Exchange/EXO/Outlook performance and troubleshooting

Troubleshooting Logs and Tools https://blogs.technet.microsoft.com/exchange/2016/05/31/checklist-for-troubleshooting-outlook-connectivity-in-exchange-2013-and-2016-on-premises/ SaRA tool to assess OUTLOOK client: https://diagnostics.outlook.com/#/ Also on CTRL + right click on OUTLOOK icon on the system tray! to get the connection status Test connectivity from outside using: https://testconnectivity.microsoft.com/ Also check potential source of problems: Check ADFS policies Check set-CASmailbox – (post authentication) ; if POP or imapContinue reading “Exchange/EXO/Outlook performance and troubleshooting”

Windows forensic: Sysmon

Download sysmon: NEW: Sysmon 12 is available (with new eventID to log copy to the clipboard)! : https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon and how to use it: WMI detections: https://rawsec.lu/blog/posts/2017/Sep/19/sysmon-v610-vs-wmi-persistence/ MITRE framework – sysmon coverage: https://attack.mitre.org/ Installation and usage: Azure Sentinel – monitor servers using Sysmon https://github.com/topics/sysmon https://github.com/clong/DetectionLab https://github.com/olafhartong/sysmon-modular https://github.com/ion-storm/sysmon-config https://github.com/SwiftOnSecurity/sysmon-config List of web resources concerning Sysmon: https://github.com/MHaggis/sysmon-dfir Motiba:Continue reading “Windows forensic: Sysmon”

Slow boots and slow logons – How to use Xperf,Xbootmgr, Procmon, WPA?

Troubleshooting slow logons: http://blogs.technet.com/b/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-1.aspx http://blogs.technet.com/b/askds/archive/2009/09/24/so-you-have-a-slow-logon-part-2.aspx Logon process: http://fr.slideshare.net/ControlUp/understanding-troubleshooting-the-windows-logon-process Tools for troubleshooting: http://social.technet.microsoft.com/wiki/contents/articles/10128.tools-for-troubleshooting-slow-boots-and-slow-logons-sbsl.aspx http://social.technet.microsoft.com/wiki/contents/articles/10123.troubleshooting-slow-operating-system-boot-times-and-slow-user-logons-sbsl.aspx And powershell: http://blogs.citrix.com/2015/08/05/troubleshooting-slow-logons-via-powershell/ Analyze GPOs load time: http://www.controlup.com/script-library/Analyze-GPO-Extensions-Load-Time/ee682d01-81c4-4495-85a7-4c03c88d7263/   How to use Xperf, Xbootmgr, Procmon, WPA? xperf;xbootmgr;xperfview comes from Windows ADK (Windows performance toolkit sub part). Procmon is a sysinternal tool. http://superuser.com/questions/594625/how-can-i-analyze-performance-issues-before-during-the-logon-process http://blogs.technet.com/b/askpfeplat/archive/2012/06/09/slow-boot-slow-logon-sbsl-a-tool-called-xperf-and-links-you-need-to-read.aspx http://social.technet.microsoft.com/wiki/contents/articles/10128.tools-for-troubleshooting-slow-boots-and-slow-logons-sbsl.aspx Other interesting articles: http://blogs.technet.com/b/askpfeplat/archive/2014/10/27/becoming-an-wpa-xpert-part-11-troubleshooting-long-group-policy-processing.aspx https://www.autoitconsulting.com/site/performance/windows-performance-toolkit-simple-boot-logging/ https://randomascii.wordpress.com/2012/09/04/windows-slowdown-investigated-and-identified/ https://randomascii.wordpress.com/2013/04/20/xperf-basics-recording-a-trace-the-easy-way/  Continue reading “Slow boots and slow logons – How to use Xperf,Xbootmgr, Procmon, WPA?”

How to monitor system performance ?

Useful tools and techniques to monitor system performance on a Windows computer: 1- configure perfmon to capture data in a blg file format (using logman utility and task scheduler) 2- use the perform flowchart (VSBS document) 3- create a report using the VSBS powerpoint template 4- alternatively use also sysinternal tools, Server Performance Advisor Which Tools?Continue reading “How to monitor system performance ?”

Enabling debug logging for the NetLogon service

The version of Netlogon.dll that has tracing included is installed by default. To enable debug logging, set the debug flag that you want in the registry and restart the service by using the following steps: Start the Regedt32 program. Delete the Reg_SZ value of the following registry entry, create a REG_DWORD value with the sameContinue reading “Enabling debug logging for the NetLogon service”

Performance tuning guidelines for Windows 2008 R2,2012

http://msdn.microsoft.com/en-us/library/windows/hardware/dn529134