Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2001 Source: Perfdisk

Source
Level
Description
Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.
Comments
 
This error appeared in the event log. I used the command "diskperf -n" and rebooted. After running the command, I started to receive "EventID 1008 from source Perflib". I ran "diskperf -y" then rebooted and neither error appeared again.
From a newsgroup post: "To disable Performance counters add the following to both "PerfDisk" and "PerfNet" in the registry:

DWORD value: Disable Performance Counters
Value data: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet\Performance

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PerfDisk\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PerfNet\Performance

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfDisk\Performance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfNet\Performance".

See the link to "Exctrlst.exe Tool" for details on the Extensible Performance Counter List tool. As per Microsoft: "This tool provides information about the performance counter DLLs that have been installed on a computer running Microsoft Windows 2000. The tool lists the services and applications that provide performance information by using the Windows 2000 registry".
In our case, the problem was that every night at 23:30 a script started that makes a snapshot to a HP virtual disk S: that was mounted via Virtual replicator. Perfdisk would discover a new drive and start to monitor that disk. When the snapshot was done the disk was unmounted, but perfdisk was still trying to monitor that disk. Because the disk was no longer available, this error would occur in the event log every 10 sec.
Explanation:
The reason why you get this error is that the disk performance counters are permanently enabled on systems beyond Windows 2000. When you suddenly remove a drive Perfmon will still try and monitor this drive. The best way to get rid of these errors will be to use the diskperf command. Below is the syntax:

DISKPERF [-Y[D|V] | -N[D|V]] [\\computername]

  -Y  Sets the system to start all disk performance counters when the system is restarted.
  -YD Enables the disk performance counters for physical drives when the system is restarted.
  -YV Enables the disk performance counters for logical drives or storage volumes when the system is restarted.
  -N  Sets the system to disable all disk performance counters when the system is restarted.
  -ND Disables the disk performance counters for physical drives.
  -NV Disables the disk performance counters for logical drives.
  \\computername        Is the name of the computer you want to see or set disk performance counter use. The computer must be a Windows 2000 system.

I would disable my performance counters for the disks that are attached to the storage and leave the counter for the internal disks on server it self. See above for the syntax. Perfmon is not Plug-and-play, so you need to decide on how you want to implement this. Please contact me if you have further questions. See ME253251 and ME296187.
When using Compaq Insight Management agents, in a cluster environment, you might see many events like this if you reconfigure SAN storage devices online (adding/removing). To solve the problem, just restart the Insight Management agents.
I had created Performance alerts for all servers on network from one server via Perfomance MMC tool. The alerts were to monitor free MB and % of free logical disk space. After installing PERC RAID Management software from Dell and reconfiguring RAID containers, the performance monitoring service started generating thousands of the above errors on all servers. The Performance service would also automatically stop on all servers immediately after starting it. I ran Performance MMC tool and deleted the Alert configuration I had created. I then started the "Performance Logs and Alerts" service on all servers - errors are gone now. I recreated the Alerts and all is well.


Windows 2000 Performance Monitor records physical disk performance data by default. The opposite of the default for Windows NT. Logical disk entities such as storage volumes are not enabled by default, so keeps writing the perfdisk warning "Unable to read the Logical Volume information from the system. Status code returned is data DWORD 0" to the event viewer every time. To enable the logical entities we have to use diskperf command, at the command prompt, type: diskperf -y

After rebooting Windows 2000, disk monitoring for physical drives and logical drives will be available.

To see all the parameters for diskperf, issue the command: diskperf /help
To turn on physical disk counters: diskperf -yd
To turn off physical disk counters: diskperf -nd
To turn on logical disk counters: diskperf -yv
To turn off logical disk counters: diskperf -nv

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...