O R G A N I C / F E R T I L I Z E R: 08.06

Aug 28, 2006

misc: registry keys to speed up terminal server

i'd link you directly to the article if i knew where it was. it might be somewhere on redmondmag.com. anyway, this is a summary of a pretty good article greg shields put together. i believe you can find this stuff from doug brown at dabcc.com if you're interested.
  • disable IE flickering:
    • hkcu\software\microsoft\internet explorer\main
      • Force Offscreen Composition
      • dword: 1
  • disable file locking (do not use with database apps):
    • hklm\system\currentcontrolset\services\lanmanworkstation\parameters
      • UseLockReadUnlock
      • dword: 1
  • disable ntfs last-accesed time stamping (use at your own risk):
    • hklm\system\currentcontrolset\control\filesystem
      • NtfsDisable LastAccessUpdated
      • word: 1
  • disable lazy rights:
    • hklm\system\currentcontrolset\services\lanmanserver\parameters
      • IRPStackSize
      • dword: 15
    • hklm\system\currentcontrolset\services\lanmanworkstation\parameters
      • UtilizeNT Caching
      • dword: 0
  • disable paging kernel mode drivers and system code to disk (improves kernel performance?):
    • hklm\system\currentcontrolset\services\currentcontrolset\control\session manager\memory management
      • DisablePagingExecutive
      • dword: 1
  • increase network request buffer size:
    • hklm\system\currentcontrolset\services\currentcontrolset\services\lanmanserver\parameters
      • SizReqBuf
      • dword: 1024 to 65535
  • increase available network buffers and open connections (may get rid of logoff session hangs):
    • hklm\system\currentcontrolset\services\currentcontrolset\services\lanmanserver\parameters
      • MaxWorkItems
      • dword: 8196
      • MaxMpxCt
      • dword: 2048
      • MaxRawWorkItems
      • dword: 512
      • MaxFreeConnections
      • dword: 100
      • MinFreeConnections
      • dword: 32
    • hklm\system\currentcontrolset\services\currentcontrolset\control\session manager\configuration manager
      • RegistryLazyFlushInterval
      • dword: 60
  • increase prefetcher value (pre-load commonly used files):
    • hklm\system\currentcontrolset\services\currentcontrolset\control\session manager\memory management\prefetch parameters
      • EnablePrefetcher
      • dword: 3
  • disable roaming profile caching:
    • hklm\software\microsoft\windows nt\current version\winlogon
      • DeleteRoamingCache
      • dword: 1
  • disable unused subsystems:
    • hklm\system\currentcontrolset\control\session manager\subsystems
      • Posix
      • delete this key
  • disable file indexing services:
    • properties of each drive, uncheck allow indexing service to index this disk for fast file searching

mom: jalasoft demonstration...

well, i met w/ jalasoft recently along with a couple of other community folks. the folks did a presentation on their xian product and integration with mom. if you're a mom shop, in need of rounding out your monitoring by tapping into your network devices, i would encourage taking a look at their product line. the first thing i'd like to address is the ui. it's, unfortunately, not wrapped into the mom console but modeled a lot like it. so, for usability factors (if you think the mom console is usable), it's at least not something so far out that you have to learn a whole new monitoring system. it seems fairly intuitive... but again, i was watching a guided demo. i'm not sure about the pricing. the product looks polished though. other than utilizing the administrative console separately, xian has a MP pack and reports that come with it. this makes the look and feel tie right into MOM. don't have to worry about having to look at a separate ops console to see the relevant data. speaking of data, i believe that the collection method is snmp. it picks up a robust amount of data. because of this, a lot of the rules for networking gear (pre-configured) have their rules disabled. this will require some activity (otherwise known as communication) between you and the network team to get the salient rules turned on. jalasoft's reasoning for this was pretty sound. there's so much data, you'll be overwhelmed if the rules came out of the box turned on. of course, in an act of spite, you could send all the emails to the networking group, who coincidentally don't think any problems are theirs. :) i guess that's all i have on that for now... at least until i get it in a lab.

Aug 24, 2006

mom: in the wild struggle for existence...

there's this little, seemingly trifling, setting in the context dialog box of a computer discovery rule. it reads like this: during computer discovery, contact each computer to verify that it exists.

if you're wondering what this setting does, it's been purported that when it's enabled, the management server attempts to connect to the machine defined in the rule through the ipc$. i haven't fired up a network sniffer to confirm this allegation. if anyone has, please do comment!

Aug 23, 2006

sms: mid pleasures and palaces though we may roam...

be it ever so humble, there's no place like home.

i am speaking of the advanced client, of course. i think i stumbled upon a scenario that seems undocumented. i've checked the following scenarios, both of which are good reads; neither of which discusses my scenario. anyway, here are the links, if you have interest.

how it works: roaming in sms 2003
how clients find and use site systems and domain controllers

 

since it's not mentioned, i'll describe mine.

i've a certain number of clients which are managed by the central site server. the reason for doing this is that the primary site server is shared. using the central server, allowed me some greater flexibility on access rights. the central site server has no distribution points since nor any boundaries. i can rely on the other site servers to handle the DP functions required for the clients reporting directly to central.

the clients themselves have their sitecode set to the central site server. this scenario works pretty well except when clients are sitting at a location where no site server is holding boundaries for that site. ordinarily, you shouldn't find yourself in this situation unless a site server goes south, which coincidentally happened to me. once the site server disappeared, so did the distribution point and any management of clients in that location. this does extend to the central site client that i referred to earlier - to some extent.

the client continues to function correctly since it can speak to the MP which is located at my office. the real problem is distributions are halted to this client. the missing piece of information is that if the client is in an area where no distribution points exist, it refers back to the assigned site to find distribution points to use as remote DPs. if you'll recall, the central site server has no DPs. at this point, the client simply stops any further searches.

thanks for the help wally.

Aug 22, 2006

sms: sms_def.mof conversion to policy

some background: when a new sms_def.mof is placed in inboxes\clifiles.src\hinv data loader should pick it up, realize it's new, compile it, and convert it to a policy. i found something interesting. i use a different mof for my domain controllers since grabbing local accounts means grabbing all domain accounts. the reason i'm telling you this is because i moved the dc mof file into the \hinv directory then renamed it. it didn't do anything with the file. i tried again except this time, i copied the dc mof file locally, renamed it to sms_def.mof and dropped it in \hinv. this time, data loader did its work. hmmmm.

Aug 18, 2006

misc: psexec service is an incompatible version...?

i run into this problem often enough to have written a small batch file for it. it's really a pretty simple correction but quite irritating. anyway, this is the batch file contents. (this is the kind of stuff you can write before your first cup of coffee. funny how we have to get irritated enough times before doing something to make things easier.)

sc \\%1 stop psexesvc
del \\%1\admin$\psexesvc.exe
del \\%1\admin$\system32\psexesvc.exe
sc \\%1 delete psexesvc

stop the service.  (it's probably running). delete the psexesvc.exe files that are copied to the server when you initiate a psexec command, then remove the service entirely. once you run psexec again after these steps on the broken client, it should start working again.

c:\myBatchFile.bat [servername]

Aug 17, 2006

mom: remove computer groups from reporting server

i have been a slacker. don't have anything interesting to post lately. been doing some routine maintenace work and getting started on an upgrade. anyway, i won't hold you in suspense much longer... har. if you have computer groups in your drop-down selections of your mom reports, you can get rid of them if they annoy you that badly. it's unsupported but thought it was an interesting gem to capture. here's the details courtesy of a list member on msmom@lists.myitforum.com. issue this sql query against your mom reporting server database (systemcenterreporting):
delete from sc_computerruledimension_table where name = 'computergroupname'
just replace computergroupname with the name of the computer group you can't stand to look at.