I was thinking these days what I wish I have known when I started working with Windows servers, some basic (and some not) commands that can help me to troubleshoot servers without requiring additional software.
That’s why this is a post dedicated to people who just started administering servers with Windows Server 20xx-2019 (I expect at least 2008 although it is going end of support the next month) or maybe you’re curious and want to know more about Windows Server administration.
We will exclude networking problems as that is another huge topic so, we assume that the server is reachable by using ping (ICMP protocol).
RDP isn’t everything
First thing I notice when someone tells me: “I can’t access the server via RDP, it must be overloaded, unresponsive, etc. because I can ping it”.
As you may know (or not) RDP is the Remote Desktop protocol which usually runs in port 3389, there can be tons of reasons why you can’t access a server via RDP at the moment an alert raises (port blocked, server out of resources, user not allowed to RDP, etc.)
Therefore, I will list some points about how to troubleshoot a server when you can’t access using RDP. In this way, you’ll be able to manage a server (Windows) without accessing it.
MMC (Microsoft Management Console)
MMC is everywhere, when you open the Event Viewer it is indeed an MMC that has the Snap-in “Event Viewer”. Here is how would you do it manually instead of opening the Event Viewer “console”:
You should try to master the MMC as it provides you the best way to manage different aspects and features from a Windows server (remote or local).
By typing “mmc” in Run and pressing Enter”, an empty console (MMC) will be open.
And then, you can add a “snap-in” about any particular feature, service, etc. from Windows. Meaning that with the MMC you have at your disposal a tool to troubleshoot a remote or local server.
Just go to File > Add/Remove snap-in and here choose what do you want! For this example, I will add the Certificates snap-in in order to check which certificates are installed in my server:
Once you press Add, it will ask you which account, usually you want to use the computer account because services and features related to the computer nor a user account.
Choose if you want to manage a local or remote server:
And finally, here is the final screenshot after adding the Certificates snap-in from my computer:
Now, imagine if you do the same with the Services snap-in and select Another Computer, you will be able to manage the services from a remote computer by just doing that and without connecting to the server using RDP!
Check memory resources (RAM)
CMD (command prompt)
Our “old” friend CMD or command prompt interpreter which works on all versions of Windows Server, no matter which problem you have on your server that you can always run it and it is available on any Windows installation without any requirement.
There are some useful commands to manage a remote Windows server. The first command I want to show you is the “tasklist” command, which is the equivalent of the “Task Manager” that you probably know.
It can become very handy to check which processes are consuming more memory resources:
tasklist /s <server> | sort /R /+58
The previous command is just for Memory usage (RAM) but it won’t work for CPU so, how can I check which process is consuming more CPU resources?
Check the next section!
Check CPU resources (CPU)
WMIC (Windows Management Interface Console)
In order to check the CPU remotely, there isn’t a simple command like “tasklist” with parameters as it is harder to get the stats from the CPU perspective.
Anyway, this is another command that can be used within CMD, the command is wmic, here you have some examples:
To get the CPU usage of the server:
wmic cpu get loadpercentage
Or the processes that are consuming a particular percentage (70% in this example):
wmic path win32_perfformatteddata_perfproc_process where (PercentProcessorTime ^> 70) get Name, Caption, PercentProcessorTime, IDProcess /format:list
As you can see in this output, it says “PercentProcessorTime=100”, which means that a process (mcshield) consumed 100% of his time when we asked for the processes above 50% of the server.
So in this case, the process “mcshield” (which is related to McAfee) is consuming more than 50% of the CPU.
Obviously de “_Total” process mustn’t take into account and it’s in the output because I didn’t want to make it larger (although is a bit large).
There is another command (typeperf) which although it can be more powerful (it uses performance counters), the output is a mess (lots of data). I won’t show it here but I wanted to let you know.
Alternate access to RDP
A server can be physical or virtual then, you can probably access the virtual machine using Hyper-V Manager (if you use Hyper-V) or the vSphere Web Client (vSphere) tools in order to gain access to the virtual server.
If the server is physical, you have probably access to some remote console (iLO, iDRAC, etc.) to access the server and finally be able to log if you need to.
I hope these tips helped you or at least make you remember how to do it, see you next time.