Windows Server Monitoring

Creating a new Windows monitor

Supported Versions: Windows Vista, 7, 8, 10, 11 and Windows Servers 2016, 2019, 2022

Prerequisites for monitoring Windows server metrics: Click here

Using the REST API to add a new Windows server monitor: Click here

To create a new Windows server monitor, follow the steps given below:

Go to New Monitor and select Add New Monitor.
Under Servers, select Windows server.
Enter the IP Address or Hostname of the host.
Enter the Subnet Mask of the network.
Select the OS Type to be monitored.
Select the Mode of Monitoring (SNMP or WMI).
- If SNMP, provide the Port at which it is running (default is 161) and the SNMP Community String (default is 'public'). This requires no user name and password information.
- If WMI, provide the user name and password information of the server.
Select the Enable Event Log Monitoring checkbox and configure the Log Rules, if you want to monitor Windows Event Logs and fetch their details. Kindly refer Windows Event Log Rules under Admin Activities section for more information. This section deals with the performance metrics displayed for Windows servers.
Select the Enable Kerberos Authentication checkbox, if you want to monitor Windows server through Kerberos authentication. However, this is applicable only in WMI mode of monitoring.
Choose the Monitor Group from the combo box with which you want to associate the Windows server monitor (optional). You can choose multiple groups to associate your monitor.
Click Add Monitor(s). This discovers the Windows server from the network and starts monitoring them.

For WMI Mode of Monitoring:

Upon clicking 'Add Monitor(s)', if no valid OS is detected, the user will recieve a popup with a force add option. With this, the user can add the monitor version of Windows selected in the OS Type dropdown.
In Windows Server 2008 and later versions, and in Windows Vista and later versions, use the following dynamic port range:
Start port: 49152

End port: 65535
If your computer network environment uses only Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista, you must enable connectivity over the high port range of 49152 through 65535.
Windows 2000, Windows XP, and Windows Server 2003 use the following dynamic port range:
Start port: 1025

End port: 5000
If your computer network environment uses Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista together with versions of Windows earlier than Windows Server 2008 and Windows Vista, you must enable connectivity over both the following port ranges:
High port range: 49152 through 65535

Low port range: 1025 through 5000

Limitations:

Adding a Windows Monitor containing a password with double quotes is not supported.
If Kerberos authentication is enabled, then Scheduled Task Monitoring will not be supported.

Monitored Parameters

Applications Manager monitors the critical components of Windows servers to detect any performance problems. These components include CPU, memory, disk, network traffic, etc.

Availability tab shows the availability history of the Windows server for the past 24 hours or 30 days.
Performance tab shows some key performance indicators of the Windows server such as physical memory utilization, CPU utilization, response time and swap memory utilization along with heat charts for these attributes. This tab also shows the health status and events for the past 24 hours or 30 days.
List view tab lists all the Windows servers monitored by Applications Manager along with their overall availability and health status. It enables you to perform bulk admin configurations. Click on the individual monitors listed to view detailed performance metrics. The list view also shows the virtual machines (Windows guest OS) configured in your data center along with their availability and health status.

Applications Manager's Windows server monitoring allows you to view the detailed performance metrics of a Windows server, which are categorized into 9 different tabs:

Overview
CPU
Disk
Network
Event Log (only supported in WMI mode)
Hardware
NLB
Configuration
Scheduled Tasks (only supported in WMI mode)
Print Queue

Overview

This tab provides a high-level overview of the health and performance of the Windows server along with information pertaining to the processes and services running on the system.

Monitor Information

Parameters	Description
Name	The name of the Windows server monitor.
System Health	Denotes the health status of the Windows server. (Critical, Warning, and Clear)
Type	Denotes the type you are monitoring.
Host Name	The hostname of the Windows system.
Host OS	The main OS installed on the system.
Last Polled at	Specifies the time at which the last poll was performed.
Next Poll at	Specifies the time at which the next poll is scheduled.
Today's Availability	Shows the overall availability status of the server for the day. You can also view 7/30 reports and the current availability status of the server.
Response Time	Amount of time taken by the server to respond (in ms).
Server Uptime	Indicates the server uptime of the Windows monitor.
Server Time	Current date and time of the Windows server with its timezone. (Applicable only in WMI mode of monitoring)
Time Difference	Time difference between the monitoring server time and the Applications Manager's server time (in minutes). (Applicable only in WMI mode of monitoring)

You can use the Custom Fields option in the 'Monitor Information' section to configure additional fields for the monitor.

The CPU and memory utilization - last six hours graph shows the memory usage and CPU usage values for the last six hours. The attributes shown here are Swap Memory Utilization (in % and MB), Physical Memory Utilization (in % and MB), Free Physical Memory (MB), and CPU Utilization (%).
The Breakup of CPU Utilization graph provides a break up of metrics for the entire system processor with attributes such as Run Queue, User Time (%), System Time (%), I/O Wait Time (%), Idle Time (%) and Interrupts/sec.

Page Memory Usage Statistics

This section shows information about the page memory usage statistics in Windows servers.

The Page Memory Usage Statistics table displays the following attributes:

Parameter	Description	Monitoring Mode
Parameter	Description	SNMP	WMI
PagesPerSec	The number of pages that are read from or written to the disk to resolve hard page faults
PageWritesPerSec	The number of times the pages were written to the disk to free up space in physical memory.
PageReadsPerSec	The number of times the pages were read from the disk to resolve hard page faults.
PagesInputPerSec	The number of pages that are read from the disk to resolve hard page faults.
PagesOutputPerSec	The number of pages that are written to the disk to free up space in physical memory

Note:
Minimum supported server = Windows Server 2003, Windows XP

Process Details

This tab shows information about the required processes running in the Windows server. You can add the required processes for monitoring using the Add New Process option. You can also delete unwanted processes and enable/disable reports for specific processes. You can click on any of the attributes listed to view detailed performance stats of that process.

The Process Details tab displays the following attributes:

Parameter	Description	Monitoring Mode
Parameter	Description	SNMP	WMI
Name	The display name of the process.
Process	The name of the process running.
No of Instances	The number of instances running for the process.
CPU(%)	The CPU utilization of the process (in percentage).
Mem(%)	The memory consumption of the process (in percentage).
Handles	The handle count of the process.

Service Details

This tab shows the availability of the required services running in the Windows server. You can add the required services for monitoring using the Add New Service option. You can also stop, start, restart and delete services from within Applications Manager itself.

The Service Details tab displays the following attributes:

Parameter	Description	Monitoring Mode
Parameter	Description	SNMP	WMI
Display Name	The display name of the service.
Service Name	The name of the service running.
Availability	The availability of the service running.

The Monitors in this System section shows the availability and health of the monitors configured in this server. The attributes shown here are Name, Type, Health, and Availability. To add new monitors for monitoring, use the Add Monitors option.

CPU

This tab provides the CPU usage statistics of the Windows server. The tab includes two graphs - one that displays the CPU utilization by CPU Cores and another that shows the Breakup of CPU utilization - by CPU cores. You can view additional reports by clicking the graphs present in the Breakup of CPU Utilization - by CPU cores section. These reports include Break up of CPU Utilization (%) Vs Time, User Time (%) Vs Time, System Time (%) Vs Time, I/O Wait Time (%) Vs Time, Idle Time (%) Vs Time, CPU Utilization (%) Vs Time and Interrupts/sec Vs Time for all the CPU cores.

The CPU tab also shows the following performance metrics:

Parameter	Description	Monitoring Mode
Parameter	Description	SNMP	WMI
Core	The name of the CPU core.
User Time(%)	The percentage of time that the processor spends on User mode operations. This generally means application code.
System Time(%)	The percentage of CPU kernel processes that are in use.
I/O Wait Time(%)	The time spent by the processor to waiting for I/O to complete.
Idle Time(%)	The time when the CPU is idle (not being used by any program).
CPU Utilization(%)	Specifies the total CPU used by the system.
Interrupts/sec	The rate at which CPU handles interrupts from applications or hardware each second. If the value for Interrupts/sec is high over a sustained period of time, there could be hardware issues.

You can also view graphs for these attributes by selecting the necessary CPU core and then choosing the appropriate attribute.

Disk

This tab displays the disk usage and disk I/O statistics of the Windows server.

Disk Utilization

Parameters	Description
Disk	The name of the disk drive.
Used(%)	Denotes how much disk space out of the total disk space has actually been used (in percentage).
Used(MB)	The disk space used (in megabytes).
Free(%)	The percentage of total usable space on the disk that was free (in percentage).
Free(MB)	The unallocated space on the disk in megabytes (in megabytes).

Disk I/O Statistics

Parameter	Description	Monitoring Mode
Parameter	Description	SNMP	WMI
Transfers/sec	Rate of read and write operations on the disk.
Writes/sec	Rate of write operations on the disk.
Reads/sec	Rate of read operations on the disk.
% Busy Time	The percentage of time the disk was busy.
Average Queue Length	The average number of both read and write requests that were queued for the disk during the sample interval.

Note: You can also delete disks that have been physically removed using the Delete Orphaned Disk option.

Network

Network Interface

This table shows details about Network Interfaces.

Parameters	Description
Name	The name of the network interface present in the Windows system.
Speed (Mbps)	Current bandwidth of the network interface (in Mbps).
Input Traffic (Kbps)	The rate at which packets are received on the interface (in Kbps).
Output Traffic (Kbps)	The rate at which packets are sent on the interface (in Kbps).
Errors	The number of packets that could not be sent or received.

Note: You can also delete interfaces that have been physically removed using the Delete Orphaned Interface option.

Network Adapter

This table shows details about Network Adapters.

Parameters	Description
Name	The name of the network adapter present in the Windows system.
Status	The connection status of the network adapter connected to the network.
Net Enabled	The status of the network adapter.

Note:

Network Adapters monitoring option is only supported in WMI mode.
By default, Network Adapter monitoring is disabled. To enable it,
Go to Settings → Performance Polling → Servers → Check Enable Network Adapter Monitoring
If an adapter is removed, the alarm will be raised automatically for adapter removal. By default, an alarm is enabled. The setting can be changed from:
Settings → Performance Polling → Servers → Alert if Network Adapter is removed
You can also delete adapters that are removed by using the Delete Orphaned Adapters option.

Firewall Details

This table shows details about the firewall status.

Parameters	Description
Firewall Profile	The name of the network profile.
Status	Firewall status of the network profile.

Note:

Supported servers = Windows 8, Windows Server 2012 and above.
Available only in WMI mode of monitoring.

TCP Connection Stats

This table shows details about the TCP Connection Status.

Parameters	Description
Active Connections	No. of times TCP connections have made a direct transition from the CLOSED state to the SYN-SENT state.
Established Connections	No. of TCP connections for which the current state is either ESTABLISHED or CLOSE-WAIT.
Failed Connections	No. of times TCP connections have made a direct transition to the CLOSED state from the SYN-SENT state or the SYN-RCVD state + No. of times TCP connections have made a direct transition from the SYN-RCVD state to the LISTEN state.
Passive Connections	No. of times TCP connections have made a direct transition from the LISTEN state to the SYN-RCVD state.
Reset Connections	No. of times TCP connections have made a direct transition to the CLOSED state from either the ESTABLISHED state or the CLOSE-WAIT state.

Note:

ActiveConnections, FailedConnections, PassiveConnections, ResetConnections value are cumulative values fetched from WMI. So Applications Manager will display the difference between previous and current poll values.
EstablishedConnection is non cumulative value. So it will display the current poll value.
TCP Connection Stat is supported only in WMI mode of Windows monitoring.

Event Log

This tab shows information pertaining to the recent Windows events.

Parameters	Description
Rule Name	The name of the event log rule.
Log File Type	The type of the Windows event log file.
Source	The source that generated the event.
Event Id	The identifier of the event.
Type	The type of event.
User Name	User name of the logged-on user when the event occurred. If the user name cannot be determined, this will be None.
Description	Description of the event.
Generated Time	The time when the event was generated.

Hardware Metrics

The following are metrics pertaining to the hardware of Dell and HP servers:

Category	Attribute	Description	DELL		HP
Category	Attribute	Description	SNMP Mode	WMI Mode	SNMP Mode	WMI Mode
Temperature	Sensor	The name of the temperature sensor.
	Temperature Reading (deg C)	The current /present temperature reading.
	Status	The temperature status - Critical, Warning, and Clear.
Fan	Sensor	Name of the fan sensor.
	Fan Speed (RPM)	The fan speed values displayed in RPM.
	Status	The fan status - Critical, Warning, and Clear.
Power	Sensor	Name of the power supply.
	Reading (Watts)	The power supply reading values displayed in Watts.
	Status	The power status - Critical, Warning, and Clear.
Voltages	Sensor	Name of the voltage supply.
	Reading (Volts)	The voltage reading values displayed in Volts.
	Status	The voltage status - Critical, Warning, and Clear.
Battery	Sensor	Name of the Battery sensor.
Battery	Status	The battery status - Critical, Warning, and Clear.
Memory	Sensor	Name of the Memory sensor.
	Memory Device Type	The type of memory device.
	Size (MB)	The amount of memory currently installed in MB.
	Status	The memory status - Critical, Warning, and Clear.
Disk	Sensor	Identifies the disk's label.
	Device Name	The device name configured for the disk.
	Size (MB)	The allocated size in MB.
	Status	The disk status - Critical, Warning, and Clear.
Array	Sensor	The name of the array disk.
	Bus protocol	The bus type of the array disk.
	Size (MB)	The amount in MB of the used space on the array disk.
	Status	The array status - Critical, Warning, and Clear.
Chassis	Sensor	The user-assigned chassis name of the chassis.
	Model	The system model type for this chassis.
	Status	The chassis status - Critical, Warning, and Clear.
Processor	Sensor	The location name of the processor device status probe.
	Processor Brand	The brand of the processor device.
	Processor Current Speed	The current speed of the processor device in MHz.
	Processor Core Count	The number of processor cores detected for the processor device.
	Status	The processor status - Critical, Warning, and Clear.

If a component is functioning normally, the status indicator is green.
The status indicator changes to orange or red if a system component violates a performance threshold or is not functioning properly. Generally, an orange indicator signifies degraded performance.
A red indicator signifies that a component stopped operating or exceeded the highest threshold.
If the status is blank, then the health monitoring service cannot determine the status of the component.

Note:

Currently, hardware performance monitoring is supported in SNMP and WMI monitoring mode.

Hardware Device-Level Configuration

Hardware Configuration option available under Host Details on the right-hand side of the details page will allow you to opt for the various hardware components you want to monitor. This operation can also be done using the Performance Polling option under the Settings tab which will globally configure the hardware stats.

Advanced Settings

By clicking the Advanced Settings option available under Host Details on the right-hand side of the details page, you can go to the Performance Data Collection page for Servers.

Here you can use the Hardware Health monitoring option to enable or disable hardware monitoring in servers. You can also opt the various hardware components (like power, fan, disk,etc.,) to be monitored by checking the options given. This will globally configure the hardware monitoring status. You can also configure the health status by defining values in the respective text boxes:

Critical Severity: If the status matches with any of the values defined in the Critical Severity text box, then Applications Manager displays the status of the hardware device as Critical. The values defined by default are failed, error, failure, nonRecoverable, criticalUpper, criticalLower, nonRecoverableLower and critical.
Warning Severity: If the status matches with any of the values defined in the Warning Severity text box, then Applications Manager displays the status of the hardware device as Warning. The values defined by default are degraded, warning, nonCritical, nonCriticalUpper, nonRecoverableUpper and nonCriticalLower.
Clear Severity: If the status matches with any of the values defined in the Clear Severity text box, then Applications Manager displays the status of the hardware device is Clear. The value defined by default is 'ok'.

Note

If the status of the device does not match with any of the values defined in the severity text box, the device status is displayed as unknown. Status values defined within the severity text boxes are comma-separated and case-insensitive.

NLB

This tab displays the Network Load Balancing (NLB) information of the Windows server.

Node Information

Parameter	Description	Monitoring Mode
Parameter	Description	SNMP	WMI
Node State	The current state of the node.
Dedicated IP	The dedicated IP address of the node.
Subnet Mask	Subnet mask for the dedicated IP address.
Node Priority	Indicates the priority assigned to the node.
No. of Port Rules	The number of defined port rules for the node.

Cluster Information

Parameter	Description	Monitoring Mode
Parameter	Description	SNMP	WMI
Cluster Name	The name of the NLB cluster.
IP Address	The primary IP address of the cluster.
MAC Address	The Media Access Control (MAC) address of the cluster.
GUID	The Globally Unique Identifier (GUID) of the adapter to which NLB is bound.
No. of Nodes	The total number of nodes available in the cluster.

Other Nodes in the Cluster

Parameter	Description	Monitoring Mode
Parameter	Description	SNMP	WMI
Priority	Indicates the priority assigned to the node.
Dedicated IP	The dedicated IP address of the node.
Display Name	Display name of the node in the form of a Fully Qualified Domain Name (FQDN).

Note:

Minimum supported server = Windows Server 2008
NLB should be enabled and configured in the corresponding server.

Configuration

This tab contains information about system configuration attributes.

Parameters	Description
SYSTEM INFORMATION
Host Name	The name of the system.
Serial Number	The serial number of the system that represents the service tag of the server.
Manufacturer	The name of the machine manufacturer.
Model	The Product name that a manufacturer gives to the computer.
Domain	The name of the domain to which the system belongs.
BIOS Version	The current BIOS version that is running on the motherboard of the system.
OS INFORMATION
OS Name	The name of the operating system instance.
OS Version	The version number of the operating system.
OS Release	The latest service pack installed on the computer. If no service pack is installed, the value will be '-'
Manufacturer	Name of the operating system manufacturer. For Windows-based systems, this value is "Microsoft Corporation".
OS Installed Date	The date the OS was installed on the system.
Registered User	Name of the registered user of the operating system.
Windows Directory	Windows directory of the operating system.
OS Language	Language version of the operating system installed.
MEMORY INFORMATION
Total Physical Memory (MB)	The total amount of physical memory as available to the operating system.
Total Virtual Memory (MB)	The total amount of area on the hard disk that Windows uses as if it were RAM.
PROCESSOR INFORMATION
Id	Unique identifier of a processor on the system.
Model	The processor model type
Implementation	The processor family type.
Manufacturer	Name of the processor manufacturer.
Speed(MHz)	The current speed of the processor.
Cache (KB)	Size of the processor cache. A cache is an external memory area that has a faster access time than the main memory.
NETWORK INTERFACE SETTINGS
Name	The name of the network adapter.
IP Address	The IP address configured for this network interface.
Type	The network medium in use.
Mac Address	The Media access control address for this network adapter. A MAC address is a unique 48-bit number assigned to the network adapter by the manufacturer. It uniquely identifies this network adapter and is used for mapping TCP/IP network communications.
Manufacturer	The name of the network adapter's manufacturer.
Status	The current status of the network adapter.
PRINTER SETTINGS
Name	Name of the printer
Server	Name of the server that controls the printer. If this value is not shown, it means the printer is controlled locally.
Type	Denotes whether the printer is controlled locally or remotely.
Default	Indicates whether the printer is the default one. Values are either True or False.
Status	Current status of the printer.
Location	The physical location of the printer.

Scheduled Tasks

Prerequisites:

WMI access to a remote server.
Administrator user credentials.

The following are the metrics pertaining to Scheduled Tasks:

Parameters	Description
Task Name	Name of the scheduled task.
Enabled	Displays if the task is enabled or not.
Last Run Time	The timestamp of when the task ran for the last time.
Last Run Result	The outcome of the last run of the task.
Next Run Time	The timestamp of when the task will run again.
Missed Runs	The number of times the task missed its scheduled execution.
Status	Current status of the task.

You can perform the following actions on the required task(s):

Delete Task(s): Deletes the selected task(s) from Applications Manager.
Clear Alarm(s) for Last Run Result: Clears the alarm associated with the Last Run Result attribute for the selected task(s). Moreover, this operation can be audited in Applications Manager, provided the Scheduled Tasks Action checkbox is enabled under Actions dropdown in Settings → Audit Logs.

Scheduled Tasks Monitoring is not supported for Windows servers 2003, 2008 or Windows XP.

Note:

It works only for WMI mode.
User can add a scheduled task by clicking 'Add Scheduled Task'.
A scheduled task can be deleted by clicking 'Delete Task(s)'.
If a scheduled task is deleted, then an alarm will be raised automatically depending on the setting in Settings → Performance Polling → Servers → Alert if any Scheduled Task is removed (by default, value is true).
Applications Manager should be running with administrator privileges, else some tasks may not get fetched for monitoring.
An Alarm will only be raised (after the threshold is checked) if the current target server time exceeds the next run time for the task although, for 'Enabled' attribute, the threshold is checked in each poll (since its value can be changed anytime).

Print Queue

Prerequisites:

WMI access to a remote server.

The following are the metrics pertaining to Print Queue:

Parameters	Description
Job ID	The ID used to track the job created in the server.
Owner	Username of the user who submitted the document.
Document Name	Name of the document to be printed.
Pages to print	Number of pages requested to be printed.
Document Size	The size of the submitted document.
Printing Status	Status of the current printing task. Possible states include - Printing, Paused, Error, Deleting, Spooling, Sent to printer, Printed, Offline, Printed and deleted, Waiting, In progress, and Unknown.
Document Wait Time	Time taken for the document to fully print in minutes.
Time Submitted	The time at which the document was submitted..
Printer	The printer chosen for the printing task.

Limitations:

This functionality is supported only when the Server is monitored using WMI.
To monitor network-shared printer jobs via a remote server, add the server connected to the printer as a Windows Server Monitor.