Which local machine components could affect a RDP-session performance-wise? - windows

I've got the following totally reproducible scenario, which I'm unable to understand:
There is a very simple application, which does nothing else than calling CreateObject("Word.Application"), that is creating an instance of MS Word for COM interop. This application is located on a Windows Terminal Server. The test case is to connect via RDP, execute the application and the application will output the time taken for the CreateObject call.
The problem now is that the execution time is significantly longer, if I connect from a specific notebook (HP Spectre): It takes 1,7s (+/- 0.1s).
If I connect from any other machine (notebook or desktop computer), then the execution time is between 0,2-0,4s.
The execution times don't depend on the used RDP account, or screen resolution, or local printers. I even did a fresh install of Windows on that HP notebook to rule out any other side-effects. It doesn't matter if the HP notebook is connected via WLAN or an USB network card. I'm at a loss understanding the 4x to 8x execution time difference to any other machine.
Which reason (component/setting) could explain this big difference in execution time?
Some additional information: I tried debugging the process using an API monitor and could see that >90% of the execution time is actually being spent between a call to RpcSend and RpcReceive. Unfortunately I can't make sense of this information.

It could be the credential management somehow being in the way.
Open the .rdp file with notepad and add
enablecredsspsupport:i:0
This setting determines whether RDP will use the Credential Security Support Provider (CredSSP) for authentication if it is available
Related documentation
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff393716%28v%3dws.10%29

According to your information about RpcSend and RpcReceive time consumption, it could be the case you have some service stopped on your client machine, like DCOM server or some other COM-related (they usually have "COM" or "transaction" in their names).
Some of that services could be started/stopped (if Manually mode selected) by system to/after transfer your request, but there is a time delay to starting service.
I suggest you to open Computer Management - Services or run -> services.msc and compare COM-related services running on your "slow" client and on your "fast" clients, and try to set Automatically running instead Manually or Disabled.
Also, try to run API Monitor on such processes to determine the time-consuming place more precisely.

Related

Strange delay when querying WMI performance counter for the first time

I am querying WMI (win32_perfrawdata_perfproc_process class) and something strange happens: the first time you query it, it stops for almost 50 seconds to show an answer. The next times are almost immediate.
Did anybody see this behavior? Is there anything to avoid that?
To reproduce this, open a Powershell window and type
gwmi win32_perfrawdata_perfproc_process
The first time you run this command, it stops for almost 50 seconds. The second time is almost immediate.
Bruno
Is six years later too late to answer this question? :)
A delay of about 20 seconds for the first WMI query (from any source, either powershell, wmic command line, or programmatically via COM calls) is normal. I've tracked this down to the RPC/TCP connection. According to Windows documentation:
Starting with Windows Vista, the service control manager (SCM)
supports remote procedure calls over both Transmission Control
Protocol (RPC/TCP) and named pipes (RPC/NP). Client-side SCM functions
use RPC/TCP by default.
RPC/TCP is appropriate for most applications that use SCM functions
remotely, such as remote administration or monitoring tools. However,
for compatibility and performance, some applications might need to
disable RPC/TCP by setting the registry values described in this
topic.
When a service calls a remote SCM function, the client-side SCM first
attempts to use RPC/TCP to communicate with the server-side SCM. If
the server is running a version of Windows that supports RPC/TCP and
allows RPC/TCP traffic, the RPC/TCPP connection will succeed. If the
server is running a version of Windows that does not support RPC/TCP,
or supports RPC/TCP but is operating behind a firewall which allows
only named pipe traffic, the RPC/TCP connection times out and the SCM
retries the connection with RPC/NP. This will succeed eventually but
can take some time (typically more than 20 seconds), causing the
OpenSCManager function to appear blocked.
The link above specifies registry values that can be changed to remove this delay. They are under HKLM\SYSTEM\CurrentControlSet\Control. I've been able to shorten the delay to only 5 seconds by changing the SCMApiConnectionParam timeout value to 5000.

Sending Password to Remote Computer at Login Screen [Windows 7]

I have written a piece of software that allows you to control computers remotely and one of its functions is to turn on all the computers that it controls via Magic Packets.
Due to the restrictions of Network Drives and the need for passwords on accounts, I have run into an issue.
When the computers boot, I am stuck at the login screen on each computer and must walk around manually and type in the passwords.
Is there anyway that I can send the passwords to the individual computers or have the computers log themselves in?
You probably want to install your program as a Service. You'll set its startup to automatic, which means it'll start up and run automatically when the computer is started up, even without a user being logged in.
Note that it's also possible to set a Service's startup to Boot. You probably want to avoid this though. Boot startup is primarily for device drivers, not normal services. It runs much earlier in the boot process. You don't need (or probably want) that -- you just want it to run roughly when the system would be ready for somebody to log in if they chose.
I'd also note that a service is (normally) written slightly differently from a normal program. It has a Windows-style event loop, but responds to a different set of "messages" that start the service, stop the service, pause the service, and so on. Most of it isn't terribly difficult but it is somewhat different from a normal program.

session0 isolation in Windows 2008/windows7

I have a C++ application which used Mutex, Events,Semaphores for synchronization. While hosted in windows 2008 server/Windows 7, this application is not starting from a remote client.
I used telnet client to connect remotely to this application and saw that telnet server is running under session 0 and therefore it is trying to start my application under session 0. My application is trying call OpenMutex to open a mutex which was created by another application running locally (in session 1).
I can make my application work by perpending "Global\" to mutex name. What I am looking for is a way run application without making this code change. Is it even possible? Is it possible to launch telnet service under session 1.
CreateMutex(&sa,FALSE,Buffer, "MyMutexName"));
I can modify this to CreateMutex(&sa,FALSE,SYS_ID2(szSysIdBuffer, "Global\MyMutexName")); but is there any other way other that making this change.
Thanks
You probably know the document http://www.microsoft.com/whdc/system/sysinternals/session0changes.mspx which describes problems with the Session 0 isolation. The old way to make a service interactive which are described in http://msdn.microsoft.com/en-us/library/ms683502.aspx not works on Widows 7 because Terminal Services are active per default.
So it seems to me that in your case the way with the "Global\" prefix, which you currently use, is really the best one. To understand the complexity of an other possible way you can read following Process with administrative privileges run on user logon.

Windows Azure: how to measure the execution time of a code

I wanted to measure the execution time of my code running on windows azure cloud across multiple instances. Can anyone tell me how to do it.
You can enable the diagnostics logging and put the intrumentation/logging from the ap into an Azure Table. Then download into Excel or whatever for analysis. You can also capture perfmon data to do correlation (e.g. CPU vs workingset).
You have to compute this manually.
Just in case you are requesting this to derive billing information, remember that in Windows Azure, you are charged by reserved instance not necesarily "running".
If your application is "suspended" you still pay. If your code application is running, but "idling" (like 99% CPU free), you still pay the same.

How to identify users which are connected to a windows server via remote desktop

At my workplace, we have lab machines that we use to do our testing.
The standard procedure to reserve a machine for testing was to walk around the office to make sure that no one was using the machine.
This is highly inefficient and time consuming.
At first, I set up a web page where people could reserve the lab machine but nobody was keeping the page updated so that turned up to be useless.
I finally found a solution using Microsoft log parser and wanted to share it to the stack overflow community.
It is a batch file that runs on the machine so the user can identify the last users that use the machine and easily IM them to ask if the machine is free.
Is there a better solution to do this?
Use the built-in command qwinsta (Query Win Station) to figure out what sessions (including console) are active or inactive (disconnected) and then act on the given information (creds to krusty.ar btw for linking this already).
If you feel people are abusing the machine in question, refer to rwinsta to nuke their sessions into oblivion...
You will need to install the Microsoft Log Parser
Then create the following 2 files
TSLoginsDetails.sql
SELECT
timegenerated,
EXTRACT_TOKEN(Strings,1,'|') AS Domain,
EXTRACT_TOKEN(Strings,0,'|') AS User,
EXTRACT_TOKEN(Strings,3,'|') AS SessionName,
EXTRACT_TOKEN(Strings,4,'|') AS ClientName,
EXTRACT_TOKEN(Strings,5,'|') AS ClientAddress,
EventID
FROM Security
WHERE EventID=682
ORDER BY timegenerated DESC
TSLogins.bat
echo off
cls
c:
cd "c:\Program Files\Log Parser 2.2\"
logparser.exe file:TSLoginsDetails.sql -o:DATAGRID
Now by placing this batch file on the desktop, the user can see who were the last people to login and contact them by IM to verify if they are done.
How about posting the information from the log file to the website that tells who is currently using the machine as well.
Check and notify when they log in.
Updated the "who is using the machine" page you made prior.
Run a AT job that checks every couple of hours who is on it.
Totally out of the box:
You can install the Software Testing Automation Framework (STAF) on your servers and desktops to manage your tests. It's written in Java, so you can use it on Windows and Unix/Linux desktops and servers.
Using STAF, you can create a resource pool of test servers on which you conduct tests, then write STAX jobs (STAX is a STAF execution framework) to conduct the tests. The job can grab the first available server from the resource pool, run the test, monitor the test status, log results, notify the submitter, then release the server back into the pool when done. If you have multiple people submitting jobs for tests, STAF will manage the queue of requests and satisfy them as they came in. Users can either monitor the job from their desktop, or you can set up email alerts to notify them when the test is complete.
I'm not sure if I understand you, but there are a set of command line tools to deal with terminal server sessions, and there's also a Windows API to do the same if you need to do this from a program.
Since it sounds like you're a microsoft shop, you can set up the machines as resources in outlook/exchange and reserve them that way.

Resources