Message Analyzer

Similar Messages

• Message Analyzer and RDMA NIC

  Hi,
  Is Message Analyzer compatible with RDMA cards, such as the Mellanox ConnectX-3 ?
  In other words, can I capture with Message Analyzer the network traffic of this kind of NIC ?
  thanks
  Eric

  Thanks Paul,
  Using the scenario 'SMB Client with full payload' (I run Message Analyzer on my client), I can see the SMB2 traffic that is sent and received by both the Ethernet NIC and the RDMA NIC.
  That's great!
  A quick question:
  In the trace, I have sometimes this message : "Microsoft_Windows_SMBClient, Transitioned to State: 180 Context: 0" or "Transitioned to State: 181 Context: 0".
  Sometimes, I have "Session Setup Error: 0 Location: 537920470 Context: 13"
  What does it mean? it is not a packet sent or received by the wire, right?

• Looking at protocols on non default ports in Microsoft Message Analyzer

  I have previously been using Microsoft Network Monitor. I'd like to migrate to Microsoft Message Analyzer but I cannot find out how to view network traffic as a certain protocol (in my case TDS, the protocol SQL Server uses) unless it has the default port.
  For TDS the default TCP port is 1433 however I need to be able to look at TDS traffic coming on different TCP ports.
  It was possible to do this in Network Monitor by editing the switch statement in the TCP parser to add the ports I required along with 1433 and then rebuilding the parsers. In wireshark it's even simpler as you just select the traffic you want and say "View
  as TDS" however wireshark's TDS parsing is not as good as Microsoft's and we need the parsing to be as accurate as possible.
  Does anyone know how to parse traffic as particular protocols if they are not on the default port in Message Analyzer?
  Many thanks
  Rob

  With Message Analyzer and alternate Ports, you have to do much the same workaround we did with Network Monitor. We do plan to make it easier in the future, especially given the increased use of alternate ports, but for now changing the OPN (which is NPL
  for Message Analyzer), you can make it parse.
  You can make the change to TDS.OPN in C:\Users\YOURLOGINNAME\AppData\Local\Microsoft\MessageAnalyzer\OPNAndConfiguration\OPNs\Microsoft\MicrosoftCommon\TDS.OPN.  You can find the actor that is defined like this:
  autostart actor TDSOverTCP(ReassembledTCP.Server server)
  These "act" as a the endpoint looking to match messages from TCP.  You'll need to find each location where TDS.Port is defined and add your port.  So for instance in the first process rule, you'd changed:
      process server accepts s:ReassembledTCP.VirtualDataSegment
          where s.DestinationPort == Port.TDS && ((inboundCache != null && inboundCache.Buffer != null && inboundCache.Buffer.Count > 0) || IsTDSHeader(s.Payload))
  to
      process server accepts s:ReassembledTCP.VirtualDataSegment
          where (s.DestinationPort == Port.TDS || s.DestinationPort == 5555) && ((inboundCache != null && inboundCache.Buffer != null && inboundCache.Buffer.Count > 0) || IsTDSHeader(s.Payload))
  If you need more help, please let me know.  Keep in mind when you make an OPN change, we have to rebuild and cache things.  This might slow down the UI at first, but after everything you normally touch as been re-cached, it will be fast again.
  Paul

• Run Message Analyzer From Batch File

  New to Message Analyzer trying to run it from a batch file but have not found any good examples. Can anyone please provide some help? Trying to use C:\Program Files\Microsoft Message Analyzer>messageanalyzer.exe /logmode  but it just opens the GUI
  I need it to run command line only and output to a file of my choice.
  Raymond McAuliffe

  PowerShell is the way we support automation with Message Analyzer. Check out this blog:
  http://blogs.technet.com/b/messageanalyzer/archive/2013/10/29/using-powershell-to-automate-tracing.aspx

• Message Analyzer classes or videos?

  hi - I'm curious if you offer classes on using Message Analyzer and if not, have you considered offering one. I watched the 2 videos on the main page, and those helped getting starting, but it would be nice to get up and running
  more quickly, e.g., using powerShell scripts, etc.. More videos would be great. Just a thought.
  thx

  Yes, we are definitely considering this.  Thanks for the feedback.
  Paul

• Analyzing Syslog Messages

  Hello All,
  I've configured my ASA to send its log messages to Unix syslog server, and I can show all the messages from the server with no issues.
  As the file is getting so big, it will be hard to analyze it manually. I'm looking for log messages analyzer which can give me at lease some basic reports or statistics.
  Requesting your help on this!!
  Thanks,

  Hi All,
  I thought it is a good idea to share the workaround my colleague came up with for this prolem. there is a file called syslog-entries.txt under /opt/CSCOpx/conf. he added all the entries we needed like :
  local3.*     /var/log/syslog_info
  local5.*   /var/log/syslog_info
  the change was automatically reflected on syslog.conf
  now we receve alerts from facilities 3 and 5 besides 7.  hope this helps anyone who run into the same issue.

• What driver or software patches do i need to install in my windows 7 laptop, in order for the laptop to capture Bluetooth messages, which is possible with window 8?

  Hi,
  i am connecting a Bluetooth device to my laptop. I notice that Message Analyzer could capture Bluetooth messages only if I am using windows 8? I am using window 7. What driver or software patches do i need to install in my windows 7 laptop, in order for
  the laptop to capture Bluetooth messages, which is possible with window 8?
  Also, i notice that using window 8, i am able to capture Bluetooth message but i am not able to display wireless perfromance statistics such as signal strength, throughput, etc? Is there a way for me to get such information.
  Please help.

  If you look at the link you sent me:Default Trace Scenarios
  http://msdn.microsoft.com/en-us/library/jj659262.aspx
  "Windows 8 Bluetooth (Windows 8/Windows Server 2012 or later) 
  Troubleshoot Bluetooth issues"
  So what about Windows 8 earlier? Not supported?
  My question: What driver or software patches do i need to install in my windows 7 laptop, in order for the laptop to capture Bluetooth messages, which is possible with window 8?

• Loading MIB in Message Analyser

  Hi Guys
  Is there a way I can load MIB files in message analyser and parse SNMP packets?
  BR//Sunny

  We don't have a way to parse SNMP packets based on an MIB definition.  I can't say we've had many requests for this, but it would be interesting to know  your scenario and understand why Message Analyzer would be a solution for you if we had this
  feature.
  Paul

• Howto analyze STARTTLS on SMTP after switching to TLS

  Hi!
  What are my options if I want to analyze a SMTP conversation after STARTTLS with Message Analyzer 1.2?
  In the beginning I can see my packets on Port 587 (SMTP), then when STARTTLS is sent I can see the Hello Server and Hello Client Cipher negotiations. But after that it changes mode to TLS 1.2.
  As the certificate comes from a public SMTP-server, I don't know the private password.
  What are my options to analyze the encrypted SMTP traffic?
  Thanks
  Mike
  MikeH

  With out the private cert and password, then I don't think you'll be able to decrypt the data after the fact. The only other possible option is to try and capture using our Unencrypted HTTPS provider, however I don't think that will work either as it's
  geared towards capturing IE traffic, and I can't say that this would use the same mechanism, but you could try.
  If neither of those work, then I'm not aware of any other options for capturing this traffic in the clear.
  Paul

• Lync 2013 Mobility Client - Video Call Issue (Everything Else works).

  Hey Technet’ies,
  I have been struggling for a couple of weeks now to resolve one of the final issues with a Migration/Upgrade Project on Lync Server 2013.
  I have nearly every Lync Client Scenario working well except the Mobility Client (outside of the domain) which cannot successfully complete a Video
  Call to a Windows Desktop Client (inside the domain) – the toast pops up, but when we click accept - it just times out after 15 seconds
  K
  The strange thing is every other Video Call scenario works;
  Mobility Client (Outside Domain)
  àWindows Desktop Client (Inside Domain)
  = Unsuccessful
  Mobility Client (Inside Domain)
  à Windows Desktop Client (Inside Domain) = Successful
  Mobility Client (Inside Domain)
  à Windows Desktop Client (Outside Domain) = Successful
  Mobility Client (Outside Domain)
  à Windows Desktop Client (Outside Domain) = Successful
  Mobility Client (Inside Domain)
  à Mac Desktop Client (Inside Domain) = Successful
  Mobility Client (Inside Domain)
  à Mac Desktop Client (Outside Domain) = Successful
  Mobility Client (Outside Domain)
  à Mac Desktop Client (Outside Domain) = Successful
  Mobility Client (Outside Domain)
  à Mac Desktop Client (Inside Domain) = Successful
  Mobility Client (All Scenarios)
  à Mobility Client (All Scenarios) = Successful
  Our setup is pretty standard;
  All OS servers are Win Server 2012 R2
  Lync 2013 Standard FE Server
  Lync 2013 Edge Server
  Reverse Proxy IIS AAR (Also Win Server 20012 R2)
  Lync 2013 Desktop Clients, Lync 2011 Mac Clients, IOS and Android Mobility Clients – all latest versions.
  External NAT (via Cisco Routers ACL’s)
  Internal Windows Firewall Currently off on all Servers
  All Certs / DNS Configured as per Technet Recommendation
  I have reviewed / analysed a number of log/trace files – looking for some/any information on the problem;
  Mobility Client (cmlogX.log)
  Windows Desktop Client (*.etl) / Microsoft Message Analyzer
  Lync 2013 Server (CSController)
  With all my looking I could not make out an error except a timeout (15 seconds) on the Mobility Client log (which I currently can’t find).
  Clearly we are missing something and I have gone up and down our implementation a number of times, the only semi-unknown is our old 2010 Pool / Central Management Server (which is currently pretty much redundant but the majority of users still on).
  I would really appreciate any feedback anyone can provide or any insight anyone may have on this challenge.
  Thanks in advance, Alex.
  Alex

  Hi Andrew,
  Thanks for the quick contact!!
  Sorry - typo in my post, I have now corrected it;
  Mobility
  Client (Outside Domain) àWindows
  Desktop Client (Inside Domain) = Unsuccessful
  So I completely missed that blog post of yours (out of the 100's I have read) and you are the first person to clearly say (in simple terms) to point the lyncweb.contso.com to the public IP address on my internal DNS, I have just made that change and see
  if it will correct the issue - will wait for replication. 
  Also I am running IIS / AAR as Reverse Proxy (not ISA) and had the Internal DNS Host A of lyncweb.contso.com and lyncdiscover.contso.com point back to my Reverse Proxy Internal NIC (i.e. 10.1.1.32) as the External NIC is isolated on in the Perimeter Network,
  is this correct?
  So it now goes like this
  *Inside Domain*
  lyncdiscover.contson.com --> 10.1.1.32 (Reverse Proxy Internal Nic) --> 10.1.1.26 (Front End Server)
  lyncweb.contson.com --> 201.183.0.1 (Reverse Proxy External Nic - Public IP) --> 10.1.2.16 (Reverse Proxy External Nic) --> 10.1.1.26 (Front End Server)
  Does this make any sense, I know ISA and IIS/AAR are pretty much interchangeable.
  Thanks again Andrew and look forward to any feedback,
  Alex.
  Alex

• Live Trace misses ETW events without user-specified context data

  Hi there.
  Currently using MessageAnalyzer for capturing and analyzing ETW debug logs. But in analysys grid I see only events *with* any extra event data and no events *without* it.
  This events are ok:
  <event symbol="someevent1" value="68" version="0" channel="MyApp/debug" level="win:Verbose" opcode="win:Info" template="Message" message="$(string.MyApp.event.68.message)"></event>
  This events are totally missed:
  <event symbol="someevent2" value="69" version="0" channel="MyApp/debug" level="win:Verbose" opcode="win:Info" message="$(string.MyApp.event.69.message)"></event>
  There is no difference if "template" attribute omitted, empty string or targets empty template.
  In Event Viewer and .elt traces captured with xperf I see *all* events, so there is problems with manifest or application itself. Is it feature of MessageAnalyzer or some kind of bug?
  MessageAnalyzer 1.2 (build 4.0.7285.0), windows 8.
  Thanks.

  This sounds similar to another bug report we received internally.  In that case, the message are dropped by message analyzer, but TraceFmt and other tools show these missing events.  Hopefully we can address in our next release. 
  Sorry for the inconvienience, and hopefully we can fix this soon.
  Paul

• [Forum FAQ] Troubleshooting Network File Copy Slowness

  1. Introduction
  The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The set of message packets that defines a particular version of the protocol is called a dialect. The Common
  Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix, and other operating systems.
  Microsoft SMB Protocol and CIFS Protocol Overview
  http://msdn.microsoft.com/en-us/library/windows/desktop/aa365233(v=vs.85).aspx
  Server Message Block overview
  http://technet.microsoft.com/en-us/library/hh831795.aspx
  1.1
  SMB Versions and Negotiated Versions
  - Thanks for the
  Jose Barreto's Blog
  There are several different versions of SMB used by Windows operating systems:
  CIFS – The ancient version of SMB that was part of Microsoft Windows NT 4.0 in 1996. SMB1 supersedes this version.
  SMB 1.0 (or SMB1) – The version used in Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2003 R2
  SMB 2.0 (technically SMB2 version 2.002) – The version used in Windows Vista (SP1 or later) and Windows Server 2008 (or any SP)
  SMB 2.1 ((technically SMB2 version 2.1) – The version used in Windows 7 (or any SP) and Windows Server 2008 R2 (or any SP)
  SMB 3.0 (or SMB3) – The version used in Windows 8 and Windows Server 2012
  SMB 3.02 (or SMB3) – The version used in Windows 8.1 and Windows Server 2012 R2
  Windows NT is no longer supported, so CIFS is definitely out. Windows Server 2003 R2 with a current service pack is under Extended Support, so SMB1 is still around for a little while. SMB 2.x in Windows Server 2008 and Windows Server 2008
  R2 are under Mainstream Support until 2015. You can find the most current information on the
  support lifecycle page for Windows Server. The information is subject to the
  Microsoft Policy Disclaimer and Change Notice.  You can use the support pages to also find support policy information for Windows
  XP, Windows Vista, Windows 7 and Windows 8.
  In Windows 8.1 and Windows Server 2012 R2, we introduced the option to completely disable CIFS/SMB1 support, including the actual removal of the related binaries. While this is not the default configuration, we recommend disabling this older
  version of the protocol in scenarios where it’s not useful, like Hyper-V over SMB. You can find details about this new option in item 7 of this blog post:
  What’s new in SMB PowerShell in Windows Server 2012 R2.
  Negotiated Versions
  Here’s a table to help you understand what version you will end up using, depending on what Windows version is running as the SMB client and what version of Windows is running as the SMB server:
  OS
  Windows 8.1  WS 2012 R2
  Windows 8  WS 2012
  Windows 7  WS 2008 R2
  Windows Vista  WS 2008
  Previous versions
  Windows 8.1 WS 2012 R2
  SMB 3.02
  SMB 3.0
  SMB 2.1
  SMB 2.0
  SMB 1.0
  Windows 8 WS 2012
  SMB 3.0
  SMB 3.0
  SMB 2.1
  SMB 2.0
  SMB 1.0
  Windows 7 WS 2008 R2
  SMB 2.1
  SMB 2.1
  SMB 2.1
  SMB 2.0
  SMB 1.0
  Windows Vista WS 2008
  SMB 2.0
  SMB 2.0
  SMB 2.0
  SMB 2.0
  SMB 1.0
  Previous versions
  SMB 1.0
  SMB 1.0
  SMB 1.0
  SMB 1.0
  SMB 1.0
  * WS = Windows Server
  1.2 Check, Enable and Disable SMB Versions in Windows operating systems
  In Windows 8 or Windows Server 2012 and later, there is a new PowerShell cmdlet that can easily tell you what version of SMB the client has negotiated with the File Server. You simply access a remote file server (or create a new mapping to it) and use Get-SmbConnection.
  To enable and disable SMBv1, SMBv2, and SMBv3 in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012, please follow the steps in the article below.
  Warning: We do not recommend that you disable SMBv2 or SMBv3. Disable SMBv2 or SMBv3 only as a temporary troubleshooting measure. Do not leave SMBv2 or SMBv3 disabled.
  http://support.microsoft.com/kb/2696547
  1.3 Features and Capabilities
  - Thanks for the
  Jose Barreto's Blog
  Here’s a very short summary of what changed with each version of SMB:
  From SMB 1.0 to SMB 2.0 - The first major redesign of SMB
  Increased file sharing scalability
  Improved performance
  Request compounding
  Asynchronous operations
  Larger reads/writes
  More secure and robust
  Small command set
  Signing now uses HMAC SHA-256 instead of MD5
  SMB2 durability
  From SMB 2.0 to SMB 2.1
  File leasing improvements
  Large MTU support
  BranchCache
  From SMB 2.1 to SMB 3.0
  Availability
  SMB Transparent Failover
  SMB Witness
  SMB Multichannel
  Performance
  SMB Scale-Out
  SMB Direct (SMB 3.0 over RDMA)
  SMB Multichannel
  Directory Leasing
  BranchCache V2
  Backup
  VSS for Remote File Shares
  Security
  SMB Encryption using AES-CCM (Optional)
  Signing now uses AES-CMAC
  Management
  SMB PowerShell
  Improved Performance Counters
  Improved Eventing
  From SMB 3.0 to SMB 3.02
  Automatic rebalancing of Scale-Out File Server clients
  Improved performance of SMB Direct (SMB over RDMA)
  Support for multiple SMB instances on a Scale-Out File Server
  You can get additional details on the SMB 2.0 improvements listed above at
  http://blogs.technet.com/b/josebda/archive/2008/12/09/smb2-a-complete-redesign-of-the-main-remote-file-protocol-for-windows.aspx
  You can get additional details on the SMB 3.0 improvements listed above at
  http://blogs.technet.com/b/josebda/archive/2012/05/03/updated-links-on-windows-server-2012-file-server-and-smb-3-0.aspx
  You can get additional details on the SMB 3.02 improvements in Windows Server 2012 R2 at
  http://technet.microsoft.com/en-us/library/hh831474.aspx
  1.4 Related Registry Keys
  HKLM\SYSTEM\CurrentControlSet\Services\MrxSmb\Parameters\
  DeferredOpensEnabled – Indicates whether the Redirector can defer opens for certain cases where the file does not really need to be opened, such as for certain delete requests and adjusting file attributes.
  This defaults to true and is stored in the Redirector variable MRxSmbDeferredOpensEnabled.
  OplocksDisabled – Whether the Redirector should not request oplocks, this defaults to false (the Redirector will request oplocks) and is stored in the variable MrxSmbOplocksDisabled.
  CscEnabled – Whether Client Side Caching is enabled. This value defaults to true and stored in MRxSmbIsCscEnabled. It is used to determine whether to execute CSC operations when called. If CSC is enabled,
  several other parameters controlling CSC behavior are checked, such as CscEnabledDCON, CscEnableTransitionByDefault, and CscEnableAutoDial. CSC will be discussed in depth in its own module, so will be only mentioned in this module when it is necessary to understanding
  the operation of the Redirector.
  DisableShadowLoopback – Whether to disable the behavior of the Redirector getting a handle to loopback opens (opens on the same machine) so that it can shortcut the network path to the resource and
  just access local files locally. Shadow opens are enabled by default, and this registry value can be used to turn them off. It is stored in the global Redirector variable RxSmbDisableShadowLoopback.
  IgnoreBindingOrder – Controls whether the Redirector should use the binding order specified in the registry and controlled by the Network Connections UI, or ignore this order when choosing a transport
  provider to provide a connection to the server. By default the Redirector will ignore the binding order and can use any transport. The results of this setting are stored in the variable MRxSmbObeyBindingOrder.
  HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\
  Security Signature settings – The RequireSecuritySignature setting is stored in MRxSmbSecuritySignaturesRequired, EnableSecuritySignature in MRxSmbSecuritySignaturesEnabled, RequireExtendedSignature
  in MRxSmbExtendedSignaturesRequired, and EnableExtendedSignature in MRxSmbExtendedSignaturesEnabled. Note that the Extended Security Signatures assume the regular security signatures are enabled, so those settings are adjusted if necessary based on the extended
  settings. If extended signatures are required, regular signatures have to be required.
  EnablePlainTextPassword – Support for using plain text passwords can be turned on using this key. They are disabled by default.
  OffLineFileTimeoutIntervalInSeconds – Used to set the expiration time for timing out an Exchange (discussed later) when the exchange is accessing an offline file. This value defaults to 1000 seconds,
  but can be changed in the registry and is stored in the global Redirector variable OffLineFileTimeoutInterval
  SessTimeout – This is the amount of time the client waits for the server to respond to an outstanding request. The default value is 60 seconds (Windows Vista). When the client does not receive the
  response to a request before the Request Expiration Timer expires, it will reset the connection because the operation is considered blocked. In Windows 8, the request expiration timer for the SMB 2 Negotiate is set to a smaller value, typically under 20 seconds,
  so that if a node of a continuously available (CA) cluster server is not responding, the SMB 3.0 client can expedite failover to the other node.
  ExtendedSessTimeout – Stored in the ExtendedSessTimeoutInterval variable, this value is used to extend the timeout on exchanges for servers that require an extended session timeout as listed in the
  ServersWithExtendedSessTimeout key. These are third party servers that handle SMB sessions with different processes and vary dramatically on the time required to process SMB requests. The default value is 1000 seconds. If the client is running at least Windows
  7 and ExtendedSessTimeout is not configured (By Default), the timeout is extended to four times the value of SessTimeout (4 * SessTimeout).
  MaxNumOfExchangesForPipelineReadWrite – This value is used to determine the maximum number of write exchanges that can be pipelined to a server. The default is 8 and the value is stored in the variable
  MaxNumOfExchangesForPipelineReadWrite.
  Win9xSessionRestriction – This value defaults to false, but is used to impose a restriction on Windows 9x clients that they can only have one active non-NULL session with the server at a time. Also,
  existing session based connections (VNETROOTS) are scavenged immediately, without a timeout to allow them to be reused.
  EnableCachingOnWriteOnlyOpens – This value can cause the Redirector to attempt to open a file that is being opened for write only access in a manner that will enable the Redirector to cache the file
  data. If the open fails, the request will revert back to the original requested access. The value of this parameter defaults to false and is stored in the MRxSmbEnableCachingOnWriteOnlyOpens variable.
  DisableByteRangeLockingOnReadOnlyFiles – This parameter defaults to false, but if set to true will cause level II oplocks to automatically be upgraded to batch oplocks on read-only files opened for
  read only access. It is stored in the variable DisableByteRangeLockingOnReadOnlyFiles.
  EnableDownLevelLogOff – False by default, this value controls whether a Logoff SMB will be sent to down-level servers when a session is being closed. If this is false, and the server has not negotiated
  to the NT SMB dialect or does not support NT Status codes, the logoff will not be sent because we aren’t sure that server will understand the request. The value is stored in MrxSmbEnableDownLevelLogOff.
  HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\
  ResilientTimeout – This timer is started when the transport connection associated with a resilient handle is lost. It controls the amount of time the server keeps a resilient handle active after the
  transport connection to the client is lost. The default value is 300 seconds (Windows 7, Server 2008 R2, 8, Server 2012).
  DurableHandleV2TimeoutInSecond – This timer is started when the transport connection associated with a durable handle is lost. It controls the amount of time the server keeps a durable handle active
  after the transport connection to the client is lost. The default value is 60 seconds (Windows 8, Windows Server 2012). The maximum value is 300 seconds.
  HKLM\SYSTEM\CurrentControlSet\Services\SMBWitness\Parameters\
  KeepAliveInterval – This functionality was introduced for SMB 3.0 in Windows 8 and Windows Server 2012. The witness protocol is used to explicitly notify a client of resource changes that have occurred
  on a highly available cluster server. This enables faster recovery from unplanned failures, so that the client does not need to wait for TCP timeouts. The default value is 20 minutes (Windows 8, Windows Server 2012).
  HKLM\System\CurrentControlSet\Services\SmbDirect\Parameters\
  ConnectTimeoutInMs – Establish a connection and complete negotiation. ConnectTimeoutInMs is the deadline for the remote peer to accept the connection request and complete SMB Direct negotiation. Default
  is 120 seconds (Windows 8).
  AcceptTimeoutInMs – Accept negotiation: The SMB Direct Negotiate request should be received before AcceptTimeoutInMs expires. The servers starts this timer as soon as it accepted the connection. Default
  is 5 seconds (Windows 8).
  IdleConnectionTimeoutInMs – This timer is per-connection. It is the amount of time the connection can be idle without receiving a message from the remote peer. Before the local peer terminates the
  connection, it sends a keep alive request to the remote peer and applies a keep alive timer. Default is Default: 120 seconds (Windows 8).
  KeepaliveResponseTimeoutInMs – This attribute is per-connection. It defines the timeout to wait for the peer response for a keep-alive message on an idle RDMA connection. Default is 5 seconds (Windows
  8).
  CreditGrantTimeoutInMs – This timer is per-connection.  It regulates the amount of time that the local peer waits for the remote peer to grant Send credits before disconnecting the connection.
  This timer is started when the local peer runs out of Send credits. Default is 5 seconds (Windows 8).
  References:
  [MS-SMB]: Server Message Block (SMB) Protocol
  http://msdn.microsoft.com/en-us/library/cc246231.aspx
  [MS-SMB2]: Server Message Block (SMB) Protocol Versions 2 and 3
  http://msdn.microsoft.com/en-us/library/cc246482.aspx
  SMB 2.x and SMB 3.0 Timeouts in Windows
  http://blogs.msdn.com/b/openspecification/archive/2013/03/27/smb-2-x-and-smb-3-0-timeouts-in-windows.aspx

  3. How to Troubleshoot
  3.1 Troubleshooting Decision Tree
  1
  Is the slowness occurring in browsing a network shared folder or   copying a file, or both?
  Browsing, go to 1.1.
  Copying, go to 1.2.
  Both, go to 1.3.
  1.1
  Is the target a DFS path or not?
  Yes, go to 1.1.1.
  No, go to 1.1.2.
  1.1.1
  Is the client visiting the nearest DFS root server and file   server?
  Yes, go to 1.1.1.1.
  No, go to 1.1.1.2.
  1.1.1.1
  Browse the corresponding (Non-DFS) UNC path directly. Do you   still experience the slowness?
  Yes, go to 1.1.1.1.1.
   No,
  go to 1.1.1.1.2.
  1.1.1.1.1
  Issue is the particular file server responds to the share folder   enumeration requests slowly. Most probably it’s
  unrelated to DFS. Follow   1.1.2.
  1.1.1.1.2
  Issue is that client experiences delay when browsing the DFS   path, but no delay is visiting the target file server
  directly. Capture   Network Monitor trace from the client and study if the DFS path is cracked   down.
  1.1.1.2
  Use dfsutil.exe to clear local domain and referral cache. Then   visit the DFS path again and capture Network Monitor
  trace from the client to   study why the client goes to a wrong file server or DFS root server.
  1.1.2
  Not a DFS issue. Issue is the particular file server responds to   the share folder enumeration requests slowly. “Dir”
  the same share folder   from Command Prompt. Is it slow?
  Yes, go to 1.1.2.1
  No, go to 1.1.2.2
  1.1.2.1
  Check the number of subfolders and files in that share folder.   Is the number large?
  Yes, go to 1.1.2.1.1
  No, go to 1.1.2.1.2
  1.1.2.1.1
  Try to “dir” a different share folder on the same file server,   but with less items. Is it still slow or not?
  Yes, go to 1.1.2.1.1.1
  No, go to 1.1.2.1.1.2
  1.1.2.1.1.1
  Probably to be performance issue of the file server. Capture   Network Monitor trace from both sides, plus Performance
  Monitor on the file   server.
  1.1.2.1.1.2
  Probably to be performance issue of the file server,   particularly, of the disk. Capture Network Monitor trace from
  both sides,   plus Performance Monitor on the file server.
  1.1.2.1.2
  Same as 1.1.2.1.1.1. Probably to be performance issue of the   file server. Capture Network Monitor trace from both
  sides, plus Performance   Monitor on the file server.
  1.1.2.2
  Explorer.exe browses the share folder slowly while “dir” does   fast. The issue should lie in the particular SMB traffic
  incurred by   explorer.exe. It's a Shell issue.
  1.2
  Is the target a DFS path or not?
  Yes, go to 1.2.1
  No, go to 1.2.2
  1.2.1
  Is the client downloading/uploading against the nearest file   server?
  Yes, go to 1.2.1.1
  No, go to 1.2.1.2
  1.2.1.1
  Try to download/upload against that file server using the   Non-DFS share path. Still slow?
  Yes, go to 1.2.1.1.1
  No, go to 1.2.1.1.2
  1.2.1.1.1
  Not a DFS issue. Capture Network Monitor trace from both sides   to identify the pattern of the slowness.
  1.2.1.1.2
  This is unlikely to occur because the conclusion is   contradictory to itself. Start from the beginning to double
  check.
  1.2.1.2
  Same situation as 1.1.1.2. Use dfsutil.exe to clear local domain   and referral cache. Then visit the DFS path again
  and capture Network Monitor   trace from the client to study why the client goes to a wrong file server or   DFS root server.
  1.2.2
  Same as 1.2.1.1.1. It's not a DFS issue. Capture Network Monitor   trace from both sides to identify the pattern of
  the slowness.
  1.3
  Follow 1.1 and then 1.2.
  3.2 Troubleshooting Tools
  Network Monitor or Message Analyzer
  Download
  http://www.microsoft.com/en-us/download/details.aspx?id=40308
  Blog
  http://blogs.technet.com/b/messageanalyzer/
  Microsoft Message Analyzer Operating Guide
  http://technet.microsoft.com/en-us/library/jj649776.aspx
  Performance Monitor
  http://technet.microsoft.com/en-us/library/cc749249.aspx
  DiskMon
  http://technet.microsoft.com/en-us/sysinternals/bb896646.aspx
  Process Monitor
  http://technet.microsoft.com/en-us/sysinternals/bb896645

• Unable to add Active Directory: Kerberos Client trace scenario configuraiton

  Hi,
  While trying to add Active Directory: Kerberos Client trace scenario configuraiton, I am getting this error message in the log (see below).
  What am I missing?
  Thanks
  Alex.
  6/24/2014 10:09:18 AM Information running ETW Manifest Import Adapter on supplemental OPN: done
  6/24/2014 10:09:18 AM Warning Cannot create ETW manifest loader for Active Directory: Kerberos Client: The system cannot find the file specified. Please check that the manifest is properly installed
  6/24/2014 10:09:18 AM Information running ETW Manifest Import Adapter on Active_Directory__Kerberos_Client: completed successfully
  6/24/2014 10:09:18 AM Error running ETW Manifest Import Adapter on Active_Directory__Kerberos_Client: Unexpected exception happened: The given key was not present in the dictionary. stacktrace:    at Microsoft.Opn.Runtime.Messaging.Etw.GeneratedOpnCacheManager.ImportEtwProviderMetadata(Guid
  providerId, EtwManifestResolver manifestResolver, Boolean reportConflicts)
  Product Technical Specialist in Identity Management, Microsoft Canada. http://blogs.msdn.com/alextch

  Active Directory: Kerberos Client is MOF based ETW provider.
  Looks like PEF/Message Analyzer version which your using doesn't have parsing of events from MOF based providers.
  We added support MOF based ETW providers in PEF/MA v1.0.2 . What is PEF/MA version your using?
  Alternatively, you can use LinkLayer/Firewall Trace Scenarios to get the Kerberos Network traffic or other Kerberos Manifest based ETW providers for example "Microsoft-Windows-Security-Kerberos" etw provider if these providers produce any ETW events.

• Cant deploy the mapping which is validated fine-Problem in debugging

  Hi All,
  I have a complex mapping with almost thirthy tables involved.
  I have created a mapping with step by step process of t1 Join t2 ,t2 Join t3....t29 join t30
  The mapping seems fine and was validated succesfully.
  When I try to deploy the same it is throwing me the warnings as below...
  how to resolve this?
  how to pinpoint the exact problem area in pls code generated while deploying.
  Thanks Much!
  Srid
  Below is the deployment warning message
  COPY_OF_MAP_PS_2OJAN
  Create
  Warning
  ORA-06550: line 11, column 3:
  PL/SQL: ORA-00923: FROM keyword not found where expected
  COPY_OF_MAP_PS_2OJAN
  Create
  Warning
  ORA-06550: line 11, column 3:
  PL/SQL: SQL Statement ignored
  COPY_OF_MAP_PS_2OJAN
  Create
  Warning
  ORA-06550: line 2247, column 3
  PL/SQL: ORA-00923: FROM keyword not found where expected
  COPY_OF_MAP_PS_2OJAN
  Create
  Warning
  ORA-06550: line 2247, column 3:
  PL/SQL: SQL Statement ignored
  COPY_OF_MAP_PS_2OJAN
  Create
  Warning
  ORA-06550: line 4738, column 7:
  PL/SQL: ORA-00923: FROM keyword not found where expected
  COPY_OF_MAP_PS_2OJAN
  Create
  Warning
  ORA-06550: line 4738, column 7:
  PL/SQL: SQL Statement ignored
  Job Summary
  Updated : 2009-01-21 07:38:57.0 Job Final Status : Completed with warnings Job Processed Count : 1 Job Error Count : 0 Job Warning Count : 6
  My mapping has only 18808 lines when i looked at the .pls script generated while deploying(surprisingly... the debug message shows the error is on 22776 line)
  when tried to debug the mapping Below is the debugging message
  Analyzing map for debug...
  Retrieving Control Center connection info...
  Connecting to Control Center schema...
  Checking character set of Control Center schema...
  Configuring sources and targets...
  Validating map...
  Correlated Commit is OFF.
  Generating debug package...
  Deploying temp debug tables...
  Deploying debug package...
  Debug code deployment messages:
  LINE 22776 ,COLUMN 46:
  PLS-00103: Encountered the symbol "B_BN_BNI_66_BN_ORIGI$2" when expecting one of the following:
  . ( * % & = - + ; < / > at in is mod remainder not rem
  <an exponent (**)> <> or != or ~= >= <= <> and or like LIKE2_
  LIKE4_ LIKEC_ between || multiset member SUBMULTISET_
  The symbol "." was substituted for "B_BN_BNI_66_BN_ORIGI$2" to continue.
  End debug code deployment messages
  Mapping Debugger Error:
  oracle.wh.service.sdk.mapping.debugger.WBMappingDebuggerException: DBG1012: Debug deployment errors, can't run debug code.

  Hi,
  there is only one software version. Whether or not you have to license it depends on the features you use.
  Generate the code in the mapping editor using the "generate" button
  In the generation result window, select generation style = intermediate and operating mode = "[PL/SQL] Set based"
  Now you have to select some input or output group of some operator in your mapping.
  Then the generation result window displays an SQL statement that represents the data that would go into the group you have selected.
  Run the SQL directly in your target schema (using sql*plus, sql developer, etc.).
  If the SQL cannot be executed, the problem is in that particular part of the mapping.
  You may try to locate it further.
  Good luck,
  Carsten.

• Email failed to sent to ONE external domain

  Hi,
  Just 2 month ago, we upgrade from Exch2003 to Exch2010. All was working fine.
  Then, it was reported that from Internal, we can't send email to this ONE particular domain.
  Below is the bounce back
  Delivery has failed to these recipients or groups:
  [email protected]
  The server has tried to deliver this message, without success, and has stopped trying. Please try sending this message again. If the problem continues, contact your helpdesk.
  Diagnostic information for administrators:
  Generating server: exch.yyy.123
  [email protected]
  #550 4.4.7 QUEUE.Expired; message expired ##
  Delivery is delayed to these recipients or groups:
  [email protected]
  Subject: Test email
  This message hasn't been delivered yet. Delivery will continue to be attempted.
  The server will keep trying to deliver this message for the next 1 days, 19 hours and 55 minutes. You'll be notified if the message can't be delivered by that time.
  Received: from knizam1 (192.168.100.1) by exch.yyy.123 (192.168.100.3)
   with Microsoft SMTP Server id 14.x.x.x; Tue, 18 Feb 2014 09:53:04 +0800
  Message-ID: <9F7CEC3E7F2A447D8AA561BABD38C34A@knizam1>
  From: apps <[email protected]>
  To: <[email protected]>
  Subject: Test email
  Date: Tue, 18 Feb 2014 09:51:33 +0800
  MIME-Version: 1.0
  Content-Type: multipart/alternative;
  boundary="----=_NextPart_000_0098_01CF2C8F.01AC0570"
  X-Priority: 3
  X-MSMail-Priority: Normal
  X-Mailer: Microsoft Outlook Express 6.00.2900.5931
  X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
  Return-Path: [email protected]
  X-MS-Exchange-Organization-OriginalArrivalTime: 18 Feb 2014 01:53:04.7374
   (UTC)
  X-MS-Exchange-Forest-ArrivalHubServer: exch.yyy.123
  X-MS-Exchange-Organization-OriginalClientIPAddress: 192.168.100.1
  X-MS-Exchange-Organization-OriginalServerIPAddress: 192.168.100.3
  X-MS-Exchange-Organization-AuthSource: exch.yyy.123
  X-MS-Exchange-Organization-AuthAs: Internal
  X-MS-Exchange-Organization-AuthMechanism: 0a
  X-MS-Exchange-Organization-MessageDirectionality: Originating
  X-MS-Exchange-Forest-MessageScope: 00000000-0000-0000-0000-000000000000
  X-MS-Exchange-Organization-MessageScope: 00000000-0000-0000-0000-000000000000
  X-MS-Exchange-Organization-Cross-Premises-Headers-Processed:
   exch.yyy.123
  X-MS-Exchange-Organization-OriginalSize: 1701
  X-MS-Exchange-Organization-HygienePolicy: Standard
  X-MS-Exchange-Organization-Recipient-Limit-Verified: True
  X-MS-Exchange-Organization-Processed-By-Journaling: Journal Agent
  X-MS-Exchange-Organization-MessageLatencyInProgress:
   LSRV=exch.yyy.123:TOTAL=0;2014-02-18T01:53:05.049Z

  goto max tool box and copy past the actual header in the message analyzer - it will help you figure out
  http://mxtoolbox.com/EmailHeaders.aspx
  Where Technology Meets Talent