ID Events for Performance Monitor Extensions

The information in this article applies to:

·        Microsoft Win32 Application Programming Interface (API), when used with:

the operating system: Microsoft Windows NT 4.0

the operating system: Microsoft Windows 2000

the operating system: Microsoft Windows XP

This article was previously published under Q226494

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;256986

Description of the Microsoft Windows Registry

SUMMARY

Windows NT reports events to the Application Event Log when there are errors, or to give more information regarding performance monitor extensions and custom counters added to performance monitor. This article describes how to control the error checking and reporting by registry settings and list the possible event information. This is useful for testing and validating a performance monitor extension. This is also helpful to diagnose problems with performance monitor extensions that are installed as part of a vendor's server application or device driver.

MORE INFORMATION

Registry Values for Windows NT 4.0

The performance library (perflib), part of ADVAPI32.dll, reads three REG_DWORD registry values that control different levels of error checking and reporting. These values are in the following registry key. If the values are not found in this key on your system, the values can be added. The change takes effect after restarting performance monitor or whatever performance monitoring tool currently in use.

HKEY_LOCAL_MACHINE

      \SOFTWARE

         \Microsoft

            \Windows NT

               \CurrentVersion

                  \Perflib

                               

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.


The following value names are followed by possible values and their meanings.

ExtCounterTestLevel

 

1  -  object and counter lengths are checked for consistency

2  -  buffer overflows or guard pages are checked

3  -  no checking is made but does not suppress exception handling

 

EventLogLevel

 

0  -  no errors are reported

1  -  user event log error messages (1000-1013)

2  -  warnings and errors used for debugging (1000-2002)

3  -  verbose, all information (1000-3000)

                               

OpenProcedureWaitTime

If OpenProcedureWaitTime value is present, perflib sets up a timeout procedure internally. If the Open function of a performance monitor extension DLL does not return within the time specified, in milliseconds, in this registry value an event (2002) is posted to the Event Log. However, it only controls the reporting of the fact, it doesn't control the behavior. For example, if an Open function "hangs" then the performance monitor process will "hang" regardless of the presence of this registry value.

Registry Values for Windows 2000

Starting with Windows 2000 a new wait time registry entry was added for the collect function. The previous three registry values also work on Windows 2000 as described earlier. The new registry entry is placed in the following registry key.

HKEY_LOCAL_MACHINE

      \SYSTEM

         \CurrentControlSet

            \Services

               \(service name)

                  \Performance

                               

Collect Timeout

The Collect Timeout value is new in Windows 2000. Note the space in the value name. If this value is present, perflib sets up a timeout procedure internally. If the Collect function of a performance monitor extension DLL does not return within the time specified, in milliseconds, in this registry value an event (1015) is posted to the Event Log.

Open Timeout

The Open Timeout value is new in Windows 2000. Note the space in the value name. If this value is present, perflib sets up a timeout procedure internally. If the Open function of a performance monitor extension DLL does not return within the time specified, in milliseconds, in this registry value an event (2002) is posted to the Event Log.

NOTE: On Windows 2000, OpenProcedureWaitTime is global to all performance extension DLLs. If the Open Timeout registry value, which is performance extension DLL-specific, is not present, then the operating system will use the global OpenProcedureWaitTime registry value, if it is present. Similarly, if the Collect Timeout registry value is not present, the operating system will use the global OpenProcedureWaitTime registry value, if present. If the OpenProcedureWaitTime registry value is not present, the default timeout value is 10,000 (milliseconds).

Event IDs and Descriptions

The following is a list of event IDs and the detailed error text displayed in the Details dialog box of Event Viewer. Some of the following items also include additional information about the interpretation of the event details. Also, each of the items give an expertise level to suggest who may be able to address the issue.

Many of the following descriptions refer to a DWORD in the Data field of the Event Details dialog box. Note the data is arranged in byte order and to interpret a DWORD on Intel systems you must read 4 bytes at a time each byte in reverse order. For example 05 00 00 C0 may appear in the Data field, but the DWORD is read C0000005.

Event ID: 1000
Detail Text: Access to performance data was denied to (username) as attempted from (calling module name)

Interpretation: The following key is checked for security access:

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib

                               

If the user associated with the client thread or process token is not on the ACL for this key then this event is posted.

Expertise: System Administrator

Event ID: 1001
Detail Text: The buffer size returned by a collect procedure in Extensible Counter DLL (DLL name) for the (service name) service was larger than the space available. Performance data returned by counter DLL will not be returned in Perf Data Block. Overflow size is data DWORD 0.

Interpretation: Perflib finds that the beginning pointer for the data buffer is not pointing past the end of the buffer including safe buffer.

Expertise: Developer of named extensible counter DLL

Event ID: 1002
Detail Text: A Guard Page was modified by a collect procedure in Extensible Counter DLL (DLL name) for the (service name) service. Performance data returned by counter DLL will not be returned in Perf Data Block.

Interpretation: Perflib implements a safe buffer that adds some space in the buffer filled with some signature byte. This event means the extension has written past the end of the buffer.

Expertise: Developer of named extensible counter DLL

Event ID: 1003
Detail Text: The object length of an object returned by Extensible Counter DLL (DLL name) for the (service name) service was not correct. The sum of the object lengths returned did not match the size of the buffer returned. Performance data returned by counter DLL will not be returned in Perf Data Block. Count of objects returned is data DWORD 0.

Interpretation: After the collect function returns, perflib validates the TotalByteLength members of each PERF_OBJECT_TYPE structure returned by the performance extension. This error event means there is problem with one or more TotalByteLength values in the PERF_OBJECT_TYPE structures.

Expertise: Developer of named extensible counter DLL

Event ID: 1004
Detail Text: The instance length of an object returned by Extensible Counter DLL (DLL name) for the (service name) service was incorrect. The sum of the instance lengths plus the object definition structures did not match the size of the object. Performance data returned by counter DLL will not be returned in Perf Data Block. The object title index of the bad object is data DWORD 0.

Interpretation: After the collect function returns perflib validates the PERF_INSTANCE_DEFINITION ByteLength and PERF_COUNTER_BLOCK ByteLength members, if the object has instances. This error event means the ByteLength member is incorrect.

Expertise: Developer of named extensible counter DLL

Event ID: 1005
Detail Text: Unable to locate the open procedure (open proc name) in DLL (DLL name) for the (service name) service. Performance data for this service will not be available. Error Status is data DWORD 0.

Interpretation: Perflib calls GetProcAddress for the function name specified as the Open procedure in the registry for the extension. This error typically means the name was not found either because the extension DLL did not correctly export it, or the DLL was compiled with C++ code and extern "C" declaration was not used.

Expertise: Developer of named extensible counter DLL

Event ID: 1006
Detail Text: Unable to locate the collect procedure (collect proc name) in DLL (DLL name) for the (service name) service. Performance data for this service will not be available. Error Status is data DWORD 0.

Interpretation: Perflib calls GetProcAddress for the function name specified as the Collect procedure in the registry for the extension. This error typically means the name was not found either because the extension DLL did not correctly export it, or the DLL was compiled with C++ code and extern "C" declaration was not used.

Expertise: Developer of named extensible counter DLL

Event ID: 1007
Detail Text: Unable to locate the close procedure (close proc name) in DLL (DLL name) for the (service name) service. Performance data for this service will not be available. Error Status is data DWORD 0.

Interpretation: Perflib calls GetProcAddress for the function name specified as the Close procedure in the registry for the extension. This error typically means the name was not found either because the extension DLL did not correctly export it, or the DLL was compiled with C++ code and extern "C" declaration was not used.

Expertise: Developer of named extensible counter DLL

Event ID: 1008
Detail Text: The Open Procedure for service (service name) in DLL (DLL name) failed. Performance data for this service will not be available. Status code returned is DWORD 0.

Interpretation: If the Open function for an extension does not return ERROR_SUCCESS, perflib posts the status code in the data field of the event. This may be used to help the author of the extension determine why the Open function failed.

Expertise: Developer of named extensible counter DLL

Event ID: 1009
Detail Text: The Open Procedure for service (service name) in DLL (DLL name) generated an exception. Performance data for this service will not be available. Exception code returned is DWORD 0.

Interpretation: Perflib calls the performance extension functions in a structured exception handler __try block. This is posted if an exception occurred or RaiseException was called in the Open function. The data field will have the exception code. For example, C0000005 means there was an Access Violation.

Expertise: Developer of named extensible counter DLL

Event ID: 1010
Detail Text: The Collect Procedure for the (service name) service in DLL (DLL name) generated an exception or returned an invalid status. Performance data returned by counter DLL will not be returned in Perf Data Block. Exception or status code returned is DWORD 0.

Interpretation: Perflib calls the performance extension functions in a structured exception handler __try block. This is posted if an exception occurred or RaiseException was called in the Collect function. The data field will have the exception code. For example, C0000005 means there was an Access Violation.

Expertise: Developer of named extensible counter DLL

Event ID: 1011
Detail Text: The library file (DLL name) specified for the (service name) service could not be opened. Performance data for this service will not be available. Status code is data DWORD 0.

Interpretation: Perflib uses LoadLibrary to open performance extensions. If LoadLibrary fails the status code from GetLastError is posted in the data field of the event. For example, 7e means the DLL could not be found or the library Name in the registry is not correct.

Expertise: System administrator or developer of named extensible counter DLL

Event ID: 1012
Detail Text: The system reported an idle process time that was less than the last time reported. The data shows the current time and the last reported time for the system's idle process.

Interpretation: This event is not used by Perflib

Expertise: None

Event ID: 1013
Detail Text: The collect procedure in Extensible Counter DLL (DLL name) for the (service name) service returned a buffer that was larger than the space allocated and may have corrupted the application's heap. This DLL should be disabled or removed from the system until the problem has been corrected to prevent further corruption. The application accessing this performance data should be restarted. The Performance data returned by counter DLL will not be returned in Perf Data Block. Overflow size is data DWORD 0.

Expertise: Developer of named extensible counter DLL

Event ID: 1014 Only available on Windows 2000
Detail Text: An error occurred while trying to collect data from the Server Object. The Error code returned by the function is DWORD 0. The Status returned in the IO Status Block is DWORD 1. The Information field of the IO Status Block is DWORD 2.

Interpretation: This event is not used by perflib.

Expertise: None

Event ID: 1015 Only available on Windows 2000
Detail Text: The timeout waiting for the performance data collection function (function name) to finish has expired. There may be a problem with that extensible counter or the service from which it is collecting data.

Expertise: Developer of named extensible counter DLL

Interpretation:See comments about the Collect Timeout registry value

Event ID: 1016 Only available on Windows 2000
Detail Text: The data buffer created for the (service name) service in the (DLL name) library is not aligned on an 8-byte boundary. This may cause problems for applications that are trying to read the performance data buffer. Contact the manufacturer of this library or service to have this problem corrected or to get a newer version of this library.

Expertise: Developer of named extensible counter DLL

Event ID: 1017 Only available on Windows 2000
Detail Text: Performance counter data collection from the (service name) service has been disabled due to one or more errors generated by the performance counter library for that service. The error(s) that forced this action have been written to the application event log. The error(s) should be corrected before the performance counters for this service are enabled again.

Expertise: Developer of named extensible counter DLL

Event ID: 1018 Only available on Windows 2000
Detail Text: Performance counter data collection from the (service name) service has been disabled for this session due to one or more errors generated by the performance counter library for that service. The error(s) that forced this action have been written to the application event log.

Expertise: Developer of named extensible counter DLL

Event ID: 1019 Only available on Windows 2000
Detail Text: A definition field in an object returned by Extensible Counter DLL (DLL name) for the (service name) service was incorrect. The sum of the definitions block lengths in the object definition structures did not match the size specified in the object definition header. Performance data returned by this counter DLL will be not be returned in Perf Data Block. The object title index of the bad object is data DWORD 0.

Interpretation:Similar to Event 1003 except the sum of the structure counter definition length members is checked. This event typically means the ByteLength of one of the counter definition structures of the performance data object is incorrect.

Expertise: Developer of named extensible counter DLL

Event ID: 1020 Only available on Windows 2000
Detail Text: The size of the buffer used is greater than that passed to the collect function of the (DLL name) Extensible Counter DLL for the (service name) service. The size of the buffer passed in is data DWORD 0 and the size returned is data DWORD 1.

Interpretation:Similar to Event 1001 except more information about the size of the buffer expected by the extension is given.

Expertise: Developer of named extensible counter DLL

Event ID: 2000
Detail Text: The pointer returned did not match the buffer length returned by the Collect procedure for the (service name) service in Extensible Counter DLL (DLL name). The Length will be adjusted to match and the performance data will appear in the Perf Data Block. The returned length is data DWORD 0, the new length is data DWORD 1.

Interpretation: This event is used for the development and debugging of a performance monitor extension. After the collect procedure is called return parameters are checked for consistency. In this case the number of bytes added to the perf data buffer is checked against the actual difference in the buffer pointer before and after the collect procedure is called.

Expertise: Developer of the named extensible counter DLL

Event ID: 2001
Detail Text: The (service name) service does not have a Performance subkey or the key could not be opened. No performance counters will be collected for this service. The Win32 error code is returned in the data.

Interpretation: This event is saying an item under the Services subkey does not contain a Performance subkey (or it could not be opened, for example, due to security access). This is posted for each item under the Service subkey.

Expertise: System administrator or developer of named service

Event ID: 2002
Detail Text: The open procedure for service (service name) in DLL (DLL name) has taken longer than the established wait time to complete. The wait time in milliseconds is shown in the data.

Interpretation: See the comments earlier regarding the Open Timeout registry value.

Expertise: Developer of named extensible counter DLL

Event ID: 2003 Only available on Windows 2000
Detail Text:The configuration information of the performance library (DLL name) for the (service name) service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.

Interpretation: If the "Library Validation Code" value exists for the named service in the Performance subkey, the data is checked against the file creation time and the file size of the named DLL. This error is posted if they do not match. If the error occurs, it may be corrected by removing and reinstalling the named service.

Expertise: System administrator or developer of named service

Event ID: 3000
Detail Text: Open procedure for service (service name) in DLL (DLL name) was called and returned successfully.

Expertise: Novice

REFERENCES

For more information about performance monitor extensions, see the Platform SDK documentation in Windows Base Services; Performance Monitoring; Performance Data; Adding Performance Counters.

For a resolution for the 2003 event, click the article number below to view the article in the Microsoft Knowledge Base:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;267831

Event ID 2003 Warning Message Logged When Loading Performance Counters

Last Reviewed: 6/11/2002

Keywords: kbArtTypeINF kbinfo kbKernBase kbPerfMon KB226494

 

Configuration de Windows 2000 Server pour avertir d'une baisse des ressources de l'ordinateur (F300237)

 


Les informations contenues dans cet article s'appliquent aux produits suivant:

·        Microsoft Windows 2000, 2000 SP1, 2000 SP2 Server

·        Microsoft Windows 2000, 2000 SP1, 2000 SP2 Advanced Server

 

Résumé

Cet article présente les procédures pas-à-pas permettant de configurer votre serveur Windows 2000 pour vous informer lorsque votre ordinateur n'a presque plus de ressources. Windows 2000 définit les données de performance recueillies en termes d'objets, de compteurs et d'instances. Un objet de performance peut être n'importe quel programme, service ou ressource pouvant être mesuré. Vous pouvez utiliser le Moniteur système et les journaux et alertes de performances pour sélectionner des objets, compteurs et instances de performance dans le but de recueillir et d'afficher des informations sur les performances d'un composant système ou d'un logiciel installé.

Vous pouvez définir une alerte sur un compteur de manière à envoyer un message ou démarrer un programme ou un journal lorsque la valeur du compteur sélectionné dépasse ou est inférieure à un paramètre spécifié.

Ajout de compteurs au Moniteur système

Cliquez sur Démarrer, pointez sur Programmes, puis sur Outils d'administration, et cliquez sur Analyseur des Performances. Si vous sélectionnez un objet sur un ordinateur distant, vous observerez peut-être un court délai lors de l'actualisation de la liste par le Moniteur système afin de refléter les objets présents sur cet ordinateur.

Cliquez avec le bouton droit sur le volet Détails du Moniteur système, puis cliquez sur Ajouter des compteurs.

Pour analyser un ordinateur sur lequel est exécutée la console du Moniteur, cliquez sur Utiliser les compteurs locaux de l'ordinateur. Ou bien, pour analyser un ordinateur spécifique, indépendamment de l'ordinateur sur lequel est exécutée la console du Moniteur, cliquez sur Choisir les compteurs sur, puis spécifiez un nom d'ordinateur. Par défaut, le nom de l'ordinateur local est sélectionné.

Sous Objet de performance, cliquez sur l'objet à analyser. La sélection se porte, par défaut, sur l'objet Processeur.

Cliquez sur Ajouter.

Définition de compteurs et de seuils pour une alerte

Cliquez sur Démarrer, pointez sur Programmes, puis sur Outils d'administration, et cliquez sur Analyseur des Performances.

Double-cliquez sur Journaux et alertes de performance, puis cliquez sur Alertes.

Cliquez avec le bouton droit sur Alertes, cliquez sur Nouveaux paramètres d'alerte, tapez un nom pour l'alerte, puis cliquez sur OK.

Sur l'onglet Général, tapez une description pour l'alerte, puis cliquez sur Ajouter.

Pour chaque compteur ou groupe de compteurs à ajouter au journal, procédez comme suit :

Pour analyser les compteurs de l'ordinateur sur lequel sera exécuté le service des alertes et des journaux de performance, cliquez sur Utiliser les compteurs locaux de l'ordinateur. Ou bien, si vous souhaitez analyser les compteurs d'un ordinateur spécifique, indépendamment de l'ordinateur sur lequel est exécuté le service, cliquez sur Choisir les compteurs sur, puis spécifiez le nom de l'ordinateur à analyser.

Sous Objet de performance, sélectionnez l'objet à analyser.

Sous Compteurs de performance, sélectionnez un ou plusieurs compteurs à analyser.

Pour analyser toutes les instances des compteurs sélectionnés, cliquez sur Toutes les instances. Sachez que les journaux binaires peuvent comprendre des instances qui ne seront pas disponibles au démarrage du journal, mais qui le deviendront ultérieurement. Ou bien, pour analyser des instances spécifiques des compteurs sélectionnés, cliquez sur Choisir les instances :, puis cliquez sur une ou plusieurs instances à analyser.

Cliquez sur Ajouter.

Dans la zone Alerte lorsque la valeur est, spécifiez Inférieur à ou Supérieur à, puis dans la zone Limite, spécifiez la valeur qui déclenchera l'alerte.

Dans la zone Période d'échantillonnage des données, spécifiez le nombre et l'unité de mesure utilisée pour l'intervalle entre les mises à jour.

Cliquez sur l'onglet Action pour déterminer quelles actions se produisent lorsqu'une alerte est déclenchée.

Pour enregistrer l'alerte dans les journaux de l'Observateur d'événements, activez la case à cocher Ajouter une entrée dans le journal d'événements d'applications.

Pour envoyer un message d'alerte à un ordinateur, activez la case à cocher Envoyer un message réseau à, puis tapez le nom de NETBIOS de l'ordinateur qui doit recevoir le message.

Activez la case à cocher Démarrer l'enregistrement des données de performance pour démarrer un fichier journal.

Cliquez sur Exécuter ce programme si vous souhaitez qu'un programme soit exécuté automatiquement lorsque le critère d'alerte est atteint. Vous pouvez taper le chemin du programme directement ou cliquer sur Parcourir pour sélectionner le programme manuellement.

Cliquez sur l'onglet Planification, puis configurez les paramètres appropriés pour démarrer et arrêter la journalisation, soit manuellement, soit à une date fixée.

Sélection des données à analyser

Commencez par surveiller l'activité des composants suivants dans l'ordre ci-dessous :

Mémoire

Processeurs

Disques

Réseau

La liste suivante indique les compteurs recommandés au minimum pour l'analyse d'un serveur. Sachez que lors de l'examen d'une ressource donnée, il est souhaitable de définir d'autres compteurs pour l'objet de performance associé.

·        Composant : Disque
Aspect de la performance à analyser : Utilisation
Compteurs à analyser :

·        Disque physique\ Lectures disque par seconde

·        Disque physique\ Écritures sur disque par seconde

·        Disque logique\ % Espace libre

Vous devez être prudent lors de l'interprétation du compteur % Temps du disque. L'instance _Total de ce compteur risque de ne pas refléter l'utilisation réelle sur les ordinateurs comprenant plusieurs disques ; il est donc important d'utiliser également le compteur % Temps d'inactivité. Sachez que ces compteurs ne peuvent pas afficher une valeur supérieure à 100 %.

·        Composant : Disque
Aspect de la performance à analyser : Goulots d'étranglement
Compteurs à analyser : Disque physique\ Moyenne Longueur de la file d'attente du disque (toutes les instances)

·        Composant : Mémoire
Aspect de la performance à analyser : Utilisation
Compteurs à analyser :

·        Mémoire\ Octets disponibles

·        Mémoire\ Octets du cache

·        Composant : Mémoire
Aspect de la performance à analyser : Goulots d'étranglement ou fuites
Compteurs à analyser :

·        Mémoire\ Pages par seconde

·        Mémoire\ Lectures de page par seconde

·        Mémoire\ Défauts de transition/s

·        Mémoire\ Octets de réserve paginée

·        Mémoire\ Octets de réserve non paginée

Bien que les composants suivants ne soient pas des compteurs d'objets de Mémoire, ils peuvent être utilisés pour une analyse de mémoire :

·        Fichier d'échange\ % Utilisation Objet (toutes les instances)

·        Cache\ % Présence des données mappées

·        Serveur\ Octets de réserve paginée

·        Serveur\Octets de réserve non paginée

·        Composant : Réseau
Aspect de la performance à analyser : Utilisation
Compteurs à analyser : Segment réseau\% Utilisation nette

Sachez que vous devrez installer le pilote Moniteur réseau pour utiliser ce compteur.

·        Composant : Réseau
Aspect de la performance à analyser : Débit
Compteurs à analyser :

·        Compteurs de transmission de protocole (varient en fonction du protocole de réseau); pour TCP/IP :

·        Interface réseau\ Total des octets par seconde

·        Interface réseau\ Paquets par seconde

·        Serveur\ Total des octets par seconde ou Serveur\ Octets transmis par seconde

·        Serveur\ Octets reçus par seconde

Vous souhaiterez peut-être analyser d'autres objets définissant le débit réseau et serveur, comme décrit dans la section traitant de l'analyse de l'activité du réseau.

·        Composant : Processeur
Aspect de la performance à analyser : Utilisation
Compteurs à analyser : Processeur\ % Temps Processeur (toutes les instances)

·        Composant : Processeur
Aspect de la performance à analyser : Goulots d'étranglement
Compteurs à analyser :

·        Système\ Longueur de la file d'attente du processeur (toutes les instances)

·        Processeur\ Interruptions par seconde

·        Système\Changements de contexte/s

Si certains des compteurs mentionnés ci-dessus ne sont pas disponibles sur votre ordinateur, vérifiez que vous avez installé les services appropriés et activé les compteurs. Consultez la rubrique " Activation des compteurs de segments réseau " de l'Aide Windows 2000 pour obtenir des informations sur la procédure à suivre pour activer les compteurs d'objets segments réseau compris dans le Moniteur réseau.

RÉFÉRENCES

Pour plus d'informations, consultez les rubriques listées dans la " Liste de contrôle : analyse des performances " de l'Aide Windows 2000.

First Published: May 29 2001 6:47AM

Dernières corrections: Dec 19 2001 11:00AM

Mots clés kbtool kbHOWTOmaster kbhowto