Protocols used for Monitoring – WMI, SNMP, SSH, IPMI

While assigning systems into Monitoring we need to mention the protocol for the particular system we want to monitor. Power Admin Server Monitor requires you to mention this.

WMI – Windows servers uses WMI (Windows Management Instrumentation)

SNMP – Windows and Linux servers uses SNMP (Simple Network Management Protocols)

SSH – Linux and firewalls uses SSH protocol (Secure Shell)

IPMI – Dell DRAC, HP iLo, Dell RSA uses IPMI (Intelligent Platform Management Interface)


Screenshot from Power Admin Server Monitor


Up time / down time – 99.9999% means what ?

Please check the excellent article in Wiki:

You can see the up time / availability in web site hosting, Amazon Web Services and in many places but what that actually means ?

Below picture explains it better than multiple paragraphs.


If vCenter goes down – what will work and what doesn’t ?

Things that continue to work if vCenter is down:

  • Fault Tolerance will continue to work for the configured VMs. However, in case of a failover, no new secondary VMs will be created.
  • HA will continue to work
  • You can take snapshot of the VM by connecting to the ESXi host using vSphere client
  • VMs will continue to work
  • dvSwitch will continue to work
  • vSwitch will continue to work

What will not work?

  • vMotion will not work since vMotion requires vCenter server
  • Storage vMotion will not work
  • DRS will not work since DRS requires vMotion.
  • You cannot deploy VMs from templates
  • You cannot clone a VM

Important services in Windows Domain controller

Active Directory Domain Services

AD DS domain controller service. If this service is stopped, users will be unable to log on to the network.

Provides domain controller service. Stopping the service will stop the server acts as a Domain controller.

Active Directory Web Services

Provides web service interface to  AD DS and AD LDS (Lightweight Directory Service) that running locally on this server.

Required for AD PowerShell module, AD Administrative center to work.

DHCP client

This service is responsible for registering IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive DHCP IP address and DNS updates.

File Replication Service (FRS)

Synchronizes folders with file servers that use FRS instead of newer DFS replication technology.

Distributed File System Replication (DFSR)

DFSR is used to replicate contents of SYSVOL between domain controllers. SYSVOL contains Group Policy, logon and logoff scripts (if any). Stopping this service will have effect on Group Policies, logon and logoff scripts etc.

DFSR replaces FRS starting with Windows server 2008.

In Windows Server 2008 R2, File Replication Service (FRS) cannot be used for replicating Distributed File System (DFS) folders or custom (non-SYSVOL) data. A Windows Server 2008 R2 domain controller can still use FRS to replicate the contents of the SYSVOL share in a domain that uses FRS for replicating the SYSVOL share between domain controllers. However, Windows Server 2008 R2 servers cannot use FRS to replicate the contents of any replica set apart from the SYSVOL share.

DNS Client

This service caches DNS names and registers the full computer name for this computer.

DNS Server

Provides Name resolution service to clients by answering DNS queries and dymanic DNS update requests. If this service is stopped, DNS updates will not occur.

Kerberos Key Distribution Center (KDC)

On DC this service enables users to log on to the network using Kerberos authentication protocol.


Maintains a secure channel between this computer and the domain controller for authenticating users and services.This secure channel is used for authentication (Kerberos and NTLM) and DC replication.

If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records.

  • This service is responsible for creating Secure Channel between Domain Controllers and client computers. Secure Channel is created to pass the authentication packets.
  • Service performs the registration of SRV records, CNAME and other DC records in the DNS Server to advertise the availability of Domain Controllers in the domain.
  • SRV Records registered by NetLogon Service are stored in C:\Windows\System32\Config\NetLogon.DNS File.
  • Performs registration of SRV Records every 24 hours depending on the version of Operating System in use.
  • Registers the SRV Records for a site where there is no Domain Controller. This is called Site Coverege.

Remote Desktop Services

Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop session Host Server depend on this service.

Windows Time

Maintains date and time synchronization on all clients and servers on the network.

Acts as Network Time Protocol (NTP) client and NTP time server. w32time.exe command line tool for troubleshooting issues such as computer is unable to sync time with authoritative source.


Info from Various sources including

How to remove selective lines in Notepad++

I wanted to remove selective lines from Notepad++. The problem was, except for one word, all other words in the line were different to each other. Below steps helped me to accomplish this task.


  • Goto the search menu Ctrl+F and there to the "Mark" tab. Check "Bookmark line" (if there is no "Mark" tab update to the current version).
  • Then just enter your search term and click "Mark All"

    ==> All line containing the search term are bookmarked.

  • Now go to the Menu "Search -> Bookmark -> Remove Bookmarked lines"
  • Done.


Altiris – Search software installed on computers

Altiris console:

Reports > All Reports, then expand Reports > Discovery and Inventory > Inventory > Cross-platform > Software/Applications > Installed Software or Installed Software by Computer.  In the search box, type the software name which are installed on the computers ex: Microsoft



You can then save the output in CSV or other format. Click Save As and save it. You can later remove unnecessary fields in MS Excel.

Windows Blue Screen of Death (BSOD)

Today afternoon my Windows 7 laptop suddenly posted Blue Screen of Death (BSOD) screen. So I thought it is a good idea to learn about it and post it in my blog.


Screenshot from:


BSOD is usually caused by Hardware issues and System software (drivers, OS etc) issues. Ex: RAM is not properly inserted into the DIMM Slot. Newly installed software that causes issues for example Bluetooth drivers.


Most of the time the system gets up and running after a restart for software issues. For Hardware issues, remove and clean the RAM / HDD, blow air into DIMM / Sata inputs and re-insert RAM / HDD.


If you carefully read the BSOD screen you can see the cause of the issue. In case if you missed it and after the restart if your machine is working. You can check the dump file using NirSoft BlueScreenView application.

NirSoft BlueScreenView application.

This is a free software and I downloaded it from

It is a Zip file. Just download and unzip and execute it. It would not install. It automatically picks up the dump file and list the error. As you can see crash happened to my laptop was due to Bluetooth system file / driver.



Install Microsoft Debug Diagnostics 2 update 2 (as of Jan 2017 this is the latest version) to analyze the dump file.



Now right click and open it by selecting “Analyze Crash/Hang issue”. DebugDiag will open it via Internet Explorer.