PRTG Manual: Monitoring via WMI

You can monitor Windows systems via Windows Management Instrumentation (WMI) and Windows performance counters. WMI is the Microsoft base technology for monitoring and managing Windows-based systems. PRTG uses it to access data of various Windows configuration parameters and status values. Note that sensors that use the WMI protocol generally have a high impact on system performance. In addition to strict WMI sensors, there are sensors that can use performance counters to monitor Windows systems.

To monitor via WMI and performance counters, it is usually sufficient to provide credentials for Windows systems in PRTG. However, monitoring via WMI is not always trivial and can cause issues.

i_square_cyanIf you run into issues with WMI, see the Knowledge Base: My WMI sensors don't work. What can I do?

It is also possible to use Simple Network Management Protocol (SNMP) for Windows devices. The same information is often available using any of these protocols. Regarding performance, the preference is SNMP, then WMI or performance counters.

How WMI Works

WMI allows access to the data of many Windows configuration parameters, as well as system status values. Access can be local or remote via a network connection. WMI is based on COM and DCOM and is integrated in Windows versions as of Windows Server 2000. PRTG officially supports WMI as of Windows 10, although it can use some WMI sensors on systems that run as of Windows 7.

i_round_redWoW64 (Windows 32-bit on Windows 64-bit) must be installed on target systems that run Windows Server 2016. This allows 32-bit applications to be run on 64-bit systems. This is necessary because the PRTG probe service only runs with 32-bit support. Without it, WMI sensors do not work.

To monitor remote machines, WMI sensors need Active Directory account credentials to have access to the WMI interface. You can enter these credentials in the settings of the parent device or group, or in the root group. The sensor then inherits these settings.

i_round_redSensors using the WMI protocol generally have a high impact on the system performance. Try to stay below 200 WMI sensors per probe. Above this number, consider using remote probes for load balancing.

i_square_cyanFor more information about all WMI sensors, see section Available Sensor Types.

Monitoring Windows Systems: Performance Counters

Besides sensors that can monitor Windows systems only via WMI, PRTG provides sensors that can use a hybrid approach. If you choose the hybrid approach, these sensors first try to query data via Windows performance counters using the Remote Registry service. These Windows sensors use WMI as a fallback if performance counters are not available or cannot be read out. When running in fallback mode, PRTG tries to connect to performance counters again after 24 hours. You can change the Preferred Data Source in the Windows Compatibility Options in the device settings.

i_round_blueYou can identify these hybrid sensors by looking at their categories, for example, in the Add Sensor dialog. Search directly for "windows" and select "Performance Counters" as Technology Used. Among them are various sensors with "Windows" in the name, as well as some Hyper-V sensors.

Limitations of WMI on Windows Server 2008 (R1)

You should be aware that the performance of WMI-based monitoring is drastically limited when the monitoring station or the monitored client runs on Windows Server 2008 (R1). When it comes to network monitoring via WMI, Windows Server 2008 R2 is many times faster than Windows Server 2008 (R1).

i_round_blueThese are not limitations of PRTG. They arise from the WMI functionality built into the Windows operating systems mentioned.

i_round_blueThese limitations also apply to Windows Vista, which is no longer officially supported. You can still monitor machines that run Windows Vista, but the PRTG core server and probes are no longer supported on this operating system.

The results of our tests are:

  • As of Windows Server 2008 R2 or Windows 7, you can run most WMI sensors if you provide optimal conditions, such as running the PRTG core server system and the target systems exclusively under Windows Server 2008 R2 and being located within the same LAN segment. Actual performance can be significantly lower depending on the network topology and the WMI health of the target systems. We have seen configurations that could not go beyond 500 sensors (and even less).
  • On Windows 2008 (R1), you can run about 300 WMI sensors with a 1-minute scanning interval.
  • The more Windows 2008/Windows 7 client systems you have in your network, the more the WMI monitoring performance is affected.
  • System performance (CPU, memory, etc.) of virtualization does not strongly affect WMI monitoring performance.

If you want to use WMI for network monitoring of more than 20 or 30 systems, consider the following rules:

  • Do not use Windows 2008 (R1) as monitoring stations for WMI-based network monitoring.
  • Use at least Windows Server 2008 R2 for WMI-based network monitoring instead.
  • Consider setting up remote probes for the WMI monitoring. You still get far better WMI monitoring performance with a remote probe on a virtual machine (VM) running Windows Server 2008 R2 than on any physical system running Windows 2008.
  • Consider switching to SNMP-based monitoring for large networks. Using SNMP, you can monitor 10 times as many objects than with WMI on the same hardware.

More

i_square_blueKNOWLEDGE BASE

My WMI sensors don't work. What can I do?

Which WQL queries are used by the PRTG WMI sensors?

Why do I receive the sensor error message 'Connection could not be established (code: PE015)'?

 

i_playVIDEO TUTORIAL

Bandwidth monitoring with SNMP and WMI

 

i_toolsPAESSLER TOOLS

WMI Tester