Windows debugging centers on three tools: Event Viewer (logs), Services (what's running), and Performance Monitor / Task Manager (resources). PowerShell does all of it from the CLI — faster and remotable.
Event Viewer first
# the Windows equivalent of "read the logs"
Get-EventLog -LogName System -EntryType Error -Newest 30
Get-WinEvent -LogName Application -MaxEvents 50 |
Where-Object LevelDisplayName -eq 'Error'
# a specific source:
Get-WinEvent -FilterHashtable @{LogName='System'; Level=2} -MaxEvents 20
System log = OS/driver/service; Application log = apps; Security = auth. Note the Event ID and Source — they're searchable and specific.
A service won't start
Get-Service -Name MyApp Get-Service | Where-Object Status -eq 'Stopped' Start-Service MyApp ; Restart-Service MyApp sc.exe qc MyApp # config: binary path, start type, account sc.exe queryex MyApp # exit code / state
Causes. Wrong service account / password; missing dependency
(sc qc shows DEPENDENCIES); bad binary path; permission on the exe/folder; a
dependency service stopped. Event Viewer logs the exact failure + Event ID.
service account & "Logon failure"
A service running as a domain account fails after a password change/expiry with a logon error.
Update the service credentials, or use a Managed Service Account (gMSA).
Can't RDP in
- Network: reachable? port 3389 open in Windows Firewall + cloud SG/NSG?
- RDP enabled? (Allow Remote Desktop /
fDenyTSConnections=0). - User in Remote Desktop Users? Account not locked/expired?
- Too many sessions (server hits the 2-session admin limit) — use
/adminor log others off.
Test-NetConnection host -Port 3389 Get-NetFirewallRule -DisplayGroup "Remote Desktop"
High CPU / memory / disk
Get-Process | Sort-Object CPU -Descending | Select-Object -First 10 Get-Process | Sort-Object WS -Descending | Select-Object -First 10 # working set (mem) Get-Counter '\Processor(_Total)\% Processor Time' Get-Counter '\Memory\Available MBytes' Get-PSDrive -PSProvider FileSystem # disk free Get-Volume
Task Manager / Resource Monitor / Performance Monitor (perfmon) for the GUI view. For deep CPU analysis use the Windows Performance Recorder/Analyzer.
Networking
Test-NetConnection host -Port 443 # ping + port (refused vs timeout) Get-NetIPConfiguration ; Get-NetRoute Resolve-DnsName name # DNS Get-NetTCPConnection -State Listen # listening ports (ss equivalent) Get-NetFirewallProfile # firewall on?
IIS / web app
- App pool stopped/crashing →
Get-WebAppPoolState; recycle; check the pool identity. - Logs:
%SystemDrive%\inetpub\logs\LogFiles+ Failed Request Tracing. - 500.19 = bad web.config; 503 = app pool stopped; 401 = auth.
Updates & reboots
Get-HotFix | Sort-Object InstalledOn -Descending | Select -First 10 # pending reboot often blocks installs/services; check + schedule a reboot window
Quick reference
Get-WinEvent -LogName System -MaxEvents 50 Get-Service ; Restart-Service NAME ; sc.exe qc NAME Get-Process | Sort CPU -Descending | Select -First 10 Test-NetConnection host -Port N ; Get-NetTCPConnection -State Listen Get-PSDrive -PSProvider FileSystem