Slow file browsing on Windows 7 with DFS and Offline Files

Today I troubleshooted a problem at a customer that we are migrating. They are running Windows 7 and their file shares are presented through DFS. All of the clients are using Folder Redirection and the laptops are also using Offline Files.

We have set up a policy that specifys the slow link threshold for Offline Files to 10 Gb/s which has the effect that the computer always is always offline and thus the user is always accessing the local file cache.

Now to the problem… when the user browsed the Offline Files in the redirected Offline Folder we experienced a delay every time we changed folder. This delay was only present when Documents was redirected to the DFS share. Since the computer was in offline mode this delay should not be present, all files access should be made locally. When the computer was completely disconnected, the delay went away.

I connected both the DFS share and the target share to a drive letter and made it available offline – no delay.

The problem turned out to be a bug with the combination of DFS, Folder Redirection, Offline Files and Library and on top of that a high latency.

The hotfix and a better explanation can be found here.

/Johan

Nice to know: What is going on during logon

When you are logging onto a Windows machine you will sometimes notice that it is taking a long time… usually you just blame GPOs and move on… If you want to get a hint on what´s taking so long you can set a GPO setting which turns on detailed information during logon

image 

There are two different settings depending on which OS you are running (pre 2008R2/2012 or later)

You will find the setting in gpedit under Computer Configuration – Administrative Templates – System

The setting is called:

Pre 2012: Verbose vs normal status messages

Post 2012: Display highly detailed messages

/Johan

Network Level Authentication… på XP!

En av mina kollegor kontaktade mig idag och sa att han försökte koppla upp sig mot vår labmiljö från kund… på en Windows XP maskin!!!!

Problemet är att alla våra servrar är Windows Server 2008 R2 eller senare så de kräver Network Level Authentication för att tillåta uppkoppling, NLA är uppenbarligen inte aktivt på Windows XP som standard.

Här finns en kort förklaring på hur man aktiverar CredSSP (vilket krävs för att NLA skall fungera) på Windows XP

Länk:

http://support.microsoft.com/kb/951608

Johan

How to monitor Windows 2008 R2 Servers from Server Manager in Windows Server 2012

This will be a very short and sweet description on how to monitor Windows Server 2008 R2 from Windows Server 2012

  1. Start by installing .NET 4 Framework on the 2008 R2 Server
  2. Install Windows Management Framework 3.0 in the 2008 R2 server
  3. Run winrm qc in an elevated command prompt on the Windows Server 2008 R2 computer
  4. To be able to use BPA on the 2008 R2 server run Enable-PSremoting –Force from an elevated PowerShell prompt
  5. Done…

Network Time Protocol

Today I would like talk a little about setting up NTP sync in Active Directory… as you might know time is quite important in Active Directory because Kerberos is dependant on it. If the time difference is higher than 5 minutes (default setting) you will not be able to log in

I visited a customer today who had a problem which meant that they could not set up NTP sync…

We used these commands to verify operations on the PDC emulator:

   1: w32tm /query /status

   2: w32tm /query /peers

   3: w32tm /query /configuration

Apparently it used local CMOS clock as a time source, so we set up external NTP peers

   1: w32tm /config /syncfromflags:manual /manualpeerlist:"0.se.pool.ntp.org,0×1 1.se.pool.ntp.org,0×1" /update /reliable:yes

… which did not help, we then did a reset of the time server settings on the PDC emulator:

   1: net stop w32time

   2: w32tm /unregister

   3: w32tm /register

   4: net start w32time

We the registered the new NTP peers:

   1: w32tm /config /syncfromflags:manual /manualpeerlist:"0.se.pool.ntp.org,0×1 1.se.pool.ntp.org,0×1" /update /reliable:yes

The server still reported that it synced from the local CMOS clock. After some looking around we found that there was a policy setting in the Default Domain Policy which disabled the NTP Client. You will find this setting in Computer Configuration – Administrative Templates – System – Windows Time Service – Time Providers and it is called Enable Windows NTP Client. So I changed it and refreshed the group policy and that did the trick

To set up the rest of the DCs to use the PDC emulator as a time source you use this command

   1: w32tm /config /syncfromflags:domhier /reliable:no /update

To enable and disable debugging of NTP use:

   1: w32tm /debug /enable /file:C:\Temp\w32tmdebug.log /size:10485760 /entries:0-300

   2: w32tm /debug /disable

To resync the computer with its time source use:

   1: w32tm /resync

To compare your NTP servers time with an external time source

   1: w32tm /stripchart /computer:0.pool.ntp.org /samples:5 /dataonly

Finally you also need to verify that your server is able to communicate to the timeserver using UDP port 123

Links

http://technet.microsoft.com/en-us/library/cc794937(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc816748(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc816838(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc780011(v=ws.10).aspx
http://blogs.technet.com/b/askds/archive/2008/11/13/configuring-an-authoritative-time-server-with-group-policy-using-wmi-filtering.aspx
http://kevingreeneitblog.blogspot.se/2011/01/hyper-v-time-synchronization-on-windows.html

Robocopy mellan Windows och Novell

Idag har jag migrerat filserver mha Robocopy och upptäckte då att trots att jag hade gjort en tidigare kopiering blev alla fler klassade som nyare och kopierades igen. Det visar sig att tidsstämplarna i Novells filsystem inte stämmer överens med de i NTFS.

Sättet att komma runt det är med hjälp av en switch i Robocopy som heter :

/FFT : Assume FAT File Times (2-second date/time granularity)

Man sänker helt enkelt upplösningen på tidsjämförelsen och då fungerar det som det skall.

Länk

http://www.conetrix.com/Blog/post/Robocopy-Incorrectly-Detects-Files-as-Newer-When-Copying-Between-Different-File-Systems.aspx