This document provides an overview of tools for troubleshooting Windows 7 client performance issues. It discusses Task Manager and Resource Monitor for monitoring system performance and processes. It also covers the Windows Performance Toolkit (Xperf) for tracing applications and the boot process. Other tools covered include the Windows Recovery Environment, Problem Steps Recorder, and Msconfig for troubleshooting startup issues.
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Windows 7 client performance talk - Jeff Stokes
1. Windows 7: Client Performance
Jeff Stokes, Premier Field Engineer
FY12
2. 2
Microsoft Confidential
Jeff Stokes is a Premier Field Engineer (4 years) with Microsoft (5 years). 19 years industry
experience.
Blogs at http://blogs.technet.com/b/jeff_stokes/
LinkedIn @ http://www.linkedin.com/in/jeffstokes
About the Presenter
3. Table of Contents
Client Performance, why it matters
Tools
Task Manager
– Resource Monitor
Perfmon Data Collector Sets
Event Logs and Reliability
Monitor
Sysinternals Tools
Windows Performance Toolkit
Network Stack Tracing
Troubleshooting
7. 7
Microsoft Confidential
Task Manager and Resource Monitor
What are we looking at?
• Running Applications
• Running Processes
• System Performance
• Network Performance
• User Session Status
• Service States
8. 8
Microsoft Confidential
Task Manager and Resource Monitor
Applications - New Option!
Create Dump File
Creates a dump file at:
C:Users%username%AppDataLocalTemp
Semi-disruptive dump creation
Leaves process intact
9. 9
Microsoft Confidential
Task Manager and Resource Monitor
Processes - New Options!
Open File Location (where was this run from)
Debug (for Visual Studio JIT debugging)
UAC Virtualization (for app compat)
Create Dump File
Creates a dump file at:
C:Users%username%AppDataLocalTemp
Semi-disruptive dump creation
Leaves process intact
10. 10
Microsoft Confidential
Task Manager and Resource Monitor
Processes - New Column Options!
Memory – Working Set
Memory – Peak Working Set
Handles
Threads
11. 11
Microsoft Confidential
Task Manager and Resource Monitor
Performance Tab, a look back at the past
“PF Usage”…
NOTHING to do
With the page file
NOR Paging Rate
Commit Charge (K)
What does this
mean?
12. 12
Microsoft Confidential
Task Manager and Resource Monitor
Performance Tab, a look at the now
Memory
Answers the immortal -
“How much memory am I using?”
14. 14
Microsoft Confidential
Task Manager and Resource Monitor
Users
Answers the questions:
Who is logged in?
Where are they logged in from?
Lets us disconnect (or logoff) their sessions.
15. 15
Microsoft Confidential
Task Manager and Resource Monitor
Resource Monitor – Where? Accessible via the Task Manager Performance Tab
And then clicking the “Resource Monitor” button
Or
Start “Resource Monitor” and enter
16. 16
Microsoft Confidential
Task Manager and Resource Monitor
Resource Monitor – Overview
“System Dashboard”
Deep data available on each
tab following Overview
17. 17
Microsoft Confidential
Task Manager and Resource Monitor
Resource Monitor – CPU
CPU Usage Total
CPU Frequency
CPU by Process
What Handles?
What Modules?
18. 18
Microsoft Confidential
Task Manager and Resource Monitor
Resource Monitor – Memory
“My system is slow, I need more MEMORY!”
How much each system is consuming in RAM, What does our Physical Memory Map look like?
19. 19
Microsoft Confidential
Task Manager and Resource Monitor
Resource Monitor – Disk
Disk Usage, By Process. Answers the question “What does my process experience with
regards to disk performance?”
20. 20
Microsoft Confidential
Task Manager and Resource Monitor
Resource Monitor – Network
Network Usage
By Process!
What does the process
experience in Latency?
Does the Firewall Interfere
OR
Filter the traffic of my process?
23. 23
Microsoft Confidential
Performance Monitor – System Data Collector Sets
What do they do?
The System Diagnostics Data Collector Set is
an excellent triage method to find out what the
Operating System thinks is wrong with the
System.
It is comprised of an ETL trace of NT Kernel,
many registry key and WMI queries, and a
Performance Monitor collection.
The data collector runs for 60 seconds and then
generates a report in the reports section.
To start one, right click and select “Run”
24. 24
Microsoft Confidential
Performance Monitor – System Data Collector Sets
What do they report?
They analyze the system for issues.
CPU Load, Memory, Disk, Network.
Is the Hard Drive failing SMART?
What version of BIOS?
Failed Drivers?
26. 26
Microsoft Confidential
Event Logs and Reliability Monitor
What’s new?
What’s new in 7 for Event Logs?
A lot.
We now log the 100 series of events.
In these events, we clock boot time.
And 200 series events clock shut
down time.
27. 27
Microsoft Confidential
Event Logs and Reliability Monitor
What’s new?
Group Policy now has an
Operational Event Log.
Each GPO processed logs an
Event. No more guessing on cost
of Group Policy Processing!
28. 28
Microsoft Confidential
Event Logs and Reliability Monitor
What’s new?
• Stricter Guidelines for Event Log information
• More meaningful to you
• Log Files now use the Event Viewer
• Previously, many log files in many formats
• XML Format
• Customizable Views
• Easier to organize
• Advanced Filtering
• Get to the relevant data more quickly
• No More Log Size Restrictions
• Limited only by disk space
• Admins can now subscribe to events on remote systems
37. 37
Microsoft Confidential
Windows Performance Toolkit
Xperf
Xperf is a general reference to the collection of tools that make up the
Windows Performance Analysis toolset (WPA). These tools are disturbed
publicly as part of the Windows Performance Toolkit (WPT). The 3 main
components of the “Xperf kit” are:
XPERF.EXE Command line tracing tool
XPERFVIEW.EXE Visual trace analysis tool
XBOOTMGR.EXE Boot trace capture tool
We’ll take each tool for a test drive in a moment, but let’s explore the past and
what’s under the hood.
38. 38
Microsoft Confidential
Windows Performance Toolkit
Xperf
By leveraging the power of the ETW model, we can capture metrics previously
unavailable outside of a debugger/instrumented code environment.
With this level of granularity, we can capture metrics like….
• All processes and threads in user mode and kernel mode
• Deferred procedure calls (DPCs) and interrupt service requests (ISRs)
• Scheduling
• Disk and file I/O
• Memory
• Network
It also helps analyze what the customer experiences:
• Catch the problem as it happens
• Capture anywhere, decode anywhere
• Integration with symbols
39. 39
Microsoft Confidential
Windows Performance Toolkit
Xperf
So what does that all mean? Well… it means we can use a single tool to
tackle many of the most common problems for customers:
• Troubleshooting application behavior – High CPU, Handles, Etc.
• Gathers both usermode and kernel events at the same time
• Benchmark disk performance (or lack there of)
• Get a deep view into the entire boot/shutdown lifecycle
XPERF is incredibly powerful and can be leveraged for a wide range of
issues customers and engineers face daily.
47. 49
Microsoft Confidential
Windows Performance Toolkit
Xperf - Demos
jDemo 1. Slower than expected logon for an engineering workstation.
Demo 2. Slower than expected boot times.
Demo 3. Slower than expected boot and logon times.
Demo 4. Slow boot on an SSD.
Demo 5. Slow boot and logon and post logon.
53. 55
Microsoft Confidential
Troubleshooting
Action Center
• The Action Center combines alerts from these Windows 7
features:
• Windows Update
• User Account Control (UAC)
• Security Center
• Backup and Restore
• Problem Reports and Solutions
• Windows Defender
• Diagnostics
• Network Access Protection (NAP)
• Recovery
57. 59
Microsoft Confidential
Troubleshooting
Security
• The Security section of the Action Center Contains:
• Various configuration tasks for:
• Common tasks
• Most Important security configuration settings of the Windows 7
installation
59. 61
Microsoft Confidential
Troubleshooting
Windows Troubleshooting Platform
• Reduce number of support calls
• Reduce MPI (minutes per incident)
• Make support calls more efficient
• Increase customer satisfaction
• Use well-known methods
• Address configuration issues
• Fix problems when we are certain
• Collect data when we are not
67. 69
Microsoft Confidential
Troubleshooting
Problem Steps Recorder, Why?
Challenges
• Reproducing problems
• Inability to diagnose problems and root causes
Solution
• Users can record steps taken when an issue occurs, giving help desk screen
shots and comments
• Enables Help Desks to easily and more efficiently diagnose problems
69. 71
Microsoft Confidential
Troubleshooting
Problem Steps Recorder
• Takes a screenshot each time a mouse is clicked
• Or when a new function happens inside an application
• Mouse clicks generate a small red spot over the pointer
• Optionally users can add comments after each step:
• When finished a zip file is created – user can send this to the helpdesk
73. 75
Microsoft Confidential
• Based on Windows PE
• Command line tool useful in troubleshooting
• Installed automatically by Windows 7
• Launched directly from Hard Drive or Windows 7 Setup Disc
• Benefits include:
• Reduced support through auto repair of common root causes
• Automatically launches if Windows fails to boot
– This may be a call you would get
• Startup Repair Tool: Automatically corrects common unbootable
Windows scenarios
Troubleshooting
Windows Recovery Environment (WinRE)
74. 76
Microsoft Confidential
System Recovery Options provide access to the following tools:
Startup Repair
System Restore
System Image Recovery
Windows Memory Diagnostics
Command Prompt
Troubleshooting
Windows Recovery Environment (WinRE)
78. 80
Microsoft Confidential
Troubleshooting
Startup Repair attempts to repair
• Registry corruption
• Missing or damaged system and driver files
• Disk metadata corruption (MBR, partition table, and boot sector)
• File system metadata corruption
• Installation of problematic or incompatible drivers
• Installation of incompatible Windows service packs and patches
• Corrupt boot configuration data
• Bad memory and hard disk hardware (detection only)
79. 81
Microsoft Confidential
Troubleshooting
Startup Repair attempts to repair
• Malfunctioning firmware and other hardware components
• Problems with clean Windows installations or Windows upgrades (for
example, from Windows XP to Windows Vista)
• Windows logon errors
• Viruses and malicious software
• LOGS: %WINDIR%System32LogFilesSrtSrtTrail.txt
80. 82
Microsoft Confidential
Troubleshooting
System Restore
• Return Windows to an earlier
configuration.
• Windows 7 automatically captures
system states prior to new drivers
or applications are installed
• Startup Repair will also use this tool automatically so it may not be
necessary to ever click this link
• Great for malware infections:
• Removes startup calls – not the EXE’s directly
81. 83
Microsoft Confidential
Troubleshooting
Tools (in WinRE) you’re less likely to use
• System Image Recovery would be valid if you weren’t using a
standardized image
• Windows Memory Diagnostic:
usually the hardware vendor has
their own tools
• Command Prompt:
This may be helpful from time
to time – it just gives you
access to the system from a
CLI
87. 89
Microsoft Confidential
Troubleshooting
Run-As is Back!
• Hold down the shift key
• Then right-click a program icon
• Select Run as different user
• Notice I use msconfig in the
example:
• Any programs launched within
the program will be under these
credentials
• All msconfig tools would
automatically be elevated
• Works great with CMD also
88. 90
Microsoft Confidential
Troubleshooting
Boot.ini is gone
• Still managed from startup
and recovery
• Replaced with BCD (Boot
Configuration Database)
• Supports EFI (Extensible
Firmware Interface) and
Legacy BIOS
*This does not mean NTLDR & MBR
are retired, still can be used on
PC/AT BIOS. Adds Bootmgr, Winload,
& Winresume – beyond the scope of
this class
http://msdn.microsoft.com/en-us/windows/hardware/gg463059.aspx
104. 106
Microsoft Confidential
Troubleshooting
Driver Problems
When using Device Driver Roll Back, be aware of the following
limitations:
• You cannot roll back beyond one driver version. For example, you
cannot revert to the second-to-the-last version of a driver.
• You cannot roll back printer drivers.
• You cannot roll back drivers for all functions of a multifunction
device simultaneously. You must roll back each driver separately.
For example, if you have a multifunction device that provides
audio and modem functionality, you must roll back the modem
driver and the audio driver separately.
• You cannot uninstall a driver by using Device Driver Roll Back.
(You must use the Uninstall feature in Device Manager to do
this.)
105. 107
Microsoft Confidential
Troubleshooting
System File Checker
• SFC /scannow
• Useful if you are able to log into the computer
• Boot into Windows Recovery Environment (WinRE)
• Select command prompt
• Type the following command:
• sfc /scannow /offbootdir=c: /offwindir=c:windows
• (assumes C is the drive where Windows files are located)
• Performs an offline SFC operation
109. 111
Microsoft Confidential
Troubleshooting
System Control (SC)
• Helpful if you can’t get to the services.msc (malware, etc)
• Usage (query, start, stop, pause, or end services)
• Examples:
• sc query | more
• Lists services, halts per page, ctrl+c to stop when you find the
service you’re looking for
• sc stop audiosrv
• Stops the “Windows Audio” service
• sc start audiosrv
• Starts the “Windows Audio” service
110. 112
Microsoft Confidential
Windows checks to see if the name is cached (TTL)
Use “ipconfig /flushdns” to flush out existing cache
Windows checks the hosts file for entries
Windows checks with the DNS server for entries
Windows tries NetBIOS name resolution
The target computer may not have registered their IP in DNS, may need to use “ipconfig
/registerdns”
Troubleshooting
Name Resolution
Editor's Notes
I’m a guy
Here is what I will be reviewing in this presentation.
The Windows Client for end users IS the entire environment. The end user does not typically perceive bandwidth limitations, slow performance of a server, third party add-ins or tools, or problems in the image itself. Every performance issue in the environment therefore comes down to a client performance (or build) critique.
Because of this end user experience focus (and the consumerization of IT) the client system tends to become the focus of vast and complex troubleshooting efforts.
In some environments, the adoption of new technology is completely halted due to perceived performance issues experienced by key end users. New technology brings with it expectations of performance gains, ease of use, etc. Upgrading the client and leaving old technology in the back end can bring forward performance problems from the old build to the new. Giving the end user the impression that nothing has changed with their new shiny machine.
Memory – Working Set: Working Set is the current size, in bytes, of the Working Set of this process. The Working Set is the set of memory pages touched recently by the threads in the process. If free memory in the computer is above a threshold, pages are left in the Working Set of a process even if they are not in use. When free memory falls below a threshold, pages are trimmed from Working Sets. If they are needed they will then be soft-faulted back into the Working Set before leaving main memory.
Memory – Peak Working Set: Working Set Peak is the maximum size, in bytes, of the Working Set of this process at any point in time. The Working Set is the set of memory pages touched recently by the threads in the process. If free memory in the computer is above a threshold, pages are left in the Working Set of a process even if they are not in use. When free memory falls below a threshold, pages are trimmed from Working Sets. If they are needed they will then be soft-faulted back into the Working Set before they leave main memory.
Handles: The total number of handles currently open by this process. This number is equal to the sum of the handles currently open by each thread in this process.
Threads: The number of threads currently active in this process. An instruction is the basic unit of execution in a processor, and a thread is the object that executes instructions. Every running process has at least one thread.
This system has 20179 MB in “Standby Memory”. Adding additional RAM to the system will not provide a most positive performance experience at this time…