Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, August 9, 2019 4:56 PM
"When a Word doc, Acrobat pdf, or Excel file is copied out of Outlook and placed on a Server 2016 share there is a 30 second delay on each file that is copied. If it's only 1 file, that's not too annoying, but when you have a bunch of files it causes a problem. Windows 10 to Windows 10 does not have the problem. Windows 10 to Server 2008 does not have the problem. Server 2016 to Server 2016 has the same problem as Windows 10 to Server 2016. If the file has the 'block' that Microsoft puts on it for being from an untrusted source (this file came from another computer and might be blocked to help protect this computer), then there is a delay in the copy. My server is not running any antivirus or Windows Defender. All of our desktops are having this issue, I even tried a new build from scratch with nothing on it but Windows 10 and copying the file from a flash drive and it still has the delay, so I think Server is to blame somehow."
I know that I can right click and unblock each file individually or mass unblock with PS, but it won't solve my problem of copying files directly from Outlook to the share. I have tried all the fixes that I could find including changing the registry, the Group policy for Zone info, Turned off AV, fresh windows box but nothing seems to work. The server is a 2016 Datacenter running 1607 build 14393.3085. Any help will be greatly appreciated!
All replies (1)
Friday, August 9, 2019 5:38 PM
Hello Bit Wrangler,
Maybe someone will recognize the cause of your problem, but what I would try to diagnose the cause of the problem is to use Event Tracing for Windows.
One way of doing this is to use logman.exe (Microsoft Message Analyzer, netsh trace are other equally good methods, among many others).
Create a file with the ETW providers to trace: I would suggest:
Microsoft-Windows-Kernel-Process 0x10
Microsoft-Windows-Kernel-File
Microsoft-Windows-SmbServer
Then start the trace on the server, reproduce the problem and stop the trace.
The trace can be started with a command like "logman start slowzone -ets -pf providers.txt -nb 999 -o slowzone.etl" and stopped with the command "logman stop slowzone -ets". "slowzone" is just a name that can be freely chosen, "providers.txt" is the name given to the file containing the three provider names. "999" is hopefully a large enough value (for buffering) to stop events being lost.
The trace can be analysed with Microsoft Message Analyzer (amongst other tools), but understanding and correlating the Microsoft-Windows-Kernel-File events can be tricky.
The hope would be to identify "approximately" where the time is being lost. File data reads by any anti-virus type software should be included in the Microsoft-Windows-Kernel-File events.
Once we have a rough idea about what is happening when, we may then well need to focus the tracing on particularly relevant events, probably using ETW stack capturing techniques to identify any device drivers involved in the delay.
This could be a long and tricky path, particularly if you have concerns about sharing the trace data, but it should lead to a better understanding of the problem and perhaps even suggest a solution...
Gary