PRTG Manual: Monitoring via WMI
You can monitor Windows systems via Windows Management Instrumentation (WMI) and Windows performance counters. WMI is the Microsoft base technology for monitoring and managing Windows-based systems. PRTG uses this technology to access data of various Windows configuration parameters and status values. However, sensors using the WMI protocol generally have a high impact on system performance. In addition to strict WMI sensors, there are sensors that can use performance counters to monitor Windows systems.
To monitor via WMI and performance counters, it is usually sufficient to provide Credentials for Windows Systems in PRTG. However, monitoring via WMI is not always trivial and often causes issues.
If you run into issues, see the Knowledge Base: My WMI sensors don't work. What can I do?
It is also possible to use Simple Network Management Protocol (SNMP) for Windows devices. The same information is often available using any of these protocols. From a performance perspective, the preference is SNMP, then WMI or performance counters.
WMI allows access to the data of many Windows configuration parameters, as well as current system status values. Access can be local or remote via a network connection. WMI is based on COM and DCOM and is integrated in Windows versions as of Windows Server 2000. PRTG officially supports WMI for Windows 7 or later.
WoW64 (Windows 32-bit on Windows 64-bit) must be installed on target systems that run Windows Server 2016. This allows 32-bit applications to be run on 64-bit systems. This is necessary because the probe service only runs with 32-bit support. Without it, WMI sensors do not work.
To monitor remote machines, WMI sensors need Active Directory account credentials to have access to the WMI interface. You can enter these credentials in PRTG for the parent device or group, or in the Root group. The sensor then inherits these settings.
Sensors using the WMI protocol generally have a high impact on the system performance! Try to stay below 200 WMI sensors per probe. Above this number, consider using multiple Remote Probes for load balancing.
For an overview and details about all WMI sensors, see section List of Available Sensor Types.
Besides sensors that can monitor Windows systems only via WMI, PRTG provides sensors that can use a hybrid approach. If you choose the hybrid approach, these sensors first try to query data via Windows performance counters using Remote Registry Service. These Windows sensors use WMI as a fallback if performance counters are not available or cannot be read out. When running in fallback mode, PRTG tries to connect to performance counters again after 24 hours. You can change the Preferred Data Source in the Windows Compatibility Options in the Device Settings.
You can identify these hybrid sensors by looking at their categories, for example, in the Add Sensor dialog. Search directly for "windows" and select "Performance Counters" as Technology Used. Among them are various sensors with "Windows" in the name, as well as some Hyper-V sensors.
You should be aware that the performance of WMI-based monitoring is drastically limited when the monitoring station or the monitored client runs on Windows Server 2008 (R1). When it comes to network monitoring via WMI, Windows Server 2008 R2 is many times faster than Windows Server 2008 (R1).
These are not limitations of PRTG, but arise from the WMI functionality built into the Windows operating systems mentioned.
These limitations also apply to Windows Vista, which is no longer officially supported. You can still monitor machines running Windows Vista, but PRTG core server and probes are no longer supported on this operating system.
The results of our tests are:
- On Windows Server 2008 R2 or Windows 7 (and on later Windows versions), you can run most WMI sensors if you provide optimal conditions, such as running the core and the target systems exclusively under Windows Server 2008 R2 and being located within the same LAN segment. Actual performance can be significantly lower depending on network topology and WMI health of the target systems—we have seen configurations that could not go beyond 500 sensors (and even less).
- On Windows 2008 (R1), you can run about 300 WMI sensors with a 1-minute scanning interval.
- The more Windows 2008/Windows 7 client systems you have in your network, the more the WMI monitoring performance is affected.
- System performance (CPU, memory, etc.) of virtualization does not strongly affect WMI monitoring performance.
If you want to use WMI for network monitoring of more than 20 or 30 systems, consider the following rules:
- Do not use Windows 2008 (R1) as monitoring stations for WMI-based network monitoring.
- Use Windows Server 2008 R2 (or later Windows versions) for WMI-based network monitoring instead.
- Consider setting up remote probes for the WMI monitoring. You still get far better WMI monitoring performance with a remote probe on a virtual machine (VM) running Windows Server 2008 R2 than on any bare metal system running Windows 2008.
- Consider switching to SNMP-based monitoring for large networks. Using SNMP, you can monitor 10 times as many nodes than with WMI on the same hardware.
Knowledge Base: My WMI sensors don't work. What can I do?
Knowledge Base: Which WQL queries are used by the PRTG WMI sensors?
Knowledge Base: Why do I receive the sensor error message 'Connection could not be established (code: PE015)'?
Video Tutorial: Bandwidth Monitoring with SNMP and WMI
Tool: Paessler WMI Tester. A useful freeware tool to test WMI connections. Tests the accessibility of WMI (Windows Management Instrumentation) counters.