about:blank

Module 12: Managing, monitoring, and maintaining

virtual machine installations

Contents:

Lesson overview and deployment options

Lesson 2: Update management process with WSUS

Lab A: Implementing WSUS and deploying updates

Lesson 3: Overview of Windows PowerShell DSC

Lesson Windows Server 2016

Lesson Performance Monitor

Lesson logs

Lab B: Monitoring and troubleshooting Windows Server 2016

Module review and takeaways

Module

Windows Services (WSUS) improves updates to

Microsoft products in a timely infrastructure to
download, approve security updates. Applying security updates quickly
helps prevent security incidents resulting from known vulnerabilities. When
implementing WSUS, you must keep in mind the WSUS hardware and software

1 of 98 3/12/2019, 1:31 PM
 about:blank

requirements, the settings to configure, and the updates to approve or remove

according to your organization’s needs.

Monitoring and troubleshooting processes are important because they allow

administrators to provide performance-optimized IT infrastructures. Monitoring
processes can improve your ability to identify, troubleshoot, and repair issues before
end designing a comprehensive solution for
your reduce end-user problems potentially serious
issues.

When an event that affects system occurs, you must

be able to resolve the problem quickly and efficiently. With so many variables and
components in the modern network environment, the ability to determine the root
cause quickly often depends on having an effective performance-monitoring
methodology and toolset. You can use performance-monitoring tools to identify
components additional tuning and troubleshooting, improving your
servers’

After Server 2016 operating make sure

that efficiently by maintaining a module
describes and troubleshoot a Windows environment.

Objectives
After completing this module, you will be able to:

• Describe WSUS and the requirements WSUS.

• Manage with WSUS.

• Describe benefits of Windows State

Configuration (DSC).

• Describe the monitoring tools available in Windows Server 2016.

2 of 98 3/12/2019, 1:31 PM
 about:blank

• Use Performance Monitor.

• Manage event logs.

Lesson 1: WSUS overview and deployment options

The central management Windows

computers. you can create a more environment in
your the overall update on your
network. introduces you to WSUS, and features of the
WSUS server role.

Lesson objectives
After completing this lesson, you will be able to:

• Describe

• Describe deployment options.

• Explain update management process.

• Identify the server requirements for WSUS.

• Describe how to configure clients to use WSUS.

What

3 of 98 3/12/2019, 1:31 PM
 about:blank

WSUS is a server role included in Windows Server 2016 that downloads and
distributes clients and servers. updates that
are applicable system and common such as
Microsoft and Microsoft SQL

In the configuration, a small organization WSUS server

that downloads updates from Microsoft Update. The WSUS server then distributes
the updates to computers that are configured to obtain automatic updates from the
WSUS server. You must approve the updates before clients can download them.

Larger a hierarchy of WSUS scenario, a

single server obtains updates and other
WSUS from the centralized

You can computers into groups to simplify updates. For

example, you can configure a pilot group to be the first set of computers that you use
for testing updates.

4 of 98 3/12/2019, 1:31 PM
 about:blank

WSUS can generate reports to help monitor update installation. These reports can
identify which computers have not recently applied the approved updates. Based on
these reports, you can investigate why updates are not being applied.

WSUS server deployment options

Before installing and configuring WSUS servers, you must consider how to deploy
WSUS in your environment. WSUS implementations vary in size and configuration
depending on your network environment and how you want to manage updates. You
can have a single WSUS server for your entire organization, multiple WSUS servers
acting independently, or multiple WSUS servers connected to each other in a
hierarchy.

Single

The implementation of WSUS uses a server, inside your

network, connecting to Microsoft Update to download updates through a firewall. In
some scenarios, there might be a proxy server between the WSUS server and the

5 of 98 3/12/2019, 1:31 PM
 about:blank

Internet. Then the WSUS server uses port 8530 for HTTP communication, and port
8531 for HTTPS. You must ensure that your firewall has the rules needed to allow the
server to connect to Microsoft Update. This basic scenario is common in small
networks with a single physical location.

Multiple WSUS servers

If your several isolated physical need to

implement each location. Then individual
server think of this scenario server per
physical Although this is a valid option, it substantially more
administrative effort, especially as the number of physical locations grows. You must
download updates to each server separately, approve updates on each server
individually, and manage WSUS clients so that they receive updates from the correct
WSUS server. In this scenario, each WSUS server has its own connection to the
Internet from Microsoft Update.

You servers for organizations number of

physical physical location management team.
You for a single physical many clients
to for server to manage, and place in a Network
Load Balancing (NLB) cluster.

Additional Reading: For more information about capacity requirements for

WSUS servers, refer to “Determine Capacity Requirements” at: http://aka.ms

Disconnected

A disconnected server is a server that does Microsoft Update

over the Internet or receive its updates from any other server in the network. Instead,
this server receives its updates from removable media generated on another WSUS

6 of 98 3/12/2019, 1:31 PM
 about:blank

server.

A disconnected WSUS server is commonly used in remote environments where

Internet connectivity is either limited or extremely expensive. You can use a WSUS
server in a different location to synchronize with Microsoft Update, export the updates
to portable media, and then ship the portable media to the remote location to be
imported WSUS server.

WSUS

All the mentioned above involve an independently managed WSUS server

that connects directly to Microsoft Update or receives its updates in a disconnected
manner. However, in larger organizations with multiple physical locations, you might
want the ability to synchronize with Microsoft Update on one server. You might also
want to push the updates to servers in different locations over your network, and
approve location.

WSUS you to:

• Download servers that are closer to servers in branch

offices.

• Download updates once, to a single server, and then replicate the updates over
your network to other servers.

• Separate WSUS servers based on the language their clients use.

• Scale organization that has than a single

WSUS

In a WSUS hierarchy, there are two types

• Upstream servers. Upstream servers connect directly to Microsoft Update to

7 of 98 3/12/2019, 1:31 PM
 about:blank

retrieve updates, or are disconnected and receive updates by using portable

media.

• Downstream servers. Downstream servers receive updates from a WSUS

upstream server.

You servers in two modes:

• Autonomous Autonomous mode, or distributed allows a

downstream retrieve updates from an while maintaining
administration of the updates locally. In this scenario, the downstream server
maintains its own set of computer groups, and administrators can approve
updates independent of the approval settings in the upstream servers. This allows
a different group of administrators to manage updates at their locations, and only
use the upstream server as a source of download updates.

• Replica mode, or centralized administration downstream

server computer group membership
approvals server. In this scenario,
administrators manage updates for the entire addition,
downstream in different physical offices updates and
management data from an upstream server.

You can have multiple layers in your WSUS hierarchy and configure some of your
downstream autonomous mode, mode to
configure instance, you can have server,
connected downloading updates organization.
Then downstream servers in autonomous manages
updates running software in English, for all computers
running software in Spanish. Finally, you can have another set of downstream
servers receiving their updates from the middle-tier WSUS servers, configured in

8 of 98 3/12/2019, 1:31 PM
 about:blank

replica mode. These are the actual servers that clients receive updates from, but all
the management occurs the middle tier.

Note: You can configure downstream servers to download update information

or metadata from an upstream server, and to download the actual updates
from Microsoft Update. This is a common configuration when the downstream
Internet connectivity and area

WSUS

WSUS stores information about updates, computer groups, and approvals in a

database. WSUS can use two types of databases:

• Windows Internal Database (WID). This is the default setting for a WSUS
database. WSUS by using a SUSDB.mdf is
created WSUS uses in the folder. We
recommend for:

o single WSUS server that

o Environments with multiple independent WSUS servers in different physical

locations.

• SQL Server database. If SQL Server is available in your environment, you can use
it to store the data that WSUS uses. You can use SQL Server tools to access the
WSUS database management purposes. SQL
Server the following scenarios:

o a WSUS NLB cluster.

o require database administrators ( manage all

databases that the organization uses.

9 of 98 3/12/2019, 1:31 PM
 about:blank

The WSUS update management process

The process enables you to WSUS and

the updates This process is a continuous which you
can reassess WSUS deployment to The four
phases management process are:

• Assess

• Identify

• Evaluate and plan

• Deploy

The

The goal of the assess phase is to set up a production environment that supports

10 of 98 3/12/2019, 1:31 PM
 about:blank

update management for routine and emergency scenarios. The assess phase is an
ongoing process that you use to determine the most efficient topology for scaling the
WSUS components. As your organization changes, you might need to add more
WSUS servers in different locations.

The identify phase

During identify new updates determine

whether your organization. You retrieve
all updates retrieve only specific WSUS also
identifies are relevant to the registered

The evaluate-and-plan phase

After relevant updates have been identified, you need to evaluate whether they work
properly Updates might cause
combinations your environment.

To evaluate should have a test environment apply

updates functionality. During this identify
dependencies required for an update to function properly, and you can plan
any changes that you need to make. You can achieve this if you use one or more
computer groups for testing purposes. For instance, you might have a computer
group with client computers that run all the operating systems and applications that
you update by using WSUS. You can use another computer group for servers that
run the and operating systems WSUS.
Before the entire organization, to these
computer and, after making sure deploy
them

The deploy phase

11 of 98 3/12/2019, 1:31 PM
 about:blank

After you have thoroughly tested an update and determined any dependencies, you
can approve the update for deployment in the production network. Ideally, you should
approve the update for a pilot group of computers before approving the update for the
entire organization. You can also configure WSUS to use automatic updates. The
next lesson discusses automatic updates.

Server for WSUS

You can use Server Manager to install and configure the WSUS server role.
However, to be able to implement WSUS, your server must meet minimum hardware
and software requirements.

WSUS 2016 requires the following

• Internet Services (IIS), installed automatically previously

installed.

• Microsoft .NET Framework 4.6 or newer, installed automatically if not previously

12 of 98 3/12/2019, 1:31 PM
 about:blank

installed.

• Microsoft Report Viewer 2008 Redistributable or newer, installed automatically if

not previously installed.

• SQL Server 2012 with service pack 1 (SP1), SQL Server 2012, SQL Server 2008
R2 SP2, SQL Server 2008 R2 SP1, or WID.

The requirements for WSUS the

minimum requirements for Windows Server However,
you must space as part of your deployment. server requires
approximately 10 gigabytes (GB) of disk space, and you should allocate at least 40
GB of disk space for the downloaded updates. A WSUS server should also have a
1.4-gigahertz (GHz) or faster x64 processor and at least 2 GB of random access
memory (RAM).

A single support thousands of single

WSUS RAM and dual quad-core to
100, most cases, an organization clients will
have servers to reduce the load on

Configuring clients to use WSUS

13 of 98 3/12/2019, 1:31 PM
 about:blank

You can configure computers to use a WSUS server instead of defaulting to Microsoft
Update. use a Group Policy manually
change individual computer. GPO
because configure clients. configures
computers server, follow these steps:

1. Open Server Manager on a domain controller, and then from the Tools menu,
click Group Policy Manager.

2. In the Group Policy Manager window, in the navigation pane, expand your
forest, right-click your domain, and then click Create a GPO in this domain,

your WSUS environment, to create

different sites, instead entire

14 of 98 3/12/2019, 1:31 PM
 about:blank

3. In the New GPO dialog box, in the Name text box, type a name for your GPO,
and then click OK.

4. Right-click the GPO you just created, and then click Edit.

5. In Group Policy Management Editor, expand Computer

Configuration\Policies\Administrative Templates\Windows
Update.

6. double-click Configure

7. Automatic Updates dialog

8. Select one of the following options:

o 2 – Notify for download and notify for install.

o 3 - Auto download and notify for install.

and schedule the

admin to choose setting.

9. you can select a simple the

scheduled install time. The day at 3:00 AM.
After specifying the Automatic Updates settings, click OK.

10. In the details pane, double-click Specify intranet Microsoft update service
location.

11. Microsoft update service box, select

12. update service for box, type

server, followed by the For
server is named LON-SVR1 HTTP, the URL
would be http://LON-SVR1:8530.

15 of 98 3/12/2019, 1:31 PM
 about:blank

13. In the Set the Intranet statistics server text box, type the URL of the WSUS
server as specified in the step above, and then click OK.

14. Close Group Policy Management Editor.

After GPO settings are applied the

Windows will run continuously agent is
responsible updates from WSUS and updates.

Scheduling updates

Microsoft introduced a feature in Windows 8 and Windows Server 2012 named

Automatic Maintenance. Automatic Maintenance reduces the usage of system
resources because it eliminates the need for the Windows Update Agent to run
constantly in the background. Instead, Automatic Maintenance uses a scheduled
task Automatic Maintenance
maintenance performing hard running
antivirus updates.

advantage of the Automatic feature in Windows

8 and Windows Server 2012 and newer operating systems, configure your
GPO by selecting the 4 – Auto download and schedule the install option,
and then selecting the Install during automatic maintenance check box in
the Configure Automatic Updates setting.

When Maintenance, the scheduled and

downloads available to the client, along for the
computer. can select from all the is set, and
you have the automatic maintenance Windows Update
Agent to run at the time of the deadline that the update
installs.

16 of 98 3/12/2019, 1:31 PM
 about:blank

Deferring Windows updates

Beginning with Windows 10 and Windows Server 2016, you can choose to delay
updates for up to one month. Use the Computer Configuration\Policies
\Administrative Templates\Windows Components\Windows Update\Defer
Upgrades and Updates setting to configure update deferment.

Check

Discovery
What are some benefits of using WSUS to manage Windows updates?

Show solution Reset

Lesson 2: Update management process with WSUS

This and benefits of deploying WSUS to

client you can configure downloaded,
approved, automatically, without an Alternatively,
you can control over the update process monitored
environment in which to deploy updates. You can perform testing on an isolated test
computer group before approving an update for deployment in your entire
organization.

Lesson objectives
After you will be able to:

• Explain WSUS.

• Identify groups in WSUS.

• Describe the options for approving WSUS updates.

17 of 98 3/12/2019, 1:31 PM
 about:blank

• Describe how to configure the Automatic Updates feature to use WSUS.

• Deploy updates by using WSUS.

• View WSUS reports.

• Troubleshoot WSUS.

WSUS

The WSUS administration console is a Microsoft Management Console (MMC) snap-

in that administer WSUS. You can

• Identify updates.

• Approve deployment.

• Organize computers into groups.

18 of 98 3/12/2019, 1:31 PM
 about:blank

• Review the update status of computers.

• Generate reports.

Monitoring is an essential part of maintaining a service. WSUS logs detailed health

information addition, you can pack to
facilitate System Center 2012
(Operations newer.

Controlling client computers

Client computers perform updates according to either manual configuration or, in

most Active Directory Domain Services (AD DS) environments, Group Policy. In
some cases, you might want to initiate the update process outside of the normal
update schedule. You can use the wuauclt.exe tool to control the auto-update
behavior client computers. The initiates the
detection Windows Update source:

Wuauclt. /detectnow

Administration with Windows PowerShell

In Windows Server 2016, WSUS includes Windows PowerShell cmdlets that you can
use to server. The following

Cmdlet Description

Add-WsusComputer Adds a specified client computer target group.

Add-WsusDynamicCategory Adds a dynamic category to a WSUS server.

Approve-WsusUpdate Approves an update to be applied to clients.

19 of 98 3/12/2019, 1:31 PM
 about:blank

Cmdlet Description

Deny-WsusUpdate Declines the update for deployment.

Get-WsusClassification Gets the list of all WSUS classifications currently available in the
system.

Get-WsusComputer Gets the WSUS computer computer.

Get-WsusDynamicCategory Gets dynamic categories

Get-WsusProduct Gets the list of all products by category.

Get-WsusServer Gets the value of the WSUS

Get-WsusUpdate Gets the WSUS update object with details about the update.

Invoke-WsusServerCleanup Performs the process of cleanup on a specified WSUS server.

Remove-WsusDynamicCategory Removes a dynamic category from a WSUS server.

Set-WsusClassification Sets whether specific classifications of updates will be synchronized

or not.

Set-WsusDynamicCategory Sets the synchronization

Set-WsusProduct Sets whether a specific updates

will be synchronized.

Set-WsusServerSynchronization Sets whether the WSUS synchronizes Microsoft Update

or from an upstream server, and if it uses the upstream server’s
properties.

What are computer groups?

20 of 98 3/12/2019, 1:31 PM
 about:blank

Computer groups provide a way to organize the computers to which a WSUS server
deploys computer groups that exist Computers
and New computers that server are
assigned groups.

computer groups are separate groups.

You can create custom computer groups for controlling how updates are applied.
Typically, custom computer groups contain computers with similar characteristics. For
example, custom computer group in your
organization. create a custom computer where you
first deploy You would also typically separately
from

Manually assigning computers to a custom computer group, called server-side

targeting. You can also use client-side targeting to assign computers to a custom
computer group. To use client-side targeting, you need to configure a registry key or

21 of 98 3/12/2019, 1:31 PM
 about:blank

GPO for the computer that specifies the custom computer group to be joined, during
initial registration with the WSUS server.

Server-side targeting enables administrators to manage WSUS computer group

membership manually. This is useful when the AD DS structure does not have logical
groups of client computers or when you need to move computers between groups for
testing Client-side targeting is
organizations automated assignment assignments
for computers.

Approving updates

The WSUS does not automatically updates for

application Although it is possible to automatically, we
do not practice for approving the
updates environment, then test the updates and only then
update the production environment. This process reduces the risk of an update
causing an unexpected problem in your production environment. You would perform

22 of 98 3/12/2019, 1:31 PM
 about:blank

this process by approving updates for specific groups of computers before approving
the update for the All Computers group.

Some updates are not considered critical and do not have any security implications.
You might decide not to implement some of these updates. For any updates that you
decide not to implement, you can decline the update. After an update is declined, it is
removed updates on the WSUS server,

If you that it is causing problems, WSUS to

remove this is possible only supports
removal. support removal.

You can determine if an update has been superseded by another update by looking
at the update's details. Superseded updates are typically no longer necessary,
because a newer update also includes the changes in this update. Superseded
updates default because, in some required.
For example, might be required running the
latest

Configuring automatic updates

23 of 98 3/12/2019, 1:31 PM
 about:blank

When you enable the Automatic Updates feature on a server, the default
configuration downloads updates from installs
them. implemented WSUS, you should clients to obtain
updates WSUS server instead.

A registry the location from which Automatic obtains updates.

Although it is possible to configure the registry key manually by using the Microsoft
Registry Editor (REGEDIT) tool, we do not recommend this method except when the
computer is not in a domain. If a computer is in a domain, it is much more efficient to
create a GPO that configures the registry key.

For AD DS typically configure GPO as

discussed “Configuring clients

In addition the source for updates, GPO to

configure the following settings:

24 of 98 3/12/2019, 1:31 PM
 about:blank

• Update frequency. This setting determines how often the updates are detected.

• Update installation schedule. This setting determines when updates are

installed. When updates cannot be installed at the scheduled time, this setting
also determines when updates are rescheduled.

• Automatic restart behavior. This setting determines whether the computer will
restart required to do so by an

• Default WSUS. This setting computer group

in registered during WSUS.

Demonstration: Deploying updates by using WSUS

In this demonstration, you will see how to:

• Approve

• Deploy

Demonstration steps

1. On LON-SVR2, open the Windows Server Update Services console.

2. Approve the Cumulative Update for Windows 10 Version 1607 for x64-
based Systems (KB3201845) update.

WSUS

25 of 98 3/12/2019, 1:31 PM
 about:blank

WSUS provides a series of reports that you can use to manage your WSUS
environment. divided into three categories:

• Update reports related to the WSUS,

including

o Update Status Summary. Shows a summary of the update status.

o Update Detailed Status. Shows details of each update status. Each page
shows a single update, with a list of computers for that update.

o Update Tabular Status. Shows a summary of update status in tabular view.

o Approved Updates. update

updates in a tabular view.

• Computer reports related to computers computer groups that

WSUS manages, including the following:

o Computer Status Summary. Shows a summary of computer status.

26 of 98 3/12/2019, 1:31 PM
 about:blank

o Computer Detailed Status. Shows details of each computer status. Each page
shows the updates for a single computer.

o Computer Tabular Status. Shows a summary of computer status in a tabular

view.

o Computer Tabular Status for Approved Updates. Shows of

approved updates in a

• Synchronization Shows reports related update

data,

o Synchronization Results. Shows the results synchronization.

Although you will be able to see these reports in the Update Services console right
after installing WSUS, the reports will not be available until you configure your server
to support configure your server the
following

1. server by using an account administrative rights.

2. Manager, click Add roles and

3. In the Add Roles and Features Wizard window, in the Before you begin
page, click Next.

4. On the Installation type page, click Next.

5. destination server page, click

6. page, click Next.

7. page, select .NET Framework and then click

Next.

8. On the Confirmation page, click Specify alternate source path.

27 of 98 3/12/2019, 1:31 PM
 about:blank

9. On the Specify Alternate Source Path page, in the Path text box, type the
path to the location containing the SxS files, and then click OK.

10. On the Confirmation page, click Install.

11. After the installation is complete, in the Confirmation page, click Close.

12. from the Tools menu, Update

13. window, under the Reports.

14. click any report.

15. In the Feature Unavailable dialog box, click Microsoft Report Viewer 2008
Redistributable.

16. In Internet Explorer, click Download.

17. in Internet Explorer,

18. Viewer Redistributable 2008 dialog box,

Finish.

WSUS troubleshooting

28 of 98 3/12/2019, 1:31 PM
 about:blank

After configuring your WSUS environment, you might find problems that you need to
address. be simple to handle, require you to
use special Here is a list of common might
encounter WSUS environment:

• Computers appear in WSUS. This results misconfiguration of the

client computer, or a GPO that is not applied to the client computer.

• The WSUS server stops with full database. When this happens, you will notice a
SQL Server dump file (SQLDumpnnnn.txt) in the Logs folder for SQL Server.
This usually occurs because of index corruption in the database. You might need
help DBA to recreate indexes, reinstall
WSUS

• You WSUS. Verify network the client

can ports that WSUS uses, by using client tool.

• Other problems. Consider using the server diagnostics tool and the client

29 of 98 3/12/2019, 1:31 PM
 about:blank

diagnostics tool available from Microsoft.

Additional Reading: For more information on the downloadable tools and

utilities for WSUS and its components, refer to “Windows Server Update
Services Tools and Utilities” at: http://aka.ms/vz5zxz

and WSUS client available from

not supported tools. the
each tool before you use

Note: You can use the Get- Windows PowerShell cmdlets to retrieve server
settings and product settings, and to update settings during troubleshooting.

Check

Discovery
Why Group Policy to configure Windows WSUS?

Show solution Reset

Lab A: Implementing WSUS and deploying updates

Scenario

Adatum engineering and with its

head Kingdom. An IT office located in
London location and other Datum
has recently deployed Windows Server 2016 server infrastructure.

A. Datum has been applying updates manually to servers in a remote location. This

30 of 98 3/12/2019, 1:31 PM
 about:blank

has made it difficult to identify which servers have the updates applied and which do
not. This is a potential security issue. Your task is to automate the update process by
extending A. Datum’s WSUS deployment to include the branch office.

Objectives

After will be able to:

• Implement role.

• Configure

• Approve and deploy an update by using WSUS.

Lab setup

Estimated time: 60 minutes

Virtual 20740C-LON-DC1, 20740C-LON-SVR2

SVR4

User Adatum\Administrator

Password: Pa55w.rd

For this lab, you need to use the available virtual machine environment. Before you
begin complete the following steps:

1. the Start screen,

2. Manager, 20740C-LON-DC1 pane,

3. In the Actions pane, click Connect. Wait until the virtual machine starts.

31 of 98 3/12/2019, 1:31 PM
 about:blank

4. Sign in by using the following credentials:

• User name: Adatum\Administrator

• Password: Pa55w.rd

5. Perform steps 2 through 4 for 20740C-LON-SVR2, 20740C-LON-SVR4,

Exercise WSUS

Scenario

Your organization has a WSUS server called LON-SVR2, which is located in the
head office. You need to install the WSUS server role on LON-SVR4 at a branch
location. LON-SVR4 will use LON-SVR2 as the source for Windows Update
downloads. LON-SRV4 will use Database
for the

The are as follows:

1. Install the WSUS server role

2. Configure WSUS to synchronize with an upstream WSUS server

Detailed Steps

Detailed Steps

Result completing this exercise, you should implemented the Windows

Server Services (WSUS) server role.

32 of 98 3/12/2019, 1:31 PM
 about:blank

Exercise 2: Configuring update settings

Scenario

You need to configure the Group Policy settings to deploy automatic WSUS settings
to client computers. With the WSUS role configured on LON-SVR4 you must ensure
that the has its own computer LON-SVR4.
You computers in the Research unit (OU) to
use LON-SVR4 for updates.

The exercise are as follows:

1. Configure WSUS groups

2. Configure Group Policy to deploy WSUS settings

3. Group Policy settings

4.

Detailed Steps

Detailed Steps ▼

Detailed Steps ▼

Detailed Steps

Result exercise, you should settings

for

Exercise 3: Approving and deploying an update by using WSUS

33 of 98 3/12/2019, 1:31 PM
 about:blank

Scenario

After you have configured the Windows Update settings, you can view, approve, and
then deploy required updates. You want to use LON-CL1 as a test case for the
Research Department. You will approve, deploy, and verify an update on LON-CL1 to
confirm the proper configuration of the WSUS environment.

The are as follows:

1. for the Research computer

2. LON-CL1

3. Verify update deployment to LON-CL1

4. Prepare for the next lab

Detailed Steps

Detailed Steps

Detailed Steps

Detailed Steps ▼

Result: After completing this exercise, you should have approved and deployed an
update by using WSUS.

Lesson of Windows DSC

Windows DSC (Desired State Configuration) component of the

Windows Management Framework that Windows introduced.
Windows PowerShell DSC enables you to manage and maintain systems in a
scalable and standardized way by pushing or pulling declarative configurations.

34 of 98 3/12/2019, 1:31 PM
 about:blank

Lesson objectives
After completing this lesson, you will be able to:

• Describe the benefits of Windows PowerShell DSC.

• Describe the requirements for using Windows PowerShell DSC.

• Describe Windows PowerShell

• Describe troubleshoot Windows PowerShell

Benefits of Windows PowerShell DSC

Windows an extension of Windows Windows

Management Windows PowerShell 4. Windows
PowerShell Windows Server 2012 R2 and can use
Windows PowerShell DSC to manage and maintain systems by using declarative
configurations. This approach is unique because instead of creating a Windows

35 of 98 3/12/2019, 1:31 PM
 about:blank

PowerShell script to execute a sequence of commands (imperative approach), you

deploy a configuration that tells Windows PowerShell what you want to do
(declarative approach). With DSC, you do not need to worry about including error
handling or other logic, because the underlying automation framework handles that
automatically.

Imperative Windows Declarative Windows

PowerShell) PowerShell

Script performed. Configurations done.

Scripts Configurations understand.

Scripts will not rerun themselves and must be rerun Configurations reapply as necessary, at whatever
through an administrative action to re-apply interval you choose.
settings, if needed.

Scripts require custom logic to detect and correct Configurations use the logic built into DSC
configuration resources configuration drift.

DSC are the imperative author

configurations. includes resources manage
basic Windows operating system, services, files, and
registry settings. However, the real power of DSC anyone can
create resources. In addition, there are growing communities where you can share
and download DSC resources to configure a variety of applications and components
within your organization.

Because change unintentionally automatically

reapply configurations whenever it has
deviated DSC is also very utilize it in a
variety or small, and centralized DSC does
not require belong to an AD DS domain. DSC is standards-
based and is built around the Open Management Infrastructure (OMI) model.
Therefore, you can also use it to manage any operating system with an OMI-

36 of 98 3/12/2019, 1:31 PM
 about:blank

compliant Common Information Model (CIM) server, such as CentOS, or other

varieties of Linux.

Requirements for Windows PowerShell DSC

Authoring DSC configurations for your a multistep

process. These steps include:

1. Enable Windows Remote Management. Because DSC relies on Windows

Remote Management (WinRM), you have to ensure that WinRM listeners are
configured on the systems that you want to manage by using DSC. By default,
Windows Server 2012 but not on
10 clients. You can individual
Set-WSManQuickConfig leverage
the listener on systems

2. Configure the Local Configuration Manager. The Local Configuration Manager

(LCM) agent processes DSC configurations on the systems that you are

37 of 98 3/12/2019, 1:31 PM
 about:blank

managing. Before you begin deploying DSC configurations, you should

configure the LCM agent according to your needs. You can configure the LCM
by using a special Managed Object Format (MOF) file that sets the LCM-
specific parameters, and you can then apply the configuration by using the Set-
DscLocalConfiguration cmdlet. For most configurations, the default push
mode LCM configuration is sufficient. The following list describes some of the

LCM agent receives this mode.

RefreshMode is set to Push apply
by running the Start-DscConfiguration cmdlet on the local
system or on a remote system. A RefreshMode of Pull means that the
LCM agent regularly checks a remote HTTP server or Server Message
Block (SMB) share for configurations. You can also set RefreshMode to
Disabled, which prevents the LCM agent from applying any
configurations. Using DSC does not require configuring a pull server.
servers can be beneficial environments.

RefreshFrequencyMins. This is the time which the

remote HTTP server or configurations.
configured Push mode, this value default value is

c. ConfigurationMode. This mode indicates the action that the LCM agent
takes when applying configurations. By default, the LCM agent is
configured to ApplyAndMonitor, meaning that the LCM agent applies the
but only logs (and correct)
ConfigurationMode ApplyAndAutoCorrect
agent applies the corrects
automatically.

ConfigurationModeFreqencyMins. This interval, in minutes,

at which the LCM checks and (if necessary) reapplies configurations. By
default, this value is 15.

38 of 98 3/12/2019, 1:31 PM
 about:blank

3. Install desired modules. The modules developed for DSC are available in the
Windows PowerShell Gallery located at https://www.powershellgallery.com.
To install modules from the Windows PowerShell Gallery, you need the
PowerShellGet module, which Windows PowerShell 5.0 includes. Optionally,
you can install the PowerShellGet module for Windows PowerShell 4.0 by
downloading an MSI installer. The PowerShellGet module includes the Find-
Install-Module cmdlets needed the
Gallery. To install the
module, you can run

Install-Module -Name xComputerManagement

Running this command will create a new folder named

under the C:\Program Files\WIndowsPowerShell
necessary, you can copy manually to
does not have PowerShellGet necessary
cannot install PowerShellGet Internet
use a pull configuration, modules on
they will be downloaded required, to the
target system.

4. Create and compile a basic DSC configuration. After you have met all
prerequisites and installed the desired module(s) on the target servers that you
want to configure, begin authoring configuration scripts by using DSC
scripts do not actually
only a template that MOF file
pushes to or pulls from author
any Windows PowerShell The
called, much like a function, configuration data
into MOF files for each defined node.

39 of 98 3/12/2019, 1:31 PM
 about:blank

5. Deploy the configurations to the desired servers. After you have compiled the
configuration into a .mof file, you push the configuration to the LCM on the
target node by using the Start-DscConfiguration cmdlet. Running this
command invokes the LCM agent to process the configuration, and if
necessary, make changes on the target node. To deploy a configuration named
LON-SRV1.mof you run the following command:

Start-DscConfiguration –Wait –Verbose

LON-SRV1

You can run this command with the –Wait and –Verbose parameters to see the
detailed steps that the LCM agent on the target node is processing. Using these
parameters is essential when you troubleshoot configuration deployment. Any
time after you have deployed a configuration, you can run the Test-
DscConfiguration to verify if the target state.
will return True if the state,
not.

Implementing Windows PowerShell

40 of 98 3/12/2019, 1:31 PM
 about:blank

DSC configurations are Windows PowerShell scripts that define a function. To create
a configuration, Windows PowerShell in a .ps1
file:

Configuration 20740DscConfiguration {
Node "LON-SVR1" {
WindowsFeature MyFeatureInstance {
Ensure = "Present"
Name = "RSAT"
}
WindowsFeature My2ndFeatureInstance {
Ensure = "Present"
Name = "Bitlocker"
}
}
}

41 of 98 3/12/2019, 1:31 PM
 about:blank

Configuration syntax

The above example shows a simple configuration script. A configuration script

consists of at least three parts:

• The Configuration block. This is the outermost script block. You define it by using
the and providing a name. name of
the 2740DscConfiguration.

• One These define the nodes (

machines) are configuring. In the example above, there is
one Node block that targets a computer named LON-SVR1.

• One or more Resource blocks. This is where the configuration sets the properties
for the resources that it is configuring. In the example above, there are two
resource blocks, each of which call the WindowsFeature resource.

Within you can do anything Windows

PowerShell example above, you could the target
computer parameter:

Configuration 20740DscConfiguration {
param(
[string[]]$NodeName="localhost"
)
Node $NodeName {
WindowsFeature MyFeatureInstance {
Ensure = "Present"
Name = "RSAT"
}
WindowsFeature My2ndFeatureInstance {
Ensure = "Present"

42 of 98 3/12/2019, 1:31 PM
 about:blank

Name = "Bitlocker"
}
}
}

When configuration, you specify passing

the $NodeName The default value for localhost.

Compiling

Before you can use a configuration, you must compile it into a MOF file. You do this
by calling the configuration the same way that you would call a Windows PowerShell
function.

Note: To call a configuration, the function must be in the global scope (as with
any other Windows PowerShell function). You can make this happen either by
using “.\” when calling the configuration file, or by running the configuration file
by pressing F5 or clicking the Run Script button in Windows PowerShell
Integrated Scripting Environment (ISE). For example, to compile the first
example above, run the following command:

.\20740DscConfiguration.ps1.

When configuration, it creates:

• A directory with the same

• A NodeName.mof in the ConfigurationName where

NodeName name of the target node of the configuration. more than one
node is targeted, a MOF file will be created for each node.

43 of 98 3/12/2019, 1:31 PM
 about:blank

If the configuration takes a parameter, you must provide the parameter at compile
time. For the second example above, the command would be:

20740DscConfiguration -NodeName 'LON-SVR1'

Troubleshooting Windows PowerShell

There are two steps for troubleshooting Windows PowerShell DSC. First, you should
review the available logs. Then, you should recycle the DSC cache to clear any
scripts

Using DSC logs to diagnose

Windows DSC records errors and events accessible through

Event Viewer. Examining these logs can help you understand why a particular script
or operation failed, and how to fix and prevent the failure in the future. Writing

44 of 98 3/12/2019, 1:31 PM
 about:blank

configuration scripts can be complex and it can be difficult to track errors. Therefore,
use the DSC Log resource to track the progress of your configuration in the DSC
Analytic event log.

In Event Viewer, you can find DSC events in Applications and Services
Logs\Microsoft\Windows\Desired State Configuration You can also use the
Windows Get-WinEvent to view the
operational following command:

Get-WinEvent -LogName "Microsoft-Windows-Dsc/Operational"

As the example above shows, the Windows PowerShell DSC’s primary log name is
Microsoft-Windows-DSC. The primary name is appended to the channel name to
create the complete log name. The DSC engine writes mainly into three logs:
Operational, Debug. The analytic and off by
default, not show them, by Event
Viewer, click Windows Administrative then click
Event can start the Event Show-EventLog
in a Windows PowerShell window. On the View menu Viewer, click Show
Analytic and Debug Logs. The log name for the analytic channel is Microsoft-
Windows-Dsc/Analytic, and the debug channel is Microsoft-Windows-Dsc/Debug.
You could also use the wevtutil tool to enable the logs, as the following example
shows:

wevtutil. “Microsoft-Windows-Dsc/Analytic”
/e:

Windows PowerShell DSC logs are split over the three log channels based on the
importance of the message. The operational log contains all error messages, and can
help to identify a problem. The analytic log has a higher volume of events, and can

45 of 98 3/12/2019, 1:31 PM
 about:blank

identify where error(s) occurred. This channel also contains any verbose messages.
The debug log contains logs that can help you understand how the errors occurred.
Every Windows PowerShell DSC event message begins with a job ID that uniquely
represents a Windows PowerShell DSC operation.

Tools to analyze DSC logs

xDscDiagnostics Windows PowerShell module functions

that failures on a system: Trace-
xDscOperation functions can help you identify DSC
operations local or remote computers, credentials. Here,
the term DSC operation refers to a single unique DSC execution from its start to its
end. For example, Test-DscConfiguration would be a separate DSC operation.
Similarly, every other cmdlet in DSC (such as Get-DscConfiguration and Start-
DscConfiguration) could be identified as separate DSC operations. The
xDscDiagnostics Module (DSC Resource functions
in the

• Get-xDscOperation function lets you find operations

that multiple computers, and returns contains the
collection produced by each DSC operation.

• Trace-xDscOperation. This cmdlet returns an object containing a collection of

events, their event types, and the message output generated from a particular
DSC operation. Typically, when you find a failure in any of the operations by using
Get-xDscOperation would trace that operation the
events

How

The DSC engine caches resources implemented as a Windows PowerShell module

for efficiency purposes. However, this can cause problems when you are authoring

46 of 98 3/12/2019, 1:31 PM
 about:blank

and testing a resource simultaneously, because Windows PowerShell DSC will load
the cached version until the process restarts. The only way to make Windows
PowerShell DSC load the newer version is to explicitly end the process hosting the
Windows PowerShell DSC engine.

When you run Start-DscConfiguration after adding and modifying a custom

resource, might not execute unless computer. This is
because Windows Management Provider
Host usually, there are WmiPrvSE
running restart, the host process is
cleared.

To successfully recycle the configuration and clear the cache without restarting, you
must stop and then restart the host process. You can do this on a per-instance basis,
whereby you identify the process, stop it, and restart it.

To identify hosting the DSC engine per-instance

basis, ID of the WmiPrvSE DSC engine.
Then, stop the WmiPrvSE Start-
DscConfiguration again.

You can use the following commands to identify the process ID of the WmiPrvSE and
stop the host WmiPrvSE process:

###
### find the process that is hosting the DSC engine
###
$dscProcessID = Get-WmiObject msft_providers |
Where-Object {$_.provider -like 'dsccore'} |
Select-Object -ExpandProperty HostProcessIdentifier

###

47 of 98 3/12/2019, 1:31 PM
 about:blank

### Stop the process

###
Get-Process -Id $dscProcessID | Stop-Process

Check Your Knowledge

Discovery
How DSC help you manage

Show solution

Lesson 4: Overview of Windows Server 2016

monitoring tools

Windows a range of tools to system and

the applications You can use these system for
efficiency problems. Small and organizations can use
the monitoring Windows Server 2016 to monitor infrastructure.
However, organizations with a more complex infrastructure will need a
more complex monitoring and management solution, System Center 2016.

Lesson objectives
After completing this lesson, you will be able to:

• Describe Manager tool works.

• Describe Performance Monitor.

• Describe the Resource Monitor tool.

• Describe Reliability Monitor.

48 of 98 3/12/2019, 1:31 PM
 about:blank

• Describe the Event Viewer tool.

• Describe how to monitor other servers with the Server Manager tool.

Overview of Task Manager

Enhancements to Task Manager in Windows Server 2016 provide more information

to help you identify and resolve performance-related issues. Task Manager includes
the following tabs:

• Processes tab displays a list subdivided

into processes of the system. For
each tab displays a summary memory
usage.

• Performance Performance tab displays usage, memory

usage, and network statistics.

49 of 98 3/12/2019, 1:31 PM
 about:blank

• App history. The App history tab displays how much CPU time, network activity,
metered network activity, and network usage for tile updates and notifications have
been used by each running app in the current profile.

• Startup. Shows the applications that automatically start with the computer. This
also provides the ability to manage the startup applications.

• Users displays resource consumption basis. You

also view to see more detailed the specific
processes running.

• Details tab lists all the running processes server, providing

statistics about the CPU, memory, and consumption of other resources. You can
use this tab to manage the running processes. For example, you can stop a
process, stop a process and all related processes, and change the processes’
priority values. By changing a process’s priority, you determine how much of the
CPU’s resources the process can consume. By increasing the priority of a
process, process to request more

• Services provides a list of services and

related includes information is running
and the process identifier (PID) service. You can
start and stop services by using this list.

You might consider using Task Manager when a performance-related problem arises.
For example, you might examine the running processes to determine if a particular
program CPU resources. Always Manager
shows resource consumption, need to
examine determine a true picture performance and
response

Overview of Performance Monitor

50 of 98 3/12/2019, 1:31 PM
 about:blank

Performance Monitor enables you to view either current performance statistics or

historical gathered during a selected Windows Server
2016, operating system performance objects
and Windows Server 2016 types of data
from

• A real-time snapshot value.

• The total since the last computer startup.

• An average over a specific time interval.

• An

• The

• A

• A minimum value.

51 of 98 3/12/2019, 1:31 PM
 about:blank

Performance Monitor provides a collection of objects and counters that record data
about computer resource usage. There are many counters that you can research and
consider monitoring to meet your specific requirements.

The three components of Performance Monitor that you can use to view performance
data are:

• Monitoring allow you to configure and

counters performance data in real time, data in a
log

• Data collector sets. Data collector sets represent a custom set of performance
counters for monitoring specific technologies, such as AD DS diagnostics, and
system diagnostics and performance.

• Reports. Each data collector set automatically creates performance reports. The
reports data that was collected collector
set

Processor

CPU counters are a feature of a computer’s CPU that stores the count of hardware-
related events. The most commonly used processor counters include:

• Processor > % Processor Time. This counter measures the percentage of

elapsed spends executing percentage
is the processor is overwhelmed might
require other words, this percentage of
elapsed a given thread uses instruction
is execution in a processor, and object that
executes instructions. This count includes code that handles some hardware
interrupts and trap conditions.

52 of 98 3/12/2019, 1:31 PM
 about:blank

• Processor > Interrupts/sec. This counter displays the rate, in incidents per
second, at which the processor received and serviced hardware interrupts.

• System > Processor Queue Length. This counter displays an approximate

number of threads that each processor is servicing. If the value is more than two
times the number of CPU cores for an extended period, then it means that the
server enough processor power. length,
sometimes processor queue depth reports is an
instantaneous represents only a current processor.
Therefore, this counter over notice data
trends. the System > Processor counter reports a
total queue length for all processors, not a length for each processor.

Memory counters

The object consists of counters behavior of

the computer’s virtual memory. Physical amount of RAM
on the memory consists of space on disk.
Many monitor paging, which pages of
code disk and physical memory.

The Memory > Pages/sec counter measures the rate at which pages are read from
or written to disk for resolving hard page faults. If excessive paging results in a value
that is greater than 1,000, there might be a memory leak. In other words, the
Memory > Pages/sec counter displays the number of hard faults second. A
hard the requested memory in RAM
because the paging file. An increase indicates that
more in turn suggests

Disk

The Physical Disk performance object consists of counters that monitor hard or fixed

53 of 98 3/12/2019, 1:31 PM
 about:blank

disk drives. Disks store file, program, and paging data. Disks are read to retrieve
these items, and items are written to disks to record changes to them. The total
values of physical disk counters are the total of all the values of the logical disks, or
partitions, into which they are divided. The most commonly used disk counters
include:

• Physical Time. This counter indicates particular disk

is, percentage of time that the
sample approaching 100 percent disk is busy
nearly performance bottleneck You might
consider current disk system with

• Physical Disk > Avg. Disk Queue Length. This counter indicates how many disk
requests are waiting for the I/O manager to service them at any given moment. If
the value is larger than two times the number of spindles, it means that the disk
itself might be the bottleneck. The longer the queue, the less satisfactory the disk
throughput.

total amount of traffic network-

for each unit of time. Workload of processing
that the computer performs at a given time.

Primary network counters

Most to production networks communication with

other and to communicate
requirements such as throughput multiple
network

Workloads might require access to several different networks that must remain
secure. Examples include connections for:

54 of 98 3/12/2019, 1:31 PM
 about:blank

• Public network access.

• Networks for performing backups and other maintenance tasks.

• Dedicated remote-management connections.

• Network-adapter teaming for performance and failover.

• Connections host computer.

• Connections network-based storage arrays.

By monitoring the network performance counters, you can evaluate your network’s
performance. The primary network counters include:

• Network Interface > Current Bandwidth. This counter indicates the current
bandwidth being consumed on the network interface, in bits second (bps).
Most have maximum potential megabits
per example, Ethernet can 10 Mbps,
100 second (Gbps), and higher. counter,
divide 048,576 for Mbps. the
network’s potential bandwidth, you should implementing a
switched network or upgrading to a network that supports higher bandwidths.

• Network Interface > Output Queue Length. This counter indicates the current
length of the output packet queue on the selected network interface. A growing
value, or one that is consistently higher than two, could indicate a network
bottleneck, investigate.

• Network Total/sec. This measures bytes are

sent network adapter, characters. The
network you discover that more the interface is
consumed.

55 of 98 3/12/2019, 1:31 PM
 about:blank

Overview of Resource Monitor

The in Windows Server

information real-time performance. Resource
Monitor performance of CPU, memory
resources The resource monitor is similar Manager. However,
while the Task Manager only shows the current value, the resource monitor also
shows recent historical data. This enables you to identify and resolve resource
conflicts and bottlenecks.

By expanding the monitored elements, system administrators can identify which

processes resources. Furthermore, Monitor to
track by selecting their check select a
process, every pane of Resource means that you
can view process at the top where you
are in

Overview of Reliability Monitor

56 of 98 3/12/2019, 1:31 PM
 about:blank

The Windows Server 2016 operating system installs the Reliability Monitor tool by
default. hardware and software the
selected on the number and number
called indicates the server’s index
ranges represents the least 10
represents stable state. By using the stability administrators can
evaluate the server’s reliability quickly. Any issue that affects the server can change
the value of the stability index.

There are two ways to open the Reliability Monitor window: by searching in the
Control View reliability history Performance
Monitor, Monitoring Tools and selecting reliability.
The window includes:

• A the stability index for previous weeks. Stability index

information is available about Application failures, Windows failures,
Miscellaneous failures, Warnings, and Information.

57 of 98 3/12/2019, 1:31 PM
 about:blank

• A reliability details table that contains the source of the issue, summary
information, date, and action taken.

• A group of actions that you can decide to perform, represented as links in the
console, which include:

o Saving the reliability history to an XML file. You can use this option if you want
reliability history information.

o Reports console. You issues related

Options in the console details
problem that Reliability Monitor online for a solution,
or delete the reported problem information.

o Checking for a solution for all reported problems. You can use this option if you
want Reliability Monitor to connect to the Internet to locate online information
about resolving the reported problems.

Overview Viewer

58 of 98 3/12/2019, 1:31 PM
 about:blank

Event Viewer provides access to the Windows Server 2016 event logs. Event logs
provide information about system events that occur within the Windows operating
system. These events include information, warning, and error messages about
Windows components and installed applications.

Event Viewer provides categorized lists of essential Windows log events, including
application, system events. Event log
groupings installed applications and component
categories. provide detailed information event that
occurred. occurs, Event Viewer provides source of
the event, technical information to assist troubleshooting the
event.

Additionally, Event Viewer allows you to consolidate logs from multiple computers
onto a centralized server by using subscriptions. Finally, you can configure Event
Viewer when a specified type might
include message, launching an script, or
other actions.

Event Server 2016 contains the important features:

• The ability to view multiple logs. You can filter for specific events across multiple
logs. This makes it easier to investigate issues and troubleshoot the problems that
might appear in several logs.

• Customized use filtering to narrow events that

interest save these filtered views.

• The scheduled to run You can

automate events. Event Viewer is Scheduler.

• The ability to create and manage event log subscriptions. You can collect events
from remote computers, and then store them locally.

59 of 98 3/12/2019, 1:31 PM
 about:blank

Note: To collect events from remote computers, you must create an inbound
rule in Windows Firewall to permit Windows Event Log management.

Event Viewer tracks information in several different logs. These logs provide detailed
information such as:

• A

• An

• The subsystem that generated the

• Information, Warning, or Error status.

• The time of the event.

• The user’s name on whose behalf the event occurred.

• The event occurred.

• A for more information

Windows Server logs

The following table lists several of the Event Viewer built-in logs.

Built-in Description and use

Application log contains errors, warnings, that pertain

operation of applications Server, the
Simple Mail Transfer Protocol ( applications.

Security This log reports the results of Audit events report

success or failure, depending on the event. For example, the log would
report success or failure depending on whether a user could access a file.

60 of 98 3/12/2019, 1:31 PM
 about:blank

Built-in log Description and use

Setup log This log contains events related to application setup.

System log Windows components and services log general events, and classify them
as error, warning, or information. The Windows operating system
predetermines the events that system components log.

Forwarded log stores events that Windows remote

computers. To collect events create an
subscription.

Application Services logs

The Applications and Services logs store events from a single application or
component rather than events that might have system-wide impact. This category of
logs includes four subtypes:

• Admin

• Operational

• Analytic

• Debug

Admin logs are of interest to end users, administrators, and support personnel who
use Event Viewer to troubleshoot problems. These logs provide guidance about how
to respond events found in the Admin problem and
define administrator can use.

Events are also useful for IT require

more can use operational events diagnose a
problem or occurrence, and to trigger tools or tasks based on the problem or
occurrence.

61 of 98 3/12/2019, 1:31 PM
 about:blank

The Analytic and Debug logs are not very user friendly. Analytic logs store events that
trace an issue, and they often log a high volume of events. Developers use Debug
logs when they are debugging applications. By default, both Analytic and Debug logs
are hidden and disabled.

Windows log files are 1,028 kilobytes (KB) in size by default, and the operating
system log files as necessary. log
manually, server as a local

If you log settings centrally, Group

Policy. Policy Management Editor Group Policy
Object (GPO), and then go to Computer Configuration\Policies\Administrative
Templates\Windows Components\Event Log Service.

For each log, you can define the following properties:

• The

• The file.

• Automatic options.

• Permissions on the logs.

• Behavior that occurs when the log is full.

Monitoring with Server Manager

62 of 98 3/12/2019, 1:31 PM
 about:blank

Organizations typically have multiple servers, both physical and virtual, that they
must servers in an organization
organization’s complexity of its IT infrastructure. efficient way
to monitor deploy management software that
provides dashboard where administrators components
of the

An organization’s size and the complexity of its IT infrastructure determine which

monitoring software is appropriate. There are two types of monitoring software:

• Enterprise monitoring solutions, Center

suite

• Monitoring small and medium-sized Server

Manager.

Windows Server 2016 installs the Server Manager software by default. In addition,

63 of 98 3/12/2019, 1:31 PM
 about:blank

you can install the Windows Server 2016 Remote Server Administration Tools, which
include Server Manager, on a Windows 10 client computer. It provides monitoring of
both local and remote servers, and collects monitoring data from specific servers and
presents it in a centralized dashboard. By using Server Manager, administrators can
monitor up to 100 servers. For monitoring more than 100 servers, you should
consider an enterprise monitoring solution such as System Center or Microsoft
Operations

Server Windows Server 2008 Server

operating it can monitor Server Windows
Server newer. You must configure remote allow remote
management if you want your administrators to monitor remote servers with Server
Manager. Configuration for remote management and monitoring is enabled by
default, and you can change it by using Server Manager and Windows PowerShell on
the monitored server. Server Manager does not support monitoring of the Windows
client

When you can perform the tasks on

remote

• Adding servers to a pool of servers that Manager will monitor.

Administrators can choose which servers to monitor.

• Creating custom groups of monitored servers. Administrators can group monitored

servers in Server Manager by different criteria, such as department, city, or
country/region. servers helps organizations
administrators different groups of servers.

• Starting remote servers. Administrators different tools

remotely, consoles for monitoring starting
Windows on remote servers. This administrators do not
have to sign in locally to a server to perform different management tasks, such as
starting a service.

64 of 98 3/12/2019, 1:31 PM
 about:blank

• Determining server status and identifying critical events. Server Manager displays
servers with critical issues on the centralized dashboard in the color red. This
alerts administrators to start troubleshooting the issue immediately.

• Analyzing or troubleshooting different types of issues. You can configure

centralized console-monitoring information to display by type, such as AD DS,
Domain DNS), IIS, or Remote administrators
to and begin troubleshooting console
also monitoring information that Servers
node.

• Monitoring of the Best Practices Analyzer Practices

Analyzer tool runs on every server, and compares current server role configuration
with recommended settings from Microsoft, based on best practices. Server
Manager displays results of the Best Practices Analyzer tool from all monitored
servers in the centralized dashboard.

• Customizing data displays. Administrators how

monitoring focus on monitoring
troubleshooting issues.

Check Your Knowledge

Discovery
Which of the tools discussed in this lesson would you use to check which resources an
application

Show solution

Lesson Performance Monitor

You can use Performance Monitor to collect, analyze, and interpret performance-
related data about your organization’s servers. This enables you to make informed

65 of 98 3/12/2019, 1:31 PM
 about:blank

capacity-planning decisions. It is important to know how to establish a performance

baseline, how to use data collector sets, and how to use reports to help you compare
performance data to your baseline.

Lesson objectives
After you will be able to:

• Explain

• Describe

• Describe how to capture counter data with a data collector set.

• Describe how to configure an alert.

• Describe how to view Performance Monitor reports.

• Identify that you should track network

infrastructure

• Identify monitoring virtual machines.

Overview of baseline, trends, and capacity planning

66 of 98 3/12/2019, 1:31 PM
 about:blank

By calculating performance baselines for your server environment, you can interpret
real-time more accurately. server’s
performance your performance-monitoring during
normal a baseline by monitoring statistics over a
specific or symptom occurs compare
your your real-time statistics, anomalies.

Trends analysis

You should consider the value of performance data carefully to ensure that it reflects
your Additionally, you should that you
can use technological growth, plans. You
might number of servers that you
measure assess the required environment.

By analyzing performance trends, you can predict when existing capacity is likely to
be exhausted. Review historical analysis along with your business requirements, and
use this data to determine when you require additional capacity. Some peaks are due

67 of 98 3/12/2019, 1:31 PM
 about:blank

to one-time activities, such as extremely large orders. Other peaks occur on a regular
basis, such as monthly payroll processing. These peaks could make a capacity
increase necessary to meet the demands of an increased number of employees.

Capacity planning

Planning capacity is a best practice Planning for

business requires additional server By
aligning your business strategy, business
objectives. should consider virtualizing to reduce
the number servers that you require. You servers by
implementing the Hyper-V role in the Windows Server 2016 environment.

Capacity planning focuses on assessing server workload, the number of users that a
server can support, and ways to scale systems to support additional workload and
users applications and services performance of
your services could receive although
they area network (LAN) When
planning you should consider and the
way services, and applications infrastructure. Do
not overlook as power, cooling, and should consider
how your servers can scale up and out to support an increased workload.

Tasks such as upgrading to Windows Server 2016 might affect the performance of
your servers and network. An update could cause problems with an application that is
incompatible Server 2016. Careful before and
after identify these problems them.

An expanding require your infrastructure number

of users. consider your organization’s anticipated business
requirements when purchasing hardware. This will help you to increase the number
of servers or add capacity to existing hardware when needed.

68 of 98 3/12/2019, 1:31 PM
 about:blank

Additional capacity requirements can include:

• More servers.

• Additional hardware.

• Reduced application loads.

• Reduced that connect to a server. by

distributing multiple servers.

Understanding bottlenecks

A performance bottleneck occurs when a computer is unable to service requests for a

specific resource. The resource might be a key component, such as a disk, memory,
processor, or network. Alternatively, the shortage of a component within an
application cause the bottleneck. performance-monitoring
tools the results to your data, you
can often bottlenecks before

After bottleneck, you must decide how Your options for

removing a bottleneck include:

• Running fewer applications.

• Adding resources to the computer.

A computer severe resource shortage processing user

requests. immediate attention. However, experiences
a bottleneck operates within acceptable limits, decide to defer any
changes until you resolve the situation or have an opportunity to take corrective
action.

69 of 98 3/12/2019, 1:31 PM
 about:blank

Analyzing key hardware components

There are four key hardware components: processor, disk, memory, and network. By
understanding how your operating system uses these components, and how they
interact with one another, you will have a better understanding of how to optimize
server performance.

Processor

Processor important factor in determining computing

capacity. speed is the number of operations a measured
period. For example, a billion processor cycles per second is one GHz. Servers with
multiple processors and processors with multiple cores generally perform processor-
intensive tasks with greater efficiency and speed than single processor or single-core
processor computers.

Processor important. A 64-bit more

memory and has a significant Windows
Server a 64-bit edition.

Disk

Server hard disks store programs and data. Consequently, the throughput of hard
disks affects the speed of the workstation or server, especially when the workstation
or server is performing disk-intensive tasks. Most hard disks have moving parts, and
it takes time to position the read/write heads over the appropriate disk sector to
retrieve information. Furthermore, performance and
configuration overall disk performance. disks and
using Redundant Array of RAID) to
optimize reduce the potential bottleneck.

You also should remember that information on the disk moves into memory before it
is used. If there is a surplus of memory, the Windows Server operating system

70 of 98 3/12/2019, 1:31 PM
 about:blank

creates a file cache for items recently written to or read from the disks. Installing
additional memory in a server can often improve the disk subsystem performance,
because accessing the cache is faster than moving the information into memory.

Memory

Programs the disk into memory manipulates

the data. multiple programs, or extremely
large, memory installed
performance.

Windows memory model in which applications’

requests for memory that would exceed the computer’s total available memory.
Rather, it performs paging for these requests. During paging, Windows Server moves
data and programs from memory that processors are not using currently. It moves
them into an area on the hard disk known as the paging file, and this frees up
physical excessive requests. accessing the
page slower than accessing negative
effect performance. You can reduce adding
more 64-bit processor architecture memory.

Network

The network is a critical component for performance monitoring, because many

network applications are dependent on network communications performance. Poor
network performance can cause slow or unresponsive applications and server
functionality. network capacity planning must
consider and the capacity of as router
and cases, optimized configuration devices
improves the network and network

What collector sets?

71 of 98 3/12/2019, 1:31 PM
 about:blank

Data collector sets are custom sets of performance counters, event traces, and
system

A data multiple data-collection portable

component. collector set on its other data
collector also incorporate a data collector or view it in the
Performance Monitor. You can configure a data collector set to generate alerts when
it reaches thresholds in performance counters.

Although it is useful to analyze current performance activity on a server computer,

you might collect performance and then
analyze data that you gathered this
comparison resource usage to plan potential
performance

You also can configure a data collector set to run at a scheduled time, for a specific
length of time, or until it reaches a predefined size. For example, you can run the
data collector set for 10 minutes every hour during your working hours, to create a

72 of 98 3/12/2019, 1:31 PM
 about:blank

performance baseline. You also can configure the data collector to restart when it
reaches set limits, so that it creates a separate file for each interval. You can
configure a schedule for performance monitoring when configuring a data collector
set. You can find scheduling options in the Schedule tab of the data collector set
properties window. The schedule-monitoring options that you can select include
beginning date, expiration date, and start time. You can also choose which day of the
week monitoring to run.

After combination of data collectors system

information, as a data collector collector
sets the results.

Data collector sets can contain the following types of data collectors:

• Performance counters. This data collector provides server performance data.

• Event collector provides activities

and useful for troubleshooting.

• System information. This data collector record the

current registry keys and changes to those

You can create a data collector set from a template, from an existing set of data
collectors in a Performance Monitor view, or by selecting individual data collectors,
and then setting each individual option in the data collector set properties.

Demonstration: Capturing counter

collector
In this you will see how to:

• Create a data collector set.

73 of 98 3/12/2019, 1:31 PM
 about:blank

• Create a disk load on the server.

• Analyze the resulting data in a report.

Demonstration steps
Create

1. then open Performance

2. Defined data collector set key counters:

• Processor > % Processor Time

• Memory > Pages/sec

• PhysicalDisk > % Disk Time

Disk Queue Length

Queue Length

Bytes Total/sec

3. Start the data collector set.

Create a disk load on the server

1. PowerShell prompt, and then command to

size of 104,857,600

2. LON-DC1 server to generate

3. Create a new copy of the large file on the local hard disk by copying it from
LON-DC1.

74 of 98 3/12/2019, 1:31 PM
 about:blank

4. Delete all the newly created files.

Analyze the resulting data in a report

1. Switch to Performance Monitor, and then stop the data collector set.

2. Monitor tool, and .

3. collected in the data collector

4. Report.

Demonstration: Configuring an alert

By using alert counters, you can create a custom data collector set that contains
performance then can configure actions measured
counters the limits that you the data
collector configure the actions that the alert
criteria are especially useful
performance periodically. You can configure run programs,
generate events, or a combination of these.

In this demonstration, you will see how to:

• Create a data collector set with an alert counter.

• Generate exceeds the configured

• Examine the resulting event.

Demonstration steps
Create a data collector set with an alert counter

75 of 98 3/12/2019, 1:31 PM
 about:blank

1. Create a new User Defined data collector set.

2. Use the Performance Counter Alert option, and then add only the Processor
> % Processor Time counter.

3. Set the threshold to be above 10 percent and to generate an entry in the event
log when this condition is met.

4. set.

Generate that exceeds the configured

1. Open the Windows PowerShell ISE prompt, and then run the following script to
generate a load on the server:

\Labfiles\Mod12\StressTest.ps1

2. finished running, close

Examine the event log for the resulting event

• Open Event Viewer, and then examine the Diagnosis-PLA log for performance
alerts.

Demonstration: Viewing reports in Monitor

In this see how to view a

Demonstration steps

76 of 98 3/12/2019, 1:31 PM
 about:blank

1. In the navigation pane, expand Reports\User Defined\LON-SVR1

Performance.

2. Expand the folder under LON-SVR1 Performance. The data collector set’s
previous collection process generated this report. You can change from the
chart view to any other supported view.

3. display, click the Refresh and then

4.

Monitoring network infrastructure services

Because services are an essential many other

server-based is important that you configure correctly and that they
run optimally. Your organization can benefit in several ways by gathering
performance-related data on your network infrastructure services, such as:

77 of 98 3/12/2019, 1:31 PM
 about:blank

• Optimizing network infrastructure server performance. Providing performance

baseline and trend data enables you to optimize the performance of your network
infrastructure server.

• Troubleshooting servers. When server performance degrades, either gradually or

during periods of peak activity, you can identify possible causes and take
corrective help you quickly bring the limits of
your agreement (SLA).

Monitoring

DNS provides name-resolution services on your network. You can monitor the
Windows Server 2016 DNS Server role to determine the following aspects of your
DNS infrastructure:

• General statistics, including the number and

responses server is processing.

• User UDP) or Transmission counters,

which queries and responses that processes by
using either of these transport protocols.

• Dynamic update and secure dynamic-update counters for measuring registration

and update activity that dynamic clients generate.

• Memory usage counter for measuring the system’s memory usage and memory
allocation created by operating a DNS
server.

• Recursive for measuring queries the DNS

Server recursion to look up and fully names on behalf of
requesting clients.

78 of 98 3/12/2019, 1:31 PM
 about:blank

• Zone transfer counters, including specific counters for measuring full zone transfer
(AXFR), incremental zone transfer (IXFR), and DNS zone-update notification
activity.

Monitoring DHCP

The Configuration Protocol (DHCP) dynamic IP

configuration network, and provides server,
including

• Average Queue Length, which indicates the current length of the DHCP server’s
internal message queue. This number represents the number of unprocessed
messages that the server receives. A large number might indicate heavy server
traffic.

• The packet counter is the average milliseconds that the

DHCP process each packet that varies
depending hardware and its I/O indicate
that becoming slower or processing
overhead server.

Considerations for monitoring virtual machines

79 of 98 3/12/2019, 1:31 PM
 about:blank

Server virtualization has only been a part of the Windows Server operating system
since Server 2008 and the Hyper-V role.
Many migrated some or all their virtual
machines virtualization servers. perspective, it is
important servers running as guest consume
resources way as physical host server

Hyper-V server virtualization enables you to create separate virtual machines and run
them concurrently by using the resources of the operating system running on a single
physical server. The operating systems running within each virtual machine are
guests, is running Hyper-V

Virtual as physical computers. guests

hosted remain independent can run
multiple that are using different operating on a host server
simultaneously, as long as the host server has enough resources.

When you create a virtual machine, you configure characteristics that define the

80 of 98 3/12/2019, 1:31 PM
 about:blank

available resources for that guest. These resources include memory, processors,
disk-configuration and storage technology, and network adapter configuration. These
virtual machines operate within the boundaries of the resources that you allocate to
them, and can suffer from the same performance bottlenecks as host servers. As a
result, it is important that you monitor virtual machines in the same way that you
monitor your host servers.

monitoring the virtual machine monitor

Microsoft provides a tool, Hyper-V Resource Metering, which enables you to monitor
resource consumption on your virtual machines. Resource metering allows you to
track the resource utilization of virtual machines hosted on Windows Server 2016
computers that have the Hyper-V role installed.

With can measure the following individual

Hyper-V

• Average processing unit (GPU) use.

• Average physical memory use, including:

o Minimum memory use.

o Maximum memory use.

• Maximum allocation.

• Incoming a network adapter.

• Outgoing a network adapter.

Measuring each virtual machine’s use of these resources enables an organization to

81 of 98 3/12/2019, 1:31 PM
 about:blank

bill departments or customers based on their hosted virtual machine use, rather than
charging a flat fee per virtual machine. An organization with only internal customers
also can use these measurements to examine use patterns and plan future
expansions.

You perform resource-metering tasks by using Windows PowerShell cmdlets in the

Hyper-V module. There is no interface (GUI) tool
that task. You can use perform
resource-metering

• Enable-VMResourceMetering. Starts collecting per-virtual-machine

basis.

• Disable-VMResourceMetering. Disables resource metering on a per-virtual-

machine basis.

• Reset-VMResourceMetering. Resets virtual resource-metering

• resource-metering statistics virtual

Check Your Knowledge

Discovery
Why the baseline performance

Show solution

Lesson Monitoring event logs

Event Viewer provides a convenient and accessible location for you to view events

82 of 98 3/12/2019, 1:31 PM
 about:blank

that occur and that Windows Server records into one of several log files based on the
type of event that occurs. To support your users, you should know how to access
event information quickly and interpret the data in the event log.

Lesson objectives
After you will be able to:

• Describe Manager to view

• Explain is.

• Describe how to create a custom view.

• Explain event log subscriptions.

• Describe how to configure an event subscription.

Using Manager to view event

83 of 98 3/12/2019, 1:31 PM
 about:blank

Server Manager provides a centralized location in which you can store and access
event logs for multiple remote servers that you are monitoring. Server Manager
provides a monitoring and troubleshooting solution where administrators can view, in
one console, information regarding specific events from different servers and
applications. This is more efficient than viewing event logs by connecting to a specific
server from a remote location.

You event logs for all servers, or a per-

server DNS, or Remote Access. different event
log views pane in Server Manager,

• Local Server. Displays event logs that are generated on the local server where
Server Manager is running. By default, Application, Security, and System event
logs are displayed.

• All Servers. Displays event logs from all servers that Server Manager is
monitoring.

• AD Access. Displays event that

Server monitoring and that have specific installed, such
as the Remote Access role. These specific
information that the AD DS, DNS, or Remote Access server role generate.

• Roles and Server Groups tiles in Server Manager Dashboard. You also can
choose an Events link in a specific Server Group tile in the Server Manager
Dashboard, such as the AD DS tile, DNS tile, or Remote Access tile, to display
the server role.

You event log views by:

• Creating queries specific types of events to display. save these

queries, and use them later when you are searching for events that are defined in

84 of 98 3/12/2019, 1:31 PM
 about:blank

the query criteria.

• Configuring event data to display. You can choose what type of events to display,
such as Critical, Error, Warning, and Informational. Additionally, you can choose
the event log files from which the events will display, such as Application, Directory
Service, DNS Server, Security, System, and Setup.

What view?

Event logs contain vast amounts of data, and it could be a challenge to narrow the
set of events that interest you. to query
and want to analyze. You import, and
share

Event to filter for specific events logs, and display

all events that might relate to an issue that you are investigating. To specify a filter
that spans multiple logs, you need to create a custom view. You can do so in the
Action pane in Event Viewer.

85 of 98 3/12/2019, 1:31 PM
 about:blank

You can filter custom views based on multiple criteria, including the:

• Time that the event was logged.

• Event level, such as errors or warnings.

• Logs from which to include events.

• Specific or exclude.

• User

• Computer the event occurred.

Demonstration: Creating a custom view

In this demonstration, you will see how to:

• View views.

• Create

Demonstration steps

View Server Roles custom views

• In Event Viewer, examine the predefined Server Roles custom views.

Create

1. custom view to select the following

o Critical

86 of 98 3/12/2019, 1:31 PM
 about:blank

o Warning

o Error

2. Select the following logs:

o System

3. Adatum Custom View

4. filtered events in the details

What are event log subscriptions?

The subscriptions feature enables a single copies of

events from multiple systems. By using the Windows Remote Management (WinRM)
service and the Windows Event Collector service (Wecsvc), you can collect events
from multiple computers in the event logs of a centralized server, and then analyze

87 of 98 3/12/2019, 1:31 PM
 about:blank

them together.

Subscriptions can be either collector-initiated or source computer-initiated:

• Collector-initiated. A collector-initiated subscription, or a pull subscription,

identifies all the computers from which the collector will receive events, and pulls
events computers. In a collector-initiated subscription
definition maintained on the collector pull
subscriptions need to configure many the same
types location. In this manner, define and
specify subscription definition to apply to all group.

• Source computer–initiated. In a source computer–initiated subscription, or push

subscription, source computers push events to the collector. In a source
computer–initiated subscription, you create and manage the subscription definition
on the source computer, which is the computer that is sending events to a central
source. these subscriptions manually Policy.
You subscriptions when each server set of
events, maintain control over process at
the might be the case when frequent
changes subscription.

To use the event subscription, you must configure the forwarding and the collecting
computers. The event-collecting functionality depends on the WinRM service and
Wecsvc. Both of these services must be running computers that participating
in the process.

Enabling

To enable perform the following procedure:

1. On each source computer, run the following command at an elevated command

88 of 98 3/12/2019, 1:31 PM
 about:blank

prompt to enable WinRM:

winrm quickconfig

2. On the collector computer, type the following command at an elevated

enable Wecsvc:

3. Add the computer account of the collector computer to the local

Administrators group on each of the source computers.

Demonstration: Configuring an event

In this see how to:

• Configure computer.

• Configure the collector computer.

• Create and view the subscribed log.

Demonstration
Configure computer

1. if necessary, sign Adatum\Administrator with

Pa55w.rd.

2. Run the winrm quickconfig command at a command prompt.

89 of 98 3/12/2019, 1:31 PM
 about:blank

Note that the service is already running.

3. Open Active Directory Users and Computers, and then add the LON-SVR1
computer as a member of the domain local Administrators group.

Configure computer

1. then open a command

2. command.

Create and view the subscribed log

1. Switch to Event Viewer.

2. to collect events the

computer LON-DC1

• All events types

• Last 30 days

Check

Discovery
In your often do you check the event servers?

Show solution Reset

90 of 98 3/12/2019, 1:31 PM
 about:blank

Lab B: Monitoring and troubleshooting Windows

Server 2016

Scenario
A. Datum engineering and manufacturing office in
London, office and datacenter support the
London locations. A. Datum recently Server
2016 infrastructure.

Because organization has deployed new servers, to establish a

performance baseline with a typical load for these new servers. You have been asked
to work on this project. Additionally, to make the process of monitoring and
troubleshooting easier, you decide to perform centralized monitoring of event logs.

Objectives
After will be able to:

• Establish baseline.

• Identify the source of a performance problem.

• View and configure centralized event logs.

Lab

Estimated

Virtual 20740C-LON-DC1 and 20740C-LON-SVR1

User name: Adatum\Administrator

91 of 98 3/12/2019, 1:31 PM
 about:blank

Password: Pa55w.rd

For this lab, you will use the available virtual machine environment. Before you begin
the lab, you must complete the following steps:

1. On the host computer, click Start, point to Administrative Tools and then click

2. 20740C-LON-DC1 pane,

3. pane, click Connect. Wait until machine starts.

4. Sign in by using the following credentials:

• User name: Administrator

Password: Pa55w.rd

5. for 20740C-LON-SVR1

Exercise 1: Establishing a performance baseline

Scenario

In this Performance Monitor a

baseline performance counters.

The are as follows:

1. Create and start a data collector set

92 of 98 3/12/2019, 1:31 PM
 about:blank

2. Create a typical workload on the server

3. Analyze the collected data

Detailed Steps ▼

Detailed Steps

Detailed Steps

Result exercise, you should have established for

performance-comparison purposes.

Exercise 2: Identifying the source of a performance problem

Scenario

In this simulate a load to represent usage, gather

performance your data collector set, potential
cause performance problem.

The main tasks for this exercise are as follows:

1. Capture performance data by using a data collector set

2. workload on the server

3. and then review the

Detailed Steps

Detailed Steps ▼

93 of 98 3/12/2019, 1:31 PM
 about:blank

Detailed Steps ▼

Result: After this exercise, you should have used performance tools to identify a
potential performance bottleneck.

Exercise 3: Viewing and configuring centralized event logs

Scenario

In this LON-DC1 to collect LON-SVR1.

Specifically, you this process to gather performance-related alerts from your
network servers.

The main tasks for this exercise are as follows:

1. prerequisites

2.

3. counter alert

4. Introduce additional workload on the server

5. Verify the results

6. Prepare for course completion

Detailed Steps

Detailed Steps

Detailed Steps

Detailed Steps ▼

94 of 98 3/12/2019, 1:31 PM
 about:blank

Detailed Steps ▼

Detailed Steps ▼

Result: At the end of this exercise, you should have successfully centralized event
logs and examined these logs for performance-related events.

Review

Check

Discovery
During the lab, you collected data in a data collector set. What is the advantage of
collecting data this way?

Show solution Reset

Module takeaways

end-to-end monitoring strategy infrastructure.

Monitoring should focus on proactively detecting potential failures or
performance issues.

• When monitoring, estimate the baseline system utilizations for each server.
This will help you determine whether the system is performing well or is
exceeding capacity.

Common Troubleshooting Tips

Common Issue Troubleshooting Tip

During monitoring, multiple sources are Please see Student Companion Content for this course.

95 of 98 3/12/2019, 1:31 PM
 about:blank

Common Issue Troubleshooting Tip

concurrently reporting different problems.

Review Question(s)

Check

Discovery
Your updates to the Windows should be
applied upon release. Do you recommend process?

Show solution Reset

Check Your Knowledge

Discovery
Your several applications applications. A
colleague WSUS to deploy application system
updates. issues with using

Show solution

Check Your Knowledge

Discovery
Why in an Active Directory AD DS)
domain?

Show solution

Check Knowledge

Discovery

96 of 98 3/12/2019, 1:31 PM
 about:blank

What significant counters should you monitor in Performance Monitor?

Show solution Reset

Check Your Knowledge

Discovery
Why server performance

Show solution

Check Knowledge

Discovery
Why should you use performance alerts?

Show solution Reset

Tools
The tools that this module

Tool Use Where to find it

WSUS administration console Administering WSUS Server Manager/Tools

Windows PowerShell WSUS Administering WSUS from the command- Windows PowerShell
cmdlets line interface

Server Monitoring multiple servers Manager

Performance Monitoring and analyzing Manager/Tools

logged performance data

Reliability Monitoring hardware and Control Panel

Resource Monitor Monitoring the use and performance of Server Manager/Tools

CPUs, disks, networks, and memory in
real time

97 of 98 3/12/2019, 1:31 PM
 about:blank

Tool Use Where to find it

Event Viewer Viewing and managing event logs Server Manager/Tools

Task Manager Identifying and resolving performance- Server Manager/Tools

related problems

98 of 98 3/12/2019, 1:31 PM