剛剛正在群里聊得起勁呢，朋友Q我說，近幾天他有一臺web服務(wù)器訪問不是很快，而且一天當機一次，服務(wù)器系統(tǒng)資源占用消耗也并不是很大。當機時出現(xiàn)頁面幾乎打不開的情況。根據(jù)pathping 和tracert統(tǒng)計值每一個hop都不大，不存在time out的情況。重起IIS后，速度恢復(fù)，但過半天又當了。

因為這臺服務(wù)器安全一直是我在負責(zé)，呵呵，應(yīng)該不大可能出現(xiàn)被入侵的情況。于是上服務(wù)器：
查應(yīng)用程序日志發(fā)現(xiàn)有警告信息如下：
事件類型: 警告
事件來源: Perflib
事件種類: 無
事件 ID: 2003
日期:  2005-11-18
事件:  20:49:08
用戶:  N/A
計算機: SERVER00
描述:
"W3SVC" 服務(wù)的性能庫 "C:WINDOWSsystem32inetsrvw3ctrs.dll" 的配置信息  同在注冊表中保存的受信任性能庫信息不匹 配。此庫中的函數(shù)不會作為受信任函數(shù)處理。有關(guān)更多信息，請參閱在 http://go.microsoft.com/fwlink/events.asp 的幫助和支持中心。

呵呵，找到答案了，是性能記數(shù)據(jù)器在作怪，呵呵。再Search一下發(fā)現(xiàn)：

SYMPTOMSAfter you install Windows 2000 on a drive that uses the FAT or FAT32 file system (that was formatted during the installation process) and install Internet Information Services (IIS) in the same Setup process, event ID 2003 warning messages may appear in the Application event log when you start System Monitor and add counters. This issue does not occur with NTFS drives that do not have a service pack, if the FAT or FAT32 drive is formatted before you run Windows 2000 Setup, or if you add IIS later. The event ID 2003 warning message has the following text:
The configuration information of the performance library "C:/WINNT/system32/w3ctrs.dll" for the "W3SVC" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.

The configuration information of the performance library "C:/WINNT/system32/infoctrs.dll" for the "InetInfo" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.

The configuration information of the performance library "C:/WINNT/system32/aspperf.dll" for the "ASP" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted. RESOLUTIONTo resolve this problem, run the following commands at a command prompt in the %SystemRoot%/System32 folder to unload and reload the IIS performance dynamic-link libraries (DLLs). After you run these commands, the warning messages are not logged:

unlodctr w3svc
unlodctr msftpsvc
unlodctr asp
unlodctr inetinfo
lodctr w3ctrs.ini
lodctr ftpctrs.ini
lodctr axperf.ini
lodctr infoctrs.ini

將后面(紅色部份)幾條命令編輯成bat或者vbs批處理文件執(zhí)行一次，網(wǎng)站訪問速度迅速恢復(fù)。
后來要觀察一天后，確定訪問頁面難以打開就是因為此問題所致；經(jīng)過以后幾天觀察，服務(wù)器運行穩(wěn)定。

本文作者:李泊林/Leebolin  Email:Leebolin#ServerSTeam.Org
來源:　服務(wù)器安全資源網(wǎng)　服務(wù)器安全討論區(qū)
原始地址：http://www.31896.net/html/2005-11-28/2156224083.shtml
http://www.fineacer.org/SHtml/Article/4382.shtml