April, 2013

  • Interpreting Event 153 Errors

    Hello my name is Bob Golding and I would like to share with you a new event that you may see in the system event log.  Event ID 153 is an error associated with the storage subsystem. This event was new in Windows 8 and Windows Server 2012 and was ...read more
  • Tracing with Storport in Windows 2012 and Windows 8 with KB2819476 hotfix

    Welcome back to the CORE Team Blog. Paul Reynolds here. I would like to let everyone know about changes on how to capture Storport traces in Windows Server 2012 and Windows 8.

    NOTE: The information below is based on having hotfix KB2819476 installed (part of the April 2013 cumulative update for Windows 8 and Windows 2012). If you do not have this hotfix installed, see the previously written blog:

    Tracing with Storport in Windows 2012 and Windows 8 without KB2819476 hotfix

    We DO recommend installing the hotfix as it enhances the ability to take Storport traces in Windows 8 and Windows 2012.

    Previously, Bob Golding wrote a blog on how to do Storport Tracing in Windows 2008 and Windows 2008 R2. If you have Windows 2008 or 2008 R2 continue to use that blog for your Storport traces.



    The process to capture a Storport trace is similar (though not identical) to the way we do it with Windows 2008 and Windows 2008 R2 (see Bob Golding’s blog for more detail). For those already familiar with the process, the main change is:

    · Instead of choosing IOPERNOTIFICATION, a new choice called IO_PERMORMANCE is picked

    For those not familiar with the process, here is an overview of how to start a Storport trace. (Most of the information is from Bob’s original blog)

    1. Hit the Windows button and type Perfmon.exe, then press enter to start performance monitor.

    2. Expand “Data Collector Sets” and “Event Trace Sessions”


    3. Right-Click on “Event Trace Sessions”



    4. Select “New, Data Collector Set”


    5. The following dialogue will appear:


    Give the new data collector set a name in the dialogue box. In this example I called it “Storport”.

    6. Choose the “Create manually (Advanced) option and then click Next to see the following dialogue:


    7. Click Add on the dialogue box above and the following list of providers will appear.


    8. Select “Microsoft-Windows-Storport” and click OK. You should now see the following screen:


    9. Select “Keywords (Any)” then click Edit.


    10. Check the box for IO_Performance, and then click OK:


    11. You should see the following screen:


    12. At this point you can choose a filter to use for the Storport trace. This is useful for a long-running trace where you want to capture Storport data above a certain threshold.

    Select Filter, then Edit:


    This is where we enter our threshold. Anything equal to or greater than this value will be logged in the trace. If you leave the filter disabled it will create more data but will cause averages for request duration values in the Storport trace to be more in agreement to values obtained for physical disk sec/transfer from a Performance Monitor trace.

    Select “Filter Enabled”, choose “Binary”, and in the “Filter Data” field enter the threshold in number of milliseconds. This must be entered in little endian format. Refer to the table below for sample values:





    Binary (little endian)

    1ms (10,000)


    10 27 00 00 00 00 00 00

    5ms (50,000)


    50 C3 00 00 00 00 00 00

    10ms (100,000)


    A0 86 01 00 00 00 00 00

    15ms (150,000)


    F0 49 02 00 00 00 00 00


    Note: the “Filter type” value will always remain 0 as in the example above.

    Warning: the whole data line needs to be filled in when entering a threshold. For demonstration purposes, here is how to do it the WRONG WAY:


    Filter values have to be reset after each successful run of a Storport trace. It DOES NOT remember the previous values used.

    13. Click next and choose a root directory for the trace. In this example I use C:\perflogs:


    14. Click finish. You should see a new Event Trace Session that is stopped. In this example it is called Storport.


    15. Right-click the new Event Trace Session and click Start to start it:


    16. You should now see your new Event Trace Session started:


    17. After you are done collecting data, right-click the running Storport trace and select “Stop”.



    Now that we have a Storport trace, let’s look at the data it contains. A simple way to see the data is via Event Viewer:

    1. Hit the Windows key, type “eventvwr.exe” and hit the enter key. The Event Viewer utility will start:


    2. Right-Click on Event Viewer (local) and click on “Open Saved Log”:



    3. Choose the directory the Storport trace was saved to, highlight the ETL files and click Open. In this example, we chose c:\perflogs.


    4. After clicking “Open” a dialogue box will appear asking to create a new event log copy. Click “Yes”.


    5. You will see the following screen. We left the settings as the default and clicked “OK”.


    6. After clicking OK you will see Event ID 201 messages:


    7. Let’s look at the detail of the data:

    Request Duration: how long the (firmware/drivers/hardware/storage network/SAN) took to process a I/O request packet in 100ns. To convert to milliseconds, divide this number by 10,000.

    Command: decimal form of SCSI command. If you wish to look up the SCSI command (convert decimal value to hex first) see http://en.wikipedia.org/wiki/SCSI_command.

    SrbStatus: Status Request Block status returned from the adapter (see srb.h and scsi.h in the Microsoft WDK)

    Port: This is the adapter port number (e.g. RaidPort1, etc.)

    Bus: This is the Bus number

    Target: Target ID of the LUN exposed to the Operating System

    LUN: Logical Unit Number of the physical storage

    ScsiStatus: decimal form of SCSI Status Code. If you wish to look up the SCSI Status Code (convert decimal value to hex first) see http://en.wikipedia.org/wiki/SCSI_Status_Code

    DataTransferLength: the length of the data transfer in Bytes

    BuildIODuration – length of time the miniport has spent in the build I/O function (usually very small, measured in 100ths of nanoseconds )

    StartIODuration – length of time the miniport has spent in the start I/O function (usually very small, measured in 100ths of nanoseconds)



    When troubleshooting disk performance issues, Storport traces capture data from the last layer of software in Windows that an I/O Request Packet (IRP) will pass through before being handed off to hardware. It is an excellent tool for checking if slow disk performance is hardware related.

    In a next blog post I will show a way to look at Storport data via Excel Spreadsheets with Pivot Tables and Pivot Charts. You can look at millions of rows of data if you use the free PowerPivot add-on available with Office 2013.

    Paul Reynolds
    Support Escalation Engineer
    Windows Core Support Team

  • Two new Hyper-V Books available from Microsoft Press

    Microsoft Press is releasing two new titles for IT pros who work with the Hyper-V virtualization platform:




    These scenario-focused titles provide concise technical guidance and insights for troubleshooting and optimizing networking and storage with Hyper-V. Written by experienced virtualization professionals, these little books pack a lot of value into a few pages, offering a lean read with lots of real-world insights and best practices for Hyper-V optimization in Windows Server 2012.

    These guides extend your knowledge and capabilities with Hyper-V in Windows Server 2012 and shares hands-on insights from a team of Microsoft virtualization experts.  They also provide pragmatic troubleshooting and optimization guidance from the field.

    The author team includes Mitch Tulloch, series editor, and over a dozen individuals at Microsoft including Support Escalation Engineers, Premier Field Engineers, Program Managers, Data Center Specialists, and experts from Microsoft Consulting Services.  These short titles will be available in June in both ebook and print format and while their primary focus is on the Windows Server 2012 version of Hyper-V, much of what they cover can also be applied to previous versions of Hyper-V.  Note that these titles are not intended as systematic guides and instead cover various scenarios on how to optimize Hyper-V environments and how to troubleshoot different kinds of issues involving networking and storage for Hyper-V hosts and virtual machines.

  • Microsoft Fixit for Printing UPDATED for Windows 7 & Windows Server 2008 R2

    Hello folks.  This is a quick post to inform you that the “Microsoft Fixit for Printing” is now live with .msi packages for Windows 7 and Windows Server 2008 R2.  We know a lot of you have been asking for this for months, and we apologize for how long it took.  With that, please see the original blog post below, in which you will find the links.

    Microsoft Fixit for Printing


    -AskPerf Blog team

  • Sessions from MMS 2013 Now Available

    Greetings AskCore fans.  I thought I would start creating a blog for a subset of the videos/sessions available at each of the conferences that Microsoft has throughout the year.  These sessions will be available and will deal with topics that are discussed here on the AskCore Blog.  There are numerous other sessions if you want to get into System Center products, Azure, SQL Server, Exchange, etc.  They are just to numerous to list here. 

    All sessions at our conferences are approximately 1:15 long and are presented by either Program Managers, Product Managers, Technical Evangelists, Support Escalation Engineers, etc.  Sit back and enjoy the sessions at your leisure.  Most all sessions can be viewed in either MP4 and WMV.  You can also download the sessions and PowerPoint presentations from the deliveries to be viewed at a later time or on some other device.

    If you have attended any of these conferences, our many thanks are given.  If you haven't, you should look into going to one as it is a good way of networking with others and have a good time while getting up to speed on all the new technologies.

    So, without further adieu, first up:  MMS 2013.


    The Microsoft Management Summit (MMS) brings together the brightest IT professionals from around the world to increase their technical expertise through an intensive week of training led by experts in desktop, device management, datacenter, and cloud technologies.  This is held in Las Vegas every year and is a good time held by all.

    MMS 101: Conquering the Summit
    If this is your first time attending the Microsoft Management Summit, then you don't want to miss this session! You'll learn priceless tips and tricks to maximize your investment in MMS2013. We'll give you the inside scoop on all the sessions, labs and Expo vendors. If that's not enough, we'll get you networked with other attendees and alumni from your area. Finally, we'll answer all your questions so that you have everything you need to conquer the Summit!

    Windows Server 2012 in 60 Minutes

    Introduction to Failover Clustering with Windows Server 2012

    What's New in Windows Server 2012 Hyper–V

    Availability Strategies for a Resilient Private Cloud

    A Geek's Guide to USMT 5.0

    Demonstrations of Assessment and Deployment Kit Tools

    Advanced Microsoft Deployment Toolkit 2012 Update 1 Customizations

    Implementing the Windows To Go Concept in an Enterprise Environment

    Deploying Windows 8 Using Lite Touch

    Choosing the Right OS Deployment Tool

    Windows Sysinternals Primer

    What's New with Windows 8 Bitlocker and Microsoft BitLocker Administration and Management 2.0

    Real World Windows 8 Deployment with MDT 2012 Update 1

    Deploying Windows To Go in the Real World

    What's New in Windows 8 Deployment

    Making PC Recovery Easier with the Microsoft Diagnostics and Recovery Toolset

    Competitive Advantages of Hyper-V over VMware vSphere

    File Storage Strategies for Private Cloud

    How to Design and Configure Networking in VMM and HyperV (Part 1 of 2)

    How to Design and Configure Networking in VMM and HyperV (Part 2 of 2)

    Switching to Hyper–V: Migrating from VMware

    Sit back, relax, grab some popcorn, and enjoy the sessions.

    John Marlin
    Senior Support Escalation Engineer
    Microsoft Enterprise Platforms Support

  • Unable to connect to a printer using a CNAME record

    Good morning AskPerf!  My name is Sandeep Bhatia and I work with Networking team here in Microsoft Support.  In today’s post, we will discuss Print issues when using a CNAME on Windows 2008 R2 Server, with a non-Microsoft DNS Servers.

    When you connect a printer hosted on Windows 2008 R2 Server using a CNAME alias it returns the following error:

    Operation could not be completed (Error 0x0000079). Double check the printer name and make sure that the printer is connected to the network.


    This error is returned because of the optimization changes to the spooler service in Windows 2008 R2 Server.  The Print Spooler service uses the local names to service requests.  We’ve verified the name being used is correct and we can connect using the NetBIOS, FQDN and IP address of the server.

    Step one is to make sure the target print server has the DNSOnWire registry key set to 1:

    HKLM\SYSTEM\CurrentControlSet\Control\Print\DNSOneWire (REG_DWORD)

    More details about this registry key is available at KB979602

    However, if the DNS Server that the Print server is using is not a Windows based DNS Server we could still see a similar error issue because of how the DNS server formats the reply.  When the DNSOnWire registry key is set to 1, the Print Server on startup will send a recursive DNS query expecting to get both the host record (A) the CNAME refers to and the IP address of the host.

    A sample DNS request and reply would look something like this:

    Printserver.contoso.com Dnsserver.contoso.com DNS DNS:QueryId = 0x1389, QUERY (Standard query),

    This will query for printservercname.contoso.com of type ALL on class Internet.

    When the type is set to ALL, the client would expect all the information about the record in on packet.  This query is also a recursive query to the DNS server for the name printservercname.contoso.com.

    The second step is to make sure is the DNS server supports both a query type of ALL as well as recursive queries. The DNS server should be compliant with RFC 1035.

    In this example of a non-compliant DNS response, the reply from the DNS Server to the Print server for the DNS query, the DNS Server did not respond back with the IP Address of the Print Server.  It does send back the CNAME entry which points to the Print Server’ Host record, but the expectation is both should be returned.

    Dnsserver.contoso.com Printserver.contoso.com DNS DNS:QueryId = 0x1389, QUERY (Standard query), Response - Success, Array[IP Address Of the DNS Servers]  {DNS:242, UDP:241, IPv4:240}

      - Flags:  Response, Opcode - QUERY (Standard query), AA, RD, RA, Rcode - Success

         RD:                (.......1........) Recursion desired

      - ARecord: printservercname.contoso.com of type CNAME on class Internet: Printserver.contoso.com

         ResourceName: printservercname.contoso.com

        ResourceType: CNAME, Canonical name for an alias, 5(0x5)

         ResourceClass: Internet, 1(0x1)

         TimeToLive: 1800 (0x708)

         ResourceDataLength: 15 (0xF)

         CName: Printserver.contoso.com

      + AuthorityRecord: in.Contoso.com of type NS on class Internet: DNSServer.Contoso.com

      + AdditionalRecord: DNSServer.Contoso.com of type Host Addr on class Internet:


    Under an ideal scenario, the reply for a recursive query from the DNS Server should look more like:

    Dnsserver.contoso.com Printserver.contoso.com DNS DNS:QueryId = 0x1389, QUERY (Standard query), Response - Success, Array[IP Address Of the DNS Servers]  {DNS:242, UDP:241, IPv4:240}

      + Flags:  Response, Opcode - QUERY (Standard query), AA, RD, RA, Rcode - Success

      - QRecord: Printservercname.contoso.com of type ALL on class Internet

         QuestionName: printserver.contoso.com

         QuestionType: A request for all records, 255(0xff)

         QuestionClass: Internet, 1(0x1)

      - ARecord: printservercname.contoso.com of type CNAME on class Internet: printserver.contoso.com

         ResourceName: printservercname.contoso.com

         ResourceType: CNAME, Canonical name for an alias, 5(0x5)

         ResourceClass: Internet, 1(0x1)

         TimeToLive: 3600 (0xE10)

         ResourceDataLength: 15 (0xF)

         CName: printserver.contoso.com

      - AdditionalRecord: printserver.contoso.com of type Host Addr on class Internet:

         ResourceName: printserver.contoso.com

         ResourceType: A, IPv4 address, 1(0x1)

         ResourceClass: Internet, 1(0x1)

         TimeToLive: 1200 (0x4B0)

         ResourceDataLength: 4 (0x4)


    The key takeaway is that the configured DNS Server must return both the CNAME information and the IP Address of the Host in the same response in order to use printing to a CNAME successfully.

    -Sandeep Bhatia

    Additional Resources:

  • Commitment Failures, Not Just a Failed Love Story

    I was working on a debug the other day when I ran the “!vm” command and saw that the system had some 48,000 commit requests that failed. This was strange as the system was not out of memory and the page file was not full. I was left scratching my head ...read more
  • Error with the creation of an unmanaged VDI Pool collection

    Good morning AskPerf!  Ramesh here from the Microsoft Platforms Support Team.  I am blogging today about an issue I recently worked.  This particular issue was with the creation of an Unmanaged Virtual machine-based desktop pool collection on a Windows 2012 Server.  When I attempted to create a Virtual machine-based desktop pool collection, the following error appeared:


    “The VMHostAgent service timed out while waiting for the newly provisioned virtual desktop to start”

    NOTE the error above is a generic one, and indicates that Remote Desktop did not receive a notification from Hyper-V that the VM started.  You likely either have a Hyper-V problem or a problem with the VM itself and further troubleshooting is necessary.

    During our troubleshooting we noticed the first virtual machine was stuck at “Setup is preparing your computer for first use” and this occurred after the first reboot of the virtual machine during the installation.  We collected Panther logs from the virtual machine to identify the cause of the setup issue and found out the system was stuck at executing setupcomplete.cmd, a custom post setup script.  This script was part of the windows image from where the template virtual machine was installed. We deleted this script from the template virtual machine after setting up the template virtual machine and ran the Virtual machine-based desktop pool collection wizard and it completed successfully.

    We also tried to repro the same error and we could do it by disabling the DHCP server.  This produced the same error because the new virtual machine was not getting the IP address and was unable to reach a DC.  In order to identify the cause for this error during Virtual machine-based desktop pool creation, watch the first virtual machine in the Virtual machine-based desktop pool creation process for any abnormal behaviors.  In normal conditions the virtual machine will complete the setup. create a snap shot of the virtual machine, put the virtual machine into saved state and continue to the second virtual machine. 

    Addition Resources

    Test Lab Guide: Virtual Desktop Infrastructure Quick Start

    Add a Custom Script to Windows Setup (only applies to Windows 7)

    For Windows Deployment with the Windows ADK, click here.

    -Until next time

  • Unattended Setup of Windows 8 to Surface Pro

    In today’s blog I am going to explain how you can do an unattended setup of the default Windows 8 Enterprise X64 install.wim to a Surface Pro from a USB drive.  Unattended setups are not new but when you are deploying to the Surface Pro (or any other UEFI system) there are some special considerations around disk partitioning and booting from USB.

    Step #1:  Prepare USB drive

    1. Locate a 4GB or larger USB flash drive
    2. Open Diskpart and run the following command
      1. List disk
      2. Identify the disk # of the flash drive
      3. Sel disk X where X is the USB drive(make sure to choose correct one)
      4. Clean
      5. Create part primary
      6. Assign
      7. Active
      8. Format FS=FAT32 quick.  Note:  It must be FAT32
      9. Exit
    3. Copy the entire contents of your Windows 8 Enterprise X64 DVD to the USB drive

    Note:  It is also possible to replace the default install.wim in the sources folder with your own custom install.wim.  The image must be prepared using Sysprep with the /generalize and /oobe command line switches

    Step #2:  Create autounattend.xml

    Using Windows System Image Manger create an autounattend.xml and then copy it to the root of the USB flash drive. 

    Since the Surface Pro is a UEFI system you must create different disk partitioning then a legacy BIOS based computer.   I have attached a sample autounattend.xml to the blog that is fully automated and will end with you logged in to the computer as local administrator account. My disk partitioning follows the default configuration.  Below shows the different partitions and sizes


    Figure 1.  Default UEFI disk configuration

    If you want to setup for recovery partition scenarios see the Recommended Configuration:  System Recovery. 

    Step #3:  Boot from the USB drive

    To boot from USB on the Surface Pro you must do the following:

    1. Press and hold the volume down button
    2. Press the power button
    3. When you see the Surface Logo you can let go of the buttons

    If it doesn’t boot from the USB drive check the following:

    • Make sure you have formatted the drive FAT32
    • Try the USB drive in another computer(UEFI and Legacy BIOS) to see if it works

    Here’s a link to a sample autounattend.xml file

    Hope this helps with your deployments.  Stay tuned for more Surface Pro deployment related blogs

    Scott McArthur
    Senior Support Escalation Engineer
    Microsoft Customer Support & Services

  • New Network Name Resource Fails to come Online

    I recently encountered an issue involving the failure of a new Network Name resource to come online. Doing some investigation I found a number of instances where this has been encountered, with different resolutions provided.  Since no root cause was defined, fellow Directory Services Engineer Robert Williams and I set out to determine the cause. 

    You’ll know you’ve encountered this issue if you create a new Network Name resource and it fails to online with the following errors:

    In the System Event log you will see a Failover Cluster event 1194:

    Log Name:      System

    Source:        Microsoft-Windows-FailoverClustering

    Date:          3/27/2013 1:19:07 PM

    Event ID:      1194

    Task Category: Network Name Resource

    Level:         Error


    User:          SYSTEM

    Computer:     ComputerName


    Cluster network name resource 'ComputerName' failed to create its associated computer object in domain 'DomainName' for the following reason: Unable to obtain access to Computer Object in DS.


    The text for the associated error code is: Access is denied.


    Please work with your domain administrator to ensure that:

    • The cluster identity 'CNO' can create computer objects. By default all computer objects are created in the 'Computers' container; consult the domain administrator if this location has been changed.
    • The quota for computer objects has not been reached.
    • If there is an existing computer object, verify the Cluster Identity 'CNO' has 'Full Control' permission to that computer object using the Active Directory Users and Computers tool.


    In the Cluster log you will see the following entries:


    00000ea4.000012b0::2013/03/25-16:55:04.113 ERR   [RES] Network Name < NetworkName>: Failed to obtain access to computer account < AccountName>, status 80070005

    00000ea4.000012b0::2013/03/25-16:55:04.128 ERR   [RHS] Online for resource <NetworkName> failed.



    Note:   To generate a Cluster log, run the following command from an administrators command prompt. The Cluster.log file will be generated in the c:\windows\cluster\reports directory.  The entry will be in the Cluster log on the Node where the online attempt failed.


    Cluster log /gen

    We determined that the root cause of the issue is due to the removal of NT AUTHORITY\Authenticated Users from the local Users group.  Note below that it is present by default:






    The best solution is to add back NT AUTHORITY\Authenticated to the local Users Group. This will require a reboot for the change to take effect.  If your security team is unwilling to do this, you can disable the following two Security policies and refresh the policy by running gpupdate /force:


    Network access: Do not allow anonymous enumeration of SAM accounts

    Network access: Do not allow anonymous enumeration of SAM accounts and shares




    You will have to determine which of these two options best fits the security requirements for your environment.   It may be a good option to create a separate Organizational Unit (OU) for your Cluster servers.  This will allow you to affect the preferred change to the limited subset of servers. 


    Steven Andress

    Senior Support Escalation Engineer

    Microsoft Customer Support & Services

  • Microsoft Deployment Toolkit 2012 Update1 Media Deployment USB drive for UEFI computer

    In today’s blog I am going to cover an issue related to using Microsoft Deployment Toolkit 2012 Update1 to deploy an image to Surface Pro using media deployment point.


    • This issue is not specific to Surface Pro and could occur with other UEFI computers.
    • This may be addressed in later version of MDT

    Microsoft Deployment Toolkit 2012 Update1 creates its media deployment folder that looks like the following:


    Figure 1. MDT 2012 Update 1 Media Deployment

    Normally you would prepare the USB drive using the steps outlined in the Microsoft Deployment Toolkit Documentation Library under “Create Bootable Devices from Deployment Media”. Basically formatting the drive using NTFS then copying everything in the Content folder to the drive and boot from it.

    When booting from USB flash drive or hard drive on a UEFI computer the boot files must reside on a FAT32 partition. FAT32 has an individual file size limitation of 4GB. Most times custom images are going to be >4GB so you will have to work around this by using a drive that reports itself as Fixed so you create multiple partitions.

    To do this you must first use the steps outlined in Option #2 in the following blog to prepare the drive:

    Creating bootable USB drives for UEFI computers

    After locating the correct drive and preparing it you must use the following steps to copy the MDT media deployment files to it:


    • Assume that your media deployment is created in C:\media
    • The FAT32 partition has volume label of BOOT
    • The NTFS partition has volume label of DEPLOY
    • Windows 7 is not supported on Surface Pro so you must be deploying Windows 8

    1. Copy files to BOOT drive(FAT32)
      1. Copy c:\media\content\boot folder to root of the BOOT drive
      2. Copy c:\media\content\efi folder to root of the BOOT drive
      3. Copy c:\media\content\autorun.inf, bootmgr, bootmgr.efi to root of the BOOT drive
      4. Create Deploy folder in root of the BOOT drive
      5. Copy c:\media\content\deploy\boot to Deploy folder in the BOOT drive
    2. Copy files to DEPLOY Partition(NTFS)
      1. Copy c:\media\content\deploy folder to root of the DEPLOY drive

    To boot from the USB drive on a Surface Pro you need to Press and Hold the Volume Down button and then press the power button. Once you see the Surface logo you can let go and it should boot from the USB drive.

    Hope this helps with your deployments.

    Scott McArthur
    Senior Support Escalation Engineer
    Microsoft Customer Support & Services