Perfmon: ‘Unable to Add These Counters’

I found myself in a situation recently where a Windows Server 2012 R2 instance suddenly began suffering from high CPU utilisation. Briefly watching process CPU usage in Task Manager showed the Windows Management Instrumentation (WMI) service to be the culprit.

I ended up down a rabbit hole and will include some of the debugging steps I followed and results found.

Verified WMI works correctly locally using wbemtest

Verified WMI can connect remotely with wbemtest using a monitoring service account

Ran winmgmt /verifyrepository to verify WMI repository is not corrupt

Verified C:\Windows\System32\wbem\Repository\objects.data file is not excessively large

Ran queries with wbemtest. All queries to Win32_PerfRawData, Win32_PerfFormattedData and Win32_Perf failed but other queries ran successfully.

Verified no Windows Updates with WMI fixes were available.

Reviewed Event Viewer and could see ~1400 events within a 5 hour period similar to those described in this Microsoft kb https://support.microsoft.com/en-us/help/3124914/wmi-activity-event-5858-logged-frequently-with-resultcode-0x80041032

Re-registered all DLLs and recompiled .mofs in wbem folder.

Re-registered WMI Service and provider.

At this point all roads were leading to WMI database corruption that was being missed by winmgmt but I didn’t want to force a rebuild without hard evidence. Finally, I opened perfmon.msc and was greeted with the following-

Unable to add these counters:

\Memory\Available MBytes
\Memory\% Committed Bytes In Use
\Memory\Cache Faults/sec
\Memory\Cache Faults/sec
\PhysicalDisk(*)\%Idle Time
\PhysicalDisk(*)\Avg. Disk Queue Length
\Network Interface(*)\Bytes Total/sec

Bingo.

One short command to rebuild performance counters-

lodctr /r

This can be verified with-

lodctr /q

3 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *