Category: Windows Server 2008 R2

So to summarize the key areas which you can look into when optimizing performance from an infrastructure point of view here is a summary of the key takeaways from TechEd session WCL326: Five infrastructure changes that will boost performance for the Windows Client.

1. Slow machine boot and login / GPOs and scripts

Use Windows Performance Toolkit (part of Windows 7 SDK) to troubleshoot what is happening during boot. Specifically narrow in one Group Policy in the section in the Generic events and look for and enable only the Group Policy provider to see what’s going on with group policies. Group policies and scripts are most often the bad guys when having performance problems with boot and login.

Also use Event Viewer > Applications and Services > Windows > Group Policy > Operational log to look for instance events with id 5326, 8000, 8001or 5016. In particular the last one is of interest as this will quickly show you which Group policy extension is taking most of the time to finish.

Cleanup, remove unnecessary settings and GPO objects. Convert scripts to Group Policy Preferences as necessary or make scripts running scheduled after startup or login to minimize the boot and login times.

2. Optimizations for RDP

Activate asynchronous login for users to speed up login for Remote Desktop Services and RemoteApp. Go to Administrative templates > Policies > System > Group Policy and set the setting for “Allow asynchronous user Group Policy processing when logging in to Remote Desktop Services”.

Three other really great tweaks found in Administrative templates > Policies > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment:

Do not allow font smoothing = Enabled
Limit maximum color depth =  Enabled, set it to 32-bit
Set compression algorithm for RDP data = Enabled, set it to Optimized to use less network bandwidth

3. SMB 2.1

To get full use of performance improvements in SMB2.1 protocol you need file servers that are running Windows Server 2008 R2 or if you are running a third party storage solution to activate SMB2.x support as that is not always activated by default and sometimes a firmware upgraded is needed.

Performance increases based on my own performance measuring are varying from 10-80% performance increase.

4. BranchCache

Activate BranchCache feature from Server Manager on the content servers you want to use with BranchCache. Require windows Server 2008 R2 on the content server. For file shares make sure to enable the BranchCache feature on the share(s) you want to use with BranchCache. Also set the group policy “Hash Publication for BranchCache” on the file server(s) found in Administrative templates > Policies > Network > Lanman Server.

To activate BranchCache on the Windows 7 client look in Administrative templates > Policies > Network > BranchCache and activate the required GPO settings.

5. Upgrade key servers to Windows Server 2008 R2

To gain use of RDP improvements, SMB2.1 improvements and actually make performance better for file handling the simple thing to do is to migrate to Windows Server 2008 R2.

BONUS 1. Microsoft tool to measure performance:

WDRAP (Risk and health Assessment Program for Windows Desktop) is a tool designed for enterprise customers that verifies overall performance, including bad drivers, apps that are causing the machine to start slowly etc. Contact your Technical Account Manager at Microsoft to get more information and analyzing the results with this tool. Microsoft themselves used this tool some time ago to improve performance in their environment, more on this in the Microsoft IT Case Study.

BONUS 2. Hotfixes related to infrastructure and performance, Windows 7 Post-SP1:

You experience a long domain logon time in Windows 7 or in Windows Server 2008 R2 after you deploy Group Policy preferences to the computer
http://support.microsoft.com/kb/2561285

Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7 (WMI issue)
http://support.microsoft.com/kb/2617858

Slow performance when you browse the My Documents folder in the document library in Windows 7 or in Windows Server 2008 R2
http://support.microsoft.com/kb/2690528

Improved interoperability between the BranchCache feature and the Offline Files feature in Windows 7 or in Windows Server 2008 R2
http://support.microsoft.com/kb/2675611

General Q and A

Q: Can I use this tool to measure performance and troubleshoot on Windows XP?
A: You can run the tool on Windows XP by copying xbootmgr and xperfctrl.dll to an XP machine. You can then analyse the results on a Windows 7 machine. However do not expect the same amount of detailed data as Windows 7 has introduced new features that are not available in Windows XP.

Any further questions around the session or the topics, feel free to leave a comment to the article or send me an email on andreas.stenhall@knowledgefactory.se.

SLIDES: Download the slides from the session WCL326

A perfect reference image for Windows is fast to deploy, contains all security updates and all other necessary patches and possibly also applications like Office and least but not last is fully automated to achieve the best possible stability and to avoid the potential of manual errors. This guide is intended to show you how to build the perfect reference image ever made!

NOTE: I have also posted this guide to TechNet Wiki where you find an improved version of this article (although the steps in the article found below is still valid): TechNet Wiki: HOW TO: Create the perfect and fully automated reference image for Windows operating systems

There is no need to invent the wheel again as this can be achieved very easy in Microsoft Deployment Toolkit. Start by downloading Microsoft Deployment Toolkit and in the components section make sure to download and install Windows Automated Installation Kit. Start Deployment Workbench and off we go!

Note: This guide applies to everyone regardless if you are deploying Window using SCCM, MDT or any third party deployment solution.

1. In Deployment workbench create a new share for creating the reference image so start by creating a new one and name it like “Reference image build and capture share” or something of your choice.

2. Add the OS install files (repeat for each OS you want to build for) into the operating systems folder. Always include the setup files so never install just a WIM file at this stage.

3. Create a task sequence based on the Standard client task sequence (repeat for each OS you want to build image for).

4. For each task sequence edit the task sequence to enable the existing but disabled “Windows Update” step(s).

5. Edit the rules of the share by right clicking it and choosing Properties. The rules (customsettings.ini) should look like below. Replace the variables BackupShare and BackupDir with whatever the share name and directory to store the images are.

[Settings]
Priority=Default
Properties=MyCustomProperty

[Default]
OSInstall=Y
SkipAppsOnUpgrade=YES
SkipCapture=YES
DoCapture=YES
SkipAdminPassword=YES
SkipProductKey=YES
SkipUserData=YES
SkipTimeZone=YES
SkipFinalSummary=YES
SkipSummary=YES
SkipLocaleSelection=YES
SkipDomainMembership=YES
SkipComputerName=YES
SkipBitlocker=YES
SkipApplications=YES
ComputerBackupLocation=NETWORK
BackupShare=\\server\share
BackupDir=Captures

6. Modify the bootstrap.ini to look like the below information. Replace the variables according to what applies to your configuration.

[Settings]
Priority=Default

[Default]
SkipBDDWelcome=YES
DeployRoot=\\server\share
UserDomain=CONTOSO.COM
UserID=username
UserPassword=password

7. Now add to the Rules (customsettings.ini) a section named like below. This sets that the Windows Update step will point to your WSUS server, where you are in control of everything that is released by Microsoft and thereby staying 100% in control of what is in your image.

WSUSServer=http://nameofwsusserver

8. To make sure that you get a separate name for each operating system you are building a reference image for edit each task sequence to contain a Task Sequence Variable named for instance:

BackupFile=Windows7Enterprisex64.wim

9. Update the deployment share to get boot ISO which you use to boot your virtual machine and start the build process.

Remember to always build the reference image on a virtual machine to avoid potential problems related to hardware.

You could also add the Office as an application in the Deployment Workbench and to all task sequences that require it to make sure that you have a rapid deployment image ready to go.

Done! Happy deploying!

When setting up a DFS replication group and later changing the drive letter of a drive for where DFS is replicating content you will see event id 6404 in the event log on Windows Server 2008 R2. The error in specific is:

The DFS Replication service failed to replicate the replicated folder at local path E:\DeploymentShare because the local path is not the fully qualified path name of an existing, accessible local folder.

Additional Information:
Replicated Folder Name: OsDeployment
Replicated Folder ID: C6E9C901-D6AE-47CA-A853-EE414186050A
Replication Group Name: OsDeploy-server1.contoso.com
Replication Group ID: C45CAA1D-0037-496F-881D-EC5DF596DF7B
Member ID: BF168723-6399-4229-9695-57E0352D43F9

To solve this make sure you show hidden files and folders and then delete the DfsrPrivate folder located in the root of the folder being replicated via DFS-R and then restart the DFS-R service and you are back in business.

It seems a fairly common misconception is that to be able to use Windows 7 in a Windows or should I say Active Directory environment one need to have either Windows Server 2008 or Windows Server 2008 R2 domain controllers. There are also misconceptions about the need to raise the forest and domain functional levels to be able to use the full power of Windows 7. Neither of these are true.

You can get all the same features if you are using Windows Server 2003 domain controllers and that is also regardless of which forest or domain functional levels you are running with. The most common misconceptions are:

• Group Policy Preferences. Work very well in a 2003 domain. However you need to manage the group policies from a Windows 7 or Windows Server 2008 R2 machine using Group Policy Management Console found in the Remote Server Administration Tools.
• BitLocker. To store recovery keys in AD you need to extend the schema. If you have a domain controller that is running Windows Server 2008 or later you have what it takes, if you are running Windows Server 2003 on your domain controllers you simply extend the schema.

I must add that you get stronger encryption for Kerberos by using Windows Server 2008 domain functional level though but the bottom line is that the functionality of the Windows 7 client is the same regardless of forest or domain functional levels.

Not long ago I posted about the interesting issue of Windows Deployment Server services not starting when having more than 20 logical processors on the machine. Now Microsoft have published the KB article for the problem regarding Windows Deployment Server service but  it also seems to affect ntdsutil as well. Again, running a deployment server or a domain controller on a server which has more than 20 logical processors is not very likely but still it’s kind of an interesting issue.

Just a quick tip that you do not need to have your entire RDS environment at the Windows Server 2008 R2 level to be able to utilize the nice integration features of RemoteApps in Windows 7. I am referring to the feature of subscribing to a feed of applications and thereby have a dynamic publishing of RemoteApps for the ends users, in the users start menu.

To get this working all you need is a Windows Server 2008 R2 to host the RDS Web Access role, which then can include and publish RemoteApp sources that are based on Windows Server 2008 hosts (no R2 requirements there).

The other week I stumbled across a very interesting fact, a fact that the Windows Deployment Server service refused to start on a clean installed Windows Server 2008 R2. After troubleshooting for a whole day, even reinstalling the OS, reproducing the error even without any patches seemed very strange. The WDS service is a service that normally just works. The following error was logged:

Log Name: Application
Source: WDSServer
Date: 2010-10-04 17:14:23
Event ID: 257
Task Category: WDSServer
Level: Error
Keywords: Classic
User: N/A
Computer: wds.contoso.com
Description:
An error occurred while trying to start the Windows Deployment Services server.
Error Information: 0xFFFFFBB3

An important fact is that the server to be used for deployments was a retired yet powerful TS/RDS server with two six core processors using hyper threading, making it 24 logical processors.  Not likely to be the hardware specs of a regular deployment server but hey, it can obviously be scenarios where this might be an issue. Thanks goes to a colleague (Jeanette) who figured out that we could try to set the number of logical processors being used to two. Guess what, after a reboot the WDS service started just fine!

To change the number of used processors we used:

bcdedit /set {current} numproc 2

To revert this change you could use:

bcdedit /deletevalue {current} numproc

After some work with Microsoft Product Services and Support it appears to be a bug nevertheless. The limit for the number of logical processors you can have for the WDS service to start is 20. Bear this in mind…

Many of you surely remember the tools “vsp1clean” and “compcln” which was used after service pack 1 and service pack 2 installation to remove older Windows packages which was superseded by the service pack. These tools freed some disk space and as it removed all previous Windows components it made the service pack installation permanent, meaning it was not uninstallable after running the tools.

Anyway enough with history, when you have installed SP1 for Windows 7 or Windows Server 2008 R2 you can make it permanent by using the below command.

%windir%\system32\dism.exe /Online /Cleanup-Image /spsuperseded

You can also use Disk Cleanup to accomplish this, choose to clean your system disk and then choose “Clean up system files”, choose your system disk once again and then make sure that you select “Backup files required to uninstall service pack”.

NOTE 1: As SP1 is in beta at the time of this writing, I must warn you that running the above command will make it impossible to uninstall the SP1 beta, in practice meaning you will have to reinstall your machine once SP1 final release is made available.

There is a bug in Windows Deployment Services (WDS) in Windows Server 2008 R2 which prevents your pre-staged computers from booting via PXE. In the Event logs on the WDS server you can find event 519 stating that there are duplicate machines with the same GUID or MAC address, even though this is not true. There is a hotfix for this problem which is available from http://support.microsoft.com/kb/2028840/en-us.

The event looks like:

Log Name: Application
Source: BINLSVC
Date: 2010-09-24 10:29:04
Event ID: 519
Task Category: BINLSVC
Level: Error
Keywords: Classic
User: N/A
Computer: wds1.contoso.local
Description:
Multiple machine accounts with the same GUID or MAC address were found in Active Directory Domain Services. The Windows Deployment Services server will use the first listed machine account.

List of matching machines: CN=DEPLOYTEST1,OU=CONTOSO,DC=stenis,DC=local

There is a very common misconception out there that Group Policy Preferences can only be created, managed and applied to your Windows machines if you are running your domain controllers with Windows Server 2008 or later. This is so NOT true.

What you have to do if you are stuck on domain controllers running Windows Server 2003 is to install the Remote Server Administration Tools on a Windows 7 (or Vista) client machine, add the feature Group Policy Management and then create a GPO in the domain and edit it, configuring the Group Policy Preferences of your choice. Voilà!

I do not know where this myth is coming from actually but the fact that GPO Preferences were introduced in Windows Server 2008 is the major reason I would assume.