Using FileMon to troubleshoot MSMQ Performance Counters

  • Article

Here's a simple case study for one way of troubleshooting MSMQ performance counters.

The symptoms are that the MSMQ-specific counters are not visible and efforts to load them using LODCTR (as per KB article 936493) result in:

Event Type: Error
Event Source: LoadPerf
Event Category: None
Event ID: 3009
Date: 7/1/2007
Time: 1:26:17 PM
Computer: MYSERVER
Description:
Installing the performance counter strings for MSMQ failed. The Error code is DWORD 0 of the Record Data.
Data:
0000: a1 00 00 00 ¡...   

The "Record Data" is OxA1, or 161 decimal, which is ERROR_BAD_PATHNAME, or “The specified path name is invalid”.

A good tool to determine what it is complaining about is FileMon and here's a sample output from monitoring LODCTR.EXE:

50 3:53:37 PM LODCTR.EXE:3376 QUERY INFORMATION C:\WINNT\system32\LODCTR.EXE SUCCESS FileNameInformation
51 3:53:37 PM LODCTR.EXE:3376 OPEN C:\Documents and Settings\Administrator SUCCESS Options: Open Directory Access: Traverse
52 3:53:37 PM LODCTR.EXE:3376 OPEN C:\WINNT\system32\loadperf.dll SUCCESS Options: Open Access: All
53 3:53:37 PM LODCTR.EXE:3376 QUERY INFORMATION C:\WINNT\system32\loadperf.dll SUCCESS Attributes: N
54 3:53:37 PM LODCTR.EXE:3376 CLOSE C:\WINNT\system32\loadperf.dll SUCCESS

and so on until

110 3:53:37 PM LODCTR.EXE:3376 OPEN C:\Documents and Settings\Administrator\mqprfsym.h FILE NOT FOUND Options: Open Access: All
111 3:53:37 PM LODCTR.EXE:3376 OPEN C:\Documents and Settings\Administrator\mqprfsym.h FILE NOT FOUND Options: Open Access: All
112 3:53:37 PM LODCTR.EXE:3376 CLOSE C:\Documents and Settings\Administrator SUCCESS

so it can be seen that LODCTR.EXE is looking for the file MQPRFSYM.H in the current directory in the Command Prompt window. MQPRFSYM.H should already exist in the System32 directory, as discussed in 316565 How to perform an unattended installation of Message Queuing without the Windows 2000 CD

and in this case it did. Changing the current directory for the Command Prompt to c:\windows\system32 and trying LODCTR.EXE again resolved the "file not found":

Event Type: Information
Event Source: LoadPerf
Event Category: None
Event ID: 1000
Date: 7/3/2007
Time: 6:15:51 PM
Computer: MYSERVER
Description:
Performance counters for the MSMQ service were loaded successfully.

The Record Data contains the new index values assigned to this service.
Data:
0000: ae 13 00 00 ec 13 00 00 ®...ì...
0008: af 13 00 00 ed 13 00 00 ¯...í...

Checking the Path environment variable, it was seen that there were incorrect directory entries which were confusing LODCTR.EXE.