CHAPTER 18

            WINDOWS NT TROUBLESHOOTING TOOLS

 

 

Lesson 1:  Diagnostic Tools

 

The system provides the following tools used for troubleshooting:

 

• Event Viewer
• Windows NT Diagnostics
• Performance Monitor
• Network Monitor
• System Recovery

 

 

EVENT VIEWER:         **** SAS ***

 

·        System log is at the (systemroot\System32\Conifig\Sysevent.evt

·        Security log  is at the (systemroot\System32\Config\Secevent.evt

·        Application Log is at the (systemroot\System32\Config\Appevent.evt

 

Make sure you have hard copies because it is purged after so many days.

 

 

Archiving Log Files:

 

You can archive an event log, you can save it in one of the three file formats:

 

Log file format.  This format enables you to view the archived log again in Event Viewer.

 

Text file format.  This format enables you to present the information in a text-oriented

application, such as a word processor.

 

Comma-delimited text file format.  This format enable you to manage the information with an

application, such as a spreadsheet or database.

 

 

 

Windows NT Diagnostics:

 

Windows NT Diagnostics (Winmsd.exe) is a tool that slows computer hardware and operating

system data stored in the Windows NT registry.  The Winmsd.exe is located in the

systemroot\System32 directory.

 

 

======================================================================

 

wntsup18.html                                                PAGE 2                                                      2001/11/16

 

 

 

Performance Monitor Utility:

 

Performance Monitor enables you to look at resources for specific components and application

processes through a dynamic display.  These dynamic charts can be saved as logs or reports.  You can

gauge your computers efficiency, identify and troubleshoot possible problems and plan for additional

hardware needs.

Charts live data.

 

The resources it reviews is hard drive, RAM, network, CPU

 

 

System Processor Queue Length:

 

The number of threads shown by the processor queue length is an indicator of system performance

because each thread requires a certain number of processor cycles.

 

 

System Recovery:

 

When a severe error (called STOP error, or fatal system error or blue screen) occurs, Windows

NT allows you to configure the way your system responds.

 

 

Lesson 2:  Resources for Troubleshooting:

 

• Classmates, and co-workers
• Msdn , Microsoft download network.
• Technet, every question ever asked about computers problems
• News Groups
• Chat lines, although be careful.

 

 

If you want recoverability, the swap file must be on the boot partition.

 

Redo the boot.ini, if it crashed add the /crashdump.

Another switch is the /crashdebug.

 

 

Summary:

 

•   In order to help you troubleshoot your system and your network, Windows NT provides the

following tools:  Event Viewer, Windows NT Diagnostics, Performance Monitor, Network

Monitor and System Recovery

 

 

 

======================================================================

 

wntsup17.html                                                PAGE 3                                                      2001/11/15

 

 

 

•   Even Event Viewer provides information about events such as errors, warnings, and the

success or failure of tasks that are maintained in an event log.  An event log is any potentially

significant occurrence in the system (or in an application).  With an event log and the Event

Viewer, you can troubleshoot various hardware and software problems and monitor

Windows NT security events.

•   Windows NT records three kinds of logs:  system, security, and application logs.  System logs

record information about the failure of a driver, or other system component.  Security logs

record information about valid and invalid logon attempts and events related to resource use

such as creating, opening and deleting files.  Application logs record information about

applications.

•   Windows NT Diagnostics (WINmsd.exe) is a tool that shows computer hardware and

operating system data stored in the Windows NT registry.

•   Performance Monitor enables you to look at resource use for specific components and

application processes through a dynamic display.  These dynamic charts can be saved as logs

or reports.  With Performance Monitor, you can gauge your computer’s efficiency, identify

and troubleshoot possible problems, and plan for additional hardware needs.  You can also

use alerts to notify you when resource use reaches a specifies value.

•   Network Monitor is used to capture and display frames (also called packets) to detect and

troubleshoot problems on LANs.  For security reasons, Network Monitor captures only

those frames, including broadcast frames and multicast frames, that are sent to or from the

local computer.

•   System Recovery allows you to configure the way your system responds when a STOP

error occurs.  You can configure the following System Recovery options:  write an event

to the system log, send an administrative alert, write a debug file that contains a dump of

system memory when a STOP error occurs, and restart the system automatically, instead

of requiring a manual reboot.

•   Microsoft provides various resources, such as TechNet and MSDL, which you can use

to get troubleshooting information about Microsoft products.  You can also use the

Internet to access one of the Microsoft Web Sites, such as www.microsoft.com, to access

the most recent information, as well as to download software, including drivers and Service Packs.