+1
Even a web based ticket with MS is only about $100. For non-emergent issues, I really like this option. It is less intrusive on your daily work and cheap at twice the price. Jim Holmgren Senior Manager, Infrastructure Services XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com <http://www.xlhealth.com> From: Andrew S. Baker [mailto:[email protected]] Sent: Thursday, April 14, 2011 10:53 AM To: NT System Admin Issues Subject: Re: Process Monitor reading Given that data, wouldn't opening a ticket with Microsoft be worth it? If you don't know what is causing it, how will ripping and replacing it help? ASB (Professional Bio <http://about.me/Andrew.S.Baker/bio> ) Technology Services that Maximize Business Results... On Thu, Apr 14, 2011 at 10:38 AM, James Rankin <[email protected]> wrote: I wouldn't normally ask this, but I'm kind of at my wits' end. Is there anyone out there who could maybe have a look at a Process Monitor logfile and tell me if they can see any kind of "smoking gun" in there? The situation is this - we have 2008 R2 Terminal Servers that occasionally will start treading water, resulting in horrendous logon times for users. We've tried disabling just about everything, GPOs, AppSense, EdgeSight, SCOM, antivirus, we have patched them to the hilt with every hotfix we can find for every piece of software, run countless monitors and logs, sent details to various support teams, even had a Citrix consultant on site to offer his opinion, yet still the problem exists. We have carefully monitored the apps in use on the problem systems (which seem to be completely random) and can find no correlation between application usage and the occurrence of this issue. The servers have been monitored by several different tools, native and otherwise, and do not red-line in any way apart from occasional spikes of memory usage and page faults, but nothing happens that seems to justify the terrible performance slowdown that occurs. The servers are physical Compaq DL360 G6 systems with 16GB of RAM and 16 CPUs. Luckily I managed to capture a ProcMon log the last time this problem happened (usually running it causes the server to come to a complete halt, more or less). Rather interestingly, when the logon completed, the ProcMon log was actually running two minutes behind "real-time" - it took two minutes to catch up with what was actually happening "live" on the server! I've had a good hunt through this, but I'm more used to looking for application issues than trying to troubleshoot a logon with ProcMon, and I simply don't know what to look for to try and identify the causes of the slowdown. Microsoft's removal of the user environment debug logging in 2008 and up is a real pain, as it was (fairly) straightforward to troubleshoot the logon process previously. I am fairly sure that the problem is something intrinsic to the system - i.e. not caused by a third-party piece of software. I'm on the verge of recommending that the whole server farm is ripped and replaced but I want to make sure I've covered all my bases before I go down that route. If anyone can help with this, please ping me offline and I'll gladly provide access to the (monstrously large, given that the logon I was monitoring took six minutes) log file. Or if anyone has any pointers that they think might help with the performance, I'll also gladly take them on board. TIA, JRR ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
