- install WPT on the affected host. WPT is part of ADK. Or they can just download this archive – extract it on the server into C:\msdata folder. They should have at least 5Gb free space on that disk
- Run elevated CMD and execute:
#perf_counters
logman delete %computername%_IO
logman create counter %computername%_IO -c “\LogicalDisk(*)\*” “\Memory\*” “\Network Adapter(*)\*” “\Network Interface(*)\*” “\Paging File(*)\*” “\PhysicalDisk(*)\*” “\Process(*)\*” “\Processor Information(*)\*” -max 512 -f bincirc -si 00:00:01 -ow
logman start %computername%_IO
#etw_trace
C:\msdata\xperf -on PROC_THREAD+LOADER+PROFILE+INTERRUPT+DPC+FILENAME+FILE_IO+FILE_IO_INIT+FLT_IO_INIT+FLT_IO+FLT_FASTIO+FLT_IO_FAILURE+DISK_IO+DISK_IO_INIT -stackwalk Profile+FileCreate+FileCleanup+FileClose+FileRead+FileWrite+FileSetInformation+FileDelete+FileRename+FileDirEnum+FileFlush+FileQueryInformation+MiniFilterPreOpInit+MiniFilterPostOpInit+DiskReadInit+DiskWriteInit+DiskFlushInit -BufferSize 1024 -MinBuffers 256 -MaxBuffers 2048 -MaxFile 4096 -FileMode Circular
- In the folder C:\msdata create data_stop.cmd with following content:
logman stop %computername%_IO
C:\msdata\xperf -d C:\msdata\io.etl
- Then ask customer to find an event id 17883 in the application event log, do right click -> attach and “attach task to this event”, in action for the task point it to the script – C:\msdata\data_stop.cmd
- Also make sure following options set for the task:
Run whehet user is logged on or not
Runt with Hihgest privileges
Test it, write to the app event log:
Write-EventLog -LogName Application -EntryType Error -Source MSSQLSERVER -EventId 17883 -Message “TEST ERROR EVENT – PLEASE IGNORE IT.”
Test if they are running:
xperf -loggers “NT Kernel Logger”
or
logman query “NT Kernel Logger” -ets
If session exist – trace is running.