 32-bit tasks that are running on the system, and 64-bit systems show both 32-bit and 64-bit tasks that are running on the system. To show only 32-bit tasks on 32-bit systems, click Options, then click Show 16-Bit Tasks. To show only 64-bit tasks on 64-bit systems, click Options, then click Show 32-Bit Tasks. This should clear the option for the related item on the Option menu.
As you may recall from Figure 15-2, Pmon shows much more detailed information for each process. This information is useful for troubleshooting. If you click View and choose Select Columns, you'll see a dialog box that allows you to add columns to the Processes tab. To get the additional information shown by Pmon, the following columns should be selected:
Image Name
CPU Usage
CPU Time
Memory Usage Delta
Page Faults
Page Faults Delta
Virtual Memory Size
Paged Pool
Nonpaged Pool
Base Priority
Handle Count
Thread Count
You will then have a process display like the one shown in Figure 15-6.
Figure 15-6. The Processes tab provides detailed information on running processes according to image name and user name
Tip
For multiprocessor systems, you can configure the CPU history to show one graph per CPU or one graph for all CPUs. To change this behavior, click View, point to CPU History, and then choose a viewing style.
Okay, so now that you've added all these extra columns of information, you are probably wondering what it all means and why you want to track it. As stated previously, you primarily use this information for troubleshooting. It helps you pinpoint which processes are hogging system resources and the type of resources the resource hogs are using. Once you know what's going on with processes, you can modify the system or its applications accordingly to resolve a performance problem.
Table 15-1 summarizes the information provided by the process statistics. The value in parentheses following the Task Manager column name is the name of the corresponding column in Pmon. If by monitoring processes you notice what looks like a problem, you will probably want to start more detailed monitoring of the system. One tool to consider is System Monitor, which is discussed in Chapter 16. You can also stop processes that you suspect aren't running properly. To do this, right-click the process, and choose End Process to stop the process or End Process Tree to stop the process as well as any other processes it started.
Table 15-1. Process Statistics and How They Can Be Used
Column Name | Description |
|---|---|
CPU (CPU) | Shows the percentage of CPU utilization for the process. The System Idle Process shows what percentage of CPU power is idle. A 99 in the CPU column for the System Idle Process means 99 percent of the system resources currently aren't being used. If the system has low idle time (meaning high CPU usage) during peak or average usage, you might consider upgrading to faster processors or adding processors. |
CPU Time (CpuTime) | Shows the total amount of CPU time used by the process since it was started. Click the column header to quickly see the processes that are using the most CPU time. If a process is using a lot of CPU time, the related application might have a configuration problem. This could also indicate a runaway or nonresponsive process that is unnecessarily tying up the CPU. |
Mem Usage (Mem Usage) | Shows the amount of memory the process is currently using. If memory usage for a process slowly grows over time and doesn't go back to the baseline value, this can be an indicator of a memory leak. |
Mem Delta (Mem Diff) | Shows the change in memory usage for the process recorded since the last update. A constantly changing memory delta can be an indicator that a process is in use, but it could also indicate a problem. Generally, the memory delta might show increasing memory usage when a process is being used and then show a negative delta (indicated by parentheses in Task Manager) as activity slows. |
Page Faults (Page Faults) | Shows page faults caused by the process. Page faults occur when a process requests a page in memory and the system can't find it at the requested location. If the requested page is elsewhere in memory, the fault is called a soft page fault. If the requested page must be retrieved from disk, the fault is called a hard page fault. Most processors can handle large numbers of soft faults. Hard faults, on the other hand, can cause significant delays. If there are a lot of hard faults, you might need to increase the amount of memory or reduce the system cache size. |
PF Delta (Flts Diff) | Shows the change in the number of page faults for the process recorded since the last update. As with memory usage, you might see an increase in page faults when a process is active and then a decrease as activity slows. |
VM Size (Commit Charge) | Shows the amount of virtual memory allocated to and reserved for a process. Virtual memory is memory on disk and is slower to access than pooled memory. By configuring an application to use more physical RAM, you might be able to increase performance. To do this, however, the system must have available RAM. If it doesn't, other processes running on the system might slow down. |
Paged Pool (Usage Page) | Shows paged pool memory usage. The paged pool is an area of RAM for objects that can be written to disk when they aren't used. As process activity increases, so does the amount of pool memory the process uses. Most processes have more paged pool than nonpaged pool requirements. |
NP Pool (Usage NonP) | Shows nonpaged pool memory usage. The nonpaged pool is an area of RAM for objects that can't be written to disk. You should note processes that require a high amount of nonpaged pool memory. If there isn't enough free memory on the server, these processes might be the reason for a high level of page faults. |
Base Pri (Pri) | Shows the priority of the process. Priority determines how much of the system resources are allocated to a process. The standard priorities are Low (4), Below Normal (6), Normal (8), Above Normal (10), High (13), and Real-Time (24). Most processes have a Normal priority by default, and the highest priority is given to real-time processes. |
Handles (Hnd Cnt) | Shows the number of file handles maintained by the process. The number of handles used is an indicator of how dependent the process is on the file system. Some processes have thousands of open file handles. Each file handle requires system memory to maintain. |
Threads (Thd Cnt) | Shows the number of threads that the process is using. Most server applications are multithreaded, which allows concurrent execution of process requests. Some applications can dynamically control the number of concurrently executing threads to improve application performance. Too many threads, however, can actually reduce performance, because the operating system has to switch thread contexts too frequently. |
As Figure 15-7 shows, the Networking tab in Task Manager displays current network usage for each of the system's connections to the network.
You can use the information provided to determine the following quickly:
The number of network adapters installed on the computer
The percentage of utilization of each network adapter
The link speed of each network adapter
The state of each network adapter
The network activity graph shows traffic going to and from the computer as well as how much of the network capacity is in use. If a system has one network adapter, the graph details network traffic on this adapter over time. If a system has multiple network adapters, the graph displays a composite index of all network connections, which represents all network traffic.
Troubleshooting: Get separate views of bytes received and sent for troubleshooting
For troubleshooting, it is sometimes useful to have separate views of traffic going to the computer (Bytes Received) and traffic going from the computer (Bytes Sent). To do this, click View, choose Network History, and then select Bytes Sent. Then click View, choose Network History, and then select Bytes Received. Afterward, Bytes Sent are shown in red, Bytes Received in yellow, and Bytes Total in green.
You can also get more detailed information for each adapter. This information is useful for troubleshooting. If you click View and choose Select Columns, you'll see a dialog box that will let you add columns for summary statistics to the Networking tab. Table 15-2 summarizes the key network statistics available.
Table 15-2. Network Statistics and How They Can Be Used
Column Name | Description |
|---|---|
Bytes Sent Throughput | Shows percentage of current connection bandwidth used by traffic sent from the system. |
Bytes Received Throughput | Shows percentage of current connection bandwidth used by traffic received by the system. |
Bytes Throughput | Shows percentage of current connection bandwidth used for all traffic on the network adapter. If this shows 50 percent or more utilization consistently, you'll want to monitor the system more closely and consider adding network adapters. |
Bytes Sent | Shows cumulative total bytes sent on the connection since bootup. |
Bytes Received | Shows cumulative total bytes received on the connection since bootup. |
Bytes Total | Shows cumulative total bytes on the connection since bootup. |
Unicasts | Shows cumulative number of unicast packets received or sent since bootup. |
Unicasts Sent | Shows total packets sent by unicast since bootup. |
Unicasts Received | Shows total packets received by unicast since bootup. |
Nonunicasts | Shows total number of broadcast packets sent or received since bootup. Too much broadcast traffic on the network can be an indicator of networking problems. If you see a lot of nonunicast traffic, monitor the amount received during the refresh interval. |
Nonunicasts Sent | Shows total broadcast packets sent since bootup. |
Nonunicasts Received | Shows total broadcast packets received since bootup. |
Members of the Administrators group and any users to which you specifically grant remote access can connect to systems using Terminal Services or a Remote Desktop Connection. Both techniques allow users to access systems remotely and use the systems as if they were sitting at the keyboard. In the standard configuration, however, remote access is disabled. You can enable the remote access feature by using the System utility in Control Panel. Start the System utility, then click the Remote tab. In the Remote Desktop panel, select Allow Users To Connect Remotely To This Computer, and then click OK.
With Remote Desktop, Windows Server 2003 allows one console session and two remote administration sessions. Most remote sessions are created as console sessions. The reason for this is that the console session provides full functionality for administration. If you log on locally to the console and someone is logged on remotely to the console, you will be prompted to end his or her user session so that you can log on. If you click Yes, the user's session is disconnected, halting all user-started applications without saving application data. If you click No, you will not be allowed to log on. See Chapter 30, for details on how you can use Remote Desktop to configure remote sessions for administration rather than console sessions.
If you configure a server by using Terminal Services, multiple users can log on to a system up to a maximum allowed by licensing. To keep track of sessions once you've configured Terminal Services, you can use the Users tab of Task Manager. As shown in Figure 15-8, the Users tab lists user connections according to the following factors:
User The pre–Windows 2000 logon name of the user account, such as Wrstanek or Administrator. If you want to see the logon domain as well as the logon name, select Show Full Account Name on the Options menu.
ID The session ID. All user connections have a unique session ID. The session ID for any user logged on locally is 0.
Status The status of the connection (Active or Disconnected).
Client Name The name of the computer from which the user is connecting. This field is blank for console sessions.
Session The type of session. Console is used for users logged on locally. Otherwise, indicates the connection type and protocol, such as RDP-TCP for a connection using the Remote Desktop Protocol (RDP) with Transmission Control Protocol (TCP) as the transport protocol.
The Users tab can help you determine who is logged on and whether that user's status is either Active or Inactive. Right-click an active session and you can choose Send Message to send a console message to the user. This message is displayed on the screen of that user's session.
If you must end a user session, you can do this in one of two ways. Right-clicking the session and choosing Log Off logs the user off using the normal logoff process. This allows application data and system state information to be saved as during a normal logoff. Right-clicking the session and choosing Disconnect forcibly ends a user's session without saving application data or system state information.
You can also connect to an inactive session. Right-click the inactive session, and then choose Connect. When prompted, provide the user's password.
Finally, by default the hot keys used to end a remote control session are Ctrl+* (Ctrl+Shift+8). If you want a session to use different hot keys, right-click the session you want to work with, and then select Remote Control. You can then set the hot keys to end the remote control session.