Friday Mail Sack – Mogwai Edition

Hi folks, Ned here again. This week we hunt down some documentation gremlins and give them a well-deserved smack.

Also, things will be a bit slow next week as I will be out in Redmond teaching this rotation of Microsoft Certified Masters. Never heard of it? If you’re at the IT career tipping point, this may be just what the doctor ordered. No really, it is, and I will be there!

• Dcdiag /fix
• DFSR RPC improvements in Win2008+
• USMT /SF

Question

What exactly does the dcdiag.exe /fix command do? According to this it fixes the SPNs on the DC machine account. But according to this it ensures that SRV records are appropriately registered (I thought the NetLogon service did this?!). And what exactly does the netdiag.exe /fix command do? This article says it "fixes minor problems", whatever that means.

Answer

1. Dcdiag /fix writes back the computers account’s AD replication SPN (DRSUAPI with an index value of “E3514235-4B06-11D1-AB04-00C04FC2DCD2”) entry only. More info on this SPN here:

https://msdn.microsoft.com/en-us/library/dd207876(PROT.13).aspx https://msdn.microsoft.com/en-us/library/ee791539(PROT.10).aspx

If someone (else!) has destroyed all the other SPN’s, you will need to recreate them or restart whichever service recreates them. For example if the DFSR SPN goes missing, you restart the DFSR service and it will get put back.

2. Netdiag /fix reads the %systemroot%\system32\config\Netlogon.dns file and attempts to register all records in DNS.

I confirmed both in source code, regardless of what old TechNet goo states. :-)

Question

In Win2008 DFSR has been improved regarding the asynchronous RPC connections and 16 concurrent connections for upload and download. Do you have any further info on how improved the performance will be from Win2003 R2 to Win2008/2008 R2? Are there any other factors that would drive me to start rolling out the later OS versions?

Answer

I will be posting posted some new info about performance improvements in 2008/2008 R2 as well as registry tuning options in the coming weeks. But we don’t have any specific case studies that I am aware of yet – I’ll see if I can find them, and if you do, feel free to comment. We do have some rather unspecific ones, if you’re interested.

From testing and customer experience though, we see anywhere from a 4 to 20 times performance improvement of 2008 over 2003 R2, depending on a variety of factors that are often very customer specific (network speed, bandwidth, latency, loss rates, errors, overall uptime + memory + CPU + disk subsystem + drivers). Not only did DFSR improve, but the OS got improvements and it makes better use of newer hardware. Besides the RPC and other changes, Win2008 tweaks the DFSR credit manager, and 2008 R2 really improves it – much more evenly-distributed replication with greatly lowered chance of servers being starved by updates.

Other factors:

1. Win2003 enters extended support on July 13 2010. This means no further hotfixes that improve reliability or performance, and 5 years of crossed fingers until end of life.
2. You would now have the option on DC’s to switch to DFSR-enabled SYSVOL and no longer use FRS there.
3. If deploying 2008 R2, you would also gain read-only and cluster support, which is unavailable in 2003/2008.

Question

I am using your old blog post on making custom registry changes and…

Answer

Ewwwww… The only reason to use that old document is if you are still running Windows 2000 somewhere. Otherwise you should be busting out Group Policy Preferences and wowing your friends and family.

Oh, and really? You’re running Win2000? That’s very uncool of you…

Question

I am doing USMT migrations with /SF. What is that switch and why are my migrations absolutely busted to heck?

Answer

This one came in late last week and was so gnarly that it ended generating a whole blog post. Read more here. Sometimes your questions to us generate more than a Friday reply.

Good work, Internets!

– Ned “3 important rules” Pyle