Windows Explorer and SMB Traffic

Windows Explorer and SMB Traffic

  • Comments 11
  • Likes

Server Message Block (SMB) traffic is an application-level network protocol typically used for file and print sharing.  Microsoft implements SMB in Windows operating systems through the Workstation and Server services; the client and server components respectively.  Although our Networking team supports and troubleshoots issues dealing with SMB itself and the Server and Workstation services, we work with customers on many issues relating to the behavior of Windows Explorer and the Shell. 

By default, Windows Explorer generates a lot of SMB traffic - which can result in poor file server performance in some circumstances.  However, some of this traffic is superfluous and can be reduced - for example:

  • Searches for Desktop.ini files used for folder customization
  • Periodic refreshes of folder contents
  • Searches for supporting library (.dll) files
  • Individual file details and attributes pulled for each file
  • Thumbnail extraction

There are some registry changes you can implement to optimize the SMB traffic being generated.  Import the settings below on client machines.  Terminal Servers running in Application Mode should be considered client machines in this scenario.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"UseDesktopIniCache"=dword:00000001
"NoRemoteRecursiveEvents"=dword:00000001
"NoRemoteChangeNotify"=dword:00000001
"StartRunNoHOMEPATH"=dword:00000001
"NoRecentDocsNetHood"=dword:00000001
"NoDetailsThumbnailOnNetwork"=dword:00000001
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MRXSmb\Parameters]
"InfoCacheLevel"=dword:00000010
[HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\CryptoSignMenu]
"SuppressionPolicy"=dword:00100000
[HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}]
"SuppressionPolicy"=dword:00100000
[HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}]
"SuppressionPolicy"=dword:00100000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SCAPI]
"Flags"=dword:00100c02
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"SafeDllSearchMode"=dword:00000001
"SafeProcessSearchMode"=dword:00000001
 
Not all of these settings apply to every Windows Operating System, however any unused settings will be safely ignored by the OS.  Also, please ensure that you test any changes thoroughly make sure that user productivity is not impacted before rolling out these changes en masse.  You should also ensure that the client machines are updated with the latest SHELL32.DLL hotfix to make sure that all of the options above are properly supported for the operating system in question.  You can download Microsoft most of the non-Security related hotfixes yourself.  Once you locate the article you need, if there is a "View and request hotfix downloads" link in the article (usually under the title) click on that link and it takes you to a page where you can request the hotfix directly.
 
There are a couple of other scenarios to consider:
  • If you use DFS in the environment, Windows XP and Windows Server 2003 clients should be updated with the Hotfix from KB 915377 to prevent excessive "Get_DFS_Referrals" traffic.
  • If you use Trend Micro Antivirus software on your client machines, and you notice an unusual amount of SMB traffic to your file server that is causing high CPU utilization and possibly a high handle count in the System process, you should review the information in KB Article 941756

As an aside, there is a major revision of the SMB protocol implemented in Windows Vista.  This revision is identified as SMB 2.0.  Some of the key enhancements of SMB 2.0 include the following:

  • Support for an arbitrary, extensible way to compound operations to reduce round trips.  This makes the protocol less "chatty" when compared to SMB 1.0.
  • Support for much larger buffer sizes
  • Greater scalability
  • Increase in the number of concurrent open file handles
  • Durable handles that can withstand short network "glitches"
  • Support for Symbolic Links

There's a more detailed post about SMB 2.0 over at the ChkDsk Blog.

That brings us to the end of this post.  As always, there are additional resources below and as you can see there are quite a few KB Articles regarding SMB and Windows Explorer ...

Additional Resources:

- Aaron Maxwell

UPDATE:

8/23/08: Updated article with new Hotfix Request process

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Great article, very interesting reading. Pinpointed some things I'll try out... Thnx.

  • Michel Roth has written a nice article about tuning file server performance. The Windows Performance Team has recently blogged about settings that can be tuned for Windows Explorer to reduce the ...

  • I have a couple of ACER computers running XP pro on a brand new SBS netowrk.  all machines are local on gigabit connections.

    Eveything is up to date with MS patches and autoupdates...

    The acer computers take upward of 5 minutes to copy a 5 mb file from the server, but can copy files from other workstations instantly, and can write files to the server instantly.

    All data being read from the server is super slow, only on these 2 workstations.  

    I am searching for a cause related to SMB signing but that dosent seem to be the case.

    can anyone help?

  • I have created a group policy template (ADM file) to facilitate configuring the settings mentioned in the article. It can be found here:

    http://blogs.sepago.de/helge/2007/11/07/soup-up-your-terminal-server-optimizing-explorers-network-performance/

  • A question regarding InfoCacheLevel, in http://support.microsoft.com/kb/834350/ (Windows XP) it says that it should be 10 decimal (0xa), but in http://support.microsoft.com/kb/843418 (Windows 2000) it should be 16 decimal (0x10).

    This page says "InfoCacheLevel"=dword:00000010.

    Is there a value difference between Windows XP and Windows 2000?

  • KB 834350 listed a decimal value in error and will be updated shortly.

  • KB 834350 has been updated.

    http://support.microsoft.com/kb/834350

  • How does this post apply to Vista with SP2 if at all?

    I ask since we're getting slow response and sometimes time outs when saving to a local location (Group policy is redirecting folders to a network share) - intermittently about 1 or 2 times a week on different PC's (among 10 Vista PC's connected to a SBS 2008).

    Looked in Technet, Vista Froums and Server forums and came up with others asking questions but no posts to a solution.

  • Some language in KB834350 say 10 in decimal. The English say 10 in hex. Please make corrections.

  • Some language in KB834350 say 10 in decimal. The English say 10 in hex. Please make corrections.

  • Great article!!