Microsoft introduced a new performance monitoring tool in Windows Server 2008 called the Resource Monitor. But what not too many people know is that significant enhancements
Have you ever wondered how to determine what handles a particular process may have open? Or how do you determine what registry keys an application may be accessing? Another big mystery is how you determine what a non-responsive process is waiting for rather than killing the application and starting over.
Resource Monitor Overview The Resource Monitor is a graphical tool used to display the system activity including CPU, memory, disk, and network utilization. It includes a general overview with charts displaying each of these resources, allowing you to visualize the activity. It also provides a tabular display of process metrics for each of these resources.
The Resource Monitor can be started several different ways; from the Start button by running the ResMon.exe, from within the Task Manager on the Performance tab, or via the Server Manager under Diagnostics and Performance. With the initial release of the Resource Monitor in Windows Server 2008, it essentially provided the same functionality as the Task Manager as seen below.
All of that has changed with Windows Server 2008 R2. Right off the bat, you’ll notice many new charts illustrating activity for each of the resources. By just clicking a resource tab, you’ll be presented with a variety of charts specific to each resource. For example, by selecting the Disk resource as seen below, several charts are graphed including overall disk utilization, and a per-disk queue length to determine how busy each disk is. This allows you to quickly visualize the utilization of all your resources with just a few mouse clicks.
Another major difference is the flexibility that the Resource Monitor now allows you; it is possible to select processes and drill down to the details. For example, with the CPU resource tab, you can select one or more processes and display all the associated handles including directories, files, registry keys, mapped sections, events, and more. You can also see all the associated modules such as images and dynamic link libraries (DLLs) that are mapped to each process. Each of the metrics (columns) can be sorted by clicking the header allowing you to quickly find the information you are looking.
A new “search” feature has also been added allowing you to search for a particular handle of interest. This can be very useful when trying to determine what process or application is locking a particular file or registry key. The search feature is not case sensitive and does not support wildcards. In the past, tools such as Regmon and Filemon were used to get this information, or even more drastic measures such as forcing a crash dump and analyzing it with the debugger. The McShield anti-virus process has been selected and all the associated handles and modules are displayed (Figure 3).
Perhaps the top new feature is the “Analyze Wait Chain” functionality. This feature helps determine why a non-responsive process is waiting. Typically, a process may be waiting for a variety of reasons such as I/O requests to complete, a system resource to become available, events to occur, or blocking locks to be released. This can be perfectly normal. However, if a process should stall or become non-responsive, it may be the result of another process or thread causing it to wait.
Rather than stopping the non-responsive process, you can now use the Resource Monitor to analyze the wait chain. This can be accomplished by selecting the process in either the Overview or the CPU tab, right-clicking the process, and selecting “Analyze Wait Chain….” If any processes or threads are causing the selected process to wait, they will be displayed with their corresponding process and thread ID. You can then select these processes or threads and choose the “End Process” button to terminate them. This may allow the waiting process to continue executing as expected without having to restart it.
Keep in mind that it is normal for some processes to be waiting on others. So don’t be too quick to pull the trigger. The Resource Monitor will display non-responding processes in red to help you focus on those processes that are truly blocking or waiting. To dig even deeper as to why a process may be blocking another, it may be necessary to force a process memory dump for further analysis. The example below illustrates the “Analyze Wait Chain” feature on the Cluster Server process showing two threads waiting on network I/Os to occur.
It is very encouraging to see new features and functionality evolving with performance and troubleshooting tools that are built into the Windows operating system. All too often you need to download a freeware or shareware tool to get a particular task accomplished. The Resource Monitor is now becoming a valuable addition to the Windows Server admin toolbox and hopefully it continues to evolve.
ABOUT THE AUTHOR
Bruce Mackenzie-Low MCSE/MCSA is a Systems Software Engineer with Hewlett Packard providing 3rd level worldwide support on Microsoft Windows based products including Clusters and Crash Dump Analysis. With over 25 years of computing experience at Digital, Compaq and HP, Bruce is a well known resource for resolving highly complex problems involving clusters, SAN’s, networking and internals. He has taught extensively throughout his career leaving his audience energized with his enthusiasm for technology.
This was first published in November 2011