Windows 7 client performance talk - Jeff Stokes

Windows 7: Client Performance
Jeff Stokes, Premier Field Engineer
FY12

2
Microsoft Confidential
Jeff Stokes is a Premier Field Engineer (4 years) with Microsoft (5 years). 19 years industry
experience.
Blogs at http://blogs.technet.com/b/jeff_stokes/
LinkedIn @ http://www.linkedin.com/in/jeffstokes
About the Presenter

Table of Contents
Client Performance, why it matters
Tools
Task Manager
– Resource Monitor
Perfmon Data Collector Sets
Event Logs and Reliability
Monitor
Sysinternals Tools
Windows Performance Toolkit
Network Stack Tracing
Troubleshooting

4
Client Performance – Why it matters

Troubleshooting
Tips and Tricks and Tools

Task Manager and
Resource Monitor
Everything you need to know quickly gauge
System Performance

7
Task Manager and Resource Monitor
What are we looking at?
• Running Applications
• Running Processes
• System Performance
• Network Performance
• User Session Status
• Service States

8
Applications - New Option!
Create Dump File
Creates a dump file at:
C:Users%username%AppDataLocalTemp
Semi-disruptive dump creation
Leaves process intact

9
Processes - New Options!
Open File Location (where was this run from)
Debug (for Visual Studio JIT debugging)
UAC Virtualization (for app compat)
Create Dump File
Creates a dump file at:
C:Users%username%AppDataLocalTemp
Semi-disruptive dump creation
Leaves process intact

10
Processes - New Column Options!
Memory – Working Set
Memory – Peak Working Set
Handles
Threads

11
Performance Tab, a look back at the past
“PF Usage”…
NOTHING to do
With the page file
NOR Paging Rate
Commit Charge (K)
What does this
mean?

12
Performance Tab, a look at the now
Memory
Answers the immortal -
“How much memory am I using?”

13
Networking
Utilization by interface graph
Easy to view enumeration

14
Users
Answers the questions:
Who is logged in?
Where are they logged in from?
Lets us disconnect (or logoff) their sessions.

15
Resource Monitor – Where? Accessible via the Task Manager Performance Tab
And then clicking the “Resource Monitor” button
Or
Start “Resource Monitor” and enter

16
Resource Monitor – Overview
“System Dashboard”
Deep data available on each
tab following Overview

17
Resource Monitor – CPU
CPU Usage Total
CPU Frequency
CPU by Process
What Handles?
What Modules?

18
Resource Monitor – Memory
“My system is slow, I need more MEMORY!”
How much each system is consuming in RAM, What does our Physical Memory Map look like?

19
Resource Monitor – Disk
Disk Usage, By Process. Answers the question “What does my process experience with
regards to disk performance?”

20
Resource Monitor – Network
Network Usage
By Process!
What does the process
experience in Latency?
Does the Firewall Interfere
OR
Filter the traffic of my process?

Perfmon Data Collector Sets
System Reporting Built-In!

22
Performance Monitor – System Data Collector Sets
How do we get to them?

23
What do they do?
The System Diagnostics Data Collector Set is
an excellent triage method to find out what the
Operating System thinks is wrong with the
System.
It is comprised of an ETL trace of NT Kernel,
many registry key and WMI queries, and a
Performance Monitor collection.
The data collector runs for 60 seconds and then
generates a report in the reports section.
To start one, right click and select “Run”

24
What do they report?
They analyze the system for issues.
CPU Load, Memory, Disk, Network.
Is the Hard Drive failing SMART?
What version of BIOS?
Failed Drivers?

Event Logs and Reliability Monitor
History and Patterns

26
What’s new?
What’s new in 7 for Event Logs?
A lot.
We now log the 100 series of events.
In these events, we clock boot time.
And 200 series events clock shut
down time.

27
What’s new?
Group Policy now has an
Operational Event Log.
Each GPO processed logs an
Event. No more guessing on cost
of Group Policy Processing!

28
What’s new?
• Stricter Guidelines for Event Log information
• More meaningful to you
• Log Files now use the Event Viewer
• Previously, many log files in many formats
• XML Format
• Customizable Views
• Easier to organize
• Advanced Filtering
• Get to the relevant data more quickly
• No More Log Size Restrictions
• Limited only by disk space
• Admins can now subscribe to events on remote systems

29
What’s new?
Scope Pane
Action Pane
View Pane

Sysinternals Tools
What to use when

31
Sysinternals Tools
What to use when

32
Sysinternals Tools
What to use when

33
Sysinternals Tools
What to use when

34
Sysinternals Tools
What to use when

35
Sysinternals Tools
What to use when

Xperf and its uses

37
Xperf
Xperf is a general reference to the collection of tools that make up the
Windows Performance Analysis toolset (WPA). These tools are disturbed
publicly as part of the Windows Performance Toolkit (WPT). The 3 main
components of the “Xperf kit” are:
XPERF.EXE Command line tracing tool
XPERFVIEW.EXE Visual trace analysis tool
XBOOTMGR.EXE Boot trace capture tool
We’ll take each tool for a test drive in a moment, but let’s explore the past and
what’s under the hood.

38
Xperf
By leveraging the power of the ETW model, we can capture metrics previously
unavailable outside of a debugger/instrumented code environment.
With this level of granularity, we can capture metrics like….
• All processes and threads in user mode and kernel mode
• Deferred procedure calls (DPCs) and interrupt service requests (ISRs)
• Scheduling
• Disk and file I/O
• Memory
• Network
It also helps analyze what the customer experiences:
• Catch the problem as it happens
• Capture anywhere, decode anywhere
• Integration with symbols

39
Xperf
So what does that all mean? Well… it means we can use a single tool to
tackle many of the most common problems for customers:
• Troubleshooting application behavior – High CPU, Handles, Etc.
• Gathers both usermode and kernel events at the same time
• Benchmark disk performance (or lack there of)
• Get a deep view into the entire boot/shutdown lifecycle
XPERF is incredibly powerful and can be leveraged for a wide range of
issues customers and engineers face daily.

42
BootVis (Xperf Predecessor)

43
Xperf

44
Xperf

45
Xperf

46
Xperf
Prefetch is functional
But
ReadyBoot is not

47
Xperf
Are we fragmented? A bit, the map above is a view of the disk head ‘hits’ over time
Red lines are the disk flushes

48
Xperf – Internet Explorer

49
Xperf - Demos
jDemo 1. Slower than expected logon for an engineering workstation.
Demo 2. Slower than expected boot times.
Demo 3. Slower than expected boot and logon times.
Demo 4. Slow boot on an SSD.
Demo 5. Slow boot and logon and post logon.

Netmon…sort of

51
Netsh

52
Netsh

Troubleshooting
Tools, Tips and Tricks new to 7

55
Troubleshooting
Action Center
• The Action Center combines alerts from these Windows 7
features:
• Windows Update
• User Account Control (UAC)
• Security Center
• Backup and Restore
• Problem Reports and Solutions
• Windows Defender
• Diagnostics
• Network Access Protection (NAP)
• Recovery

56
Troubleshooting
Action Center - Alerts
• May not appear
• May appear with just white flag
• Red X means important issues

57
Troubleshooting
Action Center - Settings

58
Troubleshooting
Action Center

59
Troubleshooting
Security
• The Security section of the Action Center Contains:
• Various configuration tasks for:
• Common tasks
• Most Important security configuration settings of the Windows 7
installation

60
Troubleshooting
Maintenance
• Action items and message for:
• Unreported Items
• Backup
• Windows Updates
• Troubleshooting and System Maintenance

61
Troubleshooting
Windows Troubleshooting Platform
• Reduce number of support calls
• Reduce MPI (minutes per incident)
• Make support calls more efficient
• Increase customer satisfaction
• Use well-known methods
• Address configuration issues
• Fix problems when we are certain
• Collect data when we are not

62
Troubleshooting
Windows Troubleshooting Wizard

63
Troubleshooting
Platform Components
• Windows Troubleshooting Packs
• Windows Troubleshooting Engine
• Windows Troubleshooting Wizard
• Many built into everyday processes:
(Examples: flush cache, reset NIC, renew IP)

64
• Troubleshooting
• Resolution
• Verification
Troubleshooting
Process

65
Troubleshooting
Built-in Troubleshooting Packs
• Desktop Experience
• Device
• Media Player
• Network
• Performance
• Power
*Based on top support call
categories
• Printing
• Programs
• Sound
• System
• Web Browser
• Windows

66
Click Start and type Trouble in the Search Box:
Troubleshooting
Built-in Troubleshooting Packs
Click View All:

67
Troubleshooting
List of Troubleshooters

68
Troubleshooting
Open a Troubleshooter

69
Troubleshooting
Problem Steps Recorder, Why?
Challenges
• Reproducing problems
• Inability to diagnose problems and root causes
Solution
• Users can record steps taken when an issue occurs, giving help desk screen
shots and comments
• Enables Help Desks to easily and more efficiently diagnose problems

70
Troubleshooting
PSR, Have your user click start and type “problem steps”
Or Just
“PSR”
Only 3 functions for
simplicity

71
Troubleshooting
Problem Steps Recorder
• Takes a screenshot each time a mouse is clicked
• Or when a new function happens inside an application
• Mouse clicks generate a small red spot over the pointer
• Optionally users can add comments after each step:
• When finished a zip file is created – user can send this to the helpdesk

72
Troubleshooting

73
Troubleshooting

74
Troubleshooting
Problem Steps Recorder - Additional Details Pane

75
• Based on Windows PE
• Command line tool useful in troubleshooting
• Installed automatically by Windows 7
• Launched directly from Hard Drive or Windows 7 Setup Disc
• Benefits include:
• Reduced support through auto repair of common root causes
• Automatically launches if Windows fails to boot
– This may be a call you would get
• Startup Repair Tool: Automatically corrects common unbootable
Windows scenarios
Troubleshooting
Windows Recovery Environment (WinRE)

76
System Recovery Options provide access to the following tools:
Startup Repair
System Restore
System Image Recovery
Windows Memory Diagnostics
Command Prompt
Troubleshooting

77
Accessing from install media
Troubleshooting

78
Accessing from F8
Troubleshooting

79
Troubleshooting
System Recovery Options

80
Troubleshooting
Startup Repair attempts to repair
• Registry corruption
• Missing or damaged system and driver files
• Disk metadata corruption (MBR, partition table, and boot sector)
• File system metadata corruption
• Installation of problematic or incompatible drivers
• Installation of incompatible Windows service packs and patches
• Corrupt boot configuration data
• Bad memory and hard disk hardware (detection only)

81
Troubleshooting
Startup Repair attempts to repair
• Malfunctioning firmware and other hardware components
• Problems with clean Windows installations or Windows upgrades (for
example, from Windows XP to Windows Vista)
• Windows logon errors
• Viruses and malicious software
• LOGS: %WINDIR%System32LogFilesSrtSrtTrail.txt

82
Troubleshooting
System Restore
• Return Windows to an earlier
configuration.
• Windows 7 automatically captures
system states prior to new drivers
or applications are installed
• Startup Repair will also use this tool automatically so it may not be
necessary to ever click this link
• Great for malware infections:
• Removes startup calls – not the EXE’s directly

83
Troubleshooting
Tools (in WinRE) you’re less likely to use
• System Image Recovery would be valid if you weren’t using a
standardized image
• Windows Memory Diagnostic:
usually the hardware vendor has
their own tools
• Command Prompt:
This may be helpful from time
to time – it just gives you
access to the system from a
CLI

84
Troubleshooting
Msconfig (System Configuration)
• Start -> msconfig (in search)

85
Troubleshooting
• Change the next boot-up options
• Great if the user is having trouble with the F8 key

86
Troubleshooting
• Disable all non-Microsoft services
• Good troubleshooting tool to baseline, then re-enable 1 at a time

87
Troubleshooting
• Disable all startup items
• These are non-service automatic start-up programs

88
Troubleshooting
• Great one-stop-shop for many helpful tools

89
Troubleshooting
Run-As is Back!
• Hold down the shift key
• Then right-click a program icon
• Select Run as different user
• Notice I use msconfig in the
example:
• Any programs launched within
the program will be under these
credentials
• All msconfig tools would
automatically be elevated
• Works great with CMD also

90
Troubleshooting
Boot.ini is gone
• Still managed from startup
and recovery
• Replaced with BCD (Boot
Configuration Database)
• Supports EFI (Extensible
Firmware Interface) and
Legacy BIOS
*This does not mean NTLDR & MBR
are retired, still can be used on
PC/AT BIOS. Adds Bootmgr, Winload,
& Winresume – beyond the scope of
this class
http://msdn.microsoft.com/en-us/windows/hardware/gg463059.aspx

91
Troubleshooting
Msinfo32 – System Information

92
Troubleshooting
Whoami – hostname – set us
• Quickly identify who/what you are working with

93
Troubleshooting
How many clicks does it take… to get to the NICs?
1.
2.
3.
OR:
Just type
NCPA.CPL
(Network Control
Panel Applet)

94
Troubleshooting
Accessing your users’ desktops
• Communicator/LiveMeeting | Windows Remote Assistance

95
Troubleshooting
Accessing your users’ desktops

96
Troubleshooting
Windows Remote Assistance

97
Troubleshooting
Helpdesk
End User

98
Troubleshooting
Helpdesk
End User

99
Troubleshooting

100
Troubleshooting
Broken Internet Explorer
Accessible even if IE is not

101
Troubleshooting

102
Troubleshooting

103
Troubleshooting
Network - PathPing
• Troubleshoot routing issues (similar to tracert)

104
Troubleshooting
Network - PathPing
• Does individual analysis of each “hop” in the route

105
Troubleshooting
Driver Problems

106
Troubleshooting
Driver Problems
When using Device Driver Roll Back, be aware of the following
limitations:
• You cannot roll back beyond one driver version. For example, you
cannot revert to the second-to-the-last version of a driver.
• You cannot roll back printer drivers.
• You cannot roll back drivers for all functions of a multifunction
device simultaneously. You must roll back each driver separately.
For example, if you have a multifunction device that provides
audio and modem functionality, you must roll back the modem
driver and the audio driver separately.
• You cannot uninstall a driver by using Device Driver Roll Back.
(You must use the Uninstall feature in Device Manager to do
this.)

107
Troubleshooting
System File Checker
• SFC /scannow
• Useful if you are able to log into the computer
• Boot into Windows Recovery Environment (WinRE)
• Select command prompt
• Type the following command:
• sfc /scannow /offbootdir=c: /offwindir=c:windows
• (assumes C is the drive where Windows files are located)
• Performs an offline SFC operation

108
Troubleshooting
Last Known Good

109
Troubleshooting
Last Known Good
• Troubleshooting which policy a user is/is not being affected by –
available by typing RSOP from an elevated CMD

110
Troubleshooting
RSOP
• Lists “final outcome” of all policies (remember LSD-OU)

111
Troubleshooting
System Control (SC)
• Helpful if you can’t get to the services.msc (malware, etc)
• Usage (query, start, stop, pause, or end services)
• Examples:
• sc query | more
• Lists services, halts per page, ctrl+c to stop when you find the
service you’re looking for
• sc stop audiosrv
• Stops the “Windows Audio” service
• sc start audiosrv
• Starts the “Windows Audio” service

112
Windows checks to see if the name is cached (TTL)
Use “ipconfig /flushdns” to flush out existing cache
Windows checks the hosts file for entries
Windows checks with the DNS server for entries
Windows tries NetBIOS name resolution
The target computer may not have registered their IP in DNS, may need to use “ipconfig
/registerdns”
Troubleshooting
Name Resolution

Windows 7 client performance talk - Jeff Stokes

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Similar to Windows 7 client performance talk - Jeff Stokes

Similar to Windows 7 client performance talk - Jeff Stokes (20)

More from Jeff Stokes

More from Jeff Stokes (6)

Recently uploaded

Recently uploaded (20)

Windows 7 client performance talk - Jeff Stokes

Editor's Notes