When dreaming of a position in server or system administration, we often think of designing infrastructure, spinning up new servers, and implementing new technology. The truth can reflect those tasks, but it can just as easily include 3 A.M. wakeup calls to deal with a system being down, poring over event and diagnostic logs, and living on Google and Bing when your acquired knowledge and wisdom just isn’t cutting the mustard. Sometimes, hardware breaks. Other times, software freaks out. Certificates expire, internet connections fail, and occasionally, you work on an issue from a certain angle all day only to discover in the end that it was being caused by something entirely different. Working in IT can bring with it great mysteries every single day, which is one of the reasons I love it. This final chapter uncovers some of the tools available in Windows Server 2022 that can assist with troubleshooting, maintenance, and repair:

• Backup and restore
...

The need to back up and occasionally restore your servers is, unfortunately, still present in Windows Server 2022. Many dream of a day when servers are 100 percent reliable and stable throughout their lifetimes, unaffected by viruses and rogue software, but today is not that day (that would be a little boring, to be honest).

While there are many third-party tools available on the market that can improve and automate your backup experience when managing many servers, we do have these capabilities baked right into our own Server 2022 operating system, and we should all be familiar with how to utilize them. Maintaining good backups should be priority number one for any business and is the most important troubleshooting component that exists. There are a myriad of reasons why you may fail to repair a server that is having a problem, and sometimes, your only two options are to build from scratch or restore from backup. Ransomware attacks are on the increase, and...

If you can remember all the way back to Chapter 1, Getting Started with Windows Server 2022, you’ll know that we already discussed Task Manager. There, we described how to launch it and took a quick look at the different tabs available inside Task Manager. While there is no need to rehash the same information here, it is important to note Task Manager in this chapter regarding troubleshooting, because it is one of the first places you should visit on any server that is portraying performance problems or otherwise strange symptoms.

Task Manager gives you a quick glance at the overall CPU and memory utilization on a server, letting you know how taxed the server is. One of the most common tabs to review on any server is Processes, which allows you to sort all the running applications and processes by their CPU or memory consumption, which can quickly identify a problematic application that may be hindering the entire server. Once identified, you can easily right...

Like Task Manager on steroids, Resource Monitor can take system monitoring and troubleshooting even further. It contains plenty of the same information that we just experienced inside Task Manager but lays things out in a different format. CPU, memory, and disk utilization metrics are present, as well as monitoring of your network interfaces. There are various ways to sort the items that utilize resources, quickly identifying the high hitters for CPU and memory, and there are also right-click functions to end or suspend processes. On the Overview tab, as shown in Figure 16.13, you’ll see that I am able to quickly identify the reason for my high CPU utilization – PowerShell is consuming almost 100% of available CPU resources:

Figure 16.13: Using Resource Monitor to investigate high CPU utilization

Exploring the different tabs inside Resource Monitor will show you more detailed information about CPU, memory, and even disk resource consumption...

Another built-in monitoring tool is called Performance Monitor, commonly referred to as Perfmon. Almost every component inside Windows Server has predefined performance monitor counters, and Perfmon taps into those counters to display extremely in-depth information about what is happening with those components, but only when you specifically set up reporting to see it. Perfmon does not log anything by default, because to do so would consume plenty of server resources, so this tool is generally only to be used temporarily during troubleshooting or for a specific reason, and then disabled again when you are finished.

The easiest way to launch Perfmon is to Start | Run or open a Command Prompt or PowerShell, simply type Perfmon, and then press Enter. This launches the interface, and by default, you can see that it has plugged in a counter for % Processor Time. You can obviously find CPU percentage information in much easier and better-looking places than Perfmon...

Windows Server has many wonderful tools built right into it, but there’s always room to improve.

This seems to be exactly what Mark Russinovich was thinking back in the mid-90s, when he and Bryce Cogswell created Winternals and started crafting apps that could do even more advanced actions and data collection within the Microsoft Windows operating systems than was capable with the native toolset. Fast-forward to today, Winternals has been acquired by Microsoft, the conglomeration of tools that were created under that umbrella are now known as the Microsoft Sysinternals tools, and Mark is now CTO of Azure.

These tools are simple, helpful, and effective. Most of them don’t even require an installation. Simply download a standalone executable, copy it over to your server, and run it. When finished, you can delete the executable and easily remove any trace of that application from your server. We already looked at one of these tools earlier in...

When thinking about Windows Server troubleshooting, the firewall is probably not one of the first things that comes to mind. However, the Windows Firewall with Advanced Security console can be a very friendly tool to identify and resolve issues that crop up related to networking on our servers. So far in this book, you have already been given instructions on some of the most important things that you can do within WFAS. We discussed the three different firewall profiles and the fact that each individual NIC on a server can be utilizing a different firewall profile. This knowledge really comes into play within a corporate domain environment. When servers run inside your network and can contact a domain controller, their NICs that are connected to that network should always self-assign the Domain firewall profile. This is important because the firewall rules you expect to be in place while that server is inside the network (which is probably at...

We summarized System Insights in Chapter 1, Getting Started with Windows Server 2022, but we definitely want to revisit it here in our chapter on troubleshooting. This is because this tool gathers all the right parts and pieces to help us build a comprehensive story about what is going on with our servers, and to help predict critical points at which servers may run out of resources and need to be upgraded or expanded.

System Insights is all about predictive analytics. It is available on any Windows Server 2022 (you just need to enable it) and utilizes performance counters to monitor the system and record data. This data is stored on the local server, which is important because it means you do not have to go through a bunch of work and hoops to implement some kind of centralized database to retain the data, nor perform any cloud work to maintain these metrics. The information collected by System Insights is individual per server and is retained on each server for...

Here is another section where you already have the information you need if you have been working through this book from start to finish, but it never hurts to receive a gentle reminder on taking what you have learned and putting it into practice.

Remote Desktop, Hyper-V console, PowerShell, Sconfig, WAC, Microsoft Management Console (MMC) consoles, and Server Manager – these are all different tools, any of which could be used to accomplish similar tasks on your servers. I love training new IT staff on our service desk and working alongside them on tickets, especially in areas where they have limited experience and are hesitant to dive in. Using the Remote Desktop client to RDP into servers is still by far the most common way that administrators log in to their servers to make changes or for any reason, and when you do that all day every day, it is easy to forget about all the other ways that you can interact with those servers. RDP is one of the first things...

Any investigatory work on a server is well complemented by Windows Event Logs. Sometimes you catch a server in the act of misbehaving and can utilize all the tools we have discussed so far to figure out, in real time, what is happening and how to remediate it. Other times, you may have experienced a problem – an unexpected restart of a server is a prime example – and even though things are running smoothly again, you are now tasked with answering that enormous question, “What happened?”

The Windows operating system logs a lot of data, all the time. These logs can answer questions when nothing else in the system can, as they provide a historical roadmap of wins and challenges happening within the OS, visible in static text where patterns emerge and details are given.

The tool that is home to Windows Event Logs is called Event Viewer. Opening Event Viewer can be accomplished in a few ways. You can seek out Event Viewer in the Start search...

You have probably noticed that many of the management consoles that we utilize to configure components inside Windows Server 2022 bear a striking resemblance to each other. What happens under the hood with a number of these consoles is that you are shown a snap-in function, a specific set of tools that are snapped into a generic console tool called the MMC. In fact, rather than opening all these management functions from inside Server Manager, for many of them, you could simply type MMC by navigating to Start | Run or Command Prompt and invoking the generic MMC console. From here, you can click on the File menu and choose Add or Remove Snap-ins:

Figure 16.30: Using MMC to snap in management consoles

Choose the management snap-in that you would like to work in, and add it to the console. There are a large number of management functions that can be accessed through the standard MMC console, and even some functions where MMC is the preferred, or perhaps...

Designing and building brand-new servers rarely presents challenges, and if they are encountered, those issues are typically low priority, since the new server won’t yet affect a production workforce. Troubleshooting existing servers, on the other hand, can be very stressful and requires quick, on-the-fly recollection of tools and command sets available inside the operating system that can be used to identify issues and resolutions. I hope this chapter has given you the ammunition needed to feel more confident in those situations, and to become the “go-to” person in your IT department when it comes to diagnosing server problems and digging deep into problems that arise.

This brings us to the end of our story on Windows Server 2022. Many of the topics we discussed could fill entire books, and I hope that the ideas provided in this volume are enough to prompt you to dig further into the technologies that you plan to work with.

Microsoft technology...

1. What is the MSC shortcut to open Active Directory Users and Computers?
2. True or False – You should always store server backups on the same server that you are backing up for performance reasons.
3. Which Windows monitoring tool can be used to graph CPU utilization over a 24-hour period?
4. True or False – System Insights stores all data on a centralized RADIUS server.
5. Which Sysinternals tool can be used to terminate a process running on a remote system?
6. What is the MSC shortcut to open Windows Defender Firewall with Advanced Security?
7. Which PowerShell cmdlet can be used to gather Windows log files?
8. Which Event ID can be used to calculate system uptime?

Join our community on Discord

Join our community’s Discord space for discussions with the author and other readers:

https://packt.link/SecNet