EmployeePerfmon Services troubleshooting DataSource
For Remote Perfmon to work, there are six Windows Services that must be present on a machine, two of which must be set to auto startup and the other four set to at least manual startup - as detailed here:
https://www.logicmonitor.com/support/monitoring/os-virtualization/troubleshooting-perfmon-access/
If you're having Perfmon collection issues this is the first place to look, but that involves logging on to the machine and looking, or running a fairly complex collector debug command, such as:
!wmi h=<hostname> select displayname,startmode,state from win32_Service where displayname = 'Performance Counter DLL Host' OR displayname = 'Performance Logs & Alerts' OR displayname = 'Remote Access Auto Connection Manager' OR displayname = 'Remote Registry' OR displayname = 'Remote Procedure Call (RPC) Locator' OR displayname = 'WMI Performance Adapter'
This datasource will rapidly determine the presence and setup of the six required services on any monitored Windows device.
Each Service is discovered if present, and grouped according to startmode (auto, manual, disabled). Additionally, the startmode, state and status at time of discovery are added as instance level properties, for each service, with state and status then monitored.
This gives a very rapid (as soon as Active Discovery has run) visual indication for this first troubleshooting step.
The DataSource as presented has the AppliesTo rule of 'false()', i.e. disabled. This will need to be edited to apply to any Devices you are looking to troubleshoot.
Examples of Active Discovery results as seen in the Device tree:
Device with "Remote Registry" disabled:
Device with "Remote Registry" set to auto, but then stopped, and with "Remote Procedure Call (RPC) Locator" incorrectly set to manual startmode:
Once the necessary changes are made, the DataSource can be disabled, or left running as an ongoing check.
No alerting is currently configured.
v1.1.0: DR9MDK
