The Raven Report

One on the challenges with Windows 2008 is the fact that it requires a DVD drive to install the OS from standard media, and many of our servers only have a CD Drive.

To solve this problem we created a custom Win PE boot option called W2K8 Setup 64bit & W2K8 Setup 32bit and instead of starting Aclient we call Windows setup.

First off create a new PE boot option. Once at the Edit Configuration screen (step 9) choose New then Text file. Select the file and change the name to runagent.bat. Delete any text in the runagent.bat file so that file is blank.

Then select the startup.bat file and add the full path to your setup.exe file under the :UserActions line F:\images\w2k8\setup.exe in my case, save it then your ready to boot into setup without accessing the DS console.

Last week I listed  an old laptop I have for sale on Craigslist. Here is one of the more amusing  scams I received.

 

Cody Posey to sale-767560960

Hi,

I wanna buy your item for my lover,reply if it's still available.

 

------------------------------------------------------------------------------------------

Noah to Cody

Tell your lover that they are in luck. Give me a call.  

------------------------------------------------------------------------------------------

Cody Posey to me

 

Thanks for getting back to me, I am buying your item for my Interracial beloved lover, am  sending this item as a gift of love from me. Please consider your item sold and remove the add from site. because i will like to make a prompt payment for your item. I am located in Denver. will be adding an additional dollars doing payment for the shipping cost. Send me what i will use for the payment. Do you prefer pay pal or Money order? Send me your full name and address if you prefer money order for the payment to be made asap.

Thanks for your time

Good luck

-----------------------------------------------------------------------------------------

Noah to Cody  

I am intrigued by the prospect of your interracial beloved lover receiving and cherishing my item. I hope that they will love and hold my item as much as I have over these past years, and If you could send a picture of your lover,  I would even bless my item to their image. But I fear your lover will never have the enjoyment I had with the item, as I do not participate in modern currencies and will only except payment for my item in gold. 

 

Over time the helpdesk database becomes very laden with sludge.  In our case in over  3 years of heavy use the helpdesk has been in place we have accumulated over 1.5 million incidents, 8500  obsolete contacts and 150 worker queues.   With every passing month  my users noticed the system getting slower and slower.  

 

What to do with all this filth you ask, well purge it of course.  First off we needed to come up with a policy  and then figure out how to implement  the policy.  Today we'll work with the incidents database.

 

After sitting down with the users of the system we were able to determine that we only needed 6 months of tickets. 

 

Once the policy was determined the fun part began. Since there is no built in method inside of the Altiris Helpdesk system to purge  incidents,  we needed to  figure out how to do this from SQL.

 

A word of warning before we get started:  Make sure you have a good backup of your Altiris_Incidents database and preferably test this process thoroughly on a test box first.  Also everything here is provided as is,  these processes work in my environment, but may need  some tweaking to work in yours.

 

With that out of the way,  on to the fun stuff.

 

All the incidents are stored in the workitem table.  The records in  the worker table only have  one dependency  that we  have to worry about when purging the records.  That column is called link_parent_number and is used for linking child and parent incidents and the default value should be 0.  I found it easier to identify these  records after the purge, so well start with the purge then clean up the left over records.

 

First we'll start with creating a query to select all the records over 6 months old.  Open SQL management studio  select the Altiris_Incidents database and create a new query.

 

Select count(*)  

FROM workitem

WHERE modified_on < DATEADD(mm,6*-1,GETDATE());

 

This will give us the number of records in the workitem table that are older than 6 months.

Now remember that each workitem may have multiple records in the workitem  table.  If you want to see the total number of actual incidents change the query to:

 

Select count(distinct number)  

FROM workitem

WHERE modified_on < DATEADD(mm,6*-1,GETDATE());

 

You can modify this query as needed  until you get the  records you want to purge. Once we have our counts it's time to prepare to delete the  old incidents.   At this point, you'll want to once again verify  you have a good backup before preceding.

 

Now we'll need to  modify your select query into a delete query. This is  accomplished by changing the  select x,x,x to delete.  I always like to use a BEGIN TRANSACTION , COMMIT TRANSACTION/ROLLBACK TRANSACTION   to the start and end of my queries whenever I'm deleting our modifying tables as if something goes wrong I can quickly rollback without restoring the database.

 

BEGIN TRANSACTION

Delete FROM workitem

WHERE modified_on < DATEADD(mm,6*-1,GETDATE());

 

-- COMMIT TRANSACTION

-- ROLLBACK TRANSACTION

 

Once you run this you'll want to verify that the number  of rows affected matches the number of rows selected in your original query.  You can also go into the helpdesk and verify everything is working correctly and that you can create new tickets and view existing ones.

 

If your happy with the results go ahead and uncomment the COMMIT TRANSACTION and execute it. Otherwise uncomment the ROLLBACK TRANSACTION and  execute it, and everything will be back  like it never happened.

 

After the old incidents are purged we still need to  clean up any lingering parent/child linking issues. If you don't link tickets then you can skip this step, but I would recommend you do it anyway as it won't hurt.

 

As before we will start with a query, but this time will change it to an update instead of a delete.

We need to find all the incidents that reference incidents that are no longer in the database .

 

Select count( *)  from workitem

where link_parent_number != 0

and link_parent_number  not in (select distinct number from workitem)

 

This query will search the  workitem table, and return any record that  doesn't have a 0 (the default) in the link_parent_number column,  and the  incident number  referenced in the  link_parent_number is not in the workitem table.

 

Now we modify the this query into an update

 

BEGIN TRANSACTION

update workitem

set link_parent_number = 0

where link_parent_number != 0

and link_parent_number  not in (select distinct number from workitem)

-- COMMIT TRANSACTION

-- ROLLBACK TRANSACTION

 

Once you run the update you will need to remember to  un comment and execute either the commit or rollback  transaction.

 

There you have it you have successfully purged your helpdesk database of incidents over 6 months old.

 

There are a couple caveats with purging the workitem table like this. If you have a lot of activity  going on in a live environment and your deleting many records at once you may run into performance  or locking issues while your running the deletes.  Also copying and pasting SQL code or rewriting  something  I did 6 months ago but now forgot is not something I look forward to. To solve these problems we'll now put all our code together into a stored procedure.  I have attached the completed stored procedure  so you can follow along. Most of this code will already be familiar  to you as we covered it  above, but I'll go ahead and go through each section so you can understand what it's doing and customize it to your environment.

 

 

We start with the general CREATE /ALTER Procedure  statement. If you already have  the stored procedure in your database the you can change the CREATE below to an ALTER and your update the existing procedure.

 

set ANSI_NULLS ON

set QUOTED_IDENTIFIER ON

GO

 

CREATE PROCEDURE [dbo].[PurgeIncidentTable] AS

 

To make the Stored Procedure more versatile,  in this section of the code we declare  and set variables.  These variables allow your to define things that change  over time in one place and not have to go through all the code and manually updating  values whenever  requirements change.

SET NOCOUNT ON

DECLARE @rows int

DECLARE @batchsize int

DECLARE @monthstokeep INT

DECLARE @totalrows INT

DECLARE @delay VARCHAR(10)

SET @batchsize = 1000

SET @monthstokeep = 6

SET @delay = '00:00:02'

 

SET @totalrows = 0

SET @rows = 1

 

 

In the next section we  are translating our original delete query into  a loop  to resolve the  locking issue outlined above that could occur when purging 10000s of records is one  swoop. Instead we take all the rows to purge, and delete them in batch sizes of 1000 (SET @batchsize = 1000)  we then  add the number of rows we deleted in the loop itineration  to the @totalrows.  Then we wait the amount of time in @delay  ( in our case 2 seconds), then repeat through the  loop  again until all the rows  are purged. Once purged  we then print to the screen that the table was purged and how many rows were purged.

 

-- Delete obsolete Rows in the workitem table

WHILE (@rows > 0)

BEGIN

 

DELETE TOP (@batchsize)

FROM workitem WITH (PAGLOCK)

WHERE modified_on < DATEADD(mm,@monthstokeep*-1,GETDATE());

 

SELECT @rows = @@ROWCOUNT;

SET @totalrows = @totalrows + @rows;

 

WAITFOR DELAY @delay;

END

PRINT 'workitem table Purged..'

PRINT CAST(@totalrows AS VARCHAR(20)) + ' records purged'

 

 

In the next and final block we are pretty much just copying the Link parent number cleanup  update query we created  earlier.  We also add  a couple of PRINT lines to the statement  to echo out how many rows we update. With that the stored procedure is complete.

 

-- Fix any Obsolete parent links

update workitem

set link_parent_number = 0

where link_parent_number != 0

and link_parent_number  not in (select distinct number from workitem)

SELECT @rows = @@ROWCOUNT;

PRINT 'workitem obsolete linked parents fixed..'

PRINT CAST(@rows AS VARCHAR(20)) + ' records fixed'

 

 

To add the Stored procedure to your system open SQL  management studio, and in a new query window, execute the code. This will create the Store Procedure in your database.

 

Now all you have to do to purge your database  of records older than 6 months is run

 

EXEC  PurgeIncidentTable

 

You can also schedule this procedure to run via the SQL job scheduler  on a daily/weekly or whatever basis.

 

In conclusion,  I have been running the PrugeIncidentTable  procedure in production for over 6 months without issue.  Our Helpdesk's live online incident count has  reduced from over 1.5 million to around a running average of 330,000 active incidents, and the performance on the helpdesk is now stable and predictable.

 

PurgeIncidentTable.zip (700.00 bytes)

Last time we covered adding a collection picker to your reports. In case you missed it you can find it here. I know after reading the prior tip you were excited beyond belief, and happily adding collection pickers to all your reports.

That is until you realize that you have to select a collection each and every time you want to run the report, and most of the time you end up selecting the same collection. Fear not, because today I'll show you how to set the default collection .

First off we need to pick a collection. Let’s go with the All Computers collection. We'll need to browse to the collection in the NS console right-click it and choose properties:  

 

 

In the Properties window we'll need to copy the GUID of the collection and save it for later.

{eb3a1a12-e1c7-4431-b060-f0333e4e488c}

Now we'll need to create/clone a report that has a collection picker. We'll use the Add Remove Programs Example one we created last time. Unlike basic parameters, item picker parameters do not allow you to set a default value; we'll at least it not in the NS console. To accomplish our task we'll need to export the report to XML, then modify the XML and import it back into the NS.

Browse out to the report the NS console, right-click it, choose Export and save the xml file to your computer.

 

Now Open the file in notepad and look for the following lines:

<parameter type="custom" assemblyName="Altiris.NS.StandardItems, Version=6.0.6074.70, Culture=neutral, PublicKeyToken=d516cb311cfb6e4f" typeName="Altiris.NS.StandardItems.Query.ItemPickerParameter" filterClass="a725fb57-09e1-4e9f-bb13-b4600094cf61" excludeDescendents="False" autoUpdateIfCollection="True" prompt="True" name="Collection" substituted="true">
<prompt><![CDATA[Collection]]></prompt>
</parameter>

Now we need to add a default tag with our GUID from earlier above the </parameter> in lines above:

<default><![CDATA[{EB3A1A12-E1C7-4431-B060-F0333E4E488C}]]></default>

So now your Collection parameter XML should be:

<parameter type="custom" assemblyName="Altiris.NS.StandardItems, Version=6.0.6074.70, Culture=neutral, PublicKeyToken=d516cb311cfb6e4f" typeName="Altiris.NS.StandardItems.Query.ItemPickerParameter" filterClass="a725fb57-09e1-4e9f-bb13-b4600094cf61" excludeDescendents="False" autoUpdateIfCollection="True" prompt="True" name="Collection" substituted="true">
<prompt><![CDATA[Collection]]></prompt>
<default><![CDATA[{EB3A1A12-E1C7-4431-B060-F0333E4E488C}]]></default>
</parameter>

Go ahead and save the new XML file and import it back into the NS. Now when you run the report you will see All Computers is already selected.  

 

The Item picker is a great tool for extending the functionality of reports .  More specifically the collection picker allows you to dynamically manage the scope of your reports.   In this article we'll go over how to create and use a collection picker .

 

Let's begin by creating a new report:

 

 

 

Go ahead and click finish and then open the edit windows for the report.

 

Once in the Edit window we'll need to create a couple parameters,  so click the New Parameter button and create a basic  string parameter called  AppName be sure to click the box  for to Prompt User, type a friendly name and set the default value to %

 

 

 

Once the AppName parameter is created, we will need to create one more parameter for the collection picker. Give the new parameter the name of Collection,  change the parameter type to Item picker and the class filter to Collections

 

 

 

Ok,  now we need to put in our Query  so in the Level Query box click the edit pencil and paste the following SQL Query into the box  and click Finish

 

SELECT vc.Name as 'Computer Name',  arp.name as 'Application Name'

from vComputer  vc               

join Inv_AeX_OS_Add_Remove_Programs arp on arp._ResourceGuid = vc.Guid             

INNER JOIN dbo.CollectionMembership cm ON vc.Guid = cm.ResourceGuid        

where  cm.CollectionGuid ='%Collection%'  

AND arp.Name LIKE '%AppName%'  

 

Now lets  save the changes to the report by clicking apply and then run the report.

 

 

 

So now we have our fancy new report that can filter  based on  collections. You can easily add this functionality to all your  reports  by  copying the following lines into your existing reports and adding  a Collection item picker parameter.

 

INNER JOIN dbo.CollectionMembership cm ON vc.Guid = cm.ResourceGuid       

Where cm.CollectionGuid ='%Collection%'  

 

Do note that I am  joining  the collection table to the  vComputer   view  under the alas of vc  in this example so you will need to modify  the query  to fit your  report. 

For example we wanted to  add a collection picker to the following SQL Query

 

Select  *  from Inv_AeX_AC_Identification

 

We would need to modify the query as follows:

 

Select  *  from Inv_AeX_AC_Identification

INNER JOIN dbo.CollectionMembership cm ON Inv_AeX_AC_Identification

._ResourceGuid = cm.ResourceGuid      

Where cm.CollectionGuid ='%Collection%'  

 

And that is how it's done. I have attached the example report file for your viewing pleasure.

I have looked forward forward to Windows 2008 Remote App and Single Sign On (SSO) for some time now. Shortly after the Server 2008 release, I looked into publishing a few troublesome application to our XP SP2 workstations. Well this kind of worked. I could get the application down to the system, but dragging the application across two screens did not work and SSO did not work. At the time SP3 was in beta, so I gave it a try and with a few reg changes got SSO and dual monitors to work. Since this was beta, and it wasn’t worth pushing a beta sp to the desktops I shelved the project until SP3 released.

Along comes SP3,  and I install it on a test machine, push my Reg changes and… nothing.  Well not exactly nothing, the application  does open and it now works correctly on dual screens, but SSO doesn’t work at all. Now to the naked eye it appears Microsoft left the feature out, but after a little digging and a couple more Registry modifications SSO is working. Well mostly working SSO to a TS farm/alias from XP SP3  still doesn't work.

That little setback aside here how to do it:

First off to get SSO working, we need to enable credssp and add tspkg to the security packages on the client system.

1.       Start Regedit

2.       Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

                Double click the Security Packages and add tspkg to the bottom on the multi string value.

            

3.       Now navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

4.       Double click the SecurityProviders and add credssp.dll to the end of the string data.

            CREDSSP.reg (1.07 kb)

 

Next we need to enable pass-through Kerberos authentication to our Windows 2008 Terminal Server on our client systems. This is easily done with group policy with Vista, but we have to make registry changes in XP.

1.       Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation

2.       Create the following values:
"AllowDefaultCredentials"=dword:00000001
“ConcatenateDefaults_AllowDefault"=dword:00000001

3.       While still at: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation

4.       Create a new key  AllowDefaultCredentials

5.       Now inside your new key create as string values for each server you want to connect to.
"1"="TERMSRV/Server1.domain.com"
"2"="TERMSRV/Server2"
"3"="TERMSRV/*.domain.com"    (This will enable SSO to all

6.       Now reboot and you should be good to go

             AllowDefaultCredentials.reg (768.00 bytes)

You can also enable NTLM pass through. In general I’d recommend using Kerberos, besides it doesn’t appear that NTLM pass-through is working in XP SP3 when connecting to a TS, but if you insist here’s how:  

1.       Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation

2.       Create the following values:
"AllowDefCredentialsWhenNTLMOnly"=dword:00000001
"ConcatenateDefaults_AllowDefNTLMOnly"=dword:00000001

3.       While still at: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation

4.       Create a new key  AllowDefCredentialsWhenNTLMOnly

5.       Now inside your new key create as string values for each server you want to connect to.
"1"="TERMSRV/Server1.domain.com"
"2"="TERMSRV/Server2"
"3"="TERMSRV/Server3"

            AllowDefCredentialsWhenNTLMOnly.reg (804.00 bytes)

Now if everything goes well you should be able open a RDP connection, be it full remote desktop or Remote App without having to retype your login credentials. There is one big caveat with SSO and XP Sp3 though. As mentioned above, at this point SSO does not work from XP sp3 to a TS Farm or alias, even when you allow NTLM pass through.  You can easily get this working in Vista with server certificates, but no amount of banging your head against the keyboard will get it to work in XP.  I will post an update if I ever figure out how to get it working though.

 

 

Background:

While running some reports on server hardware I realized that some of the servers were missing the serial, manufacturer, and model information. Being that I needed this information for inventory forwarding and system model counts. After identifying the systems I realized that all of these systems were Windows 2008 64Bit. So I called Altiris and they acknowledged that this is a know issue and is not likely to be resolved until NS 7.0. Well I need this data in the reports today not months down the road.

The Problem:

The issue appears to be in the aexsnplus.exe uses 16bit code and the 16bit subsystem is removed from Windows 2008 64bit, so the aexsnplus.exe ends failing to run.

The Solution:

Since the information we’re looking is available in a couple WMI classes (Win32_ComputerSystem & Win32_BIOS), I figured I could easily create a built in custom inventory task to get the data, but the stars did not appear to align, and still I returned invalid data. Not letting this minor setback get in the way of inventory, I ended up creating a quick and dirty vbscript that would generate the NSI file. Then I created a new hardware inventory ini file replace the line:

aexsnplus.exe /output xml

With:

cscript getsn.vbs

After the new ini file was created, and the vbscript placed in the following directory:

\\YourNSserver\NSCap\Bin\Win32\X86\Inventory Solution

I created a new program in the Inventory Agent Package referencing my new ini file.

AeXInvSoln.exe /s AEXINVHWSN.ini

 

 

Then created a new Inventory Task for the new program targeting only the Windows 2008 64 bit systems and let her rip.

Outcome:

I now have my Serial Number, Model & Manufacturer available for all my Windows 2008 64bit systems. I have attached the vbscript and ini file used to make this possible.

W2K8_SN.zip (1.29 kb)

UPDATE:

Altiris has released a updated AeXSNPlus.exe that appears to resolve the issue.  You can follow the instructions in  the link below.

https://kb.altiris.com/display/1/kb/article.asp?aid=43427

Seems like a simple thing, copying files from one system to another, but sometimes it’s the little things that make us think.

Case in point, a few years back we ran into an issue when copying many large (20GB+) files for one system to another. The system would actually run out of kernel memory after a couple of hours of copying the files and freeze up. A few tweaks and tests later we had found an acceptable number of concurrent processes and the copies went on without a hitch.

That was until recently, when the actual speed of the copy was brought into question.

Speed of the copy that’s fixed right? Not much we can do here outside of using robocopy or some third party tool, and even then we are still limited to by the fact that the transaction is buffered.  Buffered you say, what’s that?  Well in a Buffered transaction Windows keeps track of file reads and writes and buffers these transactions. Normally this works great speeding up future reads and writes to the files, but when dealing with large files the overhead of buffering can be staggering, not only in performance, but in kernel memory usage, hence the original problems with kernel pool exhaustion we experienced in the past.

Ok, so buffered transactions are slow down large file copies, how would we go about doing and unbuffered copy?  As far as I can tell there isn’t a native Windows tool that does un-buffered copy, but there is an Exchange tool ESEUTIL that can be used to accomplish this.  Just copy the ESEUTIL.EXE and ESE.DLL files from your friendly Microsoft Exchange system. The syntax for the command follows:

Eseutil /Y [Sourcefile] /D [Destinationfile]

One caveat with the Eseutil is that you can only do one file at a time and the utility does not accept wild cards so you’ll have to use the full path and file names when copying files.

So is it worth all this? You be the judge. In testing we had the following results for a 50GB  file copy  over a 1Gb connection:

Tool	Time
XCOPY	4 hours
3rd Party Tool	2.5 hours
ESEUTIL	35 Minutes

All in all not too shabby,  For more details  on this and other performance related issues check out  the Askperf Blog

Ok so now we know what to look for how to we look for it?

Tools

Task Manager

Task manager can quickly provide general memory information. On the performance tab, you can quickly determine how much physical memory is in the system, how much physical memory is available, Kernel memory usage and how much memory the VMM has promised to running processes. With this information you can determine if further investigation is required.

The processes tab also has a wealth of information, but first you have to enable additional columns via the View à Select Columns option. On this tab you can quickly determine the amount of memory a process is using and how much of the paged & nonpaged pool is being used.  There many addition columns available, so don’t settle for the default view.

Process Explorer

Process Explorer does everything task manager does and more. You can really dig into a process and figure exactly what it’s doing and what kind of resources it’s consuming.

Get it here:  http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Poolmon

Poolmon is a great tool for tracking down kernel memory leaks or just determining what is consuming kernel resources .

More info here: http://support.microsoft.com/kb/177415  
& here: http://technet2.microsoft.com/windowsserver/en/library/0d302498-c947-4655-95af-719ae75acfb51033.mspx?mfr=true

Performance Counters

Memory\Available Mbytes (MB):  Indicates the amount of physical memory (in MB) immediately available for allocation to a process or for system use. Used with the Pages/Sec to determine if the system is low on physical memory.

Memory\Pages/sec: Pages/sec is the number of pages read from the disk or written to the disk to resolve memory references to pages that were not in memory at the time of the reference (hard page faults), and the number of pages that were redirected to memory outside of the working set.  This counter also includes paging traffic on behalf of the system Cache to access file data for applications, so a large number alone is not reason for concern just further investigation. This is the primary counter to observe if you are concerned about excessive memory thrashing.

Memory\Pool Nonpaged Bytes: This counter shows the current size of the Nonpaged pool in Bytes. Anything over 200MB should be investigated, and unless memory tuning options are in place (/3GB) then anything over 100MB.

Memory\Pool Paged Bytes: This counter shows the current size of the paged pool in Bytes. In general anything over ~250MB should be investigated unless memory tuning options are in place (/3GB) then anything over 150MB.

Memory\Free System Page Table Entries: This counter shows the number of page table entries that are available for use. Anything under 8,000 needs a closer look.  If the system is getting low consider using the /userva=XXXX with something like 3030 to start to bump these up.  

Memory: Cache Bytes: This is the size of the system cache. You can use this counter with the Pool nonpaged/paged & PTEs to determine who kernel memory is being allocated.

Registry Keys 

As with all registry modifications, use caution. Under normal circumstances you should not need  to modify these keys, but if you are running into kernel memory issues proper use of these keys can resolve the problem.

NonPagedPoolLimit: Specifies the maximum amount of system VA space that can be used by the nonpaged pool.

PagedPoolLimit: Specifies the maximum amount of system VA space that can be used by the paged pool.

SystemCacheLimit: Specifies the maximum amount of system VA space that can be used by the system cache.

SystemPtesLimit: Specifies the maximum amount of system VA space that can be used by I/O mappings and other resources that consume system page table entries (PTEs).

SessionSpaceLimit: Specifies the maximum amount of system VA space that can be used by session space allocations

PoolUsageMaximum: Determines the Max Poll usage before pruning starts.  The default is 80%. A value of 40-60 provides a workable solution to some paged pool exhaustion issues.

So that’s all the fun tools, counters and registry keys in a nutshell. In the next installment we’ll go over a real world example of isolating memory issues and providing workarounds.

Windows 2003 64Bit can support a theoretical limitation of 16 exabytes or 2⁶⁴

·         Kernel Mode Address space - 8 TB

·         Paged Pool – 128GB

·         NonPaged Pool – 75% of RAM up to a maximum of 128 GB.

·         System Cache/PTEs - 1 TB regardless of physical memory.

As you can see, with 64bit Windows all of the previous memory constraints are blow out of the water.   For just this reason alone upgrading to a 64bit OS should be seriously considered.

Troubleshooting 32bit memory problems

For those who have legacy applications and 32bit hardware upgrading may not be an option. So in the following I will go over some tips and tools to identify memory bottlenecks a 32bit system.

Physical Memory Exhaustion - This is pretty much the straight forward if you are out of physical memory and the system is excessively paging to disk. More physical memory is most likely the answer.

Kernel Memory Exhaustion -  Memory problems in  kernel memory are a little more challenging to nail down.  Here are some of the signs:

Paged Pool & Nonpaged Pool

·         Sluggish or unresponsive user interface

·         Server has message or client processing failures

o   RPC Service Unavailable

o   Not enough Storage to process this command

·         Pool allocation failures:

System PTEs

·         Server fails to respond to I/O requests

·         Server fails to respond to network requests

·         Server has message or client processing failures

If you are experiencing these problems or other unexplained issues kernel memory could be your issue.

Your first stop should be the performance tab in Task Manager. From here you can quickly gauge if you are approaching the kernel memory limits of the system. Take a look at the Kernel Memory section and look at the amounts used by the page pool ( > 250MB or > 150 with /3GB ) and nonpaged pool( >200 or >100 with /3GB).  If we come up higher than these numbers further investigation is required.   We’ll start there next time.