5

I'm trying to query DNS statistics from Windows Server 2012 via WMI.

If I run the following command in Powershell:

Get-WmiObject -Namespace root\MicrosoftDNS -Class MicrosoftDNS_Statistic | ?{ $_.Name.Contains("UDP messages allocated") } | ft Name,Value

I get the following:

Name                           Value
----                           -----
UDP messages allocated         20550
UDP messages allocated         2596235

Two statistics with the same name? And totally different values? What? So I start investigating the underlying class and I see that the class actually has:

uint32 UdpAlloc;
uint32 TcpAlloc;

Which seems obvious, and the two values above are most likely those two. But - which one is which?

It would seem like an obvious assumption that the larger number is UDP and the smaller number is TCP. But this is further complicated by the fact that there are several duplicated stats, not just this one, and some of them have lowish values that could be either TCP or UDP.

Has anyone else seen this before and worked around it?

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
  • Are there perhaps multiple instances? Can you do a `select *` instead of `ft Name,Value` at the end? – GregL Oct 07 '15 at 15:03
  • @GregL yeah I did do that before posting. I even diffed the output between the two in case I was missing something non-obvious and they are 100% identical except for the stat itself. – Mark Henderson Oct 07 '15 at 17:57
  • And I assume that things don't get any better without the `Where-Object`? – GregL Oct 07 '15 at 18:01
  • @GregL There are over 600 individual counters, and the vast majority are not overlapping, but there are about 10 or so (all from that same `DnsServerQuery2Statistics ` class) that overlap. And I'm fairly sure now after running further tests and speaking to co-workers that it's totally a WMI bug. – Mark Henderson Oct 07 '15 at 20:01
  • Could very well be, sadly I can't confirm it for you as I don't have any Server 2012 DNS systems around.. – GregL Oct 07 '15 at 20:20

1 Answers1

2

Not a great answer to this, but the behaviour I was seeing was consistent between all versions of Windows Server that had this counter, including 2016.

In the end I just consolidated the duplicate counters (I found a lot more during the course of this project) into a single counter and decided not to worry if they were TCP or UDP requests/responses.

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259