Create a rule to view the memory usage of WMI process in Windows 2008/2008 R2 (and 2012/2012 R2) agent managed computers.
As described here by Kevin Holman, there is a known WMI (KB981314) leak in 2008 R2 and Win 7 operating systems.
For those who want a to monitor and alert for this, here is how to do it.
(Note: Obviously there are other methods for reporting on the presence of the hotfix but for those without the luxury, this will be a nice little help)
Lab assumptions:
- SCOM 2012 R2 RU3
- Rule management pack created
In SCOM Console > Authoring
Authoring > Management Pack Objects > Rules
1. Create a new rule
2. Select a Windows Performance monitor
3. Assign the new rule to a predefine unsealed management pack
4. Select the rule target > Select > filter ‘Windows Server 2008 Operating System’ (or whatever your desired rule will need to target)
5. Enter an appropriate name that makes sense to you
6. You could manually choose your counter but I always use the select (which gets it’s info from the local perf mon)
(At this point, you could choose anything else to monitor)
Choose Process object > Private Bytes > WmiPrvSE
Click OK and your counter will be defined
7. Leave the optimization as default
8. Create!
To check out your handy work…
My Workspace > new Performance View
Name it accordingly. Don’t be lazy, give it a description..
In the criteria tab, choose your object scope, group (if required), condition and selections.
Select the desired rules (I am targeting the two WMI leak rules created in another post)
Choose your items in the view and check out your results.
Done!
Cheers’
Dan