The Performance Monitor utility Perfmon.exe may not display valid counterobjects. Below are some troubleshooting methods that can be used to resolvethe issue.
This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
You could check the strings in the 009 key under the key described belowand look for any garbled entries, entries that have two numbers, or entriesthat have two strings in succession (you should see ### string ### string,and so on in the multi-sz editor). This may not explain the differentbehavior between the local and remote cases because they both access thesame registry values.
Perfmon does the following with the registry:
- Reads the perfmon configuration from the following registry subkey. Entries not found will revert to the default values:
- Opens the performance registry key, which does the following (on the computer that you are trying to connect to):
- Opens the following registry subkey to read the name strings and explain text strings. If this fails, the computer connection fails:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Perflib\009(009 assumes English)
- Opens the following registry subkey to read any configuration information. If this fails, the default settings are used:
- Enumerates the following registry subkey to find services that have registered extensible performance counter DLLs. If this fails, or any of the DLLs found fail, then the failed DLLs will not be loaded and the extensible counters provided by the DLLs will be returned. The connection to the computer (local or remote) will succeed with at least the standard counters:
The biggest difference between monitoring a local computer and a remotecomputer is that the performance counters are queried within the context ofthe Perfmon process when monitoring local computer counters, while remoteperformance counters are monitored within a thread of the Winlogon processon the remote computer.
Usually this type of failure is the result of one of the network relatedextensible counter DLLs. Another possibility could be the permissions enabled on the local machine are insufficient to allow the remote account access to the performance counter registry keys. The minimum permissions needed for each instance of the following registry subtree
Everyone - Read (Query Value, Enumerate Subkeys, Notify, Read Control).
System - Full Control
Administrators - Full Control
As always check the security, application or system event logs for any "interesting" entries. To try and narrow it down you could try to disable the extensible counter DLLs to prevent them from being loaded. If this solves the problem, enable the extensible counter DLLs one at a time to see when it breaks again.
To disable one or more extensible counter DLL(s):
- Start the Registry Editor (RegEdt32.exe).
- Navigate to the following registry subtree:
- Click Find Key on the View menu.
- Type Performance as the search string, then search down from there.
- At each Performance entry you find, select the Library value and modify the library name by prefixing it with two x's: for example, change OrigLib.dll to xxOrigLib.dll
- When you have done each Performance entry under theCurrentControlSet\Services key, restart Perfmon to see whether it works. If it does, then repeat the above two steps, only restoring the original library name and trying Perfmon after each change to see which library causes the fault.
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
Controlling Remote Performance Monitor Access to Windows NT Servers