In addition to monitoring the common set of
bottlenecks (memory, processor, disk subsystem, and network subsystem),
the functional roles of the server influence what other counters you
should monitor. The following sections outline some of the most common roles
for Windows Server 2008 R2 that require the use of additional
performance counters for analyzing system behavior, establishing
baselines, and ensuring system availability and scalability.
Microsoft also makes
several other tools available that will analyze systems and recommend
changes. Ensuring a system is properly configured to deliver services
for the role it supports is essential before performance monitoring and
capacity planning can be taken seriously.
Domain Controllers
A Windows Server 2008 R2
domain controller (DC) houses Active Directory Domain Services (AD DS)
and may have additional roles such as being responsible for one or more
Flexible Single Master Operations (FSMO) roles (schema master, domain
naming master, relative ID master, PDC emulator, and/or infrastructure
master) or a global catalog (GC) server. Also, depending on the size and
design of the system, a DC might serve many other functional roles such
as DNS and WINS. In this section, AD, replication, and DNS monitoring
will be explored.
Monitoring Active Directory and Active Directory Replication
Active Directory Domain Services
(AD DS) is the heart of Windows Server 2008 R2 domains and has been the
directory of choice for years. Active Directory has continuously been
improved with each release, including performance enhancements. AD DS is
used for many different facets, including, but not limited to,
authentication, authorization, encryption, and Group Policies. Because
AD plays a vital role in a Windows Server 2008 R2 network environment
and organizations rely on it heavily for communication and user
management, it must perform its responsibilities as efficiently as
possible.
The Directory Services
Performance Monitor object provides various AD performance indicators
and statistics that are useful for determining AD’s workload capacity.
Many of these counters can be used to determine current workloads and
how these workloads can affect other system resources. There are
relatively few counters in this object, so it’s recommended that you
monitor each one in addition to the common set of bottleneck objects.
With this combination of counters, you can determine whether the system
is overloaded and Active Directory performance is impacted.
Measuring AD DS
replication performance is a complex process because of the many
variables associated with replication. They include, but aren’t limited
to, the following:
Intrasite versus intersite replication
The compression being used (if any)
Available bandwidth
Inbound versus outbound replication traffic
Fortunately,
there are performance counters for every possible AD replication
scenario. These counters are located within the Directory Services
object and are prefixed by the primary process that is responsible for
AD DS replication—the Directory Replication Agent (DRA). Therefore, to
monitor AD replication, you need to choose those counters beginning with
DRA.
Like most other server
products, AD DS uses a database and its performance should also be
monitored to provide an accurate reflection of AD DS performance.
Understanding a domain controller’s overall system resource usage and
the performance of AD DS will help you align future upgrades and changes
with capacity and performance needs. As companies continue to grow, it
is essential that the systems be able to grow with them, especially in
regard to something critical like AD DS. Although many counters exist,
some of the relevant counters necessary to monitor AD DS and the
database are in Table 1.
This is only a sample list and additional counters might need to be
added, depending on the desired outcome of the monitoring and specific
AD DS functionality.
Table 1. Performance Counters Relative to AD DS Performance and Replication
| Object | Counter | Description |
|---|
| Directory Services | DRA Inbound Full Sync Objects Remaining | Objects remaining before synchronization is marked complete. |
| Directory Services | DRA Inbound Object Updates Remaining in Packet | Objects remaining that need to be processed by the domain controller. Indicates delay in applying changes to the database. |
| Directory Services | DRA Remaining Replication Updates | Objects that have been received during replication but have not yet been applied. Indicates slow replication. |
| Directory Services | DRA Pending Replication Synchronizations | Number of queued directory synchronizations remaining. Indicates replication backlog. |
| Directory Services | LDAP Client Sessions | Sessions generated from LDAP clients. |
| Directory Services | LDAP Searches/sec | Search queries performed by LDAP clients per second. |
| Directory Services | LDAP Writes/sec | Amount of writes per second from LDAP clients. |
| Security Systemwide Statistics | Kerberos Authentications/sec | Client authentication tickets passed to the domain controller per second. |
| Security Systemwide Statistics | NTLM Authentications/sec | NTLM authentication requests served per second. |
| Database | Database Cache % Hit | Percentage
of page requests for the database file that were fulfilled by the
database cache without causing a file operation. If this percentage is
low (85% or lower), you might consider adding more memory. |
| Database | Database Cache Page Fault Stalls/sec | Number
of page faults per second that cannot be serviced because there are no
pages available for allocation from the database cache. This number
should be low if the system is configured with the proper amount of
memory. |
| Database | Database Cache Page Faults/sec | Number
of page requests per second for the database file that require the
database cache manager to allocate a new page from the database cache. |
| Database | Database Cache Size | Amount
of system memory used by the database cache manager to hold commonly
used information from the database to prevent file operations. |
Monitoring DNS
The
domain name system (DNS) has been the primary name resolution mechanism
in almost all networks and this continues with Windows Server 2008 R2.
For more information on DNS. Numerous counters are available for
monitoring various aspects of DNS in Windows Server 2008 R2. The most
important categories in terms of capacity analysis are name resolution
response times and workloads, as well as replication performance.
The counters listed in Table 2
are used to compute name query traffic and the workload that the DNS
server is servicing. These counters should be monitored along with the
common set of bottlenecks to determine the system’s health under various
workload conditions. If users are noticing slower responses, you can
compare the query workload usage growth with your performance
information from memory, processor, disk subsystem, and network
subsystem counters.
Table 2. Performance Counters to Monitor DNS
| Counter | Description |
|---|
| Dynamic Update Received/sec | Dynamic Update Received/sec is the average number of dynamic update requests received by the DNS server in each second. |
| Recursive Queries/sec | Recursive Queries/sec is the average number of recursive queries received by the DNS server in each second. |
| Recursive Query Failure/sec | Recursive Query Failure/sec is the average number of recursive query failures in each second. |
| Secure Update Received/sec | Secure Update Received/sec is the average number of secure update requests received by the DNS server in each second. |
| TCP Query Received/sec | TCP Query Received/sec is the average number of TCP queries received by the DNS server in each second. |
| TCP Response Sent/sec | TCP Response Sent/sec is the average number of TCP responses sent by the DNS server in each second. |
| Total Query Received/sec | Total Query Received/sec is the average number of queries received by the DNS server in each second. |
| Total Response Sent/sec | Total Response Sent/sec is the average number of responses sent by the DNS server in each second. |
| UDP Query Received/sec | UDP Query Received/sec is the average number of UDP queries received by the DNS server in each second. |
| UDP Response Sent/sec | UDP Response Sent/sec is the average number of UDP responses sent by the DNS server in each second. |
Comparing
results with other DNS servers in the environment can also help you to
determine whether you should relinquish some of the name query
responsibility to other DNS servers that are less busy.
Replication
performance is another important aspect of DNS. Windows Server 2008 R2
supports legacy DNS replication, also known as zone transfers, which
populate information from the primary DNS to any secondary servers.
There are two types of legacy DNS replication: incremental (propagating
only changes to save bandwidth) and full (the entire zone file is
replicated to secondary servers).
Asynchronous full zone
transfers (AXFR) occur on the initial transfer and then the incremental
zone transfers (IXFR) are performed thereafter. The performance counters
for both AXFR and IXFR (see Table 3)
measure both the requests and successful transfers. It is important to
note that if your network environment integrates DNS with non-Windows
systems, it is recommended that those systems support IXFR.
Table 3. DNS Zone Transfer Counters
| Counter | Description |
|---|
| AXFR Request Received | Total number of full zone transfer requests received by the DNS service when operating as a master server for a zone |
| AXFR Request Sent | Total number of full zone transfer requests sent by the DNS service when operating as a secondary server for a zone |
| AXFR Response Received | Total number of full zone transfer requests received by the DNS service when operating as a secondary server for a zone |
| AXFR Success Received | Total number of full zone transfers received by the DNS service when operating as a secondary server for a zone |
| AXFR Success Sent | Total number of full zone transfers successfully sent by the DNS service when operating as a master server for a zone |
| IXFR Request Received | Total number of incremental zone transfer requests received by the master DNS server |
| IXFR Request Sent | Total number of incremental zone transfer requests sent by the secondary DNS server |
| IXFR Response Received | Total number of incremental zone transfer responses received by the secondary DNS server |
| IXFR Success Received | Total number of successful incremental zone transfers received by the secondary DNS server |
| IXFR Success Sent | Total number of successful incremental zone transfers sent by the master DNS server |
Note
If your network environment is fully Active Directory–integrated, the counters listed in Table 34.7 will all be zero because AD–integrated DNS replicates with AD DS.
Remote Desktop Services Server
Remote Desktop Services
Server has its own performance objects for the Performance Monitor
called the Remote Desktop Services Session and Remote Desktop Services
objects. It
provides resource statistics such as errors, cache activity, network
traffic from Remote Desktop Server, and other session-specific activity.
Many of these counters are similar to those found in the Process
object. Some examples include % Privileged Time, % Processor Time, %
User Time, Working Set, Working Set Peak, and so on.
Three important areas to
always monitor for Terminal Server capacity analysis are the memory,
processor, and application processes for each session. Application
processes are by far the hardest to monitor and control because of the
extreme variances in programmatic behavior. For example, all
applications might be 32-bit, but some might not be certified to run on
Windows Server 2008 R2. You might also have in-house applications running
on Remote Desktop Services that might be poorly designed or too
resource intensive for the workloads they are performing.
Virtual Servers
Deployment of virtual
servers and consolidation of hardware is becoming more and more
prevalent in the business world. When multiple servers are running in a
virtual environment on a single physical hardware platform, performance
monitoring and tuning becomes essential to maximize the density of the
virtual systems. If three or four virtual servers are running on a
system and the memory and processors aren’t allocated to the virtual
guest session that could use the resources, virtual host resources
aren’t being utilized efficiently. In addition to monitoring the common
items of memory, disk, network, and CPU, two performance counters
related to virtual sessions are added when virtualization is running on
the Windows Server 2008 R2 host. These counters are shown in Figure 1.
The performance counters related to virtualization include the following:
The Virtual session object
and its counters are available only when a virtual machine is running.
Counters can be applied to all running virtual sessions or to a specific
virtual session.
