Masterclass: Troubleshooting and Monitoring Techniques for Windows Infrastructure – From Zero to Hero

Inquire Now

Why are we doing this?

This is a deep dive training on infrastructure monitoring! We would like to say, “Finally!” It took a long time to prepare good examples, tools and scenarios for you! Regular monitoring ensures that you always have up-to-date knowledge about how particular components of your infrastructure operate.

The most important thing in monitoring is to work out the baseline that can be a good reference to identify problems and to analyze some specific conditions of infrastructure components to operate. In vast majority of cases operating system troubleshooting involves monitoring, from analysis of the boot process to network performance or even particular processes. During the seminar you will become familiar with great monitoring tools and their efficient usage and several techniques for monitoring infrastructure components and their particular working phases.

All exercises are based on Windows Server 2012 R2, Windows 8.1 and Windows Server 2016 and Windows 10.

Paula says: You will not find a better course on troubleshooting Windows. But be careful – it is a real deep-dive. After this course you will understand mechanisms that affect potential issues. Be prepared for the great tracing examples and issues to be solved!

Course Syllabus

Module 1

Becoming familiar with Tools


Module covers discussion and practical usage of chosen tools, below is the list of all the tools that can be covered during the seminar. We will choose the most interesting ones:

Performance Monitor, PAL, Process Monitor, Process Explorer, MPSReport, SPSReport, SPDisposeCheck, Dependency Walker, SQL Nexus, LogParser, Indihiang, PowerShell, Application Verifier, Logger/LogViewer, XPerf – Windows Performance Analyzer, PerfView – Low Level Profiler for .NET applications, DebugDiag – Debug Diagnostic, ProcDump, WinDbg, Netmon, Fiddler – HTTP Debugger Proxy, NP .NET Profiler and other useful ones!

Module 2

Operating system monitoring techniques


This module covers generic system monitoring to learn the basics of monitoring. It is a great introduction to go further with detailed monitoring. Activities include:

  • Monitoring system activities
  • Profiling system and application activities
  • Monitoring resource usage per process / thread / functions
  • Usage of default and custom symbols
  • Performance Monitor usage cases

Module 3

Memory Analysis techniques


This module explains to students what is happening in the memory, how it works, how to get into it and how to monitor it. Students except for memory analysis will practice debugging memory dumps. Activities include:

  • Performing memory dumps
  • Support for very large heaps (gigabytes)
  • Snapshot diffing
  • Analysis of the dump files (.dmp)
  • Case study: solving problems with applications

Module 4

Advanced disk performance analysis


Within this module students will become familiar with disk performance monitoring – starting with RAIDs, ending up with cluster configuration techniques. For some server roles cluster size really matters, so that administrators can achieve the best performance in specific infrastructure configuration.

Module 5

Xperf and usage scenarios


Several tools allow to get very detailed information about the system performance. This is needed when you have to figure out these delicate problems that slow servers down. Students in this module gain knowledge about how to monitor several operating system components and how to cope with the every-day situations like: processor usage, disk usage, memory usage, network activity, slow booting and other. Activities include:

  • Installing the Windows Performance Toolkit (WPRUI, WPR, Xperf)
  • WPR/Xperf: Capturing high CPU, disk I/O, file, registry, networking, memory bytes, paged pool/nonpaged pool and/or application slowness.
  • Slow Boot Slow Logon (SBSL) case
  • Solving problems with slow applications using custom symbols
  • Stack Walk

Module 6

Kernel Mode and User Mode monitoring techniques


From the continuity perspective, blue screen is always an unpleasant experience. From the debugging perspective – we have just been protected from malicious things that could have happen to operating system integrity. Blue screen is positive in its own way – it helps to intricate who caused the problem, it needs to be analyzed though. Within this module students will become familiar with kernel mode and user mode techniques and tools.

Module 7

Network monitoring


Starting from simple network sniffing, ending up with advanced network monitoring to the size of the buffers written. Several techniques used during the training.

  • Sniffing techniques
  • Monitoring network usage by processes
  • Monitoring network stack (stackwalk)
  • Solving problems with network
Inquire Now

Click here to browse the modules:

Your teacher

Paula Januszkiewicz

Founder and CEO of CQURE

Paula Januszkiewicz is a world-renowned Security Expert. Paula loves to perform Penetration Tests, IT Security Audits, and after all she says: ‘harden’em all’! Enterprise Security MVP and trainer (MCT) and Microsoft Security Trusted Advisor. Top-speaker at world known conferences, including being No 1 speaker at Microsoft Ignite!



You should have good understanding of how operating system works.


You should have good hands-on experience in administering Windows infrastructure. At least 8 years in the field is recommended.


Ideally you should have read “Windows Internals” by Mark Russinovich book.