Last, there's tracing with the Event Tracing for Windows (ETW) subsystem which almost every Windows component subscribes to, and a lot of 3rd party applications do as well (the older it is the less likely it is to do this, but ETW has been in Windows in one form or fashion since Windows 2000.). This also means you'll understand printing more (as the print spooler is based on the RPC/COM model and touches on the networking side a lot as well for obvious reasons), Remote Desktop Protocol (RDP), the way browsers work, Windows Management Instrumentation (WMI), and more. Remote Procedure Calls and the Component Object Model (RPC / COM) underpin a wide variety of system services and applications that run on top of them, so starting to go down that route as you grow your time on Windows as a troubleshooter will help you understand more how Windows processes and drivers talk to each other and even to themselves. If you want to troubleshoot things that might be filesystem-related, understanding the basics of the Windows filesystem NTFS (less so FAT32 and REFS) is a great place to start. More specifically, it does kind of depend on where you're starting from as a base of knowledge, like anything, but for Windows a good fundamental understanding of networking and the way networks and protocols work outside of Windows can help greatly when you're troubleshooting things happening over a network. Also, while Microsoft might have a lot of convoluted terminology (and remembering an NT-based system is essentially designed in the VMS model as it's main developers were from DEC and were involved on, and even helped architect, VMS), they do document the basics of their systems and the APIs that everything uses quite thoroughly, and those are great guides and reference material no matter how green or veteran you are on Windows. Generically, and perhaps ironically, is a great place to learn the basics of how Windows works outside of building a lab and breaking it yourself. There will be people who disagree, but frankly, if you're not willing and/or able to learn how a system works and interacts at more than the most fundamental levels, anything is going to be hard for you to work on. Neither of those people are going to have fun and I can understand the sentiment, but I cannot say this enough - Windows is not hard to debug and diagnose if you're willing to learn a few basics. Any time someone says "Windows is hard to troubleshoot", we've either found the potentially poor soul sent to support a Windows user who's not a Windows admin/support person, or the front line tech who was given a phone, laptop, maybe a book (maybe not), and told to go "figure it out". There's a whole event tracing subsystem above and beyond the event logging system (which are themselves event tracing logs), not to mention all of the debug logging you can enable (or even run a checked build if you want to repro with a ton of extra information for windbg/kd/etc). Yeah - Windows is one of the most instrumented things anyone will ever have to troubleshoot.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |