<%NUMBERING1%>.<%NUMBERING2%>.<%NUMBERING3%> PRTG Manual: Monitoring via WMI

You can monitor Windows systems via Windows Management Instrumentation (WMI) and Windows Performance Counters. WMI is the Microsoft base technology for monitoring and managing Windows based systems. PRTG uses this technology to access data of various Windows configuration parameters and status values. However, sensors using the WMI protocol generally have a high impact on system performance. In addition to strict WMI sensors, there are sensors that can use Performance Counters to monitor Windows systems.

To monitor via WMI and Performance Counters it is usually sufficient to provide Credentials for Windows Systems in PRTG. However, monitoring via WMI is not always trivial and often causes issues.

icon-book-bulbPlease see this article in our Knowledge Base if you run into issues: My WMI sensors don't work. What can I do?

 
It is also possible to use Simple Network Management Protocol (SNMP) for Windows devices. The same information is often available using any of these protocols. From a performance perspective, the preference would be SNMP, and then WMI or Performance Counters.

How WMI Works

WMI allows accessing data of many Windows configuration parameters, as well as current system status values. Access can be local or remote via a network connection. WMI is based on COM and DCOM and is integrated in Windows versions as of Windows Server 2000. (add-ons are available for Windows 9x and NT4). PRTG officially supports WMI for Windows 7 or later.

To monitor remote machines, PRTG WMI sensors need Active Directory account credentials to have access to the WMI interface. You can enter these credentials in PRTG for the parent device or group, or in the Root group. The sensor will then inherit these settings.

icon-i-redSensors using the Windows Management Instrumentation (WMI) protocol generally have high impact on the system performance! Try to stay below 200 WMI sensors per probe. Above this number, please consider using multiple Remote Probes for load balancing.

icon-book-arrowsFor an overview and details about all WMI sensors, please see the List of Available Sensor Types section.

Monitoring Windows Systems: Performance Counters

Besides sensor types that can monitor Windows systems only via WMI, PRTG provides sensor types that can use a hybrid approach. If you choose the hybrid approach, these sensors will first try to query data via Windows Performance Counters using Remote Registry Service. These Windows sensors use WMI as a fallback if Performance Counters are not available or cannot be read out. When running in fallback mode, PRTG re-tries to connect to Performance Counters after 24 hours. You can change the Preferred Data Source in the Windows Compatibility Options in the Device Settings.

icon-i-roundYou can identify these hybrid sensors by looking at their categories, for example, in the add sensor dialog. Search directly for "windows" and select "Performance Counters" as Technology Used. Among them are various sensors with "Windows" in the name, as well as some Hyper-V sensors.

Limitations of WMI on Windows Server 2008 (R1)

You should be aware that performance of WMI based monitoring is drastically limited when the monitoring station or the monitored client runs on Windows Server 2008 (R1). When it comes to network monitoring via WMI, Windows Server 2008 R2 is many times faster than Windows Server 2008 (R1).

icon-i-roundThese are not limitations of PRTG, but arise from the WMI functionality built into the Windows operating systems mentioned.

icon-i-roundThese limitations also apply to Windows Vista, which is no longer officially supported. You can still monitor machines running Windows Vista, but PRTG core server and probes are no longer supported on this operating system.

The results of our tests are:

  • On Windows Server 2008 R2 or Windows 7 (and on later Windows versions) you can run most WMI sensors if you provide optimal conditions, such as running the core and the target systems exclusively under Windows Server 2008 R2 and being located within the same LAN segment. Actual performance can be significantly less depending on network topology and WMI health of the target systems—we have seen configurations that could not go beyond 500 sensors (and even less).
  • On Windows 2008 (R1) you can run about 300 WMI sensors with one minute interval.
  • The more Windows 2008/Windows 7 client systems you have in your network, the more WMI monitoring performance will be affected.
  • System performance (CPU, memory etc.) of virtualization does not strongly affect WMI monitoring performance.

If you want to use WMI for network monitoring of more than 20 or 30 systems, please consider the following rules:

  • Do not use Windows 2008 (R1) as monitoring stations for WMI-based network monitoring.
  • If possible use Windows Server 2008 R2 for WMI based network monitoring (or later Windows versions).
  • Consider setting up remote probes for the WMI monitoring. You still get far better WMI monitoring performance with a remote probe on a virtual machine running Windows Server 2008 R2 than on any bare metal system running Windows 2008)
  • Consider switching to SNMP-based monitoring for large networks. Using SNMP you can easily monitor 10 times as many nodes as with WMI on the same hardware.

More

Knowledge Base: General introduction to WMI and PRTG

Video Tutorial: Bandwidth Monitoring with SNMP and WMI

Knowledge Base: Which WQL queries are used by PRTG's WMI sensors?

Tool: Paessler WMI Tester. A useful freeware tool to test WMI connections. Tests the accessibility of WMI (Windows Management Instrumentation) counters in a quick and easy manner.

 

Sensor Technologies—Topics

Keywords: WMI,WMI Technology