Once
you have monitored your server and located a problem area, you need to
troubleshoot that problem. Windows Server 2008 provides some built-in
tools to help you troubleshoot events that take place in your
environment. We will look at two specific methods that can be used to
assist in troubleshooting Windows Server 2008: the Event Viewer, which
many administrators are familiar with already, and several command-line
tools that can perform specific troubleshooting tasks.
Troubleshoot Using the Event Viewer
Event
Viewer is a familiar administrative tool that has been around since
Windows NT. As Windows Server has improved, so has the Event Viewer,
and Windows Server 2008 has made the Event Viewer better than ever by
providing better filtering, better search capabilities, and an overall
more manageable solution.
To use the Event Viewer to troubleshoot, do the following:
1. | In
Server Manager, expand the Diagnostics console tree and highlight Event
Viewer. You see an Overview and Summary page of events for this server
(see Figure 1). This is an aggregate view of all events, regardless of the source or type of event.
This page is broken into four parts
- Overview: Contains information on the type of events that are logged in the Event Viewer and where they can be found.
- Summary of Administrative Events: Provides an overview of all administrative events on this server.
- Recently Viewed Nodes: Provides information about where events have recently taken place on this system.
- Log Summary: Provides information about the event logs, including size (current/max.), modified date, and status.
|
2. | Expand the Event Viewer and notice these four folders:
- Custom Views:
In older versions of Event Viewer, you could filter information to
create a specific view of events in the logs. With Custom Views, you
can now save those filters so that they do not need to be re-created
each time. Each server role that is installed in Windows Server 2008
automatically creates this custom view.
- Windows Logs: This
folder holds the familiar event log files you are used to seeing in
Event Viewer. The Windows logs include Application, Security, Setup,
System, and Forwarded Events.
- Applications and Services Log:
These logs hold events that are specific to an application or a
component rather than events that have systemwide effects. There are
four categories for these events: Admin, Operational, Analytic, and
Debug.
- Subscriptions:
Troubleshooting an event sometimes calls for gathering information from
more than one computer. With event subscriptions, you can collect
copies of events from multiple remote computers. These events can then
be filtered and viewed by the local server to use in troubleshooting.
|
Manage Event Viewer
In
earlier versions of Event Viewer, the log files provided
troubleshooting information that helped you locate the source of
performance issues. In Windows Server 2008, some additional options
have been added to make management easier.
The
top portion of the Event Viewer shows the event level, date and time,
source, event ID, and task category. The bottom portion of the screen
shows a detailed description of the event. It also includes a link to
Microsoft’s online event help, which provides more information (see Figure 2). From the Actions pane you can perform the following tasks for the event log:
When you highlight an event, you see the following Action menu items:
One
of the newest Event Viewer features is the ability to attach a task to
a log or an event. To see how this works, perform the following steps:
1. | Select Action, Attach Task to This Log/Event to launch the Create a Basic Task Wizard.
|
2. | Choose a name and description for this task and click Next.
|
3. | On the next screen, which provides information about the log, source, and event ID, click Next.
|
4. | Choose an action for the task to perform:
Start a Program Send an E-mail Display a Message
Click Next.
|
5. | In
the next screen, choose the program or script to launch, create an
e-mail and choose the SMTP server, or create a title and message. Click
Next.
|
6. | On the last page, where you see the name, description, trigger, and action, click Finish.
|
Create a New Subscription
To create new subscriptions, perform the following tasks:
Note
Creating
a subscription requires that both the forwarding and collecting
computers be configured. The Windows Remote Management (WinRM) service and the Windows Event Collector (Wecsvc) service must be running on both the forwarding and collecting computers before you create a new subscription.
1. | Click Subscriptions in the console tree.
|
2. | Select Action, Create Subscription.
|
3. | On the subscription properties page, set the following:
Click OK. (After the subscription is created, you can modify these selections by going to the properties page.)
|
4. | Repeat the process on the forwarding computers to complete this subscription.
|
Note
You can access the subscriptions properties page from the properties of the Windows logs in the console tree.
Troubleshoot Using Command-Line Tools
Server 2008 provides a number of command-line tools for troubleshooting:
Auditpol: Displays information and manipulates audit policies.
Chkdsk: Checks the file system of a volume for errors (physical and logical).
Dcdiag: Analyzes a domain controller’s state at the forest or enterprise level and reports any problems.
Gpresult: Displays the resultant set of policy information that can be used to identify issues with Group Policy.
Logman:
Creates and manages event trace session and performance logs. Provides
many of the functions of the Performance Monitor, but from the command
line.
Nltest: Troubleshoots configurations on the OS.
Nslookup: Displays information you can use to diagnose DNS infrastructure.
Recover: Recovers readable information from a defective disk.
Repadmin: Diagnoses Active Directory replication problems between domain controllers.
Sc: Allows you to test and debug service programs.
Wevtutil:
Retrieves information about event logs and publishers, installs event
manifests, and runs queries. You can also use it to export, archive,
and clear logs.
