Automating collection of performance monitor counters for Exchange, on windows 2008.


It is frequently necessary to collect performance counters to troubleshoot problems on servers. Unfortunately, quite often the condition we are trying to troubleshoot is transient, and by the time an administrator is alerted to the problem it has already passed. This document describes a method to set up automated performance monitoring that can be triggered by a particular performance condition being met.

It involves setting up a performance alert to write an event to the application log, and then using the latest version of task scheduler to start a batch job based upon the appearance of that event.

This article applies to Windows 2008 and 2008 R2, and Exchange 2007 and 2010.


Part 1. Setting an alert condition

First, set up alert condition by following

To create a Data Collector Set to monitor Performance counters

  1. To open Windows Performance Monitor, click Start, click in the Start Search box, type perfmon, and then press ENTER.
  2. In the Windows Performance Monitor navigation pane, expand Data Collector Sets, right-click User Defined, point to New, and click Data Collector Set. The Create new Data Collector Set Wizard starts.
  3. Enter a name for your Data Collector Set.
  4. Select the Create manually option and click Next.
  5. Select the Performance Counter Alert option and click Next.
  6. Click Add to open the Add Counters dialog box. When you are finished adding counters, click OK to return to the wizard.
  7. Define alerts based on the values of performance counters you have selected.
    1. From the list of Performance counters, select the counter to monitor and trigger an alert.
    2. From the Alert when drop-down, choose whether to alert when the performance counter value is above or below the limit.
    3. In the Limit box, enter the threshold value. Eg, if you want to gather performance data when cpu utilisation is greater than 95%, enter “95”
  8. When you are finished defining alerts, click Next to continue configuration.
  9. After clicking Next, you can configure the Data Collector Set to run as a particular user. Click the Change button to enter the user name and password for a different user than the default listed.
  • If you are a member of the Performance Log Users group, you must configure Data Collector Sets you create to run under your own credentials. Data Collector Sets run as the System user by default. As a security best practice, you should accept this default value unless you have a compelling reason to change it.
  1. Click Finish to return to Windows Performance Monitor.
  • To view the properties of the Data Collector Set or make additional changes, select Open properties for this data collector set. For more information about the properties of the Data Collector Set, see Data Collector Set Properties.
  • To start the Data Collector Set immediately (and begin saving data to the location specified in Step 8), select Start this data collector set now.
  • To save the Data Collector Set without starting collection, select Save and close.

To configure alert actions

  1. Expand Reliability and Performance in the navigation pane.
  2. Expand Data Collector Sets, expand User Defined, and click the name of the Data Collector Set with performance counter alerts.
  3. In the console pane, right-click the name of a Data Collector whose type is Alert and click Properties.
  4. On the Data Collector Properties page, click the Alerts tab. The data collectors and alerts already configured should appear.
  5. Click the Alert Action tab to choose to write an entry to the event log Applications and Services Logs/Microsoft/Windows/Diagnosis-PLA/Operational when the alert criteria are met. You can also start a Data Collector Set when the alert criteria are met; Don’t do this.
  6. Click the Alert Task tab to choose a Windows Management Interface (WMI) task and arguments to run when the alert criteria are met. Don’t do this.

This will give you  an alert that writes a 2031 event to the log named in step 15, above.

Part 2. Creating the batch file

First, set the PowerShell environment. Open the Exchange Shell and run the following:

Set-ExecutionPolicy RemoteSigned

Then download and extract the ExPerfWiz powershell script from the Microsoft website:

Make sure to download the latest version – 1.3.7 or higher.

Then Create a batch file to run the experfwiz script:

  1. Open notepad
  2. Copy the text below into the open document, and save it as C:\perfwiz\experfwiz.bat, or something equally usable. Try and avoid spaces or non standard characters in your path.

PowerShell.exe -command “. ‘c:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1’; Connect-ExchangeServer -auto; c:\experfwiz\experfwiz.ps1 -duration 00:15:00 -interval 1 -quiet”

  1. You will need to check:

Location of Exchange binaries for the RemoteExchange.ps1 script.

Location of ExPerfWiz script

Version of ExPerfWiz script – only 1.3.7 and later support the –quiet switch.

Change duration and interval to something suitable. In the example above the duration is 15 minutes, and the interval is two seconds.

Part 3. Scheduling the batch file

The batch file will be run by setting up a scheduled task that will run every time an event id is logged. The Event ID that you will use to trigger the Log:

Log: Microsoft-windows-diagnosis-PLA/operational

Source: Diagnosis-PLA

Event id:  2031

Now to create a Scheduled Task.

  1. If Task Scheduler is not open, start Task Scheduler. For more information, see Start Task Scheduler.
  2. Find and click the task folder in the console tree that you want to create the task in. If you want to create the task in a new task folder, see Create a New Task Folder to create the folder.
  3. In the Actions Pane, click Create Task.
  4. On the General tab of the Create Task dialog box, enter a name for the task. Make sure it is running under an admin account, and that it is set to run only when the user is logged on. You will need to remain logged on to the server for the duration.
  5. On the Triggers tab of the Create Task dialog box, click the New… button to create a trigger for the task, and supply information about the trigger in the New Trigger dialog box. Select On an Event to start the task.Fill in the details for the event as shown in the picture below.
  6. On the Actions tab of the Create Task dialog box, click the New… button to create an action for the task, and supply information about the action in the New Action dialog box. Select Start a Program, and browse to the batch file you created in part 2, above. Once this action is saved you can, if you choose, set it to also send you an email when the condition occurs.
  7. Click the OK button on the Create Task dialog box.

Part 4. Final checks, and what to do next.

  • Make sure that the data collector set is running.
  • Make sure that the batch file will work by starting it manually. Check the c:\perflogs folder for the generated log file.
  • Make sure that the process works – do this by setting the data collector set to alert on a commonly met condition, such as cpu utilization = 20%. Check that:
    • The event is logged in the Applications and Services Logs/Microsoft/Windows/Diagnosis-PLA/Operational event log.
    • The scheduled task is triggered by selecting the task, and checking the “history” tab in the lower window of the scheduler console.
    • The perfmon log is generated and saved to the C:\perflogs directory.

When the condition is met, the task triggered, the batch file ran and the log generated, why not use PAL to analyze it. I would.

The batch file doesn’t have to point to ExPerfWiz, of course. It could quite easily point to a batch file that triggers logman, or you could avoid using a batch file altogether and set perfmon up to trigger a data collector set instead of an event. For more details on using logman with a batchfile see our nutshell “Scripting Perfmon for Win XP through to Win 2008”

Thanks to Mike Lagase for the excellent ExPerfWiz script, and Amit Tank at for his article on scheduling Exchange tasks. And obviously thanks to technet, where I’ve ripped great chunks of this from.



if you want the script to mail you a little email to say it’s done, or similar, then you’ll want to read Morgen Simonsen’s blog, here:


you may also find it useful to have a mail method that avoids CDOSYS altogether:

Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: