arcserve-KB : How to use Process Monitor (Procmon) to do advanced troubleshooting

Last Update: 2016-04-25 13:58:03 UTC


Depending on the error you are getting and which server it is occuring on it may be necessary to use a program called Process Monitor or Procmon to gather further information about the errors we see in RHA.  Process Monitor will tell you all the processes that are active on the system and which files they are accessing or linked to. 

Example:  You have a file server HA scenario and start to receive 'unable to open' file errors for certain files on the inactive replica.  This can happen if the files are in use on the inactive server while the scenario is running.  In this case Procmon could be used on the replica to show all the processes running and we would look for a process that is accessing the files that we are seeing in the RHA errors.  If we find a process that is accessing any of the files from the RHA errors we can try stopping that process to see if RHA can now properly synchronize those files.  RHA does not load a minifilter driver on the inactive server like we do on the active server.  This means if a file is in use on the inactive server we cannot get what is called a 'duplicate handle' or a 'read handle' on the file.  RHA expects all files we are replicating to not be in use on the inactive server while the scenario is running.  If a customer is using a file server scenario to replicate files created from some application and they are replicating those files to another server that also has that application installed if that application is running on the inactive server it could be trying to access the files it's receiving from RHA.  This could end up locking RHA from opening them, reading them, and updating them.  In this type of situation it is best to recreate the RHA scenario as a custom applicaiton scenario which is the same as a file server scenario but it allows you to control the services on each host.  You could have the scenario manage the service(s) for your application so when the scenario is started RHA makes sure to stop the service(s) associated with that application.


1. First download Procmon, you can get it here:

2. Copy this file to the server in question and unzip it.  Then run 'Procmon.exe'

3. The first thing I would do is stop it from scanning the whole system by pressing the magnify icon shown below:

4. Now we need to filter Procmon so its only looking in the directory where we are getting the errors and not just scanning the whole system.  Click on 'Filter' in the GUI then click 'Filter' in the drop down menu.

5. Now change the first drop down menu to 'Path', change the second drop down menu to 'contains', add the directory that contains the RHA errors for the host in question.  Now click 'add' to make sure it appears in the list below, 'include' should be on by default.  I would then uncheck all the other items below the new entry like below:

6. Procmon by default will store it's logs in the pagefile, if you would like to change this so it records it's logs to a place on a disk do the following:

a. Click on 'File' and then 'Backing Files....' and change it from 'Use virtual memory' to 'Use file named:' and then point it to where you want Procmon to store it's logs.

7.  Now you are all set to resync and try to reproduce the errors so we can collect Procmon logs for review.  If your scenario is already running I would stop and restart it.  Make sure to click on the magnify icon to start Procmon, if there is a red x on the magnify icon then Procmon is not running.  Once you have reproduced the errors and generated a Procmon log you can call support and open a case if you would like assistance finding the process that is locking the files.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request