Zabbix Windows Server, Domain Controller,DNS and IIS Performance Monitoring

This article describes Windows Server 2008 R2 Zabbix Templates that monitor core server functions, Domain Controllers, DNS Servers and IIS 7.5.  While built specifically for those systems, it us likely  the Templates are compatible with other versions of Windows as well.

For those with Zabbix and Windows experience, the counters used are available from the Zabbix Share page:

Windows Server ships with a excellent monitoring and trend analysis tool: Performance Monitor.  As illustrated below, it allows administrators to select and graph counters that include list of system metrics.  These measurements may also be saved as delimited text files for future analysis and visualization.  A centralized server may connect to other servers to remotely collect data.  Since the API is well-documented, it is integrated into other value-added systems monitoring software.

The illustration below depicts the text format of a Windows Performance Monitor counter.  Commands conforming to this syntax may be sent from remote monitoring servers whose applications comply with the Windows API.

Prerequisites

A thorough knowledge of Zabbix installation and configuration is necessary.  This article, Installing and Configuring Basic Zabbix Functionality on Debian Wheezy, describes the basics. Several additional articles of advanced topics are available here.  This article, Zabbix Templates for Windows 2008 R2 OS and Domain Controllers, provides a detailed description of Template design.  Finally, Automated Zabbix Deployment and Configuration for Windows Enterprises describes how to deploy and configure Windows Agents and touches upon Discovery.

Description of Monitored Windows 2008 R2 Services and Counters

Zabbix uses service state checks to monitor Windows Services; it uses performance counter checks to monitor Processor, Memory, Disk and Network counters.  The services and counters listed below are common to Windows Server 2008 R2 regardless of applications installed.  They are indicative of overall performance (or problems) but do not necessarily pinpoint the root issue(s); more advanced -- and specific -- checks are required to diagnose application issues.

Links to Windows 2008 R2 Server Zabbix Templates.

Microsoft provides a description of Windows 2008 R2 Performance Monitor Counters.

Windows Server Services

Distributed Transaction Coordinator (MSDTC)
Group Policy Client (gpsvc)
Netlogon (Netlogon)
Network List Service (netprofm)
Network Location Awareness Service (nlasvc)
Network Store Interface (nsi)
RPC Endpoint Mapper (RpcEptMapper)
Security Accounts manager (SamSs)
Server Service (LanmanServer)
Event Log Service (eventlog)
Windows Firewall Service (MpsSvc)
Windows Time Service (W32Time)
Workstation Service (LanmanWorkstation)
DNS Client (Dnscache)

TCP Ports

135 MSRPC
139 NetBIOS-ssn
445 NetBIOS-ssn

Processor

Current work queue
Processor Percent Idle Time
Processor Percent Processor Time
System Processor Queue Length

Memory

Memory Available MBytes
Memory Free System Page Table Entries
Memory Pages Input/sec
Memory Pages/sec
Memory Pool Nonpaged Bytes
Memory Pool Paged Bytes
Memory Cache Bytes 
Memory Percent Registry Quota in Use
Memory Percent Committed Bytes in Use

Disk

LogicalDisk Avg. Disk sec/Read
LogicalDisk Avg. Disk sec/Write
LogicalDisk Disk Transfers/sec 

Network

Network Interface Output Queue Length
Network Interface Bytes Total/sec 
Network Interface Bytes Sent/sec

Windows Domain Controller Monitoring and Trend Analysis

The format and use of the command and service definitions are the same as those described above.

Links to Windows Domain Controller Zabbix Templates and Windows Domain Controller Performance Monitoring Templates:

Microsoft provides a summary of Windows Domain Controller Performance Counters.

Summary of Monitored Services and Counters

Windows Domain Controller Services

Active Directory Domain Service (NTDS)
Active Directory Web Services(ADWS)
Intersite Messaging Service (IsmServ) 
Kerberos Key Distribution Center (kdc)

TCP Ports

389 LDAP
464 Kerberos Password
636 LDAPS
3268 Global Catalog
3269 Global Catalog

Windows Server Domain Controller (NTDS) Counters

NTDS DRA Inbound Full Sync Objects Remaining
NTDS DS Notify Queue Size
NTDS LDAP Bind Time
NTDS SAM Account Group Evaluation Latency

Summary of DNS Server Services and Counters

Links to Windows DNS Server Zabbix Templates  and DNS Server Performance Monitoring Zabbix Templates:
 Microsoft provides a summary of Windows DNS Server Performance Counters.

Windows DNS Server Services

DNS Server (DNS)

TCP Ports

53 DNS

Windows DNS Server Counters

Caching Memory
Database Node Memory
Record Flow Memory
Recursive Query Errors
Secure Update Failure
TCP Message Memory
Total Query Received
Total Query Received/sec
UDP Message Memory 
Zone Transfer Failure
Zone Transfer Success

Summary of IIS Server Services and Counters

IIS has changed repeatedly over time and Microsoft-recommended performance counters are generally out-of-date.  The list was developed from a variety of sources and intended to reflect the basic IIS 7.5 Server functions.  Other counters (such as ASP.NET, etc.) are more appropriate to various application environments, such as the Windows Application Server Role, which adds the .NET environment.

Links to Windows IIS Server Zabbix Template:

Windows IIS Server Services

IIS Admin (IISAdmin
World Wide Web Publishing (W3SVC)

TCP Ports

80 HTTP
443 HTTPS

Windows IIS Server Counters

Bytes Received/sec
Bytes Sent/sec
Bytes Total/sec
Current Connections
GET Requests/sec
POST Requests/sec
Current Files Cached
Current Metadata Cached
Current URIs Cached
File Cache Hits %
Metadata Cache Hits
URI Cache Hits %

Server 2008 R2, Domain Controller and DNS Server Performance Monitoring Templates

Performance Monitoring Counters are included for advanced troubleshooting, trending and capacity planning.  These counters unlikely useful for day-to-day monitoring and should be used only when needed in those scenarios.

Discovery

 As briefly described in the article Automated Zabbix Deployment and Configuration for Windows Enterprise, Active Directory GPOs deploy a customized zabbix_agentd.conf file.  The file specifies UserParameters that issue shell commands used to determine if windows Services are present; if the command returns "already been started," Actions configured on the Zabbix server add the host to specified Host Groups and link pertinent templates.  For instance, if the shell command "net start NTDS" returns (as prt of its response) "already been started," the Zabbix server adds the host to the Windows Domain Controllers Host Groups and links Template Windows Domain Controllers.

The configuration file definitions that support Discovery and Actions are:

1. UserParameter=services.NTDS,net start NTDS
2. UserParameter=services.DNS,net start DNS
3. UserParameter=services.W3SVC,net start W3SVC 

There is no need to add a UserParameter statement for discovering the Windows OS because the Zabbix Agent natively supports the command system.uname for returning the required OS information.

Example Screen

The illustration below depicts a screen consisting of four Memory Counter graphs. The screen depicts the interaction of Memory and Disk performance at boot time, in which low available memory leads to paging.  The root cause of the problem is the lack of memory, however it is also manifest as high disk IO.

Installing the Zabbix Windows 2008 R2 and Domain Controller Templates

The following video depicts installing the templates (which also creates the necessary Host Groups), creating hosts, adding them to the Host Groups and applying the Templates.

Zabbix CPU Stress Test Monitoring

The following video depicts running a CPU Stress Test on one server.

Zabbix CPU and Memory Stress Test Monitoring