Rebuild Performance Counters

Problem/Symptom

1- Verify Event Logs [Event ID: 1228, 2001, 1001, 1008, 2002]

Event ID: 1008
The Open Procedure for service “MSDTC” in DLL “C:\Windows\system32\msdtcuiu.DLL” failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Source: perflib

Event ID: 1008
The Open Procedure for service “ESENT” in DLL “C:\Windows\system32\esentprf.dll” failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Source: perflib

Event ID: 1008
The Open Procedure for service “DNS” in DLL “C:\Windows\system32\dnsperf.dll” failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Source: perflib

Event ID: 1008
The Open Procedure for service “.NETFramework” in DLL “C:\Windows\system32\mscoree.dll” failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Source: perflib

Event ID: 1008
The Open Procedure for service “BITS” in DLL “C:\Windows\System32\bitsperf.dll” failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Source: perflib

Event ID: 1228
System Monitor was unable to open Active Directory Domain Services performance counters. An attempt to query the following performance counter registry key failed.
Registry key:
SYSTEM\CurrentControlSet\Services\NTDS\Performance\First Counter
Source: ActiveDirectory_DomainService

Event ID: 1228
System Monitor was unable to open Active Directory Domain Services performance counters. An attempt to query the following performance counter registry key failed.
Registry key:
SYSTEM\CurrentControlSet\Services\DirectoryServices\Performance\First Counter
Source: ActiveDirectory_DomainService

Event ID: 2001
Unable to read the “First Counter” value under the usbperf\Performance Key. Status codes returned in data.
Source: usbperf

2- Verify status of current Performance Counters

PS C:\Windows\system32> lodctr /q

Results sample:

Performance Counter ID Queries [PERFLIB]:
 Base Index: 0x00000737 (1847)
 Last Counter Text ID: 0x000013D4 (5076)
 Last Help Text ID: 0x000013D5 (5077)

[.NETFramework] Performance Counters (Enabled)
 DLL Name: %systemroot%\system32\mscoree.dll
 Open Procedure: OpenCtrs
 Collect Procedure: CollectCtrs
 Close Procedure: CloseCtrs

[DirectoryServices] Performance Counters (Enabled)
 DLL Name: %systemroot%\system32\ntdsperf.dll
 Open Procedure: OpenDsaPerformanceData
 Collect Procedure: CollectDsaPerformanceData
 Close Procedure: CloseDsaPerformanceData

[DNS] Performance Counters (Enabled)
 DLL Name: %systemroot%\system32\dnsperf.dll
 Open Procedure: OpenDnsPerformanceData
 Collect Procedure: CollectDnsPerformanceData
 Close Procedure: CloseDnsPerformanceData

[ESENT] Performance Counters (Enabled)
 DLL Name: %systemroot%\system32\esentprf.dll
 Open Procedure: OpenPerformanceData
 Collect Procedure: CollectPerformanceData
 Close Procedure: ClosePerformanceData

[MSDTC] Performance Counters (Enabled)
 DLL Name: %systemroot%\system32\msdtcuiu.DLL
 Open Procedure: DtcPerfOpen
 Collect Procedure: DtcPerfCollect
 Close Procedure: DtcPerfClose

[NTDS] Performance Counters (Enabled)
 DLL Name: %systemroot%\system32\ntdsperf.dll
 Open Procedure: OpenNtdsPerformanceData
 Collect Procedure: CollectNtdsPerformanceData
 Close Procedure: CloseNtdsPerformanceData

[RemoteAccess] Performance Counters (Enabled)
 DLL Name: C:\Windows\System32\rasctrs.dll
 Open Procedure: OpenRasPerformanceData
 Collect Procedure: CollectRasPerformanceData
 Close Procedure: CloseRasPerformanceData

Note:
Example of healthy one:
[FileReplicaConn] Performance Counters (Enabled)
 DLL Name: %SystemRoot%\system32\NTFRSPRF.dll
 Open Procedure: OpenReplicaConnPerformanceData
 Collect Procedure: CollectReplicaConnPerformanceData
 Close Procedure: CloseReplicaConnPerformanceData
 First Counter ID: 0x000008BE (2238)
 Last Counter ID: 0x000008EE (2286)
 First Help ID: 0x000008BF (2239)
 Last Help ID: 0x000008EF (2287)

 

3- Verify the Counters are not Disabled in the Registry

The counters may be disabled via registry settings. Please check the following registry locations to ensure that the counters have not been disabled.

HKLM\System\CurrentControlSet\Services\%servicename%\Performance
%servicename% represents any service with a performance counter. For example: PerfDisk, PerfOS, etc.

There may be registry keys for “DisablePerformanceCounters” in any of these locations. As per the following TechNet article, this value should be set to 0. If the value is anything other than 0 the counter may be disabled.

Disable Performance Counters
http://technet.microsoft.com/en-us/library/cc784382.aspx

A value of 1 means the counter is disabled.
A value of 2 means the 32-bit counter is disabled.
A value of 4 measn the 64-bit counter is disabled.

You can also verify Disabled Counters using following powershell command:

$val='Disable Performance Counters'; gci HKLM:SYSTEM\CurrentControlSet\Services -rec -ea SilentlyContinue | % {if((gp -Path $_.PsPath) -match $val) {gp -Path $_.PsPath -Name $val}} | select PSPath,$val

To search for values with name ‘Disable Performance Counters’ under the Services key and return those with data greater than 0:

$val='Disable Performance Counters'; gci HKLM:SYSTEM\CurrentControlSet\Services -rec -ea SilentlyContinue | % {if((gp -Path $_.PsPath) -match $val) {if((gp -Path $_.PsPath -Name $val).$val -gt 0){$_}}}

Turn on all disabled Counters (to actually do it you must remove the -WhatIf parameter):

$val='Disable Performance Counters'; gci HKLM:SYSTEM\CurrentControlSet\Services -rec -ea SilentlyContinue | % {if((gp -Path $_.PsPath) -match $val) {if((gp -Path $_.PsPath -Name $val).$val -gt 0){sp -Path $_.PsPath -Name $val -Value 0 -WhatIf}}}

 

Note:

In the query if you have provider name that is Disabled, Use this Cmdlet to enable it.

 

lodctr /e:<provider name>

for example (think in above query Performance Counters is disable ):
lodctr /e:Performance Counters

If you perform this step and it doesn’t work, please see the event log and search for if there is Event ID = 3006 in it? if yes,
please go to registry and change Disable Performance Counters from “1” to “0”.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib


Resolution 1: Rebuild specific Performance Counter (RemoteAccess, NTDS, Domain Service etc.)

1- Find/Search the right “.ini” file in the registry or to the location “C:\windows\winsxs”.

To do that,

1a- Open regedit.exe > HKLM\System\CurrentControlSet\Services\%servicename%\Performance
%servicename% represents any service with a performance counter. For example: PerfDisk, PerfOS, etc.

 

1b- Copy the ValueData “.ini” file (for example, here it is “rasctrs.ini”) from the ValueName “PerfiniFile”.

regperf
Performance Counter -RemoteAccess

1c- Open Windows Explorer > Go to “C:\Windows\winsxs” and Search for all available files under “C:\Windows\winsxs” location. Here you will see multiple folders.

 

regperf1

Optionally, for search, you can also use powershell, like

Dir C:\Windows\winsxs\amd64_microsoft-windows-rasctrs*
or
C:\Windows\WinSxS> get-childitem -recurse *.ini | Select-String -pattern “usbperf” -context 0

For non-powershell use this:
findstr /s usbperf *.ini

2- Get into each searched location and run “Lodcrt” for all “.ini” files:

For example,
C:\Windows\winsxs\cd amd64_microsoft-windows-rasctrs*
C:\Windows\winsxs\amd64_microsoft-windows-rasctrs*>Lodcrt rasctrs.ini

regperf2

When it is successful, you will see the following entry in the Event Log > application log.

Log Name: Application
Source: Microsoft-Windows-LoadPerf 
Event ID: 1000 
Level: Information 
Description: 
Performance counters for the ..... service were loaded successfully. ....

REBOOT or Following these steps, re-run “WINMGMT /RESYNCPERF”

 

Resolution 2: Rebuild all Performance Counters including extensible and third-party counters

1- To rebuild the Counters, open Command Prompt with Run as administrator and type:

cd c:\Windows\System32
lodctr /R
cd c:\Windows\SysWOW64
lodctr /R

2- Resyncing the counters with Windows Management Instrumentation (WMI):

WINMGMT.EXE /RESYNCPERF

3- Stop and restart the Performance Logs and Alerts service:

net stop pla && net start pla

4- Stop and restart the Windows Management Instrumentation service:

net stop Winmgmt && net start Winmgmt

 

NOTE: Remember to restart the User Access Logging Service & IP Helper manually from the Services.

Create a new Data Collector Set (do not use an existing Data Collector Set).

Sometimes, running lodctr /R may not recover all counters. If you notice this happening, verify the file c:\windows\system32\PerfStringBackup.INI contains the proper information. You may be able to copy this file from an identical machine in order to restore the counters. There may be slight differences in this file from machine to machine, but if you notice a drastic difference in size, it may be missing information. Always create a backup copy before replacing, and there is no guarantee that copying this file from another machine will restore all counters. If possible, compare the file to backups of the machine to see if the file size has decreased at some point in time.

References:

**https://support.microsoft.com/en-us/help/2554336/how-to-manually-rebuild-performance-counters-for-windows-server-2008-6

*https://social.technet.microsoft.com/Forums/Lync/en-US/ef4f7008-3e9d-427c-af38-a46bdd9b32a9/error-id-2001-source-usbperf-unable-to-read-the-first-counter-value-under-the?forum=winservergen

https://social.technet.microsoft.com/Forums/windowsserver/en-US/ab7f88bd-027e-4515-898a-fcc2627aa368/cwindowssystem32bitsperfdll-failed?forum=winserverManagement&prof=required

https://theperformanceengineer.com/2014/02/01/enabling-ntds-counters-in-perfmon-monitoring/

http://johansenreidar.blogspot.com/2014/01/windows-server-rebuild-all-performance.html

https://jesperarnecke.wordpress.com/2013/12/18/corrupt-or-broken-performance-counters-windows-2012/

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s