Lab answer key: Monitoring and troubleshooting Windows Server

Exercise 1: Establishing a performance baseline

Note: After starting the Data Collector Set, there might be a delay of 10 minutes for the results to appear.

Task 1: Create and start a data collector set

Connect to SEA-SVR2, and then, if needed, sign in with the credentials provided by the instructor.
On SEA-SVR2, in the Type here to search text box next to the Start button, enter Perf, and then, in the Best match list, select Performance Monitor.
In Performance Monitor, expand the Data Collector Sets node in the navigation pane, and then select User Defined.
Right-click or access the context menu for User Defined, select New, and then select Data Collector Set. This will launch the Create new Data Collector Set wizard.
On the How would you like to create this new data collector set? page of the Create new Data Collector Set wizard, enter SEA-SVR2 Performance in the Name box.
Select the Create manually (Advanced) option, and then select Next.
On the What type of data do you want to include? page, select the Performance counter checkbox, and then select Next.
On the Which performance counters would you like to log? page, select Add.
In the Available counters list, expand Processor, select % Processor Time, ensure that the _Total entry is selected in the Instances of selected object section, and then select Add.
In the Available counters list, expand Memory, select Pages/sec, and then select Add.
In the Available counters list, expand PhysicalDisk, select % Disk Time, ensure that the _Total entry is selected in the Instances of selected object section, and then select Add.
Select Avg. Disk Queue Length, ensure that the _Total entry is selected in the Instances of selected object section, and then select Add.
In the Available counters list, expand System, select Processor Queue Length, and then select Add.
In the Available counters list, expand Network Interface, select Bytes Total/sec, ensure that the **** entry is selected in the **Instances of selected object** section, select **Add**, and then select **OK**.
On the Which performance counters would you like to log? page, enter 1 in the Sample interval box, and then select Next.
On the Where would you like the data to be saved? page, select Next.
On the Create the data collector set? page, ensure that the Save and close option is selected, and then select Finish.
In Performance Monitor, in the results pane, right-click or access the context menu for SEA-SVR2 Performance, and then select Start.

Task 2: Create a typical workload on the server

On SEA-SVR2, select Start, right-click or access the context menu for Windows PowerShell, and then select Run as administrator.
To create a file of a specific size, at the Windows PowerShell command prompt, enter the following command and press Enter:
```
fsutil file createnew bigfile 104857600
```
To copy the newly created file to the root of drive C of SEA-DC1, enter the following command and press Enter:
```
Copy-Item -Path .\bigfile -Destination \\SEA-DC1.contoso.com\c$\ -Force
```
To copy the file from the root of drive C of SEA-DC1 to the current working directory, enter the following command and press Enter:
```
Copy-Item -Path \\SEA-DC1.contoso.com\c$\bigfile -Destination .\bigfile2 -Force
```
To delete both files in the current working directory, enter the following command and press Enter:
```
Remove-Item -Path .\bigfile* -Force
```
To delete the file in the root of drive C of SEA-DC1, enter the following command and press Enter:
```
Remove-Item -Path \\SEA-DC1.contoso.com\c$\bigfile -Force
```
Leave the Windows PowerShell window open.

Task 3: Analyze the collected data

On SEA-SVR2, switch to Performance Monitor.
In the navigation pane, right-click or access the context menu for SEA-SVR2 Performance, and then select Stop.
In Performance Monitor, in the navigation pane, expand Reports, expand User Defined, expand SEA-SVR2 Performance, select SEA-SVR2_DateTime-000001 (where DateTime designates the current timestamp), and then review the report data.
On the menu bar, select Change graph type or press Ctrl+G, and then select Report.
Record the values that are listed in the report for later analysis. Recorded values include:
- Memory\Pages/sec
- Network Interface\Bytes Total/sec
- PhysicalDisk\% Disk Time
- PhysicalDisk\Avg. Disk Queue Length
- Processor\% Processor Time
- System\Processor Queue Length

Exercise 2: Identifying the source of a performance problem

Task 1: Create additional workload on the server

On SEA-SVR2, open File Explorer.
In File Explorer, browse to C:\Labfiles\Lab08.
Double-click or select CPUSTRES64.EXE, and then press Enter.

Note: CPUSTRES64.EXE is a SysInternals utility that can be used to simulate CPU activity by running up to 64 threads in a loop.
In the CPUSTRES License Agreement dialog box, select Agree.
In the CPU Stress dialog box, right-click or access the context menu for the highlighted thread at the top of the list of running threads, select Activity Level, and then select Busy (75%).

Task 2: Capture performance data by using a data collector set

On SEA-SVR2, switch to Performance Monitor.
In Performance Monitor, expand Data Collector Sets, and select User Defined.
In the results pane, right-click or access the context menu for SEA-SVR2 Performance, and then select Start.

Note: Wait 1 minute to allow the data capture to occur.

Task 3: Remove the workload and review the performance data

On SEA-SVR2, switch to CPU Stress dialog box and close it.
Switch to Performance Monitor.
In the navigation pane, right-click or access the context menu for SEA-SVR2 Performance, and then select Stop.
In Performance Monitor, in the navigation pane, expand Reports, expand User Defined, expand SEA-SVR2 Performance, select SEA-SVR2_DateTime-000002 (where DateTime designates the current timestamp), and then review the report data.
On the menu bar, select Change graph type or press Ctrl+G, and then select Report.
As before, record the values that are listed in the report. Recorded values include:
- Memory\Pages/sec
- Network Interface\Bytes Total/sec
- PhysicalDisk\% Disk Time
- PhysicalDisk\Avg. Disk Queue Length
- Processor\% Processor Time
- System\Processor Queue Length

Exercise 3: Viewing and configuring centralized event logs

Task 1: Configure subscription prerequisites

On SEA-SVR2, switch to Windows PowerShell.
To enable creating and managing subscriptions of events forwarded to SEA-SVR2, enter the following command and press Enter:
```
WECUtil qc /q
```
To ensure that the event source and collector have their local date and time synchronized, enter the following command and press Enter:
```
w32tm /resync /computer:SEA-DC1.contoso.com
```
To allow WinRM connectivity in case of Kerberos authentication issues, enter the following command and press Enter:
```
Set-Item WSMan:localhost\client\trustedhosts -Value *.contoso.com -Force
```
To establish a PowerShell Remoting session to SEA-DC1, enter the following command and press Enter:
```
Enter-PSSession -ComputerName SEA-DC1.contoso.com
```
To ensure that Windows Remote Management (WinRM) is enabled on SEA-DC1, enter the following command and press Enter:
```
winrm qc
```
Note: Verify that the WinRM service is already running and that it’s set up for remote management.
To ensure that the relevant Windows Defender Firewall with Advanced Security rules are enabled on SEA-DC1, enter the following command and press Enter:
```
Set-NetFirewallRule -DisplayGroup 'Remote Event Log Management' -Enabled True -Profile Domain -PassThru
```
Note: Leave the Windows PowerShell window open.
On SEA-SVR2, in the Type here to search text box next to the Start button, enter Active, and then, in the Best match list, select Active Directory Users and Computers.
In the Active Directory Users and Computers console, select the Builtin container.
In the Builtin container, select the Event Log Readers group.
Right-click or access the context menu for the Event Log Readers group, select Properties, and then, in the Event Log Readers Properties dialog box, select the Members tab.
On the Members tab, select Add.
In the Select Users, Contacts, Computers, Service Accounts or Groups dialog box, select Object Types.
In the Object Types dialog box, select the Computers checkbox, and then select OK.
In the Select Users, Computers, Service Accounts or Groups dialog box, enter SEA-SVR2 in the Enter the object names to select box, and then select OK.
In the Event Log Readers Properties dialog box, select OK.

Task 2: Create a subscription and verify the results

On SEA-SVR2, in the Type here to search text box next to the Start button, enter Event, and then, in the Best match list, select Event Viewer.
In Event Viewer, select Subscriptions in the navigation pane.
Right-click or access the context menu for Subscriptions, and then select Create Subscription.
In the Subscription Properties dialog box, enter SEA-DC1 Events in the Subscription name box.
Ensure that the Collector initiated option is selected, and then select Select Computers.
In the Computers dialog box, select Add Domain Computers.
In the Select Computer dialog box, enter SEA-DC1 in the Enter the object name to select box, and then select OK.
In the Computers dialog box, select OK.
In the Subscription Properties – SEA-DC1 Events dialog box, select Select Events.
In the Logged drop-down list, select Last 24 hours.
In the Query Filter dialog box, select the Critical, Error, Warning, and Information checkboxes.
In the Event logs drop-down list, expand Windows Logs, and then select the System and Application checkboxes.
In the Query Filter dialog box, select OK.
Back in the Subscription Properties – SEA-DC1 Events dialog box, select OK.
On SEA-SVR2, switch to the Event Viewer window, and then expand Windows Logs in the navigation pane.
Select Forwarded Events and verify that the forwarded events include those generated on SEA-DC1.