Manual Monitoring Microsoft Applications

User Manual: Monitoring Microsoft Applications

Open the PDF directly: View PDF .
Page Count: 421

Download
Open PDF In Browser	View PDF

Monitoring Microsoft Applications
eG Enterprise v6

Restricted Rights Legend
The information contained in this document is confidential and subject to change without notice. No part of this
document may be reproduced or disclosed to others without the prior permission of eG Innovations Inc. eG
Innovations Inc. makes no warranty of any kind with regard to the software and documentation, including, but not
limited to, the implied warranties of merchantability and fitness for a particular purpose.
Trademarks
Microsoft Windows, Windows NT, Windows 2000, Windows 2003 and Windows 2008 are either registered trademarks
or trademarks of Microsoft Corporation in United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Copyright
©2014 eG Innovations Inc. All rights reserved.

Table of Contents
INTRODUCTION .................................................................................................................................................................................... 1
MONITORING MICROSOFT RDS SERVERS ................................................................................................................................ 2
2.1

The Windows Service Layer ..................................................................................................................................................... 3

2.1.1

App-V Client Admin Log Test ......................................................................................................................................... 4

2.1.2

App-V Client Operational Log Test ................................................................................................................................. 9

2.1.3

App-V Client Virtual Application Log Test .................................................................................................................. 14

2.2

The Terminal Server Layer ..................................................................................................................................................... 19

2.2.1

Session Login Status Test ............................................................................................................................................... 19

2.2.2

Terminal Connection Test............................................................................................................................................... 20

2.2.3

Terminal Authentication Test ......................................................................................................................................... 21

2.2.4

Redirector Test ................................................................................................................................................................ 23

2.2.5

User Profile Test .............................................................................................................................................................. 25

2.2.6

User Environment Test ................................................................................................................................................... 27

2.2.7

Terminal Server CALs Test ............................................................................................................................................ 30

2.2.8

GDI Objects Test ............................................................................................................................................................. 32

2.3

The Terminal Applications Layer ........................................................................................................................................... 34

2.3.1

Terminal Applications Test ............................................................................................................................................ 35

2.3.2

App-V Applications Test ................................................................................................................................................ 38

2.4

The Terminal Users Layer....................................................................................................................................................... 43

2.4.1

Terminal Sessions Test ................................................................................................................................................... 44

2.4.2

Terminal Logins Test ...................................................................................................................................................... 47

2.4.3

Terminal Clients Test ...................................................................................................................................................... 49

2.4.4

Terminal Users Test ........................................................................................................................................................ 51

2.4.5

Terminal Disconnects Test ............................................................................................................................................. 56

2.4.6

Rdp Client Access Test ................................................................................................................................................... 58

2.4.7

RemoteFX User Experience Test ................................................................................................................................... 61

2.4.8

ICA/RDP Listeners Test ................................................................................................................................................. 66

MONITORING ACTIVE DIRECTORY SERVERS....................................................................................................................... 68
3.1
3.1.1
3.2

The Operating System Layer .................................................................................................................................................. 70
Net Logon Test ................................................................................................................................................................ 70
The AD Server Layer .............................................................................................................................................................. 72

3.2.1

Asynchronous Thread Queue Test ................................................................................................................................. 72

3.2.2

ADAM Access Details Test............................................................................................................................................ 74

3.2.3

ADAM Database Test ..................................................................................................................................................... 81

3.2.4

Active Directory Access Test ......................................................................................................................................... 82

3.2.5

Windows Access Test ..................................................................................................................................................... 83

3.2.6

Windows Sessions Test ................................................................................................................................................... 85

3.2.7

FSMO Roles Test ............................................................................................................................................................ 86

3.2.8

Directory System Agent Logs Test ................................................................................................................................ 89

3.2.9

Domain Controller Summary ......................................................................................................................................... 90

3.2.10

Security Accounts Manager Test.................................................................................................................................... 91

3.2.11

Trust Relation Test .......................................................................................................................................................... 93

3.3

The DNS/DHCP Layer ............................................................................................................................................................ 94

3.3.1

Active Directory Checks Test......................................................................................................................................... 95

3.3.2

AD Checks Test ............................................................................................................................................................... 97

3.3.3

DNS Server Health Test.................................................................................................................................................. 99

3.3.4

Name Resolutions Test ................................................................................................................................................. 105

3.3.5

Windows DNS Test ....................................................................................................................................................... 106

3.4

The AD Replication Service Layer....................................................................................................................................... 108

3.4.1

File Replication Connections Test ............................................................................................................................... 108

3.4.2

File Replication Events Test ......................................................................................................................................... 110

3.4.3

File Replication Set Test ............................................................................................................................................... 114

3.4.4

Replication Performance Test....................................................................................................................................... 117

3.4.5

Replication Traffic from Other Sites Test ................................................................................................................... 120

3.4.6

Replication Traffic to Other Sites Test ........................................................................................................................ 121

3.4.7

Replication Queue Test ................................................................................................................................................. 123

3.4.8

Lingering Objects Test .................................................................................................................................................. 124

3.4.9

Replication Status Test.................................................................................................................................................. 126

3.4.10

Inter-Site Replication Test ............................................................................................................................................ 128

3.4.11

Intra-Site Replication Test ............................................................................................................................................ 129

3.4.12

Replication Test ............................................................................................................................................................. 130

3.4.13

AD Replications Test .................................................................................................................................................... 132

3.5

The AD Service Layer ........................................................................................................................................................... 134

3.5.1

Orphaned Objects Test .................................................................................................................................................. 134

3.5.2

Active Directory Status Test ......................................................................................................................................... 135

3.5.3

Directory Service Events Test ...................................................................................................................................... 138

3.5.4

User Account Lockouts Test ........................................................................................................................................ 143

3.5.5

Active Directory Lost and Found Test ......................................................................................................................... 146

3.5.6

Global Catalog Search Test .......................................................................................................................................... 147

3.5.7

Address Book Details Test ........................................................................................................................................... 148

3.5.8

ADAM LDAP Performance Test ................................................................................................................................. 149

3.5.9

Authentication Performance Test ................................................................................................................................. 151

3.5.10

ADAM Binding Test ..................................................................................................................................................... 154

3.5.11

Global Catalogs Test ..................................................................................................................................................... 155

3.5.12

Active Directory Users.................................................................................................................................................. 156

3.5.13

Account Management Events Test ............................................................................................................................... 157

3.5.14

Active Directory Computers Test................................................................................................................................. 166

MONITORING THE BIZTALK SERVER ..................................................................................................................................... 168
4.1

Monitoring the BizTalk Server 2000 .................................................................................................................................... 168

4.1.1

The BTS Transport Layer ............................................................................................................................................. 169

4.1.2

The BTS Documents Layer .......................................................................................................................................... 173

4.2

Monitoring the BizTalk Server 2010 .................................................................................................................................... 176

4.2.1

The Messaging Engine Layer ....................................................................................................................................... 178

4.2.2

The Message Box Layer ............................................................................................................................................... 217

4.2.3

The Orchestration Engine Layer .................................................................................................................................. 222

MONITORING DHCP SERVERS ................................................................................................................................................... 232
5.1

The DHCP Services Layer .................................................................................................................................................... 233

5.1.1

DHCP Performance Test............................................................................................................................................... 233

5.1.2

DHCP Utilization Test .................................................................................................................................................. 235

MONITORING THE WINDOWS INTERNET NAME SERVICE (WINS) ............................................................................. 237
6.1
6.1.1

The WINS Server Layer ........................................................................................................................................................ 238
Wins Test ....................................................................................................................................................................... 238

MONITORING MS PRINT SERVERS ........................................................................................................................................... 240
7.1
7.1.1

The MS Print Service Layer.................................................................................................................................................. 240
Print Server Test ............................................................................................................................................................ 241

MONITORING MS PROXY SERVERS ......................................................................................................................................... 243
8.1

The Proxy Service Layer ....................................................................................................................................................... 244

8.1.1

Win Sock Test ............................................................................................................................................................... 244

8.1.2

Proxy Server Test .......................................................................................................................................................... 246

8.1.3

Proxy Cache Test........................................................................................................................................................... 248

8.1.4

Proxy Svc Test ............................................................................................................................................................... 249

MONITORING WINDOWS DOMAIN CONTROLLERS .......................................................................................................... 253
9.1

The Windows Server Layer .................................................................................................................................................. 253

9.1.1

Windows Access Test ................................................................................................................................................... 254

9.1.2

Windows Sessions Test ................................................................................................................................................. 255

9.1.3

Window Authentication Test ........................................................................................................................................ 256

MONITORING MS FILE SERVERS .............................................................................................................................................. 259
10.1

The Windows Server Layer .............................................................................................................................................. 260

10.1.1

Windows Access Test ................................................................................................................................................... 260

10.1.2

Windows Sessions Test ................................................................................................................................................. 261

10.2

The File Server Layer ........................................................................................................................................................ 263

10.2.1

MS File Stats Test ......................................................................................................................................................... 263

10.2.2

Windows Usage Test..................................................................................................................................................... 264

MONITORING ISA PROXY SERVERS ........................................................................................................................................ 266
11.1

The Firewall Service Layer ............................................................................................................................................... 267

11.1.1

ISA Cache Test .............................................................................................................................................................. 267

11.1.2

ISA Firewall Test .......................................................................................................................................................... 268

11.1.3

ISA Web Proxy Test ..................................................................................................................................................... 269

11.1.4

Packet Engine Test ........................................................................................................................................................ 270

11.1.5

Proxy Server Test .......................................................................................................................................................... 271

11.1.6

Tests that are Disabled by Default ............................................................................................................................... 273

MONITORING MICROSOFT RADIUS SERVERS..................................................................................................................... 278
12.1

The MS Radius Layer........................................................................................................................................................ 279

12.1.1

IAS Acc Server Test...................................................................................................................................................... 280

12.1.2

IAS Acc Client Test ...................................................................................................................................................... 282

12.1.3

IAS Auth Server Test .................................................................................................................................................... 283

12.1.4

IAS Auth Client Test ..................................................................................................................................................... 285

MONITORING THE MICROSOFT RAS SERVER..................................................................................................................... 288
13.1

The MS RAS Service Layer ............................................................................................................................................. 289

13.1.1

Microsoft RAS Port Test .............................................................................................................................................. 289

13.1.2

Microsoft RAS Test ...................................................................................................................................................... 291

13.1.3

Windows Telephony Test ............................................................................................................................................. 292

MONITORING MICROSOFT SYSTEM MANAGEMENT SERVERS (SMS) ...................................................................... 295
14.1

The SMS Site Server Layer .............................................................................................................................................. 296

14.1.1

Data Discovery Test ...................................................................................................................................................... 296

14.1.2

Inv Load Test ................................................................................................................................................................. 297

14.1.3

Memory Queue Test ...................................................................................................................................................... 298

14.1.4

SMS Status Messages Test ........................................................................................................................................... 299

14.1.5

SMS Threads Test ......................................................................................................................................................... 300

14.1.6

Software Inventory Proc Test ....................................................................................................................................... 301

14.1.7

Software Metering Test ................................................................................................................................................. 302

14.2
14.2.1

The SMS Mgmt Point Layer ............................................................................................................................................. 304
Management Point Data Loader Test ........................................................................................................................... 304

14.2.2

MgmtPointHwInv Test ................................................................................................................................................. 305

14.2.3

Management Point Policy Manager Test ..................................................................................................................... 306

14.2.4

Management Point Policy Test ..................................................................................................................................... 306

14.2.5

Management Point Status Manager Test ..................................................................................................................... 307

14.2.6

Management Point Software Inventory Test ............................................................................................................... 308

EXTERNALLY MONITORING THE ACTIVE DIRECTORY SERVER ............................................................................... 309
15.1

The Network Layer............................................................................................................................................................ 309

15.2

The Application Processes Layer ..................................................................................................................................... 310

15.3

The DC Server Layer ........................................................................................................................................................ 310

MONITORING THE AD CLUSTER SERVICE ........................................................................................................................... 312
16.1

The DC Server Layer ........................................................................................................................................................ 313

MONITORING WINDOWS CLUSTERS ....................................................................................................................................... 314
17.1

The Windows Service Layer............................................................................................................................................. 315

MONITORING MICROSOFT SHAREPOINT ............................................................................................................................. 322
18.1
18.1.1
18.2

Monitoring Sharepoint 2007 ............................................................................................................................................. 322
The Sharepoint Services Layer ..................................................................................................................................... 324
Monitoring Sharepoint 2010/2013 ................................................................................................................................... 341

18.2.1

The Sharepoint Documents Layer ................................................................................................................................ 342

18.2.2

The Sharepoint Objects Layer ...................................................................................................................................... 347

18.2.3

Sharepoint Web Applications Test ............................................................................................................................... 363

18.2.4

The Sharepoint Services Layer ..................................................................................................................................... 368

18.2.5

Sharepoint Search Content Feed Layer........................................................................................................................ 388

MONITORING MICROSOFT DYNAMICS AX ........................................................................................................................... 399
19.1

Dynamics AOS Service..................................................................................................................................................... 400

19.1.1

AX Object Statistics Test .............................................................................................................................................. 400

19.1.2

AX Portal Statistics Test ............................................................................................................................................... 402

MONITORING THE MICROSOFT RDS LICENSE SERVER ................................................................................................. 404
20.1
20.1.1

RD License Manager Layer .............................................................................................................................................. 405
TS CAL Licenses Utilization Test ............................................................................................................................... 405

CONCLUSION ..................................................................................................................................................................................... 411

Table of Figures
Figure 2.1: Layer model of a Microsoft RDS server ..........................................................................................................................................2
Figure 2.1: The tests mapped to the Windows Service layer ..............................................................................................................................4
Figure 2.2: Tests associated with the Terminal Server layer ............................................................................................................................. 19
Figure 2.3: The detailed diagnosis of the Total GDI objects measure ............................................................................................................... 34
Figure 2.4: Tests associated with the Terminal Applications layer ................................................................................................................... 34
Figure 2.5: The detailed diagnosis of the Processes running measure ............................................................................................................... 37
Figure 2.6: Tests associated with the Terminal Users layer .............................................................................................................................. 44
Figure 2.7: The detailed diagnosis of the Active sessions measure ................................................................................................................... 47
Figure 2.8: The detailed diagnosis of the Sessions logging out measure ........................................................................................................... 49
Figure 2.9: The detailed diagnosis of the User sessions measure ...................................................................................................................... 56
Figure 2.10: The detailed diagnosis of the New disconnects measure ............................................................................................................... 58
Figure 2.11: The detailed diagnosis of the Quick reconnects measure .............................................................................................................. 58
Figure 3.1: Layer model for Active Directory ................................................................................................................................................. 69
Figure 3.2: The tests associated with the AD Server layer................................................................................................................................ 72
Figure 3.3: The tests mapped to the DNS/DHCP layer .................................................................................................................................... 95
Figure 3.4: The tests mapped to the AD Replication Service layer ................................................................................................................. 108
Figure 3.5: Tests mapping to the DC Service layer ........................................................................................................................................ 134
Figure 3.6: The details of orphaned objects................................................................................................................................................... 135
Figure 4.1: Layer model of a BizTalk server ................................................................................................................................................. 169
Figure 4.2: Tests mapping to the BTS Transport layer ................................................................................................................................... 170
Figure 4.3: Tests mapping to the BTS Documents layer ................................................................................................................................ 173
Figure 4.4: The major components of a BizTalk server.................................................................................................................................. 176
Figure 4.5: The layer model of the BizTalk Server 2010................................................................................................................................ 177
Figure 4.6: Messaging architecture............................................................................................................................................................... 179
Figure 4.7: The tests mapped to the Messaging Engine layer ......................................................................................................................... 180
Figure 4.8: The tests mapped to the Message Box layer................................................................................................................................. 218
Figure 4.9: The tests mapped to the Orchestration Engine layer ..................................................................................................................... 223
Figure 4.10: How does BAM work? ............................................................................................................................................................. 228
Figure 5.1: Layer model of a DHCP server ................................................................................................................................................... 233
Figure 5.2: Tests associated with the DHCP Services layer............................................................................................................................ 233
Figure 6.1: Layer model of a WINS server ................................................................................................................................................... 238
Figure 6.2: Test associated with the WINS server layer ................................................................................................................................. 238
Figure 7.1: Layer model of an MS Print server ............................................................................................................................................. 240
Figure 7.2: Tests associated with the MS Print Service layer ......................................................................................................................... 241
Figure 8.1: Layer model of an MS Proxy server ............................................................................................................................................ 243
Figure 8.2: Tests associated with the Proxy Service layer .............................................................................................................................. 244
Figure 9.1: Layer model of a Windows Domain Controller............................................................................................................................ 253
Figure 9.2: Tests associated with the Windows Server layer .......................................................................................................................... 254
Figure 10.1: Layer model of an MS File server ............................................................................................................................................. 259
Figure 10.2: Tests associated with the Windows Server layer ........................................................................................................................ 260
Figure 10.3: Tests associated with the File server layer ................................................................................................................................. 263
Figure 11.1: Layer model of an ISA Proxy server ......................................................................................................................................... 266
Figure 11.2: The tests associated with the Firewall Service layer ................................................................................................................... 267
Figure 12.1: The layer model of the MS Radius server .................................................................................................................................. 279
Figure 12.2: The tests associated with the MS Radius layer ........................................................................................................................... 279
Figure 13.1: Layer model of the MS RAS server........................................................................................................................................... 288
Figure 13.2: The tests associated with the MSRAS_SERVICE layer .............................................................................................................. 289
Figure 14.1: The layer model of Microsoft SMS ........................................................................................................................................... 295
Figure 14.2: The tests associated with the SMS Site Server layer ................................................................................................................... 296
Figure 14.3: The tests associated with the SMS Mgmt Point layer ................................................................................................................. 304
Figure 15.1: Layer model of the External AD server ..................................................................................................................................... 309
Figure 15.2: The test associated with the Network layer ................................................................................................................................ 310
Figure 15.3: The tests associated with the Application Processes layer ........................................................................................................... 310
Figure 15.4: The tests associated with the DC Server layer ............................................................................................................................ 311
Figure 16.1: Layer model of the AD cluster service ...................................................................................................................................... 312
Figure 16.2: The tests associated with the DC_SERVER layer ...................................................................................................................... 313
Figure 17.1: The layer model of the IIS web server with the Windows Cluster layer ....................................................................................... 314
Figure 17.2: The tests mapped to the Windows Service layer......................................................................................................................... 315
Figure 18.1: The layer model of Sharepoint .................................................................................................................................................. 323
Figure 18.2: The tests mapped to the Sharepoint Services layer ..................................................................................................................... 324
Figure 18.3: Excel services architecture........................................................................................................................................................ 328
Figure 18.4: The layer model of Microsoft Sharepoint 2010 .......................................................................................................................... 341

Figure 19.1: The tests mapped to the Sharepoint Documents Layer ................................................................................................................ 342
Figure 19.2: The detailed diagnosis of the Number of document libraries measure.......................................................................................... 345
Figure 19.3: The detailed diagnosis of the Lists count measure ...................................................................................................................... 345
Figure 19.4: The tests mapped to the Sharepoint Objects layer....................................................................................................................... 348
Figure 18.5: Site Collections and Sites ......................................................................................................................................................... 356
Figure 19.5: The detailed diagnosis of the Least active site collections measure ............................................................................................. 362
Figure 19.6: The detailed diagnosis of the Least active sites measure ............................................................................................................. 363
Figure 18.6: The tests mapped to the Sharepoint Services layer ..................................................................................................................... 368
Figure 18.7: How Search works in Sharepoint 2010? .................................................................................................................................... 371
Figure 19.7: How search works in Sharepoint 2013? ..................................................................................................................................... 389
Figure 19.8: Flows and operators in CPC ..................................................................................................................................................... 396
Figure 19.9: The layer model of the Microsoft Dynamics AX solution ........................................................................................................... 399
Figure 19.10: The tests mapped to the Dynamics AOS Service ...................................................................................................................... 400
Figure 20.1: Layer model of the Microsoft RDS License server ..................................................................................................................... 404
Figure 20.2: The tests mapped to the TS CAL Licenses Utilization test .......................................................................................................... 405
Figure 20.3: The detailed diagnosis of the CAL type measure........................................................................................................................ 410
Figure 20.4: The detailed diagnosis of the Licenses in use measure................................................................................................................ 410

INTRODUCTION

Chapter

Introduction
Microsoft applications are common-place in IT infrastructures today. From web interfaces to domain controllers to
authentication servers to Microsoft RDS servers to simple browsers, a wide range of Windows-based applications are
being increasingly utilized by infrastructure operators to keep the IT environment afloat and easily accessible to endusers.
This means that even a slight slowdown in the performance of one of these applications, if not resolved soon, can
prove to be fatal to the critical end-user service riding on it. This is reason enough for bringing Microsoft applications
under the purview of ‘24x7 monitoring’.
eG Enterprise provides 100% web-based monitoring models to continuously monitor and report on the status of
critical Microsoft applications such as Active Directory servers, Microsoft RDS servers, Windows Domain Controllers,
etc.
This document describes the monitoring model that eG Enterprise prescribes for every Microsoft application, and the
performance metrics each model collects.

MONITORING MICROSOFT RDS SERVERS

Chapter

Monitoring Microsoft RDS
Servers
The Microsoft RDS Server is a server program that provides the graphical user interface (GUI) of the Windows
desktop to user terminals that don't have this capability themselves. The latter include the relatively low-cost NetPC
or "thin client" that some companies are purchasing as alternatives to the autonomous and more expensive PC with
its own operating system and applications.
Typically, Microsoft RDS server environments involve multiple tiers of software. Domain servers in the target
infrastructure handle authentication of users. Authenticated requests are passed to the Microsoft RDS servers that
host a number of applications. In turn, the applications may use backend databases, printers, etc., for different
functionalities. Owing to the multi-tier nature of Microsoft RDS server environments, a slow-down in one tier (e.g.,
the authentication server) can cause a slow-down of the entire service. When a slow-down occurs, an administrator
of the server farm has to quickly determine what the source of the problem could be - i.e., Is it the network? Or the
authentication server? Or the Microsoft RDS server? Or the backend database? Or the application? Accurate, fast
diagnosis of problems helps reduce downtime and improve customer satisfaction.
The eG Enterprise suite offers 100% web-based monitoring of Microsoft RDS server farms. The suite includes an
extensive, pre-defined, customized Microsoft RDS model for this server (see Figure 2.1), which defines the key
performance metrics that need to be tracked to determine the service level achieved by the server/server farm.

Figure 2.1: Layer model of a Microsoft RDS server

Using the metrics reported by each of the layers depicted by Figure 2.1, administrators can find answers to persistent
2

MONITORING MICROSOFT RDS SERVERS

performance-related queries discussed hereunder:
Microsoft
RDS
Monitoring

server Are the Microsoft RDS servers available to service user requests?
Are there sporadic disconnects from the Microsoft RDS server?
At what times do peak usage of the servers happen and is the server capacity
adequate?
Is the user load being balanced across all the servers?
Is the data store available?

User Monitoring

What is the average response time that a user sees when connecting to a Microsoft
RDS server?
How many users are logged in to each server in the Microsoft RDS server farm?
What is the resource usage (CPU and memory) for each user?
What is the I/O activity generated by every user?
How much network bandwidth is consumed by every user?
Are too many page faults occurring in the processes executed on a server?
If so, what are those processes, and who are the users executing them?
Which user is using a lot of handles?

Operating
Monitoring

System What is the average CPU and memory usage on all the servers in the farm?
Is any unusual memory scanning/paging activity happening on the systems?
Are the critical Microsoft RDS server processes up?
What is their resource consumption?

Hosted
Monitoring

Application What are the applications hosted on a Microsoft RDS server?
Who is using each application?
What is the resource usage for each published application?

Infrastructure
Monitoring

Services Are the backend databases working?
What is the resource usage of the databases?
Are users able to login to the server farm? How long is the login process taking?
What is the usage of the Microsoft Windows Domain Controller?

Since the 4 layers at the bottom of Figure 2.1 have already been discussed in the Monitoring Unix and Windows
Servers document, the sections to come will discuss the top 4 layers only.

2.1 The Windows Service Layer
This layer represents the different services of the corresponding Windows components in the environment. An eG
agent uses Windows Services test to track the health of this layer. In addition, the layer also periodically monitors
the application, security, and system-related events that occur on the target Windows host. Since most of the tests

MONITORING MICROSOFT RDS SERVERS

of this layer have already been dealt in the Monitoirng Unix and Windows servers document, let us now discuss the
tests that are exclusive for the Microsoft RDS Servers alone.

Figure 2.1: The tests mapped to the Windows Service layer

2.1.1

App-V Client Admin Log Test

This test reports the statistical information about the admin events generated by the target system.

This test will report metrics only when the App-V Client is installed on the Microsoft RDS Server.

Purpose

Reports the statistical information about the admin events generated by the target system

Target of the
test

An App-V Client on the target Microsoft RDS Server

Agent
deploying the
test

An internal agent

MONITORING MICROSOFT RDS SERVERS

Configurable
parameters for
the test

TEST PERIOD - How often should the test be executed

HOST - The host for which the test is to be configured

PORT – Specify the port at which the specified HOST listens to. By default, this is 8080.

LOGTYPE – Refers to the type of event logs to be monitored. The default value is

Microsoft-AppV-Client/Admin.
5.

POLICY BASED FILTER - Using this page, administrators can configure the event
sources, event IDs, and event descriptions to be monitored by this test. In order to enable
administrators to easily and accurately provide this specification, this page provides the
following options:


Manually specify the event sources, IDs, and descriptions in the FILTER text area,
or,



Select a specification from the predefined filter policies listed in the FILTER box

For explicit, manual specification of the filter conditions, select the NO option against the
POLICY BASED FILTER field. This is the default selection. To choose from the list of preconfigured filter policies, or to create a new filter policy and then associate the same with
the test, select the YES option against the POLICY BASED FILTER field.
6.

FILTER - If the POLICY BASED FILTER flag is set to NO, then a FILTER text area will
appear, wherein you will have to specify the event sources, event IDs, and event
descriptions to be monitored. This specification should be of the following format:

{Displayname}:{event_sources_to_be_included}:{event_sources_to_be_excluded}:{event_I
Ds_to_be_included}:{event_IDs_to_be_excluded}:{event_descriptions_to_be_included}:{ev
ent_descriptions_to_be_excluded}. For example, assume that the FILTER text area takes
the value, OS_events:all:Browse,Print:all:none:all:none. Here:


OS_events is the display name that will appear as a descriptor of the test in the
monitor UI;



all indicates that all the event sources need to be considered while monitoring. To
monitor specific event sources, provide the source names as a comma-separated
list. To ensure that none of the event sources are monitored, specify none.



Next, to ensure that specific event sources are excluded from monitoring, provide a
comma-separated list of source names. Accordingly, in our example, Browse and
Print have been excluded from monitoring. Alternatively, you can use all to indicate
that all the event sources have to be excluded from monitoring, or none to denote
that none of the event sources need be excluded.



In the same manner, you can provide a comma-separated list of event IDs that
require monitoring. The all in our example represents that all the event IDs need to
be considered while monitoring.

 Similarly, the none (following all in our example) is indicative of the fact that none
of the event IDs need to be excluded from monitoring. On the other hand, if you
want to instruct the eG Enterprise system to ignore a few event IDs during
monitoring, then provide the IDs as a comma-separated list. Likewise, specifying all
makes sure that all the event IDs are excluded from monitoring.

MONITORING MICROSOFT RDS SERVERS



The all which follows implies that all events, regardless of description, need to be
included for monitoring. To exclude all events, use none. On the other hand, if you
provide a comma-separated list of event descriptions, then the events with the
specified descriptions will alone be monitored. Event descriptions can be of any of
the following forms - desc*, or desc, or *desc*,or desc*, or desc1*desc2, etc. desc
here refers to any string that forms part of the description. A leading '*' signifies any
number of leading characters, while a trailing '*' signifies any number of trailing
characters.



In the same way, you can also provide a comma-separated list of event descriptions
to be excluded from monitoring. Here again, the specification can be of any of the
following forms: desc*, or desc, or *desc*,or desc*, or desc1*desc2, etc. desc here
refers to any string that forms part of the description. A leading '*' signifies any
number of leading characters, while a trailing '*' signifies any number of trailing
characters. In our example however, none is specified, indicating that no event
descriptions are to be excluded from monitoring. If you use all instead, it would
mean that all event descriptions are to be excluded from monitoring.

By default, the FILTER parameter contains the value: all. Multiple filters are to be
separated by semi-colons (;).

The event sources and event IDs specified here should be exactly the
same as that which appears in the Event Viewer window.

On the other hand, if the POLICY BASED FILTER flag is set to YES, then a FILTER list
box will appear, displaying the filter policies that pre-exist in the eG Enterprise system. A
filter policy typically comprises of a specific set of event sources, event IDs, and event
descriptions to be monitored. This specification is built into the policy in the following
format:

{Policyname}:{event_sources_to_be_included}:{event_sources_to_be_excluded}:{event_ID
s_to_be_included}:{event_IDs_to_be_excluded}:{event_descriptions_to_be_included}:{eve
nt_descriptions_to_be_excluded}
To monitor a specific combination of event sources, event IDs, and event descriptions, you
can choose the corresponding filter policy from the FILTER list box. Multiple filter policies
can be so selected. Alternatively, you can modify any of the existing policies to suit your
needs, or create a new filter policy. To facilitate this, a
icon appears near the FILTER
list box, once the YES option is chosen against POLICY BASED FILTER. Clicking on the
icon leads you to a page where you can modify the existing policies or create a new one.
The changed policy or the new policy can then be associated with the test by selecting the
policy name from the FILTER list box in this page.

MONITORING MICROSOFT RDS SERVERS

USEWMI - The eG agent can either use WMI to extract event log statistics or directly parse
the event logs using event log APIs. If the USEWMI flag is YES, then WMI is used. If not,
the event log APIs are used. This option is provided because on some Windows NT/2000
systems (especially ones with service pack 3 or lower), the use of WMI access to event logs
can cause the CPU usage of the WinMgmt process to shoot up. On such systems, set the
USEWMI parameter value to NO. On the other hand, when monitoring systems that are

operating on any other flavor of Windows (say, Windows 2003/XP/2008/7/Vista/12), the
USEWMI flag should always be set to ‘Yes’.
8.

STATELESS ALERTS - Typically, the eG manager generates email alerts only when the
state of a specific measurement changes. A state change typically occurs only when the
threshold of a measure is violated a configured number of times within a specified time
window. While this ensured that the eG manager raised alarms only when the problem was
severe enough, in some cases, it may cause one/more problems to go unnoticed, just
because they did not result in a state change. For example, take the case of the EventLog
test. When this test captures an error event for the very first time, the eG manager will send
out a CRITICAL email alert with the details of the error event to configured recipients. Now,
the next time the test runs, if a different error event is captured, the eG manager will keep
the state of the measure as CRITICAL, but will not send out the details of this error event to
the user; thus, the second issue will remain hidden from the user. To make sure that
administrators do not miss/overlook critical issues, the eG Enterprise monitoring solution
provides the stateless alerting capability. To enable this capability for this test, set the
STATELESS ALERTS flag to Yes. This will ensure that email alerts are generated for this
test, regardless of whether or not the state of the measures reported by this test changes.

DDFORINFORMATION – eG Enterprise also provides you with options to restrict the
amount of storage required for event log tests. Towards this end, the
DDFORINFORMATION and DDFORWARNING flags have been made available in this
page. By default, both these flags are set to Yes, indicating that by default, the test
generates detailed diagnostic measures for information events and warning events. If you
do not want the test to generate and store detailed measures for information events, set the
DDFORINFORMATION flag to No.

10. DDFORWARNING – To ensure that the test does not generate and store detailed
measures for warning events, set the DDFORWARNING flag to No.

MONITORING MICROSOFT RDS SERVERS

11. DD FREQUENCY - Refers to the frequency with which detailed diagnosis measures are to
be generated for this test. The default is 1:1. This indicates that, by default, detailed
measures will be generated every time this test runs, and also every time the test detects a
problem. You can modify this frequency, if you so desire. Also, if you intend to disable the
detailed diagnosis capability for this test, you can do so by specifying none against
DDFREQ.
12. DETAILED DIAGNOSIS - To make diagnosis more efficient and accurate, the eG
Enterprise suite embeds an optional detailed diagnostic capability. With this capability, the
eG agents can be configured to run detailed, more elaborate tests as and when specific
problems are detected. To enable the detailed diagnosis capability of this test for a
particular server, choose the On option. To disable the capability, click on the Off option.
1. The option to selectively enabled/disable the detailed diagnosis capability will be
available only if the following conditions are fulfilled:

Outputs of the
test
Measurements
made by the
test

The eG manager license should allow the detailed diagnosis capability

Both the normal and abnormal frequencies configured for the detailed diagnosis
measures should not be 0.

One set of results for the App-V Client that is to be monitored

Measurement
Information messages:

Measurement
Unit
Number

Indicates the number of AppV Client admin information
events generated when the
test was last executed.
Warnings:

A change in the value of this measure may
indicate infrequent but successful operations
performed by one or more applications.
Please check the App-V Client admin logs in
the Event Log Viewer for more details.

Number

Indicates the number of AppV Client admin warnings that
were generated when the test
was last executed.
Error messages:

Interpretation

A high value of this measure indicates
application problems that may not have an
immediate impact, but may cause future
problems in one or more applications.
Please check the App-V Client admin logs in
the Event Log Viewer for more details.

Number

Indicates the number of AppV Client admin error events
that were generated during
the last measurement period.

A very low value (zero) indicates that the
system is in a healthy state and all
applications are running smoothly without
any potential problems.
An increasing trend or high value indicates
the existence of problems like loss of
functionality or data in one or more
applications.
Please check the App-V Client admin logs in
the Event Log Viewer for more details.

MONITORING MICROSOFT RDS SERVERS

Critical messages:

Number

Indicates the number of AppV Client admin critical error
events that were generated
when the test was last
executed.

A very low value (zero) indicates that the
system is in a healthy state and all
applications are running smoothly without
any potential problems.
An increasing trend or high value indicates
the existence of fatal/irrepairable problems in
one or more applications.
Please check the App-V Client admin logs in
the Event Log Viewer for more details.

Verbose messages:

Number

Indicates the number of AppV Client admin verbose events
that were generated when the
test was last executed.

2.1.2

The detailed diagnosis of this measure
describes all the verbose events that were
generated during the last measurement
period.
Please check the App-V Client admin logs in
the Event Log Viewer for more details.

App-V Client Operational Log Test

This test reports the statistical information about the operation events generated by the target system.

This test will report metrics only when the App-V Client is installed on the Microsoft RDS Server.

Purpose

Reports the statistical information about the operation events generated by the target system

Target of the
test

An App-V Client on the target Microsoft RDS Server

Agent
deploying the
test

An internal agent

MONITORING MICROSOFT RDS SERVERS

Configurable
parameters for
the test

TEST PERIOD - How often should the test be executed

HOST - The host for which the test is to be configured

PORT – Specify the port at which the specified HOST listens to. By default, this is 8080.

LOGTYPE – Refers to the type of event logs to be monitored. The default value is

Microsoft-AppV-Client/Operational.
6.

Manually specify the event sources, IDs, and descriptions in the FILTER text area,
or,



Select a specification from the predefined filter policies listed in the FILTER box

OS_events is the display name that will appear as a descriptor of the test in the
monitor UI;



In the same manner, you can provide a comma-separated list of event IDs that
require monitoring. The all in our example represents that all the event IDs need to
be considered while monitoring.

MONITORING MICROSOFT RDS SERVERS



By default, the FILTER parameter contains the value: all. Multiple filters are to be
separated by semi-colons (;).

The event sources and event IDs specified here should be exactly the
same as that which appears in the Event Viewer window.

MONITORING MICROSOFT RDS SERVERS

operating on any other flavor of Windows (say, Windows 2003/XP/2008/7/Vista/12), the
USEWMI flag should always be set to ‘Yes’.
9.

10. DDFORINFORMATION – eG Enterprise also provides you with options to restrict the
amount of storage required for event log tests. Towards this end, the
DDFORINFORMATION and DDFORWARNING flags have been made available in this
page. By default, both these flags are set to Yes, indicating that by default, the test
generates detailed diagnostic measures for information events and warning events. If you
do not want the test to generate and store detailed measures for information events, set the
DDFORINFORMATION flag to No.
11. DDFORWARNING – To ensure that the test does not generate and store detailed
measures for warning events, set the DDFORWARNING flag to No.
12. DD FREQUENCY - Refers to the frequency with which detailed diagnosis measures are to
be generated for this test. The default is 1:1. This indicates that, by default, detailed
measures will be generated every time this test runs, and also every time the test detects a
problem. You can modify this frequency, if you so desire. Also, if you intend to disable the
detailed diagnosis capability for this test, you can do so by specifying none against
DDFREQ.
13. DETAILED DIAGNOSIS - To make diagnosis more efficient and accurate, the eG
Enterprise suite embeds an optional detailed diagnostic capability. With this capability, the
eG agents can be configured to run detailed, more elaborate tests as and when specific
problems are detected. To enable the detailed diagnosis capability of this test for a
particular server, choose the On option. To disable the capability, click on the Off option.
The option to selectively enabled/disable the detailed diagnosis capability will be available
only if the following conditions are fulfilled:
o

The eG manager license should allow the detailed diagnosis capability

Both the normal and abnormal frequencies configured for the detailed diagnosis
measures should not be 0.
12

MONITORING MICROSOFT RDS SERVERS

Outputs of the
test
Measurements
made by the
test

One set of results for the App-V Client that is to be monitored

Measurement
Information messages:

Measurement
Unit
Number

Indicates the number of AppV
Client
operational
information events generated
when the test was last
executed.
Warnings:

A change in the value of this measure may
indicate infrequent but successful operations
performed by one or more applications.
Please check the App-V Client Operational
logs in the Event Log Viewer for more details.

Number

Indicates the number of AppV Client operational warnings
that were generated when the
test was last executed.
Error messages:

Interpretation

A high value of this measure indicates
application problems that may not have an
immediate impact, but may cause future
problems in one or more applications.
Please check the App-V Client Operational
logs in the Event Log Viewer for more details.

Number

Indicates the number of AppV Client operational error
events that were generated
during the last measurement
period.

A very low value (zero) indicates that the
system is in a healthy state and all
applications are running smoothly without
any potential problems.
An increasing trend or high value indicates
the existence of problems like loss of
functionality or data in one or more
applications.
Please check the App-V Client Operational
logs in the Event Log Viewer for more details.

Critical messages:

Number

Indicates the number of AppV Client operational critical
error events that were
generated when the test was
last executed.

A very low value (zero) indicates that the
system is in a healthy state and all
applications are running smoothly without
any potential problems.
An increasing trend or high value indicates
the existence of fatal/irrepairable problems in
one or more applications.
Please check the App-V Client Operational
logs in the Event Log Viewer for more details.

Verbose messages:

Number

Indicates the number of AppV Client operational verbose
events that were generated
when the test was last
executed.

The detailed diagnosis of this measure
describes all the verbose events that were
generated during the last measurement
period.
Please check the App-V Client Operational
logs in the Event Log Viewer for more details.

MONITORING MICROSOFT RDS SERVERS

2.1.3

App-V Client Virtual Application Log Test

This test reports the statistical information about the virtual application events generated by the target system.

This test will report metrics only when the App-V Client is installed on the Microsoft RDS Server.

Purpose

Reports the statistical information about the virtual application events generated by the target
system

Target of the
test

An App-V Client on the target Microsoft RDS Server

Agent
deploying the
test

An internal agent

MONITORING MICROSOFT RDS SERVERS

Configurable
parameters for
the test

TEST PERIOD - How often should the test be executed

HOST - The host for which the test is to be configured

PORT – Specify the port at which the specified HOST listens to. By default, this is 8080.

LOGTYPE – Refers to the type of event logs to be monitored. The default value is

Microsoft-AppV-Client/Virtual Applications.
5.

Manually specify the event sources, IDs, and descriptions in the FILTER text area,
or,



Select a specification from the predefined filter policies listed in the FILTER box

OS_events is the display name that will appear as a descriptor of the test in the
monitor UI;



In the same manner, you can provide a comma-separated list of event IDs that
require monitoring. The all in our example represents that all the event IDs need to
be considered while monitoring.

MONITORING MICROSOFT RDS SERVERS



By default, the FILTER parameter contains the value: all. Multiple filters are to be
separated by semi-colons (;).

The event sources and event IDs specified here should be exactly the
same as that which appears in the Event Viewer window.

MONITORING MICROSOFT RDS SERVERS

operating on any other flavor of Windows (say, Windows 2003/XP/2008/7/Vista/12), the
USEWMI flag should always be set to ‘Yes’.
8.

10. DDFORWARNING – To ensure that the test does not generate and store detailed
measures for warning events, set the DDFORWARNING flag to No.
11. DD FREQUENCY - Refers to the frequency with which detailed diagnosis measures are to
be generated for this test. The default is 1:1. This indicates that, by default, detailed
measures will be generated every time this test runs, and also every time the test detects a
problem. You can modify this frequency, if you so desire. Also, if you intend to disable the
detailed diagnosis capability for this test, you can do so by specifying none against DD
FREQUENCY.
12. DETAILED DIAGNOSIS - To make diagnosis more efficient and accurate, the eG
Enterprise suite embeds an optional detailed diagnostic capability. With this capability, the
eG agents can be configured to run detailed, more elaborate tests as and when specific
problems are detected. To enable the detailed diagnosis capability of this test for a
particular server, choose the On option. To disable the capability, click on the Off option.
1. The option to selectively enabled/disable the detailed diagnosis capability will be
available only if the following conditions are fulfilled:
o

The eG manager license should allow the detailed diagnosis capability

Both the normal and abnormal frequencies configured for the detailed diagnosis
measures should not be 0.
17

MONITORING MICROSOFT RDS SERVERS

Outputs of the
test
Measurements
made by the
test

One set of results for the App-V Client that is to be monitored

Measurement
Information messages:

Measurement
Unit
Number

Indicates the number of AppV Client virtual application
informational events that
were generated when the test
was last executed.
Warnings:

A change in the value of this measure may
indicate infrequent but successful operations
performed by one or more applications.
Please check the App-V Client Virtual
Application logs in the Event Log Viewer for
more details.

Number

Indicates the number of AppV Client virtual application
warnings that were generated
when the test was last
executed.
Error messages:

Interpretation

A high value of this measure indicates
application problems that may not have an
immediate impact, but may cause future
problems in one or more applications.
Please check the App-V Client Virtual
Application logs in the Event Log Viewer for
more details.

Number

Indicates the number of AppV Client virtual application
error events
that
were
generated during the last
measurement period.

A very low value (zero) indicates that the
system is in a healthy state and all
applications are running smoothly without
any potential problems.
An increasing trend or high value indicates
the existence of problems like loss of
functionality or data in one or more
applications.
Please check the App-V Client Virtual
Application logs in the Event Log Viewer for
more details.
Please check the App-V Client Virtual
Application logs in the Event Log Viewer for
more details.

Critical messages:

Number

Indicates the number of AppV Client virtual applications
critical error events that were
generated when the test was
last executed.

A very low value (zero) indicates that the
system is in a healthy state and all
applications are running smoothly without
any potential problems.
An increasing trend or high value indicates
the existence of fatal/irrepairable problems in
one or more applications.
Please check the App-V Client Virtual
Application logs in the Event Log Viewer for
more details.

MONITORING MICROSOFT RDS SERVERS

Verbose messages:

Number

Indicates the number of AppV Client virtual application
verbose events that were
generated when the test was
last executed.

The detailed diagnosis of this measure
describes all the verbose events that were
generated during the last measurement
period.
Please check the App-V Client Virtual
Application logs in the Event Log Viewer for
more details.

2.2 The Terminal Server Layer
The tests associated with this layer (see Figure 2.2) enable administrators to measure the health of the client to
server connectivity, using metrics such as the following:
The availability of the Microsoft RDS server and its responsiveness to client requests
Login time to the server
The status of file serving as seen by a Microsoft RDS client

Figure 2.2: Tests associated with the Terminal Server layer

2.2.1

Session Login Status Test

Administrators typically use the Change logon command line tool to enable / disable logons from client sessions to
the Citrix / Microsoft RDS server. Disabling client logons will deny all users access to the server. Whenever users
complaint of login failures, administrators might first want to check the status of the client logons to determine
whether it has been disabled or not. This test periodically reports the status of logons from client sessions to the
Citrix / Microsoft RDS server.

Purpose

Periodically reports the status of logons from client sessions to the Citrix / Microsoft RDS server

Target of the
test

A Microsoft RDS server

Agent

An internal agent
19

MONITORING MICROSOFT RDS SERVERS

deploying the
test
Configurable
parameters for
the test
Outputs of the
test

TEST PERIOD - How often should the test be executed

HOST - Host name of the server for which the test is to be configured

PORT - Enter the port to which the HOST listens

One set of results the Microsoft RDS server being monitored

Measurements
made by the
test

Measurement

Session login status:

Measurement
Unit
Percent

Indicates whether the client
sessions to the server are
currently enabled or not.

2.2.2

Interpretation

If the value for this measure is 100, it
indicates all client logons are enabled. If the
value of this measure is 0, it indicates that
client logons are disabled.

Terminal Connection Test

This test tracks various statistics pertaining to Microsoft RDS server connections to and from a host, from an external
perspective.

Purpose

Tracks various statistics pertaining to Microsoft RDS server connections to and from a host, from
an external perspective

Target of the
test

A Microsoft RDS server

Agent
deploying the
test

An external agent

Configurable
parameters for
the test

TEST PERIOD - How often should the test be executed

HOST - Host name of the server for which the test is to be configured

PORT - Enter the port to which the specified TARGETHOST listens

Outputs of the
test
Measurements
made by the
test

TARGETPORTS – Specify a comma-separated list of port numbers that are to be tested
(eg., 80,7077,1521). By default, the default terminal sever port, 3389, will be displayed
here.

One set of results for every port being monitored

Measurement

Measurement
Unit

Interpretation

MONITORING MICROSOFT RDS SERVERS

Connection availability:

Percent

An availability problem can be caused by
different factors – e.g., the server process
may not be up, a network problem may exist,
or there could be a configuration problem
with the DNS server.

Secs

An increase in response time can be caused
by several factors such as a server
bottleneck, a configuration problem with the
DNS server, a network problem, etc.

Whether the Microsoft RDS
server connection is available

Connection time:
Time taken (in seconds) by
the server to respond to a
request.

2.2.3

Terminal Authentication Test

This test emulates the user login process at the system level on a Microsoft RDS server and reports whether the login
succeeded and how long it took.

Purpose

Emulates the user login process at the system level on a Microsoft RDS server and reports
whether the login succeeded and how long it took

Target of the
test

A Microsoft RDS server

Agent
deploying the
test

An internal agent

MONITORING MICROSOFT RDS SERVERS

Configurable
parameters for
the test

TEST PERIOD – How often should the test be executed

HOST – The host for which the test is to be configured

PORT – Refers to the port used by the Microsoft RDS server

USERNAME - This test emulates the user login process at the system level on a Microsoft
RDS server. Therefore, specify the login name of a user with both interactive logon and
logon locally privileges.

PASSWORD - Enter the password that corresponds to the specified USERNAME.

CONFIRM PASSWORD – Confirm the password by retyping it here.

DOMAIN - Specify the name of the domain to which the test will try to login. If the test is
to login to a local host, specify 'none' here.

Note:
If users are spread across multiple domains, then, you can configure this test with
multiple DOMAIN specifications; in this case, for every DOMAIN, a USERPASSWORD pair might also have to be configured. Sometimes, you might want the
test to login as specific users from the same domain, to check how long each user
login takes. Both these scenarios require the configuration of multiple DOMAINs
and/or multiple USER names and PASSWORDs. In order to enable users to specify
these details with ease, eG Enterprise provides a special page; to access this page,
click on the Click here hyperlink at the top of the parameters in the test configuration
page. To know how to use this page, refer to the Configuring Multiple Users for the
Citrix Authentication Test section in the Monitoring Citrix Environments document.

Outputs of the
test
Measurements
made by the
test

REPORT BY DOMAIN - By default, this flag is set to Yes. This implies that by default, this
test will report metrics for every domainname\username configured for this test. This way,
administrators will be able to quickly determine which user logged in from which domain. If
you want the detailed diagnosis to display the username alone, then set this flag to No.

One set of results for every user account being checked

Measurement
Authentication status:

Measurement
Unit
Percent

A value of 100 % indicates that the login has
succeeded. The value 0 is indicative of a
failed login.

Secs

If this value is very high then it could be
owing to a configuration issue (i.e. the
domain might not be configured properly) or
a slow-down/unavailability of the primary
domain server.

Indicates whether the login
was successful or not
Authentication time:

Interpretation

Indicates the time it took to
login

MONITORING MICROSOFT RDS SERVERS

2.2.4

Redirector Test

File serving very often is a much underestimated part of Citrix and Microsoft RDS server environments. Improperly
configured file serving components can wreak havoc on a server farm’s performance.
File serving in Citrix and Microsoft RDS server environments is used at different times. For instance, every time a user
logs on or off, profile data may be copied back and forth between the file server and terminal or Citrix server.
Another example involves multiple applications accessing configurations stored in files from a remote file server.
Folder redirection, if used, is another form of file retrievals from file servers.
File serving problems can have a detrimental impact on the performance of Citrix/Microsoft RDS server environments.
Often, these problems may manifest in many ways. For example, users may see very slow access to their home
directory, or folders. Even with a small profile, logging on and off could take a long time. Random application crashes
can also happen, especially for applications that rely on file servers to store their configuration files remotely. Such
file serving problems are often the most difficult to diagnose.
The Redirector component of the Microsoft Windows operating system handles file serving at the client end, and the
Redirector test monitors this component’s activity, and tracks the status of file serving as seen by a file server’s client
(i.e., the Citrix or Microsoft RDS server).

Purpose

Monitors the activity of redirector component of the Microsoft windows operating system and
tracks the status of the file serving as seen by a file server’s client.

Target of the
test

Any Microsoft RDS server

Agent
deploying the
test

An internal agent

Configurable
parameters for
the test

TEST PERIOD – How often should the test be executed

HOST – The host for which the test is to be configured

PORT – Refers to the port used by the Microsoft RDS server

Outputs of the
test
Measurements
made by the
test

One set of results for the Microsoft RDS server being monitored

Measurement
Data received:

Measurement
Unit
MB/Sec

This metric shows the rate of
data that were received by the
local server from the network.
This includes all the application
data as well as network protocol
information.

Interpretation

MONITORING MICROSOFT RDS SERVERS

Data sent:

MB/sec

This metric represents the rate
at which data is leaving the
Redirector to the network. This
includes all the application data
as well as network protocol
information.

Current commands:

Number

This metric indicates the
number of requests to the
Redirector that are currently
queued for service.

The Current Commands measure
indicates the number of pending
commands from the local computer to all
destination servers. This means that if
one of the destination servers does not
respond in a timely manner, the number
of current commands on the local
computer may increase.
If the local computer is serving many
sessions, a high number of current
commands does not necessarily indicate a
problem or a bottleneck. However, if the
Current Commands measure shows a
high number and the local computer is
idle, this may indicate a network-related
problem or a redirector bottleneck on the
local computer. For example, there may
be a network-related problem or a local
bottleneck if the computer is idle
overnight but the counter shows a high
number during that period.

Network errors:

Errors/sec

Such errors generally indicate that the
Redirector and one or more Servers are
having serious communication difficulties.
For example an SMB (Server Manager
Block) protocol error is a Network Error.
An entry is written to the System Event
Log and provides details.

Reads/sec

When a read is much larger than the
server's negotiated buffer size, the
Redirector requests a Raw Read which, if
granted, would permit the transfer of the
data without lots of protocol overhead on
each packet. To accomplish this, the
server must lock out other requests, so
the request is denied if the server is really
busy.

This metric denotes the rate at
which serious unexpected errors
are occurring during file system
access from a remote server.

Reads denied :
This metric denotes the rate at
which the server is unable to
accommodate requests for raw
read operations.

MONITORING MICROSOFT RDS SERVERS

Hung server sessions:

Number

This metric shows the number
of active sessions that are timed
out and unable to proceed due
to a lack of response from the
remote file server.

Writes denied:

Writes/sec

This metric denotes the rate at
which the server is unable to
accommodate requests for raw
write operations

2.2.5

When a write is much larger than the
server's negotiated buffer size, the
Redirector requests a Raw Write which, if
granted, would permit the transfer of the
data without lots of protocol overhead on
each packet. To accomplish this, the
server must lock out other requests, so
the request is denied if the server is really
busy.

User Profile Test

User profiles are the heart of the Microsoft RDS server environment. User profiles contain the configuration settings,
which bring the user desktop alive. One of the major problems in a server-based computing environment like the
Microsoft RDS server is that the user's login process takes more time to open the user's desktop. This happens if the
user profile size is huge. The UserProfile test monitors the size of the Microsoft RDS server user profiles and raises an
alarm if the profile size exceeds the profile quota size.

Purpose

Monitors the size of the Microsoft RDS server user profiles and raises an alarm if the profile size
exceeds the profile quota size

Target of the
test

Any Microsoft RDS server

Agent
deploying the
test

An internal agent

MONITORING MICROSOFT RDS SERVERS

Configurable
parameters for
the test

TEST PERIOD – How often should the test be executed

HOST – The host for which the test is to be configured

PORT – Refers to the port used by the Microsoft RDS server

PROFILESIZELIMIT - Specify the profile quota size (in MB). The default value is 50 MB.

EXCLUDE - Provide a comma-separated list of users who need to be excluded from the
analysis. By default, this parameter is set to All_Users, indicating that, by default, the test
will not monitor the All_Users profile.

CURRENTUSERSONLY - If this is set to true, then the profile sizes of only those users
who are currently logged into the server will be monitored. If this is set to false, eG
Enterprise will perform profile monitoring for all the users to the server.

FILESIZELIMIT - Takes the file quota size (in KB). The default size is 10000 KB.

REPORT BY DOMAIN - By default, this flag is set to Yes. This implies that by default, this
test will report metrics for every domainname\username to the server. This way,
administrators will be able to quickly determine which user belongs to which domain. If you
want the test to report metrics for every username alone, then set this flag to No.

DETAILED DIAGNOSIS - To make diagnosis more efficient and accurate, the eG
Enterprise suite embeds an optional detailed diagnostic capability. With this capability, the
eG agents can be configured to run detailed, more elaborate tests as and when specific
problems are detected. To enable the detailed diagnosis capability of this test for a
particular server, choose the On option. To disable the capability, click on the Off option.
The option to selectively enabled/disable the detailed diagnosis capability will be available
only if the following conditions are fulfilled:
The eG manager license should allow the detailed diagnosis capability
Both the normal and abnormal frequencies configured for the detailed diagnosis
measures should not be 0.

Outputs of the
test
Measurements
made by the
test

One set of results for every user profile on the Microsoft RDS server monitored

Measurement
Is user profile exceeding
quota?:

Measurement
Unit
Boolean

Indicates whether the profile
size exceeds the profile quota
size by comparing the current
profile
size
with
the
configured
PROFILESIZELIMIT
parameter.
Current profile size:

Indicates the current profile
size.

Interpretation
If this measure shows 0, it indicates that the
current profile size has not exceeded the
quota size. The value 1 indicates that the
current profile size has exceeded the quota
size.

MONITORING MICROSOFT RDS SERVERS

Number of files in user’s
profile:

Number

Indicates the number of files
available in the user profile.
Large files
profile:

user’s

Number

The number of files in the
user profile, which exceed the
allowable
FILESIZELIMIT
parameter.

2.2.6

The detailed diagnosis of this measure, if
enabled, lists all the files that have exceeded
the configured FILESIZELIMIT.

User Environment Test

The process of a user logging into a Citrix or Microsoft RDS server is fairly complex. First, the profile corresponding to
a user has to be located, and the appropriate profile files copied over from a profile server (in the case of a roaming
profile). Second, additional processing is often necessary after copying the profile locally. Processing for instance may
involve creating new printers for the user logging in. Proper monitoring of profile loading and processing times is key
because the login process is handled exclusively by Microsoft Windows. Hence, if a specific user profile takes a lot of
time to load (e.g., because the profile is very big), or if specific processing for a user is taking time, this could delay
logins for subsequent users who are trying to access the server at the same time. The typical process for monitoring
the Windows login process is to use the user environment debugging mechanism. To enable this, the following steps
are required. To set the logging level associated with the userenv.log file, perform the following steps:
Start a registry editor (e.g., regedit.exe).
Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
registry subkey.
From the Edit menu, select New, DWORD Value.
Enter the name UserEnvDebugLevel, then press Enter.
Double-click the new value, set it to 65538 (decimal) - which corresponds to the debugger output.
Once these changes are enabled, details about the Windows login process are logged into
%systemroot%\debug\usermode\userenv.log. If the Userenv.log file is larger than 300 KB, the file is
Userenv.bak, and a new Userenv.log file is created. This action occurs when a user logs on locally or
Terminal Services, and the Winlogon process starts. However, because the size check only occurs when a
on, the Userenv.log file may grow beyond the 300 KB limit. The 300 KB limit cannot be modified.

the file
renamed
by using
user logs

The UserEnvironment test periodically checks the userenv log file to monitor the user login and profile loading
process. This test is disabled by default. To enable the test, go to the ENABLE / DISABLE TESTS page using the menu
sequence : Agents -> Tests -> Enable/Disable, pick Microsoft Terminal as the Component type, Performance as the
Test type, choose the test from the DISABLED TESTS list, and click on the >> button to move the test to the ENABLED
TESTS list. Finally, click the Update button.

Purpose

Periodically checks the userenv log file to monitor the user login and profile loading process

Target of the
test

Any Microsoft RDS server

MONITORING MICROSOFT RDS SERVERS

Agent
deploying the
test

An internal agent

Configurable
parameters for
the test

TEST PERIOD – How often should the test be executed

HOST – The host for which the test is to be configured

PORT – Refers to the port used by the Microsoft RDS server

Outputs of the
test
Measurements
made by the
test

One set of results for every Microsoft RDS server monitored

Measurement
Profile load starts:

Measurement
Unit
Number

Indicates the number of
profile loads in the last
measurement period.
Profile load successes:

Interpretation
This metric gives an idea of the rate at which
users are logging in to the server.

Number

Indicates the number of
successful profile loads in the
last measurement period.
Profile loading failures:

Number

Indicates the number of
profile load failures in the last
measurement period.
Profile
percent:

load

failures

Percent

Indicates the percentage of
profile loads that failed in the
last measurement period.

An unusual increase in number of profile
loading failures is a cause for concern. The
userenv.log file will have details of what
profile loads failed and why.

MONITORING MICROSOFT RDS SERVERS

Avg user profile load time:

Secs

Indicates the average time it
took to load a profile
successfully in the last
measurement period.
Max profile load time:

Secs

Indicates the maximum time
it took to load a profile during
the last measurement period.
System policy starts:

Number

Indicates the number of
system policy applications
started
in
the
last
measurement period.
System policy completes:

Number

Compare the total number of starts to
completions. if there is a significant
discrepancy, this denotes a bottleneck in
system policy application. Check the
userenv.log file for more details.

Secs

If the system policy times are long, check the
detailed diagnosis to view if the policy
handling is taking time for all users. Analyze
the userenv.log to determine the reason for
any slowdown.

Indicates the number of
system policy completions in
the last measurement period.
Avg
system
processing time:

policy

Indicates the average time
taken for applying system
policies
in
the
last
measurement period.
Max system policy time:

Secs

Indicates the maximum time
for applying system policies in
the last measurement period.
Group policy starts:

Number

Indicates the number of
group
policy
applications
started
in
the
last
measurement period.
Group policy completes:

Number

Indicates the number of
group
policy
applications
completed
in
the
last
measurement period.
Avg
group
processing time:

policy

Secs

Indicates the average time
taken for applying group
policies.
29

MONITORING MICROSOFT RDS SERVERS

Max group policy time:

Secs

Indicates the average time
taken for applying group
policies.
Profile unload starts:

Number

Indicates the number of
profile unloads started during
the last measurement period.
Profile unload successes:

Number

Indicates the number of
successful profile unloads
during the last measurement
period.
Profile unload failures:

Number

Indicates the number of
unsuccessful profile unloads
during the last measurement
period.
Profile unload
percent:

failures

Percent

Indicates the profile unload
failures as a percentage of
the total profile unloads.
Avg user profile unload
time:

Secs

Indicates the average time
for unloading a profile during
the last measurement period.
Max profile unload time:

Secs

Indicates the maximum time
for unloading a profile during
the last measurement period.

2.2.7

Terminal Server CALs Test

This test reports the usage statistics pertaining to a Microsoft RDS server's client access licenses. To ensure that the
test functions smoothly, the Terminal Services Licensing Reporter tool (lsreport.exe) needs to be available on the eG
agent host. lsreport.exe is a command-line utility that you can use to display information about the licenses that are
issued by Microsoft RDS License servers. lsreport.exe connects to Microsoft RDS License servers and logs
information about the license key packs that are installed on the servers. In order to make sure that this utility is
available to the eG Enterprise suite, do the following:
Download the lsreport.exe from the Microsoft Windows 2000 Server Resource Kit.

MONITORING MICROSOFT RDS SERVERS

Copy lsreport.exe to the {EG_INSTALL_DIR}\bin directory.
This test is disabled by default. To enable the test, go to the ENABLE / DISABLE TESTS page using the menu sequence
: Agents -> Tests -> Enable/Disable, pick Microsoft Terminal as the Component type, Performance as the Test type,
choose the test from the DISABLED TESTS list, and click on the >> button to move the test to the ENABLED TESTS list.
Finally, click the Update button.

Purpose

Reports the usage statistics pertaining to a Microsoft RDS server's client access licenses

Target of the
test

A Microsoft RDS server

Agent
deploying the
test

An internal agent

Configurable
parameters for
the test

TEST PERIOD – How often should the test be executed

HOST – The host for which the test is to be configured

PORT – Refers to the port used by the Microsoft RDS server

Outputs of the
test
Measurements
made by the
test

One set of results for the Microsoft RDS server being monitored

Measurement
Active licenses:

Measurement
Unit
Number

Represents number of active
client access licenses that were
currently consumed from the
Microsoft RDS server license
server.

Interpretation
The detailed diagnosis of this provides the
complete details of the active access
licenses, which include critical session
information such as the user who initiated
the session, the start and end date/time
of the session, the type of license issued
to the user, the license ID, the issue type,
the target server, the client from which
the session was instantiated, etc.

MONITORING MICROSOFT RDS SERVERS

Temporary licenses:

Number

Indicates
the
number
of
temporary client access licenses
that were currently consumed
from the Microsoft RDS server
license.

2.2.8

The detailed diagnosis of this provides the
complete details of the temporary access
licenses, which include critical session
information such as the user who initiated
the session, the start and end date/time
of the session, the type of license issued
to the user, the license ID, the issue type,
the target server, the client from which
the session was instantiated, etc.

GDI Objects Test

An object is a data structure that represents a system resource, such as a file, thread, or graphic image. An
application cannot directly access object data or the system resource that an object represents. Instead, an
application must obtain an object handle, which it can use to examine or modify the system resource. There are
three categories of objects: user, GDI, and kernel. GDI objects support graphics. Here is a list of the GDI objects
used in Windows:
Bitmap
Brush
Device Context (DC)
Enhanced Metafile
Enhanced-metafile DC
Font
Memory DC
Metafile
Metafile DC
Palette
Pen/extended pen
Region
GDI objects support only one handle per object, and only the process that created the object can use the object
handle.
If an application creates a lot of these objects, without properly destroying references to the object (by closing the
associated handle), then there will be multiple GDI objects occupying memory on the system for each object created.
If this GDI leak is really bad, this can eventually bring a server to its knees, and cause all types of problems (slow
logons, registry issues, system hangs, and so on).
32

MONITORING MICROSOFT RDS SERVERS

If such fatalities are to be avoided, administrators should closely monitor the number of GDI object handles created
by every user to the Microsoft RDS server and proactively detect potential GDI leaks. This is where the GDI Objects
test helps. This test periodically checks the GDI object handles created by each user to the Microsoft RDS server,
reports the total number of handles created per user, and promptly notifies administrators if any user is creating
more GDI handles than permitted. This way, the test brings probable GDI leaks to the attention of administrators. In
addition, administrators can use the detailed diagnosis of the test to know which process is responsible for the GDI
leak (if any).

Purpose

Periodically checks the GDI object handles created by each user to the Microsoft RDS server,
reports the total number of handles created per user, and promptly notifies administrators if any
user is creating more GDI handles than permitted

Target of the
test

A Microsoft RDS server

Agent
deploying the
test

An internal agent

Configurable
parameters for
the test

TEST PERIOD – How often should the test be executed

HOST – The host for which the test is to be configured

PORT – Refers to the port used by the Microsoft RDS server

GDILIMIT – Specify the maximum number of GDI object handles that a user to the
Microsoft RDS server can create. By default, this value is 10000.

Outputs of the
test
Measurements
made by the
test

One set of results for each user to the Microsoft RDS server being monitored

Measurement
Total GDI objects:

Measurement
Unit
Number

Indicates the total number of
GDI handles that this user has
created.

Interpretation
The detailed diagnosis of this measure, if
enabled, provides the process-wise
breakup of the GDI handles created by
the user. In the event of a GDI leak, this
information will enable you to figure out
which process initiated by the user
spawned the maximum number of GDI
handles, and is hence responsible for the
GDI leak.

MONITORING MICROSOFT RDS SERVERS

Percentage of GDI objects:

Percent

Indicates what percentage of
the configured GDILIMIT is the
total number of GDI object
handles created by this user’s
processes.

This value is calculated
following formula:

using

the

Total GDI objects/GDILimit * 100
A value close to 100% is a cause for
concern, as it indicates that the count of
GDI handles for the user is fastapproaching the permitted GDILIMIT.
This hints at a potential GDI leak. You can
then use the detailed diagnosis of the
Total GDI objects measure to identify
which process initiated by the user is
spawning the maximum GDI handles and
is hence contributing to the leak, and
probe further.

The detailed diagnosis of the Total GDI objects measure, if enabled, provides the process-wise breakup of the GDI
handles created by the user. In the event of a GDI leak, this information will enable you to figure out which process
initiated by the user spawned the maximum number of GDI handles, and is hence responsible for the GDI leak.

Figure 2.3: The detailed diagnosis of the Total GDI objects measure

2.3 The Terminal Applications Layer
The health of a Microsoft RDS server depends upon the health of the applications it hosts. The Terminal Applications
test associated with this layer monitors application health.

Figure 2.4: Tests associated with the Terminal Applications layer
34

MONITORING MICROSOFT RDS SERVERS

2.3.1

Terminal Applications Test

This test reports statistics pertaining to the different applications deployed within the Microsoft RDS server and their
usage by its clients.

Purpose

Returns the performance measures pertaining to the applications published on the Microsoft
RDS server

Target of the
test

A Microsoft RDS server

Agent
deploying the
test

An internal agent

MONITORING MICROSOFT RDS SERVERS

Configurable
parameters for
the test

TEST PERIOD – How often should the test be executed

HOST – The host for which the test is to be configured

PORT – Refers to the port used by the Microsoft RDS server

APPS - By default, all is displayed here, which will auto-discover and monitor all the
applications that are running from the Microsoft RDS server client. To monitor specific
applications
instead,
you
have
to
enter
a
comma
separated
list
of
processName:processPattern pairs which identify the applications published on the server
being considered. processName is a string that will be used for display purposes only.
processPattern is an expression of the form - *expr* or expr or *expr or expr* or
*expr1*expr2*... or expr1*expr2, etc. A leading '*' signifies any number of leading
characters, while a trailing '*' signifies any number of trailing characters. The pattern(s)
used vary from one application to another and must be configured per application. For
example, if a Microsoft Word application has been published on the Microsoft RDS server,
then the PROCESS to be specified is: Word:*winword*, where Word is the string to be
displayed in the monitor interface, and *winword* is the application’s executable. Other
special characters such as slashes (\) can also be used while defining the process pattern.
For example, if a server’s root directory is /home/egurkha/apache and the server executable
named httpd exists in the bin directory, then, the process pattern is
“*/home/egurkha/apache/bin/httpd*”.
The test will rediscover the applications every 6th time the test runs.

REPORT BY DOMAIN NAME – By default, this flag is set to Yes. This implies that by
default, the detailed diagnosis of this test will display the domainname\username of each
user who accessed an application on the server. This way, administrators will be able to
quickly determine which user logged into the server from which domain. If you want the
detailed diagnosis to display only the username of these users, set this flag to No.

ENABLE BROWSER MONITORING – By default, this flag is set to No, indicating that the
eG agent does not monitor browser activity on the Microsoft RDS server. If this flag is set to
Yes, then, whenever one/more IE (Internet Explorer) browser instances on the RDS server
are accessed, the detailed diagnosis of the Processes running measure will additionally
reveal the URL being accessed via each IE instance and the resources consumed by every
URL. Armed with this information, administrators can identify the web sites that are
responsible for excessive resource usage by an IE instance.

Outputs of the
test

One set of results is reported for each application

MONITORING MICROSOFT RDS SERVERS

Measurements
made by the
test

Measurement
Processes running:

Measurement
Unit
Number

This value indicates if too many or too few
instances corresponding to an application are
executing on the host. The detailed diagnosis
of this measure, if enabled, displays the
complete list of processes executing, the
users executing them, and their individual
resource utilization.

Percent

A very high value could indicate that the
specified application is consuming excessive
CPU resources.

Percent

A sudden increase in memory utilization for
an application may be indicative of memory
leaks in the application.

Number of instances of the
published
application
currently executing on the
Microsoft RDS server

Cpu usage:
Percentage of CPU used by
the published application
Memory usage:

Interpretation

This value represents the
ratio of the resident set size
of the memory utilized by the
application to the physical
memory of the host system,
expressed as a percentage.

The detailed diagnosis of the Processes running measure, if enabled, provides the list of processes currently
executing, the users executing them, and their CPU and memory usage. Using these details, you can quickly detect
resource-intensive instances and the user executing them.

Figure 2.5: The detailed diagnosis of the Processes running measure

Moreover, if one or more browser instances are found to consume excessive CPU, memory and disk I/O resources on
a server or a desktop, then for each such browser instance, administrators can now see a mapping of browser
process to URL being accessed, as well as the resources used by each browser process in the detailed
diagnosis. Armed with this information, administrators can determine the steps required to avoid excessive resource
usage by browser instances – e.g., whether specific web sites are responsible for this, whether users are accessing
37

MONITORING MICROSOFT RDS SERVERS

web sites (e.g., youtube, facebook, etc.) that they should not be accessing from a corporate network, etc.
The eG agent will perform browser activity monitoring only if the ENABLE
BROWSER MONITORING flag is set to Yes.
The eG agent will monitor browser activity only of the browser being accessed is
Internet Explorer.

2.3.2

App-V Applications Test

This test reports statistics pertaining to the different applications executing on an App-V client and their usage. In
addition, this test also reports the statistics pertaining to the processes running on the APP-V client.

This test will report metrics only when the App-V Client is installed on the Microsoft RDS Server.

Purpose

Reports statistics pertaining to the different applications executing on an App-V client and their
usage. In addition, this test also reports the statistics pertaining to the processes running on the
APP-V client.

Target of the
test

An App-V Client on the target Mincorsoft RDS server

Agent
deploying the
test

An internal agent

MONITORING MICROSOFT RDS SERVERS

Configurable
parameters for
the test

TEST PERIOD - How often should the test be executed

HOST – The host for which the test is to be configured

10. PORT – The port at which the specified HOST listens. By default, this is NULL.
11. REPORT BY DOMAIN NAME – By default, this flag is set to No. This means that, by
default, the test will report metrics for each username only. You can set this flag to Yes, to
ensure that the test reports metrics for each domainname\username.
12. EXTENDED STATISTICS – By default, this test provides you with detailed measures on
the resource utilization of each application. If you wish to obtain only the CPU and memory
related measures, then set the EXTENDED STATISTICS flag to No.
13. DETAILED DIAGNOSIS - To make diagnosis more efficient and accurate, the eG
Enterprise suite embeds an optional detailed diagnostic capability. With this capability, the
eG agents can be configured to run detailed, more elaborate tests as and when specific
problems are detected. To enable the detailed diagnosis capability of this test for a
particular server, choose the On option. To disable the capability, click on the Off option.
14. The option to selectively enabled/disable the detailed diagnosis capability will be
available only if the following conditions are fulfilled:
o

The eG manager license should allow the detailed diagnosis capability

Both the normal and abnormal frequencies configured for the detailed diagnosis
measures should not be 0.

15.

Outputs of the
test
Measurements
made by the
test

One set of results for each application of the target App-V Client that is to be monitored

Measurement
Total size:

Measurement
Unit
MB

Interpretation
The detailed diagnosis of this measure lists
the Version of the application, Application ID,
Version ID of the applicaition and the
application path.

Indicates the total size of this
virtual application package.

MONITORING MICROSOFT RDS SERVERS

This measure reports a value True if the
application is currently being loaded and a
value False if otherwise.

Is loading?:
Indicates
whether
this
application
is
currently
loading or not on the App-V
client.

These
measure
values
and
their
corresponding numeric values are listed in
the table below:

Measure Value

Numeric Value

True

False

Note:
By default, this measure reports the values
Yes or No to indicate whether this application
is currently being loaded on the client or not.
The graph of this measure however is
represented using the numeric equivalents 0 or 1.
Loaded percentage:

Percent

Indicates the percentage of
this
application
that
is
currently being loaded on the
App-V client.
This measure reports a value True if the
application is currently in use and a value
False if otherwise.

In use?:
Indicates whether this
application is currently in use
or not.

These
measure
values
and
their
corresponding numeric values are listed in
the table below:

Measure Value

Numeric Value

True

False

Note:
By default, this measure reports the values
Yes or No to indicate whether this application
is currently in use. The graph of this measure
however is represented using the numeric
equivalents - 0 or 1.

MONITORING MICROSOFT RDS SERVERS

This measure reports a value Yes if any tasks
are pending for the user using the application
and a value No if otherwise.

Any user based pending
tasks available?
Indicates whether any tasks
are pending for the user using
this application.

These
measure
values
and
their
corresponding numeric values are listed in
the table below:

Measure Value

Numeric Value

Yes

Note:
By default, this measure reports the values
Yes or No to indicate whether any tasks are
currently pending for the user using this
application. The graph of this measure
however is represented using the numeric
equivalents - 0 or 1.
This measure reports a value Yes if any tasks
are pending for the user using the application
and a value No if otherwise.

Any global based pending
tasks available:
Indicates whether any global
tasks are pending for this
application.

These
measure
values
and
their
corresponding numeric values are listed in
the table below:

Measure Value

Numeric Value

Yes

Number

Indicates the number of
instances of this application
currently executing.

MONITORING MICROSOFT RDS SERVERS

CPU utilization:

Percent

A very high value could indicate that the
specified application is consuming excessive
CPU resources.

Percent

A sudden increase in memory utilization for
an application may be indicative of memory
leaks in the application.

Number

An increasing trend in this measure is
indicative of a memory leak in the process.

Kbytes/Sec

This value counts all I/O activity generated
by each process and includes file, network
and device I/Os.

Indicates the percentage of
CPU used by this application.
Memory utilization:
This value represents the
ratio of the resident set size
of the memory utilized by the
application to the physical
memory of the host system,
expressed as a percentage.
Handle count:
Indicates the number of
handles opened by this
application.
I/O data rate:
Indicates the rate at which
processes are reading and
writing
bytes
in
I/O
operations.
I/O data operations:

Operations/Sec

Indicates the rate at which
this application process is
issuing read and write data to
file, network and device I/O
operations.
I/O read data rate:

Kbytes/Sec

Indicates the rate at which
the process is reading data
from file, network and device
I/O operations.
I/O write data rate:

Kbytes/Sec

Indicates the rate at which
the process is writing data to
file, network and device I/O
operations.
Number of threads:

Number

Indicates the number of
threads that are used by this
application.

MONITORING MICROSOFT RDS SERVERS

Page fault rate:

Faults/Sec

Indicates the total rate at
which
page
faults
are
occurring for the threads of
all
matching
application
processes.
Virtual memory used:

A page fault occurs when a thread refers to a
virtual memory page that is not in its working
set in main memory. This may not cause the
page to be fetched from disk if it is on the
standby list and hence already in main
memory, or if it is in use by another process
with whom the page is shared.

Indicates the amount of
virtual memory that is being
used by the application.
Memory working set:

The Working Set is the set of memory pages
touched recently by the threads in the
process. If free memory in the computer is
above a threshold, pages are left in the
Working Set of a process even if they are not
in use.

Indicates the current size of
the working set of a process.

When free memory falls below a threshold,
pages are trimmed from Working Sets. If
they are needed they will then be soft-faulted
back into the Working Set before leaving
main memory. If a process pattern matches
multiple processes, the memory working set
reported is the sum of the working sets for
the processes that match the specified
pattern. Detailed diagnosis for this test
provides details of the individual processes
and their individual working sets.
Comparing the working set across processes
indicates which process(es) are taking up
excessive memory. By tracking the working
set of a process over time, you can determine
if the application has a memory leak or not.

2.4 The Terminal Users Layer
By continuously monitoring the user behavior on a Microsoft RDS server, administrators can accurately gauge
resource usage per user, and derive guidelines for upgrading server capacity and imposing stricter access rules. The
tests associated with this layer (see Figure 2.6) facilitate such user-related analysis.

MONITORING MICROSOFT RDS SERVERS

Figure 2.6: Tests associated with the Terminal Users layer

2.4.1

Terminal Sessions Test

This test reports performance statistics related to Microsoft RDS server user sessions.

Purpose

Reports performance statistics related to Microsoft RDS server user sessions

Target of the
test

A Microsoft RDS server

Agent
deploying the
test

An internal agent

MONITORING MICROSOFT RDS SERVERS

Configurable
parameters for
the test

TEST PERIOD – How often should the test be executed

HOST – The host for which the test is to be configured

PORT – Refers to the port used by the Microsoft RDS server

IGNORE DOWN SESSION IDS - By default, this parameter is set to 65536,65537,65538 –
these are nothing but the default ports at which the listener component listens. If any of
these ports go down, then by default, this test will not count any of the sessions that failed
when attempting to connect to that port as a Down session. You can override this default
setting by adding more ports or by removing one/more existing ports.

REPORTUSINGMANAGERTIME - By default, this flag is set to Yes. This indicates that
the user login time displayed in the DETAILED DIAGNOSIS page for this test and in the Thin
Client reports will be based on the eG manager's time zone by default. Set this flag to No if
you want the login times displayed in the DETAILED DIAGNOSIS page for this test and in the
Thin Client reports to be based on the Microsoft RDS server's local time.

REPORT BY DOMAIN NAME – By default, this flag is set to Yes. This implies that by
default, the detailed diagnosis of this test will display the domainname\username of each
user who logged into the Microsoft RDS server. This way, administrators will be able to
quickly determine which user logged in from which domain. If you want the detailed
diagnosis to display the username alone, then set this flag to No.

DETAILED DIAGNOSIS - To make diagnosis more efficient and accurate, the eG
Enterprise suite embeds an optional detailed diagnostic capability. With this capability, the
eG agents can be configured to run detailed, more elaborate tests as and when specific
problems are detected. To enable the detailed diagnosis capability of this test for a
particular server, choose the On option. To disable the capability, click on the Off option.
The option to selectively enable/disable the detailed diagnosis capability will be available
only if the following conditions are fulfilled:
The eG manager license should allow the detailed diagnosis capability
Both the normal and abnormal frequencies configured for the detailed diagnosis
measures should not be 0.

Outputs of the
test
Measurements
made by the
test

One set of results for every server being monitored

Measurement
Active sessions:

Measurement
Unit
Number

Indicates the number of
active
terminal
services
sessions currently on the
server.

Interpretation
This measure gives an idea of the server
workload in terms of active sessions.
Tracking the number of active sessions with
time, a Microsoft RDS server administrator
can obtain information that can help him/her
plan the capacity of their Microsoft RDS
server farms. The detailed diagnosis
capability, if enabled, lists the active and
inactive sessions on the Microsoft RDS server.

MONITORING MICROSOFT RDS SERVERS

Idle sessions:

Number

To optimize the performance of a server, two
default (idle) sessions are initialized before
any client connections are made. For
performance reasons, the number of idle
sessions should be less than ten. Note that
this test does not differentiate between RDP
and ICA sessions.

Number

A consistent increase in the value of this
measure could indicate that users are having
trouble logging in. Further investigation may
hence be required. Note that this test does
not differentiate between RDP and ICA
sessions.

Number

A very high value for this measure indicates a
problem with the session or connection. Note
that this test does not differentiate between
RDP and ICA sessions.

Number

Too many disconnected sessions running
indefinitely on a Microsoft RDS server cause
excessive consumption of the server
resources. To avoid this, a session limit is
typically configured for disconnected sessions
on the Microsoft RDS server. When a session
limit is reached for a disconnected session,
the session ends, which permanently deletes
it from the server. Note that this test does
not differentiate between RDP and ICA
sessions.

Number

Note that this test does not differentiate
between RDP and ICA sessions.

Number

A non-zero value for this measure indicates
the existence of shadow sessions that are
allowed to view and control the user activity
on another session. Such sessions help in
troubleshooting/resolving
problems
with
other sessions under their control.

Number

Ideally, the value of this measure should be
0.

Indicates the number of
sessions that are initialized
and are currently ready to
accept connections.

Connected sessions:
Indicates the current number
of
sessions
that
are
connected, but no user has
logged on to the server.
Connecting sessions:
Indicates the number of
sessions that are in the
process of connecting.
Disconnected sessions:
Indicates the number of
sessions from which users
have disconnected, but which
are still active and can be
reconnected.

Listen sessions:
Indicates the current number
of sessions that are ready to
accept connections.
Shadow sessions:
Indicates the current number
of sessions that are remotely
controlling other sessions.

Down sessions:
Indicates the current number
of sessions that could not be
initialized or terminated.

By default, if sessions to any of these ports –
65536, 65537, 65538 – could not be initialized
or terminated, they will not be counted as a
‘down session’.

MONITORING MICROSOFT RDS SERVERS

Init sessions:

Number

Indicates the current number
of
sessions
that
are
initializing.

A high value for this measure could indicate
that many sessions are currently experiencing
initialization problems.

The detailed diagnosis capability of the Active sessions measure, if enabled, lists the active and inactive sessions on
the Microsoft RDS server, and provides details such as the user who initiated the sessions, the session login time, the
duration for which the session was idle, etc.

Figure 2.7: The detailed diagnosis of the Active sessions measure

2.4.2

Terminal Logins Test

This test monitors the new logins to the Microsoft RDS server.

Purpose

Monitors the new logins to the Microsoft RDS server

Target of the
test

Any Microsoft RDS server

Agent
deploying the
test

An internal agent

MONITORING MICROSOFT RDS SERVERS

Configurable
parameters for
the test

TEST PERIOD – How often should the test be executed

HOST – The host for which the test is to be configured

PORT – Refers to the port used by the Microsoft RDS server

REPORT BY DOMAIN NAME – By default, this flag is set to Yes. This implies that by
default, the detailed diagnosis of this test will display the domainname\username of each
user session that logged out. This default setting ensures that administrators are able to
quickly determine the domains to which the users who logged out belonged. You can set
this flag to No if you want detailed diagnosis to display only the username of the users who
logged out.

DD FREQUENCY - Refers to the frequency with which detailed diagnosis measures are to
be generated for this test. The default is 1:1. This indicates that, by default, detailed
measures will be generated every time this test runs, and also every time the test detects a
problem. You can modify this frequency, if you so desire. Also, if you intend to disable the
detailed diagnosis capability for this test, you can do so by specifying none against DD
FREQUENCY.

Outputs of the
test
Measurements
made by the
test

One set of results is reported for each Microsoft RDS server being monitored

Measurement
New logins:

Measurement
Unit
Number

Indicates the number of new
logins to the Microsoft RDS
server
in
the
last
measurement period.

Interpretation
A consistent zero value could indicate a
connection issue.

MONITORING MICROSOFT RDS SERVERS

Percent new logins:

Percent

Indicates the percentage of
current sessions that logged
in
during
the
last
measurement period.
Sessions logging out:
Indicates the number
sessions that logged out.

Number
of

If all the current sessions suddenly log out, it
indicates a problem condition that requires
investigation.

The detailed diagnosis of the Sessions logging out measure lists the sessions that logged out.

Figure 2.8: The detailed diagnosis of the Sessions logging out measure

2.4.3

Terminal Clients Test

This test measures the client connections to and from a Microsoft RDS server. This test is disabled by default. To
enable the test, go to the ENABLE / DISABLE TESTS page using the menu sequence : Agents -> Tests ->
Enable/Disable, pick Microsoft Terminal as the Component type, Performance as the Test type, choose the test from
the DISABLED TESTS list, and click on the >> button to move the test to the ENABLED TESTS list. Finally, click the
Update button.

Purpose

To monitor the client connections to and from a Microsoft RDS server

Target of the
test

A Microsoft RDS server

Agent
deploying the
test

Internal agent

MONITORING MICROSOFT RDS SERVERS

Configurable
parameters for
the test

TEST PERIOD – How often should the test be executed

2. HOST – The host for which the test is to be configured
3. PORT – Refers to the port used by the Microsoft RDS server
4. SERVERIP - By default, the SERVERIP field will display the IP address of the Microsoft
RDS server.
5. DETAILED DIAGNOSIS - To make diagnosis more efficient and accurate, the eG Enterprise
suite embeds an optional detailed diagnostic capability. With this capability, the eG agents
can be configured to run detailed, more elaborate tests as and when specific problems are
detected. To enable the detailed diagnosis capability of this test for a particular server,
choose the On option. To disable the capability, click on the Off option.
The option to selectively enable/disable the detailed diagnosis capability will be available
only if the following conditions are fulfilled:
The eG manager license should allow the detailed diagnosis capability
Both the normal and abnormal frequencies configured for the detailed diagnosis
measures should not be 0.

Outputs of the
test
Measurements
made by the
test

One set of results for every server being monitored

Measurement
Current connections:

Measurement
Unit
Number

This measure directly indicates the loading on
the Microsoft RDS server from clients.
Typically one connection is established per
active session to the Microsoft RDS server.

Number

Tracking the new connections over time can
provide an indication of when clients login to
the Microsoft RDS server. A spurt of
connections and disconnections may be
indicative of sporadic failures of the Microsoft
RDS server.

Number

A large number of sudden connection drops
may be early warning indicators of problems
with the Microsoft RDS server.

The
number
of
TCP
connections
currently
established by clients to the
Microsoft RDS server
New connections:
The number of new TCP
connections
initiated
by
clients to the Microsoft RDS
server
during
the
last
measurement period
Old connections removed:

Interpretation

The
number
of
TCP
connections
that
were
removed because the clients
may have disconnected from
the Microsoft RDS server
during the last measurement
period

MONITORING MICROSOFT RDS SERVERS

Avg connection duration:

Secs

This value can provide an indicator of how
long clients stay connected to a Microsoft
RDS server. This information together with
the number of simultaneous clients can be
useful for capacity planning in Microsoft RDS
server environments (i.e., how to size the
Microsoft RDS server).

The average time from when
a connection is established to
when
the
corresponding
connection is disconnected.
The duration of a connection
is measured from its start
time to the current time. The
accuracy of this measurement
is limited by the frequency at
which this test is run.

2.4.4

Terminal Users Test

A Microsoft RDS server environment is a shared environment in which multiple users connect to a server/server farm
and access a wide variety of applications. When server resources are shared, excessive resource utilization by a
single user could impact the performance for other users. Therefore, continuous monitoring of the activities of each
and every user on the server is critical. Towards this end, the TerminalUsers test assesses the traffic between the
user terminal and the server, and also monitors the resources taken up by a user's session on the server. The results
of this test can be used in troubleshooting and proactive monitoring. For example, when a user reports a
performance problem, an administrator can quickly check the bandwidth usage of the user's session, the
CPU/memory/disk usage of this user's session as well as the resource usage of other user sessions. The admin also
has access to details on what processes/applications the user is accessing and their individual resource usage. This
information can be used to spot any offending processes/ applications.

Purpose

Tracks every user connection from the Microsoft RDS client to the server, and monitors the
resource utilization of every user on the Microsoft RDS server

Target of the
test

A Microsoft RDS server

Agent
deploying the
test

An internal agent

MONITORING MICROSOFT RDS SERVERS

Configurable
parameters for
the test

TEST PERIOD – How often should the test be executed

HOST – The host for which the test is to be configured

PORT – Refers to the port used by the Microsoft RDS server

USERNAMES - Specify the name of the user whose performance statistics need to be
generated. Multiple user names can be specified as a comma-separated list. all is used to
indicate that all users of the Microsoft RDS server are to be monitored.

REPORT BY DOMAIN NAME – By default, this flag is set to Yes. This implies that by
default, this test will report metrics for every domainname\username. This way,
administrators will know which user logged in from which domain. If you want the test to
report metrics for every username only, then set this flag to No.

ENABLE BROWSER MONITORING – By default, this flag is set to No, indicating that the
eG agent does not monitor browser activity on the Microsoft RDS server. If this flag is set to
Yes, then, whenever one/more IE (Internet Explorer) browser instances on the RDS server
are accessed, the detailed diagnosis of the User sessions measure will additionally reveal
the URL being accessed via each IE instance and the resources consumed by every
URL. Armed with this information, administrators can identify the web sites that are
responsible for excessive resource usage by an IE instance.

DETAILED DIAGNOSIS - To make diagnosis more efficient and accurate, the eG
Enterprise suite embeds an optional detailed diagnostic capability. With this capability, the
eG agents can be configured to run detailed, more elaborate tests as and when specific
problems are detected. To enable the detailed diagnosis capability of this test for a
particular server, choose the On option. To disable the capability, click on the Off option.
The option to selectively enable/disable the detailed diagnosis capability will be available
only if the following conditions are fulfilled:
The eG manager license should allow the detailed diagnosis capability
Both the normal and abnormal frequencies configured for the detailed diagnosis
measures should not be 0.

Outputs of the
test
Measurements
made by the
test

One set of results for every user logged into the Microsoft RDS server

Measurement
User sessions:

Measurement
Unit
Number

Represents the current number
of sessions for a particular user

Interpretation
A value of 0 indicates that the user is not
currently connected to the Microsoft RDS
server.

MONITORING MICROSOFT RDS SERVERS

CPU
usage
processes:

user’s

Percent

This value indicates the percentage of
Cpu resources that are used by
applications run by this user. Excessive
CPU usage by a user can impact
performance for other users. Check the
detailed diagnosis to view the offending
processes/applications.

Percent

This value indicates the percentage of
memory resources that are used up by a
specific user. By comparing this value
across users, an administrator can identify
the most heavy users of the Microsoft
RDS server. Check the detailed diagnosis
to
view
the
offending
processes/applications.

KB/Sec

This measure will not be available for
Microsoft RDS servers running on
Windows 2008 Service Pack 1 (or above).

Errors/Sec

This measure will not be available for
Microsoft RDS servers running on
Windows 2008 Service Pack 1 (or above).

KB/Sec

This measure will not be available for
Microsoft RDS servers running on
Windows 2008 Service Pack 1 (or above).

Errors/Sec

This measure will not be available for
Microsoft RDS servers running on
Windows 2008 Service Pack 1 (or above).

The cpu utilization for a session
is the percentage of time that
all of the threads/processes of a
user session used the processor
to execute instructions. If a
user is connected via multiple
sessions, the value reported is
the sum of all cpu utilizations
across all the sessions.
Memory usage
processes:

user’s

This value represents the ratio
of the resident set size of the
memory utilized by the user to
the physical memory of the host
system,
expressed
as
a
percentage. If a user is
connected via multiple sessions,
the value reported is the sum of
all memory utilizations across all
the sessions.
Input bandwidth:
Indicates
the
average
bandwidth used for client to
server communications for all
the sessions of a user
Input errors:
The average number of input
errors of all types for all the
sessions of a user. Example:
Lost ACK's, badly formed
packets, etc.
Output bandwidth:
Indicates
the
average
bandwidth used for server to
client communications for all
the sessions of a user
Output errors:
The average number of output
errors of all types for all the
sessions of a user. Example:
Lost ACK's, badly formed
packets, etc.

MONITORING MICROSOFT RDS SERVERS

I/O read rate for user’s
processes:

KBps

Indicates the rate of I/O reads
done by all processes being run
by a user.
I/O write rate for user’s
processes:

KBps

Indicates the rate of I/O writes
done by all processes being run
by a user.
Faults for user’s processes:

Faults/Sec

Page Faults occur in the threads executing
in a process. A page fault occurs when a
thread refers to a virtual memory page
that is not in its working set in main
memory. If the page is on the standby
list and hence already in main memory, or
if the page is in use by another process
with whom the page is shared, then the
page fault will not cause the page to be
fetched from disk. Excessive page faults
could result in decreased performance.
Compare values across users to figure out
which user is causing most page faults.

Comparison across users reveals the user
who is being a drain on the virtual
memory space.

Number

A consistent increase in the handle count
over a period of time is indicative of
malfunctioning of programs. Compare this
value across users to see which user is
using a lot of handles. Check detailed
diagnosis for further information.

Indicates the rate of page faults
seen by all processes being run
by a user.

Virtual memory of user’s
processes:
Indicates the total virtual
memory being used by all
processes being run by a user.
Handles used
processes:

user’s

These metrics measure the collective I/O
activity (which includes file, network and
device I/O's) generated by all the
processes being executed by a user.
When viewed along with the system I/O
metrics reported by the DiskActivityTest,
these measures help you determine the
network I/O. Comparison across users
helps identify the user who is running the
most I/O-intensive processes. Check the
detailed diagnosis for the offending
processes/applications.

Indicates the total number of
handles being currently held by
all processes of a user.

MONITORING MICROSOFT RDS SERVERS

CPU time used by user’s
sessions:

Percent

Indicates the percentage of
time, across all processors, this
user hogged the CPU.

The CPU usage for user’s processes
measure averages out the total CPU
usage of a user on the basis of the
number of processors. For instance, if
your Microsoft RDS server is using an 8core processor and the total CPU usage of
a user across all his/her sessions amounts
to 80%, then the value of the CPU usage
for user’s processes measure for that
user will be 10 % (80/8 processors = 10).
This accurately denotes the extent of CPU
usage in an environment where load is
uniformly balanced across multiple
processors. However, in environments
where load is not well-balanced, the CPU
usage for user’s processes measure may
not be an accurate indicator of CPU usage
per user. For instance, if a single
processor is used nearly 80% of the time
by a user, and other 7 processors in the
8-core processor environment are idle,
the CPU usage for user’s processes
measure will still report CPU usage as
10%. This may cause administrators to
miss out on the fact that the user is
actually hogging a particular processor! In
such environments therefore, its best to
use the CPU time used by user’s sessions
measure! By reporting the total CPU
usage of a user across all his/her sessions
and across all the processors the target
Microsoft RDS server supports, this
measure serves as the true indicator of
the level of CPU usage by a user in
dynamic environments. For instance, in
the example above, the CPU time used by
user’s sessions of the user will be 80%
(and not 10%, as in the case of the CPU
usage for user’s processes measure). A
high value or a consistent increase in the
value of this measure is hence serious and
demands immediate attention. In such
situations, use the detailed diagnosis of
the CPU usage for user’s processes
measure to know what CPU-intensive
activities are being performed by the user.

The detailed diagnosis of the User sessions, CPU usage of user’s processes, and Memory usage of user’s processes
measures lists the processes executed by a user on the Microsoft RDS server, and reports the resource usage of each
process (see Figure 2.9).

MONITORING MICROSOFT RDS SERVERS

Figure 2.9: The detailed diagnosis of the User sessions measure
Where one/more instances of the Internet Explorer browser are running, the detailed diagnosis additionally displays
the website URL accessed using each IE instance, the domain of every URL, and the website title. In the event of
excessive resource usage by an IE instance, this information will shed light on the resource-intensive web site that
was being accessed.

The eG agent will perform browser activity monitoring only if the ENABLE
BROWSER MONITORING flag is set to Yes.
The eG agent will monitor browser activity only of the browser being accessed is
Internet Explorer.

2.4.5

Terminal Disconnects Test

A user session is terminated when a user logs off from the Citrix/Microsoft RDS server or when the session is
abruptly interrupted (e.g., due to server, network, or application errors). When a user logs off, all the applications
started by the user are terminated. However, when a user disconnects, the applications started by the user will keep
running on the server consuming resources. Hence, the number of disconnected sessions on a Citrix/Microsoft RDS
server should be kept to a minimum. Abrupt disconnects can significantly impact the end user experience, and
hence, it is important to monitor the number of disconnected sessions at any point of time.

Purpose

Measures the number of disconnected Microsoft RDS server sessions

Target of the
test

Any Microsoft RDS server

Agent
deploying the

An internal agent

MONITORING MICROSOFT RDS SERVERS

test
Configurable
parameters for
the test

TEST PERIOD – How often should the test be executed

HOST – The host for which the test is to be configured

PORT – Refers to the port used by the Microsoft RDS server

RECONNECTPERIOD - This parameter is used by the test while computing the value for
the Quick reconnects measure. This measure counts all the users who reconnected to the
Microsoft RDS server within the short period of time (in minutes) specified against
RECONNECTPERIOD.

REPORT BY DOMAIN NAME - By default, this flag is set to Yes. This implies that by
default, the detailed diagnosis of this test will display the domainname\username of each
user who disconnected from the server recently. This way, administrators will be able to
quickly determine which user belongs to which domain. If you want the detailed diagnosis
to display the username alone, then set this flag to No.

Outputs of the
test
Measurements
made by the
test

One set of results is reported for each Microsoft RDS server being monitored

Measurement
Total
sessions:

disconnected

Measurement
Unit

Interpretation

Number

Indicates the total number of
sessions that are in the
disconnected state.
New disconnects:

Number

Indicates the number of
sessions
that
were
disconnected in the last
measurement period
57

The detailed diagnosis of this measure, if
enabled lists the users who have recently
disconnected.

MONITORING MICROSOFT RDS SERVERS

Quick reconnects:

Number

Indicates the number of users
who reconnected soon after a
disconnect.

The detailed diagnosis of this measure, if
enabled lists the users who have reconnected
quickly.

The detailed diagnosis for the New disconnects measurement indicates the user, session ID, and client type for each
newly disconnected session. This information can be used to track whether specific users are being disconnected
often (see Figure 2.10).

Figure 2.10: The detailed diagnosis of the New disconnects measure
The detailed diagnosis for the Quick reconnects measurement indicates the user, session ID, client type, the exact
time at which the session disconnected, and duration of the disconnect, for each session that quickly reconnected.
This information can be used to track whether specific users are being disconnected often (see Figure 2.11).

Figure 2.11: The detailed diagnosis of the Quick reconnects measure

2.4.6

Rdp Client Access Test

A Microsoft RDS server environment is a shared environment in which multiple users connect to a server from remote
terminals using the Remote Desktop Protocol (RDP). One of the key factors influencing user experience in such an
environment is the latency seen by the users when connecting to the server. High network latencies or packet losses
during transmission can cause significant slow-downs in request processing by the server. Hence, monitoring
latencies between the server and individual client terminals is important.
The Rdp Client Access test is executed by the eG agent on a Microsoft RDS server. This test auto-discovers the users
who are currently logged on to the server and the IP address from which they are connecting to the Microsoft RDS
server. For each user, the test monitors the quality of the link between the client and the Microsoft RDS server.

MONITORING MICROSOFT RDS SERVERS

Using this test, an administrator can identify user sessions that are being impacted by high latencies or by excessive
packet drops. In some cases, a Microsoft RDS server may regard a user session as active, even though the network
link connecting the user terminal to the Microsoft RDS server has failed. The Rdp Client Access test alerts
administrators to such situations.
This test is disabled by default. To enable the test, go to the ENABLE / DISABLE TESTS page using the menu sequence
: Agents -> Tests -> Enable/Disable, pick Microsoft Terminal as the Component type, Performance as the Test type,
choose the test from the DISABLED TESTS list, and click on the >> button to move the test to the ENABLED TESTS list.
Finally, click the Update button.

Purpose

Reports on the latencies seen by users connecting to a Microsoft RDS server

Target

A Microsoft RDS server

Agent deploying
this test

Internal agent

Configurable
parameters for
this test

1. TEST PERIOD - How often should the test be executed
2. HOST - The host for which the test is to be configured.
3. PORT - The port at which the HOST listens
4. DISPLAYDOMAIN - By default, the DISPLAYDOMAIN flag is set to Yes; this indicates
that the Terminal to Desktop Connection test, by default, will report metrics for every
domainname\username who is currently connected to the server. This way, administrators
can quickly figure out which user is connecting to the server from which domain. You can
set this flag to No to ensure that this test reports metrics for each username only.

5. PACKETSIZE - The size of packets used for the test (in bytes)
6. PACKETCOUNT – The number of packets exchanged between the Microsoft RDS server
and the user terminal during the test

7. TIMEOUT - How long after transmission should a packet be deemed lost (in seconds)
8. PACKETINTERVAL - Represents the interval (in milliseconds) between successive packet
transmissions during the execution of this test.

9. REPORTUNAVAILABILITY – By default, this flag is set to No. This implies that, by
default, the test will not report the unavailability of network connection between a user
terminal and the Microsoft RDS server. In other words, if the Packet loss measure of this
test registers the value 100% for any user, then, by default, this test will not report any
measure for that user; under such circumstances, the corresponding user name will not
appear as a descriptor of this test. You can set this flag to Yes, if you want the test to
report and alert you to the unavailability of the network connection between a user
terminal and the Microsoft RDS server.

Outputs of the
test
Measurements of
the test

One set of outputs for every user currently connected to the Microsoft RDS server

Measurement
Number of sessions:

Measurement
Unit
Number

Indicates the current number
of sessions for a particular
user

Interpretation
The value 0 indicates that the user is not
currently connected to the Microsoft RDS
server.

MONITORING MICROSOFT RDS SERVERS

Average delay:

Secs

Comparing the value of this measure
across users will enable administrators to
quickly and accurately identify users who
are experiencing higher latency when
connecting to a Microsoft RDS server.

Secs

A significant increase in the minimum
round-trip time is often a sure sign of a
poor link between the server and a user's
terminal.

Percent

Comparing the value of this measure
across users will enable administrators to
quickly and accurately identify users who
are experiencing slowdowns because of
poor performance on the network links
between their terminals and the Microsoft
RDS server.

Indicates the average delay
between transmission of a
request by the agent on a
Microsoft RDS server and
receipt of the response back
from the user terminal.
Minimum delay:
Indicates the minimum delay
between transmission of a
request by the agent on a
Microsoft RDS server and
receipt of the response back
from the user terminal.
Packet loss:
Indicates the percentage of
packets lost during data
exchange
between
the
Microsoft RDS server and the
user terminal.

MONITORING MICROSOFT RDS SERVERS

Note:

If the same user is connecting to the Microsoft RDS server from multiple client terminals, the
value of the Number of sessions, Avg delay, and Packet loss measures will be averaged across all
the sessions of that user. The Minimum delay measure, on the other hand, will display the least
value reported for Minimum delay across all the sessions of that user.
When a user logs out, the number of sessions will be reduced by 1. If the number of user sessions
becomes 0, the corresponding entry for that user in the eG user interface will be removed after a
short period of time.
By default, the Rdp Client Access test spawns a maximum of one thread at a time for monitoring
each of the RDP connections to a Microsoft RDS server. Accordingly, the MaxRdpClientThreads
parameter in the eg_tests.ini file (in the \manager\config directory) is set to 1 by
default. In large Microsoft RDS server farms however, numerous concurrent users attempt to
connect to the Microsoft RDS server from multiple remote client terminals. To ehnance the
efficiency of the test and to make sure that it scales to monitor the large number of RDP
connections to the Microsoft RDS server, you might want to consider increasing the value of the
MaxRdpClientThreads parameter. If this parameter is set to say, 15, then, it implies that the test
will spawn a maximum of 15 threads at one shot, thus monitoring 15 RDP connections to the
Microsoft RDS server, simultaneously.

2.4.7

RemoteFX User Experience Test

Microsoft® RemoteFX™ enables the delivery of a full Windows user experience to a range of client devices including
rich clients, thin clients, and ultrathin clients. RemoteFX delivers a rich user experience for Virtual Desktop
Infrastructure (VDI) by providing a 3D virtual adapter, intelligent codecs, and the ability to redirect USB devices in
virtual machines. RemoteFX is integrated with the RDP protocol, which enables shared encryption, authentication,
management, and device support. RemoteFX also delivers a rich user experience for session-based desktops and
RemoteApp programs to a broad range of client devices.
If a remote user’s experience with a RemoteFX-enabled Microsoft RDS server is poor, then administrators should be
able to quickly figure out what is causing the quality of the UX to suffer – is it poor frame quality? or severe packet
loss? or bad picture output owing to a high compression ratio? or bottleneck in TCP/UDP connectivity? The RemoteFX
User Experience test helps answer this question. For each remote user connecting to a RemoteFX-enabled Microsoft
RDS server, this test measures user experience and reports abnormalities (if any). This way, users who are
experiencing a poor visual experience can be isolated and the reason for the same can be ascertained. In addition,
the test points you to RemoteFX features that may have to be tweaked in order to improve overall performance.

This test works only on Windows 2008 Service Pack 1 (or above).
Purpose

For each remote user connecting to a RemoteFX-enabled Microsoft RDS server, this test
measures user experience and reports abnormalities (if any)

Target of the
test

A Microsoft RDS server

Agent
deploying the
test

An internal agent

MONITORING MICROSOFT RDS SERVERS

Configurable
parameters for
the test

TEST PERIOD – How often should the test be executed

HOST – The host for which the test is to be configured

PORT – Refers to the port used by the Microsoft RDS server

Outputs of the
test
Measurements
made by the
test

One set of results for every user logged into the Microsoft RDS server

Measurement
User sessions:

Measurement
Unit
Number

Represents the current number
of sessions for a particular user.

Interpretation
A value of 0 indicates that the user is not
currently connected to the Microsoft RDS
server.

MONITORING MICROSOFT RDS SERVERS

Average
time:

frames

encoding

Secs

Compare the value of this measure across
users to know for which user frames
encoding took too long.

Percent

High frame rates produce a smooth
representation of frames for the particular
user, while low frame rates may cause
rough or choppy representation of frames
for the particular user. A high value is
hence desired for this measure.

Indicates the average time
taken for encoding the frames
of this user.
Frame quality:
Indicates the quality of the
output frame expressed as a
percentage of the quality of the
source frame for this user.

Compare the value of this measure across
users to know which user received the
poorest frame quality.
Frames skipped due to
insufficient client resources:

Frames/Sec

A low value is desired for this measure.
Compare the value of this measure across
users to know which user is connecting
from a client sized with inadequate
resources.

Frames/Sec

A low value is desired for this measure.
Compare the value of this measure across
users to know which user is connecting
via a network that is sized with
inadequate resources.

Frames/Sec

A low value is desired for this measure.
Compare the value of this measure across
users to know which user was unable to
receive frames due to the lack of enough
resources on the Microsoft RDS server.

Percent

The compression ratio typically affects the
quality of the picture. Generally, the
higher the compression ratio, the poorer
the quality of the resulting picture. Ideally
therefore, the value of this measure
should be 0. You can compare the value
of this measure across users to identify
that user whose picture output was very
poor owing to high compression.

Indicates the rate at which
frames were skipped for this
user due to insufficient client
resources.
Frames skipped
insufficient
resources:

due to
network

Indicates the rate at which
frames were skipped for this
user due to insufficient network
resources.
Frames skipped
insufficient
resources:

due to
server

Indicates the rate at which
frames were skipped for this
user due to insufficient server
resources.
Graphics compression ratio:
Indicates the ratio of the
number of bytes encoded to the
number of bytes input for this
user.

MONITORING MICROSOFT RDS SERVERS

Input frames:

Frames/Sec

Indicates the number of source
frames provided per second as
input to the RemoteFx graphics
for this user.
Output Frames:

Frames/Sec

Indicates the number of source
frames sent per second to this
user as output of RemoteFx
graphics.
Source frames:

Frames/Sec

Indicates number of frames per
second composed at the source
for this user.
Base TCP round trip time:

Secs

A high value for this measure could
indicate a bottleneck in TCP connectivity
between the user terminal and the server.

Secs

A high value for this measure could
indicate a bottleneck in UDP connectivity
between the user terminal and the server.

Kbps

A consistent rise in the value of this
measure could indicate that TCP traffic
to/from the user is consuming bandwidth
excessively. Compare the value of this
measure across users to identify that user
who is performing bandwidth-intensive
operations on the Microsoft RDS server.

Indicates the time between
initiating a network request and
receiving a response over TCP
for this user.
Base UDP round trip time:
Indicates the time between
initiating a network request and
receiving a response over UDP
for this user.
Current TCP bandwidth:
Indicates the amount of data
that is currently carried from
one point to another over TCP
for this user.

MONITORING MICROSOFT RDS SERVERS

Current
time:

TCP

round

trip

Secs

A high value could indicate a current
problem with TCP connectivity between
the user terminal and the server.

Kbps

A consistent rise in the value of this
measure could indicate that UDP traffic
to/from the user is consuming bandwidth
excessively. Compare the value of this
measure across users to identify that user
who is performing bandwidth-intensive
operations on the Microsoft RDS server.

Secs

A high value could indicate a current
problem with UDP connectivity between
the user terminal and the server.

Percent

RemoteFX UDP transport uses Forward
Error Correction (FEC) to recover from the
lost data packets. In the cases where
such packets can be recovered, the
transport doesn’t need to wait for the
data to be retransmitted, which allows
immediate delivery of data and prevents
Head of Line Blocking. Preventing this
stall results in an overall improved
responsiveness.

Indicates the average time
between initiating a network
request
and
receiving
a
response over TCP for this user.
Current UDP bandwidth:
Indicates the amount of data
that is currently carried from
one point to another over UDP
for this user.

Current
time:

UDP

round

trip

Indicates the average time
between initiating a network
request
and
receiving
a
response over UDP for this
user.
Forward
rate:

error

correction

Indicates the percentage of
forward
error
corrections
performed for this user.

A high value is hence desired for this
measure.
Loss:

Percent

Indicates the percentage of
packets
lost
when
being
transmitted to this user.

A high value indicates that a large number
of packets were lost without being
retransmitted. By comparing the value of
this measure across users, you can find
that user who has suffered the maximum
data loss. This could be owing to a bad
network connection between the remote
user terminal and the server.

MONITORING MICROSOFT RDS SERVERS

Retransmission:

Percent

Retransmissions should only occur when it
is certain that a packet to be
retransmitted
was
actually
lost.
Redundant retransmissions can also occur
because of lost acknowledgments, coarse
feedback, and bad retransmissions.
Retransmission rates over 5% can
indicate degraded network performance
on a LAN. The internet may vary between
5 and 15 percent depending upon traffic
conditions. Any value above 25 percent
indicates an excessive number of
retransmissions that will significantly
increase the time for the file transfer and
annoy the user.

Kbps

A high value is desired for these measures
as it indicates high TCP throughput.

Indicates the percentage of
packets
that
have
been
retransmitted to this user.

TCP received rate:
Indicates the rate at which the
data is received over TCP for
this user.
TCP sent rate:

Kbps

Indicates the rate at which the
data is sent over TCP for this
user.
UDP received rate:

Kbps

Indicates the rate at which the
data is received over UDP for
this user.
UDP sent rate:

A high value is desired for these measures
as it indicates high UDP throughput.

Kbps

Indicates the rate at which the
data is sent over UDP for this
user.

Note:
Optionally, you can enable an EventLog test for the Microsoft RDS server to closely monitor the system and
application events on the server. This test is disabled by default. To enable the test, open the ENABLE / DISABLE
TESTS page using the Agents -> Tests -> Enable/Disable menu sequence, select Microsoft Terminal as the
component-type, Performance as the Test type, select the test from the DISABLED TESTS list, and click on >> to
move it to the ENABLED TESTS list. Finally, click on the Update button. This test is mapped to the Windows
Service layer of the Microsoft RDS server component.

2.4.8

ICA/RDP Listeners Test

The listener component runs on the XenApp/Microsoft RDS server and is responsible for listening for and accepting
new ICA/RDP client connections, thereby allowing users to establish new sessions on the XenApp/Microsoft RDS
server. If this listener component is down, users may not be able to establish a connection with the XenApp server!
66

MONITORING MICROSOFT RDS SERVERS

This is why, if a user to the Microsoft RDS server complains of the inaccessibility of the server, administrators should
first check whether the listener component is up and running or not. The ICA/RDP Listeners test helps administrators
perform this check. This test tracks the status of the default listener ports and reports whether any of the ports is
down.

Purpose

Tracks the status of the default listener ports and reports whether any of the ports is down

Target

A Microsoft RDS server

Agent deploying
this test

Internal agent

Configurable
parameters for
this test

TEST PERIOD - How often should the test be executed

HOST - The host for which the test is to be configured.

PORT - The port at which the HOST listens

Outputs of the
test
Measurements of
the test

SESSION IDS – The default listener ports - 65536,65537,65538 – will be displayed here
by default. You can override this default specification by adding more ports or by
removing one/more existing ports.

One set of outputs for every listener port configured

Measurement

Measurement
Unit

Interpretation
This measure reports the value Yes if the
listener port is down and No if the port is
up and running. The numeric values that
correspond to these measure values are
as follows:

Is listener down?:
Indicates whether/not this
listener port is down.

Measure
Value

Numeric Value

Yes

Note:
By default, this measure reports the
above-mentioned Measure Values to
indicate the status of a listener port.
However, the graph of this measure will
represent the same using the numeric
equivalents only.

MONITORING ACTIVE DIRECTORY SERVERS

Chapter

Monitoring Active
Directory Servers
A directory service consists of both a directory storage system called the “directory store” and a mechanism that is
used to locate and retrieve information from the system. The primary functions of the directory service are managed
by the Directory System Agent (DSA), which is a process that runs on each domain controller (abbreviated as DC).
Active Directory is the directory service that is included with Microsoft Windows. It stores objects that provide
information about the real entities that exist in an organization’s network like printers, applications, databases, users
etc. Active Directory is a part of the domain controller. It is associated with one or more domains. It stores
information about users, specific groups of users like the Administrator, computers, applications, services, files, and
distribution lists etc. Active Directory then makes this information available to the users and applications throughout
the organization.
Active Directory is an important component of the Windows environment. Like any other Windows applications, its
performance can affect the rest of the target environment. Active Directory consumes resources and the
administrator needs to be aware of how much of the system's resources are being consumed over a long term. This
helps the administrators to plan for future upgrades. Gathering performance data gives the administrators a good
way to see the effects of any optimization efforts that he/she might attempt, and provides a great way for diagnosing
problems when they occur. Most of the Windows servers and components are dependent on Active Directory either
directly or indirectly. So monitoring the Active Directory server’s performance regularly is necessary to make sure that
the target environment is meeting your business and networking goals.
The eG Enterprise suite provides extensive monitoring support to the Active Directory (AD) server operating on
Windows 2000, 2003, and 2008/2012. The specialized monitoring model that the eG Enterprise offers (see Figure
Figure 3.1) periodically executes a number of tests on the AD server to extract a wide gamut of metrics indicating the
availability, responsiveness, and overall health of the AD server and its underlying operating system. Using this
model, Active Directory servers can be monitored in an agent-based or an agentless manner.

MONITORING ACTIVE DIRECTORY SERVERS

Figure 3.1: Layer model for Active Directory
Using these metrics, an administrator can find quick answers to the following performance queries:
Is the AD server available?
How quickly is the server responding to user requests?
Are there adequate work items to service blocking requests, or are too many requests getting
rejected?
Have any internal server errors been reported recently?
Have too many login attempts failed?
Did session timeouts occur too frequently?
Is the schema cache effectively utilized, or is disk read/write activity high?
Is the server currently overloaded? Are sufficient domain controllers available in the environment to
handle the load?
Are all changes to the AD server getting replicated across and within sites?
How many directory synchronizations are in queue? Is the number high enough to force a replication?

The last 5 layers of Figure 3.1 have been discussed in the Monitoring Unix and Windows Servers document, and will
hence not be discussed again. However, for the Active Directory server alone, the Operating System layer is mapped
to an additional Net Logon test. The section that follows will discuss this test in detail. All other sections in this
chapter will focus only on the top 3 layers of Figure 3.1.

MONITORING ACTIVE DIRECTORY SERVERS

3.1 The Operating System Layer
The Operating System layer of a monitored Active Directory server typically runs all the tests that are mapped to the
same layer for a Windows server or a Windows Generic server. The only difference however is that for the Active
Directory server, an additional Net Logon test is mapped to this layer. This section provides details of the Net Logon
test.

3.1.1

Net Logon Test

The Netlogon service is responsible for communication between systems in response to a logon request, a domain
synchronization request, and a request to promote a Backup Domain Controller (BDC) to a Primary Domain Controller
(PDC). The Netlogon service performs several tasks when servicing network logon requests. They are as follows:
Selects the target domain for logon authentication
Identifies a domain controller in the target domain to perform authentication
Creates a secure channel for communication between Netlogon services on the originating and target
systems
Passes an authentication request to the appropriate domain controller
Returns authentication results to Netlogon on the originating system
Delays in the Netlogon authentication process can often scar a user’s overall experience with not just the domain
controller, but also with the application that requests for the authentication. In order to avoid undue authentication
delays, you can use the Net Logon test. This test monitors the Netlogon authentication feature, proactively detects
potential authentication bottlenecks, and promptly alerts administrators to what is causing the bottleneck, so that
remedial actions can be initiated in good time.

Purpose

Monitors the Netlogon authentication feature, proactively detects potential authentication
bottlenecks, and promptly alerts administrators to what is causing the bottleneck, so that
remedial actions can be initiated in good time

Target of the
test

An Active Directory server

Agent
deploying the
test

An internal agent

Configurable
parameters for
the test

TEST PERIOD - How often should the test be executed

HOST – The host for which the test is to be configured

PORT – Refers to the port used by the Windows server

Outputs of the
test
Measurements

One set of results for every AD server being monitored

Measurement

Measurement Unit

Interpretation

MONITORING ACTIVE DIRECTORY SERVERS

made by the
test

Semaphore waiters:

Number

Indicates the number of threads
currently waiting to acquire the
semaphore.

Semaphore acquires:

A consistent increase in the value of
this measure is a cause forconcern, as
it indicates that the count of ‘busy’
semaphores is steadily increasing. This
in
turn
could
cause
many
threads/logon
requests
to
be
enqueued, due to the lack of adequate
semaphores.
Consequently,
authentication will be delayed.

Number

Indicates the number of times
the
semaphore
has
been
acquired
over
this
secure
channel during the last measure
period.
Semaphore holders:

Number

Indicates the number of threads
currently holding the semaphore.

This is a good indicator of the current
authentication workload over the
secure channel.
If the value of this measure is equal to
the MaxConcurrentApi registry setting
or is fast approaching that value, it
indicates that the server is getting
overloaded. Authentication delays and
timeouts may occur as a result. The
typical way to resolve the problem is
to raise the maximum allowed worker
threads
that
service
that
authentication. You can do this by
altering the MaxConcurrentApi registry
value and then restarting the Net
Logon service on the servers.

Semaphore timeouts:

Number

Indicates the number of times a
thread has timed out waiting for
the semaphore over the secure
communication channel during
the last measure period.

Ideally, this measure has to be 0.
A non-zero value for the measure
indicates that one/more authentication
threads have hit the time-out for the
waiting and the logon was denied. This
is a sign of a very bad user
experience, and typically occurs when
the secure channel is overloaded,
hung or broken.
The

typical

way

resolve

the

overload problem is to raise the
maximum allowed worker threads that
service that authentication. You can do
this by altering the MaxConcurrentApi
registry value and then restarting the
Net Logon service on the servers.

MONITORING ACTIVE DIRECTORY SERVERS

3.2 The AD Server Layer
The AD Server layer verifies the availability and responsiveness of the Active Directory (AD) service from an external
location. This layer also monitors the user accesses to the AD server and reports how well the server handles access
requests. In the process, the layer also reports useful session-related metrics pertaining to the user sessions on the
AD server. Besides, the layer also reports the overall health of the AD database (see Figure 3.2).

Figure 3.2: The tests associated with the AD Server layer

3.2.1

Asynchronous Thread Queue Test

Monitoring the asynchronous thread queue (ATQ) on an AD server will provide useful pointers to the request
processing ability of the server. This test monitors the ATQ, reports the number and nature of requests queued in the
ATQ, captures a steady growth (if any) in the length of the queue over time, and thus reveals potential processing
bottlenecks on the AD server.

This test applies only to Active Directory Servers installed on Windows 2008.
Purpose

Monitors the ATQ, reports the number and nature of requests queued in the ATQ, captures a
72

MONITORING ACTIVE DIRECTORY SERVERS

steady growth (if any) in the length of the queue over time, and thus reveals potential processing
bottlenecks on the AD server

Target of the
test

An Active Directory or Domain Controller on Windows 2008

Agent
deploying the
test

An internal agent

Configurable
parameters for
the test

TEST PERIOD - How often should the test be executed

HOST - The IP address of the machine where the Active Directory is installed.

PORT – The port number through which the Active Directory communicates. The default port
number is 389.

Outputs of the
test
Measurements
made by the
test

One set of results for every Active Directory being monitored

Measurement
Unit

Measurement
ATQ
estimated
delay:

queue

Interpretation

Secs

Indicates the estimated time
the next request will spend in
the queue prior to being
serviced by the directory
service.
ATQ outstanding
requests:

queued

Number

A high level of queuing indicates that requests
are arriving at the domain controller faster than
they can be processed. This can also lead to a
high latency in responding to requests. Delay is
the estimated time the next request will spend
in the queue prior to being serviced by the
directory service, 1.265 seconds.

Secs

A high value of this measure is a cause for
concern, as it indicates a processing bottleneck
on the AD server.

Indicate how many requests
are queued at the domain
controller.

ATQ request latency:
Indicates the average length
of time to process a request,
not including time spent on the
queue.
ATQ threads ldap:

Number

Indicates the number of
threads that ATQ has currently
allocated to servicing LDAP
requests.

MONITORING ACTIVE DIRECTORY SERVERS

ATQ thread others:

Number

Indicates the number of
threads that ATQ has currently
allocate to DS services other
than LDAP.
ATQ threads total:

Number

Indicates the total number of
threads that are either waiting
to service an incoming request
or are already servicing a
request.

3.2.2

If values for this counter and ATQ Threads
ldap counter are equal, a queue is likely
building on the LDAP port, which will result in
long response times. If the two counters are
always equal, use Server Performance Advisor
to troubleshoot the problem.

ADAM Access Details Test

This test measures the load on the AD server in terms of the level of read-write activity on the server and the count
of search operations performed by the server. In the process, the test reveals the following:
Which AD services initiated the read-write operations? Which of these services generated the
maximum I/O load on the server - is it the LSA? the NSPI? the NTDS? SAM? or the replication service?
- this information is useful when administrators are faced with an AD overload, as it accurately points
them to the probable sources of the load;
Which AD service performed the maximum searches on the server? - in the event of an overload, this
metric will help you identify that service which could be contributing to the overload;
Is the server sized with adequate threads to handle the I/O load?

This test applies only to Active Directory Servers installed on Windows 2008.
Purpose

Measures the load on the AD server in terms of the level of read-write activity on the server and
the count of search operations performed by the server. In the process, the test reveals the
following:
Which AD services initiated the read-write operations? Which of these services
generated the maximum I/O load on the server - is it the LSA? the NSPI? the
NTDS? SAM? or the replication service?
Which AD service performed the maximum searches on the AD server?
Is the server sized with adequate threads to handle the I/O load?

Target of the
test

An Active Directory or Domain Controller on Windows 2008

Agent
deploying the
test

An internal agent

MONITORING ACTIVE DIRECTORY SERVERS

Configurable
parameters for
the test

Outputs of the
test
Measurements
made by the
test

TEST PERIOD - How often should the test be executed

HOST - The IP address of the machine where the Active Directory is installed.

PORT – The port number through which the Active Directory communicates. The default port
number is 389.

One set of results for every Active Directory being monitored

Measurement
Schema cache hit ratio:

Measurement
Unit
Percent

Indicates the percentage of
object name lookups serviced
by the Schema Cache.

Interpretation
All changes made to Active Directory are
validated first against the schema. For
performance reasons, this validation takes place
against a version of the schema that is held in
memory on the domain controllers. This "inmemory version," called the schema cache, is
updated automatically after the on-disk version
has been updated. The schema cache provides
mapping between attribute identifiers such as a
database column identifier or a MAPI identifier
and the in-memory structures that describe
those attributes. The schema cache also
provides lookups for class identifiers to get inmemory structures describing those classes.
A low value of this measure indicates that the
Directory Service needs high disk read/write
activity to perform its job. This results in poor
response time of the components available in
the Active Directory.

Notify queue size:

Number

Indicates the number of
pending update notification
requests that have been
queued and not transmitted.

When any change in the Active Directory
occurs, the originating domain controller sends
an update notification requests to the other
domain controllers.
A high value of this measure indicates that the
Active Directory is changing frequently but the
update notification requests have not been
transmitted to the other domain controllers.
This results in a loss of data integrity in the
directory store. This problem can be corrected
by forcing the replication.

MONITORING ACTIVE DIRECTORY SERVERS

Current threads in use:

Number

Indicates the current number
of threads in use by the
directory service (which is
different from the number of
threads in the directory service
process).

Server binds:

This is the number of threads currently
servicing client API calls; it can be used to
indicate whether additional processors should
be used.
A fluctuating value for this measure indicates a
change in the load.
A low value could point to network problems
that are preventing client requests from
succeeding.

Binds/Sec

Indicates the number of
domain controller–to–domain
controller binds per second
that are serviced by this
domain controller.
Directory reads:

Reads/Sec

Indicates the rate of directory
reads.
Directory writes:

These measures serve as effective indicators of
the ability of the AD server to process read,
write, and search requests.

Writes/Sec

Indicates the rate of directory
writes.
Directory searches:

Searches/Sec

Indicates the number of
directory searches per second.
DS reads from DRA:

Percent

Indicates the percentage of
reads on the directory by
replication.

If the AD server is experiencing abnormally high
read activity, then, you can compare the value
of this measure with the values reported by the
DS reads from KCC, DS reads from LSA, DS
reads from NSPI, DS reads from NTDS, and DS
reads from SAM measures to know which AD
service is performing the maximum reads on
the AD server - is it the replication service? the
LSA? the KCC? the NSPI? the NTDS? or the
SAM?

MONITORING ACTIVE DIRECTORY SERVERS

DS reads from KCC:

Percent

Indicates the percentage of
reads performed by the
Knowledge
Consistency
Checker on the directory.

The Knowledge Consistency Checker
(KCC) generates the replication topology by
specifying what domain controllers will replicate
to which other domain controllers in the site.
The KCC maintains a list of connections, called
a replication topology, to other domain
controllers in the site. The KCC ensures that
changes to any object are replicated to all site
domain controllers and updates go through no
more than three connections.
If the AD server is experiencing abnormally high
read activity, then, you can compare the value
of this measure with the values reported by the
DS reads from DRA, DS reads from LSA, DS
reads from NSPI, DS reads from NTDS, and DS
reads from SAM measures to know which AD
service is performing the maximum reads on
the AD server - is it the replication service? the
LSA? the KCC? the NSPI? the NTDS? or the
SAM?

DS reads from LSA:

Percent

Indicates the percentage of
reads performed by the Local
Security Authority on the
directory.

The Local Security Authority (LSA) is the
security
subsystem
responsible
for
all
interactive
user
authentication
and
authorization services on a local computer. The
LSA is also used to process authentication
requests made through the Kerberos V5
protocol or NTLM protocol in Active Directory.
If the AD server is experiencing abnormally high
read activity, then, you can compare the value
of this measure with the values reported by the
DS reads from DRA, DS reads from KCC, DS
reads from NSPI, DS reads from NTDS, and DS
reads from SAM measures to know which AD
service is performing the maximum reads on
the AD server - is it the replication service? the
LSA? the KCC? the NSPI? the NTDS?

MONITORING ACTIVE DIRECTORY SERVERS

DS reads from NSPI:

Percent

Indicates the percentage of
reads performed by the Name
Service
Provider
Interface
(NSPI) on the directory.

The Name Service Provider Interface
(NSPI) is the protocol by which Messaging
API (MAPI) clients access the AD DS.
Exchange Address Book clients use the client
MAPI provider Emsabp32.dll to look up e-mail
addresses in the global catalog. The client-side
MAPI provider communicates with the server
through the proprietary Name Service Provider
Interface (NSPI) RPC interface.
If the AD server is experiencing abnormally high
read activity, then, you can compare the value
of this measure with the values reported by the
DS reads from KCC, DS reads from LSA, DS
reads from DRA, DS reads from NTDS, and DS
reads from SAM measures to know which AD
service is performing the maximum reads on
the AD server - is it the replication service? the
LSA? the KCC? or the NSPI?

DS reads from NTDS:

Percent

If the AD server is experiencing abnormally high
read activity, then, you can compare the value
of this measure with the values reported by the
DS reads from KCC, DS reads from LSA, and DS
reads from DRA, DS reads from NSPI, and DS
reads from SAM measures to know which AD
service is performing the maximum reads on
the AD server - is it the replication service? the
LSA? the KCC? the NSPI? or the SAM?

Percent

The Security Accounts Manager (SAM) is used
for verifying passwords and for checking
passwords against any existing password
policies that are in effect on a domain
controller.

Indicates the percentage of
reads performed by the name
service directory APIs on the
directory.

DS reads from SAM:
Indicates the percentage of
reads performed by the
Security Account Manager
(SAM) on the directory.

If the AD server is experiencing abnormally high
read activity, then, you can compare the value
of this measure with the values reported by the
DS reads from KCC, DS reads from LSA, and DS
reads from DRA, DS reads from NSPI, and DS
reads from NTDS measures to know which AD
service is performing the maximum reads on
the AD server - is it the replication service? the
LSA? the KCC? the NSPI? or the NTDS?

MONITORING ACTIVE DIRECTORY SERVERS

DS writes from DRA:

Percent

If the AD server is experiencing abnormally high
write activity, then, you can compare the value
of this measure with the values reported by the
DS writes from KCC, DS writes from LSA, DS
writes from NSPI, DS writes from NTDS, and DS
writes from SAM measures to know which AD
service is performing the maximum writes on
the AD server - is it the replication service? the
LSA? the KCC? the NSPI? the NTDS? or the
SAM?

Percent

If the AD server is experiencing abnormally high
write activity, then, you can compare the value
of this measure with the values reported by the
DS writes from DRA, DS writes from LSA, DS
writes from NSPI, DS writes from NTDS, and DS
writes from SAM measures to know which AD
service is performing the maximum writes on
the AD server - is it the replication service? the
KCC? the LSA? the NSPI? the NTDS? or the
SAM?

Percent

If the AD server is experiencing abnormally high
write activity, then, you can compare the value
of this measure with the values reported by the
DS writes from DRA, DS writes from KCC, DS
writes from NSPI, DS writes from NTDS, and DS
writes from SAM measures to know which AD
service is performing the maximum writes on
the AD server - is it the replication service? the
LSA? the KCC? the NSPI? the NTDS? or the
SAM?

Percent

If the AD server is experiencing abnormally high
write activity, then, you can compare the value
of this measure with the values reported by the
DS writes from DRA, DS writes from KCC, DS
writes from LSA, DS writes from NTDS, and DS
writes from SAM measures to know which AD
service is performing the maximum writes on
the AD server - is it the replication service? the
LSA? the KCC? the NSPI? the NTDS? or the
SAM?

Percent

If the AD server is experiencing abnormally high
write activity, then, you can compare the value
of this measure with the values reported by the
DS writes from DRA, DS writes from KCC, DS
writes from LSA, DS writes from NSPI, and DS
writes from SAM measures to know which AD
service is performing the maximum writes on
the AD server - is it the replication service? the
LSA? the KCC? the NSPI? the NTDS? or the
SAM?

Indicates the percentage of
writes on the AD server by
replication.

DS writes from KCC:
Indicates the percentage of
writes performed by the
Knowledge
Consistency
Checker on the directory.

DS writes from LSA:
Indicates the percentage of
writes performed by the Local
Security Authority on the
directory.

DS writes from NSPI:
Indicates the percentage of
writes performed by the Name
Service
Provider
Interface
(NSPI) on the directory.

DS writes from NTDS:
Indicates the percentage of
writes performed by the name
service directory APIs on the
directory.

MONITORING ACTIVE DIRECTORY SERVERS

DS writes from SAM:

Percent

If the AD server is experiencing abnormally high
write activity, then, you can compare the value
of this measure with the values reported by the
DS writes from DRA, DS writes from KCC, DS
writes from LSA, DS writes from NSPI, and DS
writes from NTDS measures to know which AD
service is performing the maximum writes on
the AD server - is it the replication service? the
LSA? the KCC? the NSPI? the NTDS? or the
SAM?

Percent

If the AD server is processing an abnormally
large number of search requests, then, you can
compare the value of this measure with the
values reported by the DS searches from KCC,
DS searches from LSA, DS searches from NSPI,
DS searches from NTDS, and DS searches from
SAM measures to know which AD service is
performing the maximum number of searches
on the AD server - is it the replication service?
the LSA? the KCC? the NSPI? the NTDS? or the
SAM?

Percent

If the AD server is processing an abnormally
large number of search requests, then, you can
compare the value of this measure with the
values reported by the DS searches from DRA,
DS searches from LSA, DS searches from NSPI,
DS searches from NTDS, and DS searches from
SAM measures to know which AD service is
performing the maximum number of searches
on the AD server - is it the replication service?
the LSA? the KCC? the NSPI? the NTDS? or the
SAM?

Percent

If the AD server is processing an abnormally
large number of search requests, then, you can
compare the value of this measure with the
values reported by the DS searches from DRA,
DS searches from KCC, DS searches from NSPI,
DS searches from NTDS, and DS searches from
SAM measures to know which AD service is
performing the maximum number of searches
on the AD server - is it the replication service?
the LSA? the KCC? the NSPI? the NTDS? or the
SAM?

Indicates the percentage of
writes performed by the
Security Accounts Manager
(SAM) on the directory.

DS searches from DRA:
Indicates the percentage of
searches performed by the
replication service on the AD
server.

DS searches from KCC:
Indicates the percentage of
searches performed by the
Knowledge
Consistency
Checker on the directory.

DS searches from LSA:
Indicates the percentage of
searches performed by the
Local Security Authority on the
directory.

MONITORING ACTIVE DIRECTORY SERVERS

DS searches from NSPI:

Percent

If the AD server is processing an abnormally
large number of search requests, then, you can
compare the value of this measure with the
values reported by the DS searches from DRA,
DS searches from KCC, DS searches from LSA,
DS searches from NTDS, and DS searches from
SAM measures to know which AD service is
performing the maximum number of searches
on the AD server - is it the replication service?
the LSA? the KCC? the NSPI? the NTDS? or the
SAM?

Percent

If the AD server is processing an abnormally
large number of search requests, then, you can
compare the value of this measure with the
values reported by the DS searches from DRA,
DS searches from KCC, DS searches from LSA,
DS searches from NSPI, and DS searches from
SAM measures to know which AD service is
performing the maximum number of searches
on the AD server - is it the replication service?
the LSA? the KCC? the NSPI? the NTDS? or the
SAM?

Percent

If the AD server is processing an abnormally
large number of search requests, then, you can
compare the value of this measure with the
values reported by the DS searches from DSA,
DS searches from KCC, DS searches from LSA,
DS searches from NSPI, and DS searches from
NTDS measures to know which AD service is
performing the maximum number of searches
on the AD server - is it the replication service?
the LSA? the KCC? the NSPI? the NTDS? or the
SAM?

Indicates the percentage of
searches performed by the
Name
Service
Provider
Interface (NSPI) on the
directory.

DS searches from NTDS:
Indicates the percentage of
searches performed by the
name service directory APIs on
the directory.

DS searches from SAM:
Indicates the percentage of
searches performed by the
Security Accounts Manager
(SAM) on the directory.

3.2.3

ADAM Database Test

This test reports critical statistics pertaining to the usage of the database caches, and the overall health of the AD
database.

Purpose

Reports critical statistics pertaining to the usage of the database caches, and the overall health
of the AD database

Target of the
test

An Active Directory server

Agent
deploying the
test

An internal agent

MONITORING ACTIVE DIRECTORY SERVERS

Configurable
parameters for
the test
Outputs of the
test
Measurements
made by the
test

TEST PERIOD - How often should the test be executed

HOST – The host for which the test is to be configured

PORT – Refers to the port used by the Windows server

One set of results for every AD server being monitored

Measurement
Database cache hits :

Measurement Unit
Percent

Ideally, the value of this measure
should be moderate. A high value of
this measure indicates the high
utilization of physical memory. In such
a case, you can add the required
memory to the database.

Percent

Ideally, the value of this measure
should be high.

Indicates the percentage of page
requests of the database file that
were occupied in a cache before
responding to the request.
Database table cache hits:
Indicates the percentage of
database tables that were
opened using cached schema
information.
Log records waiting:

Interpretation

Records/Sec

Indicates the rate of log record
stalls, per second.
Log threads waiting:

Number

Indicates the current number of
threads waiting for data to be
written to the log so that
database updation will be
executed.

3.2.4

Active Directory Access Test

This test monitors the availability and response time from clients of an Active Directory server from an external
perspective.

Purpose

Monitors the availability and response time from clients of an Active Directory server from an
internal perspective

Target of the
test

An Active Directory or Domain Controller

Agent
deploying the
test

An external agent

MONITORING ACTIVE DIRECTORY SERVERS

Configurable
parameters for
the test

TEST PERIOD - How often should the test be executed

HOST - The IP address of the machine where the Active Directory is installed.

PORT – The port number through which the Active Directory communicates. The default
port number is 389.

DOMAIN - The default value of the DOMAIN parameter will be none. In Windows 2003
environments however, the ADServerTest will function effectively only if a "fully qualified
domain name" is provided in the DOMAIN text box.

USER - Provide the name of a domain user in the USER text box. This can be none for
Windows 2000 environments.

PASSWORD - Provide the password for the domain user specified above, in the
PASSWORD text box. This can be none for Windows 2000 environments.

7.
8.

Outputs of the
test
Measurements
made by the
test

CONFIRM PASSWORD – Confirm the PASSWORD by retyping it here.
CONNECTTIMEOUT - By default, this is set to 30 seconds. This implies that by default, the
test will wait for 30 seconds to establish a connecton with the target Active Directory server. If
a connection is established within the default 30 second period, then the test will report that
the server is available; if the test is unable to connect to the server within the default period,
then it will report that the server is unavailable. If it generally takes a longer time for clients to
connect to the AD server in your environment, then, you may want to change the
CONNECTTIMEOUT period so that, the test does not time out before the connection is
established, and consequently present an "untrue" picture of the availability of the server.

One set of results for every Active Directory being monitored

Measurement
Active
availability:

Manual Monitoring Microsoft Applications

Navigation menu

Versions of this User Manual:

Views

Navigation