WinSXS/Installer Cleanup Windows 7,8 & Server 2012 with Patch Cleaner

I originally had a post on how to clean up WinSXS from 2014. However, I have come across a program that I have tested, and works very well.

The program is Patch Cleaner. This program scans your Installer folder to check if there are orphan files relating to programs or patches you may have removed from your computer. Any orphan files Patch Cleaner locates can be removed.

I have tested Patch Cleaner on Server 2012 and 2012 R2, including production terminal servers with 100 users. I have no had any issues thus far.

patchclean1

With Server 2012, running Patch Cleaner was removing on average 20GB+ on each server.

I would recommend checking this out if you are still stuck for space.

Disable Windows Update Services (WSUS) – Small Business Server and Doman Controllers

Windows Update Services, or WSUS can be a real pain at the best of times. On Small Business Servers, which are often neglected, some strange issues can arise.

The most common issue is that WSUS goes crazy and downloads everything. Yes, this does happen.

You may not know, but you shouldn’t uninstall WSUS on a domain controller, IE Small Business Server.

Here is how you can disable it and clean up the mess.

  1. Under Options, select Products and Classifications 
  2. Unselect everything, and then select Bing Bar. You need something selected.
    2015-11-13_12-22-02
  3. Under Classifications, select Critical Updates
    2015-11-13_12-21-47
  4. Remove Automatic Approvals
    2015-11-13_12-23-29
  5. Run the Server Cleanup Wizard with everything selected
  6. Once this is done, you can leave WSUS as is, or you can disable the service
    2015-11-13_12-25-46
  7. With the service stopped and disabled, you can also delete the content database. Only do this if you are never going to use WSUS again.
    2015-11-13_12-27-03

Hopefully this has helped someone.

Windows 10 “Out of Memory” when left idle

You may have come across this issue when you’ve upgraded your computer to Windows 10. Upon returning to your computer, the screen refreshes slowly and applications appear to have crashed due to memory issue.

There have been many suggest ways to fix this, but the simplest way is to do the following:

  1. Open Regedit by pressing Windows Key + R and typing regedit
  2. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management
  3. Change the value of  ClearPageFileAtShutDown to 1
  4. Reboot your computer

This will wipe the page file on reboot.

This may increase the shutdown time of your computer, but it will fix this error. The root cause of this error is an incompatible driver on your system. I will follow up with an article on this process.

Installing Disk Cleanup (cleanmgr.exe) Server 2008 and Server 2012

It’s annoying that Disk Cleanup (Cleanmgr.exe) is no longer installed by default. You can install Disk Cleanup by installing the Windows Desktop Experience – but, there is another, less annoying way…

Server 2012

copy C:WindowsWinSxSamd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.2.9200.16384_none_c60dddc5e750072acleanmgr.exe %systemroot%System32

copy C:WindowsWinSxSamd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.2.9200.16384_en-us_b6a01752226afbb3cleanmgr.exe.mui %systemroot%System32en-US

Server 2008 R2 (x64)

copy C:Windowswinsxsamd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63cleanmgr.exe.mui %systemroot%System32En-US

copy C:Windowswinsxsamd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7dacleanmgr.exe %systemroot%System32

Server 2008 (x64)

copy C:Windowswinsxsamd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.0.6001.18000_en-us_b9f50b71510436f2cleanmgr.exe.mui %systemroot%system32en-us

copy C:Windowswinsxsamd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.0.6001.18000_none_c962d1e515e94269cleanmgr.exe %systemroot%System32

Server 2008 (x32)

copy C:Windowswinsxsx86_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.0.6001.18000_en-us_5dd66fed98a6c5bccleanmgr.exe.mui %systemroot%System32En-US

copy C:Windowswinsxsx86_microsoft-windows-cleanmgr_31bf3856ad364e35_6.0.6001.18000_none_6d4436615d8bd133cleanmgr.exe %systemroot%System32

Now go to Run and type cleanmgr.exe

cleanmgr.exe

You will now see Disk Cleanup run.

Disk Cleanup

Unfortunately on Windows 2012 R2 you must install the Windows Desktop Experience.

Error while preparing to send sharing message (Outlook 2007/2010/2013/2016)

I got the following error when I had migrated a customer from a Small Business Server to our local Hosted Exchange.

Outlook on a domain looks to Active Directory to get the auto discover information. If you run the Outlook connectivity tester on the affected computer, you will see that it returns the local SBS server autodiscover settings, even if you have configured Outlook to use an external provider.

The simplest way to fix this if the SBS server is still in used and Exchange is still installed, is to run the following commands:

Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://mail.externaldomain.com/Autodiscover/Autodiscover.xml

And

get-autodiscovervirtualdirectory | Set-AutodiscoverVirtualDirectory -ExternalUrl https://mail.externaldomain.com/Autodiscover/Autodiscover.xml -InternalUrl https://mail.externaldomain.com/Autodiscover/Autodiscover.xml

This then points the Outlook client to the correct external Autodiscover service.

If you have any questions, please let me know.

message deferred by categorizer agent

I came in to work on Monday with a rather large client with no email. They run Microsoft Exchange 2007. I first logged in to the server and owa to ensure the Exchange Server was actually functioning. All services were going.

I then opened the message queue. There I saw 350 emails with the Last Error set to message deferred by categorizer agent

I haven’t actually come across this error before. Something had changed on the system. To cut a long story short, I found the issue was because of a corrupt transport agent. To find your transport agents, run the following power shell command:

Get-TransportAgent

You will get a list like the following


Identity Enabled Priority
-------- ------- --------
Transport Rule Agent True 1
Journaling Agent True 2
AD RMS Prelicensing Agent False 3
Connection Filtering Agent True 4
Content Filter Agent True 5
Sender Id Agent True 6
Sender Filter Agent True 7
Recipient Filter Agent True 8
Protocol Analysis Agent True 9

In the event log, I noticed the following error

An error occurred while loading the configuration for the Journaling agent. The configuration may be corrupt, or the Active Directory directory service may be down or unreachable. The last known good configuration will be used, and the Journaling agent will attempt to read the configuration again later.

This restored configuration didn’t fix the issue. I opted to disable the Journaling Agent.

Disable-TransportAgent -Identity "Journaling Agent"

Select Y and then restart the Hub Transport service.

This should fix your issue. I am still investigating a fix for the Journaling Agent. I suspect this was initially caused by a reboot when performing Windows Updates as the mail flow stopped on the same day.

Storage Spaces and Parity – Slow write speeds

i’ve recently been playing around with Windows Storage Spaces on Microsoft Windows Server 2012 R2. They are fantastic. ReFS brings so many benefits over NTFS.

But it’s half complete it seems.

I originally created a parity volume, as I assumed this would be quite similar to RAID 6. You have the option of having a write array, or write cache using SSD drives. I haven’t done this at this stage. I’m currently using 6x6TB Western Digital 7200RPM drives.

After creating the very large volume, I started copying some data. I was copying the data over a 1gbit network interface, so I was expecting to see 100mb/s, or close to it.

At first, I did get 100mb/s. For a minute or so anyway. Then I saw the speed slowly drop to around 30-45mb/s. I thought this was rather strange.

I upgraded all the drivers on the server, mainly the network drivers, as I saw the network speed drop to around that level at the same time as well. However, this made no difference.

I then started to do some research to figure out what was going on.

What I saw was the following: The memory was increasing to a certain, pre-defined point, then it would stop. This indicated that the copying was actually being buffered to memory (write-cache). I assume this is happening because I used the default options when creating a parity drive without a SSD array. This creates a 2GB buffer in memory, which you can clearly see here.

memory

Once the memory buffer, or write-cache is full, you can see the speed drop and the memory start writing the data to disk.

memory

Annoying huh? One way to fix this is by using a cache array of SSD hard drives, but there is another fix.

In PowerShell, you can set the storage space to believe it has battery backup. This is like having battery backup on a raid card. First you need to get the friendly name of your storage volume.

The command is

Get-StoragePool

You will get something similar to the following
powershell

Now set the power protected mode of the pool as follows

Set-StoragePool -FriendlyName Backup -IsPowerProtected $true

replace backup with the name of your storage pool.

Here it is set as $false

3

Here it is set as $true

4

Quite a difference.

**** I should warn you though that if your server crashes, or has a power failure, your storage space may become corrupt. Make sure you have a UPS in place ****

Like I said earlier, this can be improved with a SSD cache array.

Hopefully this helps someone out there.

*** UPDATED 15/12/2015 ***

I highly recommend you view the Fujitsu white paper on Storage Spaces here.

Exchange 2013 Dag BSOD

We’ve recently been having issues with an Exchange 2013 DAG running CU2v2.

The server would reboot randomly with a BSOD. Exchange services would not start. I took the dump file and ran it through windbg and got the following output:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_PROCESS_DIED (ef)
        A critical system process died
Arguments:
Arg1: fffffa800b415080, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------

----- ETW minidump data unavailable-----

PROCESS_OBJECT: fffffa800b415080

IMAGE_NAME:  wininit.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: wininit

FAULTING_MODULE: 0000000000000000 

PROCESS_NAME:  MSExchangeHMWo

BUGCHECK_STR:  0xEF_MSExchangeHMWo

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT_SERVER

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre

LAST_CONTROL_TRANSFER:  from fffff80230e04795 to fffff802308db440

STACK_TEXT:  
fffff880`083419a8 fffff802`30e04795 : 00000000`000000ef fffffa80`0b415080 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
fffff880`083419b0 fffff802`30d9be2e : fffffa80`0b415080 00000000`144d2c41 00000000`00000000 fffff802`30a57794 : nt!PspCatchCriticalBreak+0xad
fffff880`083419f0 fffff802`30d12a01 : fffffa80`0b415080 00000000`144d2c41 fffffa80`0b415080 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x4a25a
fffff880`08341a50 fffff802`30d1880e : ffffffff`ffffffff fffffa80`0c889380 fffffa80`0b415080 00000000`00000001 : nt!PspTerminateProcess+0x6d
fffff880`08341a90 fffff802`308da453 : fffffa80`0b415080 fffffa80`0ce7c080 fffff880`08341b80 00000000`ffffffff : nt!NtTerminateProcess+0x9e
fffff880`08341b00 000007ff`5f312eaa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`237fdeb8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007ff`5f312eaa


STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

IMAGE_VERSION:  

FAILURE_BUCKET_ID:  0xEF_MSExchangeHMWo_IMAGE_wininit.exe

BUCKET_ID:  0xEF_MSExchangeHMWo_IMAGE_wininit.exe

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xef_msexchangehmwo_image_wininit.exe

FAILURE_ID_HASH:  {3f0b292e-4bc2-5c6e-99a7-f9a74df1101c}

Followup: MachineOwner

The failed process is MSExchangeHMWo. This is the Microsoft Exchange Health Monitor service.

Reading more in to this, it seems to happen when the server has an issue, like low memory, slow IO etc. It also seems to be a bug in CU2 and CU3.

A good thread on the issue can be found here.

You can run the following powershell command on a CU2 server to disable automatic reboots (BSOD).

Add-GlobalMonitoringOverride -Identity ExchangeActiveDirectoryConnectivityConfigDCServerReboot -ItemType Responder -PropertyName Enabled -PropertyValue 0 -ApplyVersion “15.0.712.24

If you have CU3 or another version, change the ApplyVersion to the specific version of Exchange. The versions can be found here.