Setting a local perfmon in a Windows client or Windows Server.

Applies to:

Windows Server 2019

Windows Server 2016

Windows 10

Windows Server 2012 R2

Windows 8.1

Windows Server 2012

Windows 8

Windows Server 2008 R2

Windows 7

Windows Server 2008

Windows Vista

First published: May 16, 2015, updated Oct. 3rd, 2018.

From your 64-bit Windows Vista/Server 2008/7/Server 2008 R2/8/Server 2012/8.1/Server 2012 R2:

Step 1.  Make sure that you have the latest hotfixes that are Perfmon related installed.

• None as of this date for Windows 8.1 or Windows Server 2012 R2.
• List of Performance Monitor related hotfixes post RTM for Windows 8 RTM and Windows Server 2012 RTM
• List of Performance Monitor related hotfixes post SP1 for Windows 7 SP1 and Windows Server 2008 R2 SP1
• List of Performance Monitor related hotfixes post SP2 for Windows Server 2008 SP2.

TIP:  Include these hotfixes in your base image.

Step 2.  Make sure that WMI is working properly

Step 3.  Setup the two perfmon’s, one short interval and the other one, long interval.

Long-interval:

==========

Start, CMD (Run as admin)

logman.exe create counter %ComputerName%_long_interval -f bincirc -v mmddhhmm -max 350 -c "\Cache\*" "\IPv4\*" "\LogicalDisk(*)\*" "\Memory\*" "\Netlogon(*)\*" "\Network Interface(*)\*" "\Paging File(*)\*" "\Per Processor Network Activity Cycles(*)\*" "\Per Processor Network Interface Card Activity(*)\*" "\Processor(*)\*" "\Processor Information(*)\*" "\PhysicalDisk(*)\*" "\Process(*)\*" "\Physical Network Interface Card Activity(*)\*" "\Redirector\*" "\SMB Client Shares(*)\*" "\SMB Server Shares(*)\*" "\SMB Server Sessions(*)\*" "\Server\*" "\Server Work Queues(*)\*" "\System\*" "\VM Memory(*)\*" "\VM Processor(*)\*" "\TCPv4\*" -si 00:05:00

Note:  I personally like to capture all the counters and instances.  The reason is, I cannot tell you how many times, where I was looking at a perfmon, that I went, ok, the bread crumbs lead this way, let me look at that counter, just to find out, it wasn’t collected.  And then having to wait for the problem to reoccur.

Note 2:  You could change the interval for the long from to -si 00:05:00 to anything depending on how long you want to capture.  For more info on the sample interval that you need to choose, check out:  How often should Perfmon Sample?

logman.exe start %ComputerName%_long_interval

< reproduce the issue>

logman.exe stop %ComputerName%_long_interval

Short-interval:

==========

logman.exe create counter %ComputerName%_short_interval -f bincirc -v mmddhhmm -max 350 -c "\Cache\*" "\IPv4\*" "\LogicalDisk(*)\*" "\Memory\*" "\Netlogon(*)\*" "\Network Interface(*)\*" "\Paging File(*)\*" "\Per Processor Network Activity Cycles(*)\*" "\Per Processor Network Interface Card Activity(*)\*" "\Processor(*)\*" "\Processor Information(*)\*" "\PhysicalDisk(*)\*" "\Process(*)\*" "\Physical Network Interface Card Activity(*)\*" "\Redirector\*" "\SMB Client Shares(*)\*" "\SMB Server Shares(*)\*" "\SMB Server Sessions(*)\*" "\Server\*" "\Server Work Queues(*)\*" "\System\*" "\VM Memory(*)\*" "\VM Processor(*)\*" "\TCPv4\*" -si 00:00:05

logman.exe start %ComputerName%_short_interval

< reproduce the issue>

logman.exe stop %ComputerName%_short_interval

More information:

============

An alternative method, when you want to enable ‘local perfmon’s’ from a ‘remote machine’:

Setting a remote perfmon Windows Server 2012 style...

*  If you use my colleague Clint Huffman’s Performance Analysis of Logs (PAL), the “base” performance is named “System Overview”.

How to setup an in-flight recorder:

• How To Equip Your Windows Server Environment With A Blackbox Flight Recorder

  or

• How to create a “black box” performance counter data collector

  or

• Put a BlackBox (Black Box) on your server!