Windows Management Instrumentation WMI


WMI Diagnostics utility

Command line to check whether WMI is working or not on a server:

wmic computersystem get name





Copy paste from Technet.Microsoft.

Robocopy (the name is short for Robust File Copy) was introduced with the Windows Server 2003 Resource Kit and is included in all editions of Windows 7. Its many strengths include the ability to copy all NTFS file attributes and to mirror the contents of an entire folder hierarchy across local volumes or over a network. If you use the right combination of options, you can recover from interruptions such as network outages by resuming a copy operation from the point of failure after the connection is restored.

The Robocopy syntax takes some getting used to. If you’re familiar with the standard Copy and Xcopy commands, you’ll have to unlearn their syntax and get used to Robocopy’s unconventional ways. The key difference is that Robocopy is designed to work with two directories (folders) at a time, and the file specification is a secondary parameter. In addition, there are dozens of options that can be specified as command-line switches. The basic syntax is as follows:

robocopy source destination [file [file]…] [options]

The source and destination parameters are specified as drive:\path or \\server\share\path. The file parameter can contain one or more literal file names, or it can use the familiar ? and * wildcards. Available options include dozens of switches that control copying, file selection, retry options, and the ability to create log files. For instance, this command copies the contents of one folder and all its subfolders from a local drive E to a shared folder on a Windows Home Server:

robocopy “E:\test” \\server\public\test\ /MIR /W:20 /R:15 /LOG: \\server\public\logs

The /MIR switch tells Robocopy you want to mirror the two folders, copying all folders (even empty ones) from the source directory and purging folders from the destination if they no longer exist on the source. The /W and /R switches set the wait and retry options; in this case, Robocopy will retry each copy up to 15 times, waiting 20 seconds between attempts. (The defaults allow 1 million retries, at 30-second intervals, allowing copy operations to complete when an open file is closed, even if hours or days have passed since the command was first launched.)

To see the full syntax, type robocopy /? at a command prompt.

Robocopy is a powerful tool, capable of moving, copying, and deleting files and folders faster than you can say “Whoops.” We recommend experimenting with commands using nonessential files and folders first; when you’re comfortable that you understand the effects of the syntax you’re using, you can run the command against real data files.

And if you aren’t keen on the idea of using a command-line tool, take heart. Microsoft engineer Derk Benisch has written a graphical front end that allows you to build a command by selecting check boxes instead of entering switches.

Robocopy GUI adds more than usability to Robocopy; it also lets you create a library of commonly used copy scripts.

Robocopy GUI:

Protocols used for Monitoring – WMI, SNMP, SSH, IPMI

While assigning systems into Monitoring we need to mention the protocol for the particular system we want to monitor. Power Admin Server Monitor requires you to mention this.

WMI – Windows servers uses WMI (Windows Management Instrumentation)

SNMP – Windows and Linux servers uses SNMP (Simple Network Management Protocols)

SSH – Linux and firewalls uses SSH protocol (Secure Shell)

IPMI – Dell DRAC, HP iLo, Dell RSA uses IPMI (Intelligent Platform Management Interface)


Screenshot from Power Admin Server Monitor

Reliability Monitor

I recently discovered one hidden gem in Windows albeit lately… it is Reliability Monitor

How do you see what caused an issue with the computer in the past ? You can use Event viewer in general but it is tedious. Windows 7 or Windows 2008 R2 and above you can use Reliability Monitor. This is a GUI and OS built-in tool. Also very easy to use.

How to access this application, Press Windows Key and type Reliability




Important services in Windows Domain controller

Active Directory Domain Services

AD DS domain controller service. If this service is stopped, users will be unable to log on to the network.

Provides domain controller service. Stopping the service will stop the server acts as a Domain controller.

Active Directory Web Services

Provides web service interface to  AD DS and AD LDS (Lightweight Directory Service) that running locally on this server.

Required for AD PowerShell module, AD Administrative center to work.

DHCP client

This service is responsible for registering IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive DHCP IP address and DNS updates.

File Replication Service (FRS)

Synchronizes folders with file servers that use FRS instead of newer DFS replication technology.

Distributed File System Replication (DFSR)

DFSR is used to replicate contents of SYSVOL between domain controllers. SYSVOL contains Group Policy, logon and logoff scripts (if any). Stopping this service will have effect on Group Policies, logon and logoff scripts etc.

DFSR replaces FRS starting with Windows server 2008.

In Windows Server 2008 R2, File Replication Service (FRS) cannot be used for replicating Distributed File System (DFS) folders or custom (non-SYSVOL) data. A Windows Server 2008 R2 domain controller can still use FRS to replicate the contents of the SYSVOL share in a domain that uses FRS for replicating the SYSVOL share between domain controllers. However, Windows Server 2008 R2 servers cannot use FRS to replicate the contents of any replica set apart from the SYSVOL share.

DNS Client

This service caches DNS names and registers the full computer name for this computer.

DNS Server

Provides Name resolution service to clients by answering DNS queries and dymanic DNS update requests. If this service is stopped, DNS updates will not occur.

Kerberos Key Distribution Center (KDC)

On DC this service enables users to log on to the network using Kerberos authentication protocol.


Maintains a secure channel between this computer and the domain controller for authenticating users and services.This secure channel is used for authentication (Kerberos and NTLM) and DC replication.

If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records.

  • This service is responsible for creating Secure Channel between Domain Controllers and client computers. Secure Channel is created to pass the authentication packets.
  • Service performs the registration of SRV records, CNAME and other DC records in the DNS Server to advertise the availability of Domain Controllers in the domain.
  • SRV Records registered by NetLogon Service are stored in C:\Windows\System32\Config\NetLogon.DNS File.
  • Performs registration of SRV Records every 24 hours depending on the version of Operating System in use.
  • Registers the SRV Records for a site where there is no Domain Controller. This is called Site Coverege.

Remote Desktop Services

Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop session Host Server depend on this service.

Windows Time

Maintains date and time synchronization on all clients and servers on the network.

Acts as Network Time Protocol (NTP) client and NTP time server. w32time.exe command line tool for troubleshooting issues such as computer is unable to sync time with authoritative source.


Info from Various sources including

Windows Blue Screen of Death (BSOD)

Today afternoon my Windows 7 laptop suddenly posted Blue Screen of Death (BSOD) screen. So I thought it is a good idea to learn about it and post it in my blog.


Screenshot from:


BSOD is usually caused by Hardware issues and System software (drivers, OS etc) issues. Ex: RAM is not properly inserted into the DIMM Slot. Newly installed software that causes issues for example Bluetooth drivers.


Most of the time the system gets up and running after a restart for software issues. For Hardware issues, remove and clean the RAM / HDD, blow air into DIMM / Sata inputs and re-insert RAM / HDD.


If you carefully read the BSOD screen you can see the cause of the issue. In case if you missed it and after the restart if your machine is working. You can check the dump file using NirSoft BlueScreenView application.

NirSoft BlueScreenView application.

This is a free software and I downloaded it from

It is a Zip file. Just download and unzip and execute it. It would not install. It automatically picks up the dump file and list the error. As you can see crash happened to my laptop was due to Bluetooth system file / driver.



Install Microsoft Debug Diagnostics 2 update 2 (as of Jan 2017 this is the latest version) to analyze the dump file.



Now right click and open it by selecting “Analyze Crash/Hang issue”. DebugDiag will open it via Internet Explorer.