Tip

Hidden gems in Windows Server 2008 R2's Resource Monitor tool

Microsoft introduced a new performance monitoring tool in Windows Server 2008 called the Resource Monitor. But what not too many people know is that significant enhancements

Requires Free Membership to View

were made to the tool with Windows Server 2008 R2 (and Windows 7). Many of the new features are what you would expect to find from downloading a Sysinternals tool like Process Explorer.

Have you ever wondered how to determine what handles a particular process may have open? Or how do you determine what registry keys an application may be accessing? Another big mystery is how you determine what a non-responsive process is waiting for rather than killing the application and starting over.

Resource Monitor Overview The Resource Monitor is a graphical tool used to display the system activity including CPU, memory, disk, and network utilization. It includes a general overview with charts displaying each of these resources, allowing you to visualize the activity. It also provides a tabular display of process metrics for each of these resources.

The Resource Monitor can be started several different ways; from the Start button by running the ResMon.exe, from within the Task Manager on the Performance tab, or via the Server Manager under Diagnostics and Performance. With the initial release of the Resource Monitor in Windows Server 2008, it essentially provided the same functionality as the Task Manager as seen below.

Fig. 1: Resource Monitor interface in Windows Server 2008 (Click to enlarge)

New Features
All of that has changed with Windows Server 2008 R2. Right off the bat, you’ll notice many new charts illustrating activity for each of the resources. By just clicking a resource tab, you’ll be presented with a variety of charts specific to each resource. For example, by selecting the Disk resource as seen below, several charts are graphed including overall disk utilization, and a per-disk queue length to determine how busy each disk is. This allows you to quickly visualize the utilization of all your resources with just a few mouse clicks.

Fig. 2: Disk resource display in Windows Server 2008 R2 (Click to enlarge)

Another major difference is the flexibility that the Resource Monitor now allows you; it is possible to select processes and drill down to the details. For example, with the CPU resource tab, you can select one or more processes and display all the associated handles including directories, files, registry keys, mapped sections, events, and more. You can also see all the associated modules such as images and dynamic link libraries (DLLs) that are mapped to each process. Each of the metrics (columns) can be sorted by clicking the header allowing you to quickly find the information you are looking.

A new “search” feature has also been added allowing you to search for a particular handle of interest. This can be very useful when trying to determine what process or application is locking a particular file or registry key. The search feature is not case sensitive and does not support wildcards. In the past, tools such as Regmon and Filemon were used to get this information, or even more drastic measures such as forcing a crash dump and analyzing it with the debugger. The McShield anti-virus process has been selected and all the associated handles and modules are displayed (Figure 3).

Fig. 3: Resource Monitor search feature (Click to enlarge)

Perhaps the top new feature is the “Analyze Wait Chain” functionality. This feature helps determine why a non-responsive process is waiting. Typically, a process may be waiting for a variety of reasons such as I/O requests to complete, a system resource to become available, events to occur, or blocking locks to be released. This can be perfectly normal. However, if a process should stall or become non-responsive, it may be the result of another process or thread causing it to wait.

Rather than stopping the non-responsive process, you can now use the Resource Monitor to analyze the wait chain. This can be accomplished by selecting the process in either the Overview or the CPU tab, right-clicking the process, and selecting “Analyze Wait Chain….” If any processes or threads are causing the selected process to wait, they will be displayed with their corresponding process and thread ID. You can then select these processes or threads and choose the “End Process” button to terminate them. This may allow the waiting process to continue executing as expected without having to restart it.

Keep in mind that it is normal for some processes to be waiting on others. So don’t be too quick to pull the trigger. The Resource Monitor will display non-responding processes in red to help you focus on those processes that are truly blocking or waiting. To dig even deeper as to why a process may be blocking another, it may be necessary to force a process memory dump for further analysis. The example below illustrates the “Analyze Wait Chain” feature on the Cluster Server process showing two threads waiting on network I/Os to occur.

Fig. 4: Analyze Wait Chain feature (Click to enlarge)

It is very encouraging to see new features and functionality evolving with performance and troubleshooting tools that are built into the Windows operating system. All too often you need to download a freeware or shareware tool to get a particular task accomplished. The Resource Monitor is now becoming a valuable addition to the Windows Server admin toolbox and hopefully it continues to evolve.

ABOUT THE AUTHOR
Bruce Mackenzie-Low MCSE/MCSA
is a Systems Software Engineer with Hewlett Packard providing 3rd level worldwide support on Microsoft Windows based products including Clusters and Crash Dump Analysis. With over 25 years of computing experience at Digital, Compaq and HP, Bruce is a well known resource for resolving highly complex problems involving clusters, SAN’s, networking and internals. He has taught extensively throughout his career leaving his audience energized with his enthusiasm for technology.

This was first published in November 2011

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.