Remove From My Forums

How can I turn the Diagnostic-Performance log on?

Question
0

Sign in to vote

I am investigating slow startups/logons in Windows 7. I have found the logs under: Applications and Services Logs\Microsoft\Windows\Diagnostic-Performance\Operational useful, but they are not recorded for every reboot. i.e. Windows only seems to decide to record them if it detects a degradation in performance. I would like to be able to force these logs (perhaps with Group Policy) and harvest the results (for hundreds of PCs) with PowerShell.<o:p></o:p>

Tuesday, May 29, 2012 8:37 AM

Answers

1

Sign in to vote
If it doesn't answer your question don't mark it so but it you find it useful give it a vote ;o)

I'll propose my previous post as the answer but you can wait to confirm until you're back from your hols and have had a chance to try it out ... I'm off to so fingers crossed for some nice weather! ;o)
- Marked as answer by mccgregor Wednesday, May 30, 2012 11:08 AM
Wednesday, May 30, 2012 10:04 AM

All replies

Hi,

I've done a similar job recently so can't help but share code/screen grabs with a fellow powersheller!

and some registry keys ...

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics - GPSvcDebugLevel - REG_DWORD - 0x30002

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} - ExtensionDebugLevel - REG_DWORD - 0x2

Here's some code that might be of help ... you'll need to fill the array $Stations with your computernames.

For the performance event logs you're looking at I did this ....

$Global:ObjectResults = @()
function Create-BootUpObject($XML,$Station) { 
    foreach ($Object in @($XML.Event.Eventdata)) { 
        $PSObject = New-Object PSObject 
        $PSObject | Add-Member NoteProperty Station $Station
        foreach ($Property in @($Object.Data)) { 
            $PSObject | Add-Member NoteProperty $Property.Name $Property."`#text"
        } 
        $PSObject | ft Station,BootStartTime
        $Global:ObjectResults += $PSObject 
    } 
} 
$10Minutes = (get-date).addMinutes(-10)
ForEach ($Station in $Stations){
    If (Test-Connection $Station -count 1 -quiet)
    {
        $Events = Get-WinEvent -ComputerName $Station -FilterHashtable @{logname="Microsoft-Windows-Diagnostics-Performance/Operational"; id=100 ;StartTime=$10Minutes}
    
        ForEach ($Event in $Events){
        
            $EventXML = [xml]$Event.ToXml()
            
            If ($EventXML)
            {
               Create-BootUpObject $EventXML $Station
            }
        }
  
    }
}
$Global:ObjectResults | Where-Object {$_.BootIsDegradation -eq "True"} | ft  Station,BootTime,BootStartTime

I've uploaded the above code here http://gallery.technet.microsoft.com/Get-BootUpPerformanceLogs-c66f7728 for easy download.

For boot logging I did this ....

ForEach ($Station in $Stations){
    If (Test-Connection $Station -count 1 -quiet)
    {
    Remove-Item "\\$Station\c$\Windows\ntbtlog.txt"
    Invoke-Command -computername $Station -ScriptBlock {&bcdedit /set bootlog yes}
    Restart-Computer -ComputerName $Station -Force
}

then collected results ...

ForEach ($Station in $Stations){
        If (Test-Connection $Station -count 1 -quiet)
        {
        Move-Item -Path \\$Station\c$\Windows\debug\UserMode\gpsvc.log -Destination "T:\Slowboots\$($Station)_$($Batch).log"
        
        Restart-Computer -ComputerName $Station -Force
        }
    }
}

Hope some of that's useful! Oh and the resolution to my issues was a WMI hotfix - http://support.microsoft.com/kb/2617858

John

Edited by John Grenfell Tuesday, May 29, 2012 11:09 AM added WMI hotifx

Tuesday, May 29, 2012 10:54 AM

0

Sign in to vote

You can also try using sysinternals procmon or windows performance toolkit. It's usually i/o related. Make sure Readyboot is working.

Tuesday, May 29, 2012 3:36 PM
0

Sign in to vote

Thanks John, am I right in believing these settings will invoke log files other than the Diagnostic-Performance\Operational - and that you are resonding mainly to the second part i.e. the recovery of log files via powershell?

Thank you for sharing your code so generously, I mentioned the Powershell because I have found that I can't use vbs as I have in the past for the Event Logs, and that I would need to use Powershell for the new Vista/W7 logs.

The reason I'm specifically interested in this log is because we ,at present, routinely visit a sample of PCs and reboot them and make some performance tests. On some occasions (4 or 5 times now) we have noticed inordinately long startup/logon delays (17 minutes) - examining all the new log files hasn't revealed anything obvious - yet. (other than perhaps because many of these PCs haven't been turned off for days (just power-managed to sleep) and when they were rebooted the Task Scheduler got very busy catching up).

What has been puzzling is two particular PCs, right next to each other, that on the same day, had long logon times. One took several minutes (10+) before the logon screen appeared and then logged on quickly, but the other, where the logon screen came up quickly, then took several minutes (10+) before the PC was usable. When I looked at the first PC it had a comprehensive Diagnostic-Performance\Operational log, which identifies the troublesome area, whilst the second didn't have any file!

I would like to be able to compare logs from good PCs and bad, but also be able to monitor these logs from a sample of PCs (remotely, and automatically) to 'keep an eye' on their continuing performance.

In summary, I am still looking for a way to invoke this log...

Wednesday, May 30, 2012 7:30 AM
0

Sign in to vote

Hi JS2010, I'm not looking to diagnose a particular PCs problems, I want to cause the mentioned log file to be stored, so that I can then view it and compare it with other PCs.

Wednesday, May 30, 2012 7:32 AM
0

Sign in to vote
Hi,

Yes this GPO setting should invoke the log - "System/Troubleshooting and Diagnostics/Windows Boot Performance Diagnostics" Scenario Execution Level - Detection and Troubleshooting Only

The other settings are worth switching on. After analysing and comparing between good and bad stations I found it wasn’t the key. The “Verbose vs Normal” status messages is useful and for me help identify that my slowness wasn’t the bootup process but the login process (we have auto login enabled for a guest login).

The "boot logging" code might help you identify any driver related issues.

J
- Proposed as answer by John Grenfell Wednesday, May 30, 2012 10:04 AM
Wednesday, May 30, 2012 7:54 AM
0

Sign in to vote

So you have given me the complete solution!

Thanks for that!

I was confused by you saying "I've done a similar job ..." I thought it might mean just with different logs, and haven't had an opportunity to try the several items you listed.

In fact, I will not have a chance to try it for at least a week, as this is my last day before some holidays.

What do we do about points? This is my first time using the forums - so I'm not sure of the etiquette.

Wednesday, May 30, 2012 10:00 AM
1

Sign in to vote
If it doesn't answer your question don't mark it so but it you find it useful give it a vote ;o)

I'll propose my previous post as the answer but you can wait to confirm until you're back from your hols and have had a chance to try it out ... I'm off to so fingers crossed for some nice weather! ;o)
- Marked as answer by mccgregor Wednesday, May 30, 2012 11:08 AM
Wednesday, May 30, 2012 10:04 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

How can I turn the Diagnostic-Performance log on?

Question

Answers

All replies