Windows Explorer and SMB Traffic

 Server Message Block (SMB) traffic is an application-level network protocol typically used for file and print sharing.  Microsoft implements SMB in Windows operating systems through the Workstation and Server services; the client and server components respectively.  Although our Networking team supports and troubleshoots issues dealing with SMB itself and the Server and Workstation services, we […]

 Server Message Block (SMB) traffic is an application-level network protocol typically used for file and print sharing.  Microsoft implements SMB in Windows operating systems through the Workstation and Server services; the client and server components respectively.  Although our Networking team supports and troubleshoots issues dealing with SMB itself and the Server and Workstation services, we work with customers on many issues relating to the behavior of Windows Explorer and the Shell. 

By default, Windows Explorer generates a lot of SMB traffic - which can result in poor file server performance in some circumstances.  However, some of this traffic is superfluous and can be reduced - for example:

  • Searches for Desktop.ini files used for folder customization
  • Periodic refreshes of folder contents
  • Searches for supporting library (.dll) files
  • Individual file details and attributes pulled for each file
  • Thumbnail extraction

There are some registry changes you can implement to optimize the SMB traffic being generated.  Import the settings below on client machines.  Terminal Servers running in Application Mode should be considered client machines in this scenario.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"UseDesktopIniCache"=dword:00000001
"NoRemoteRecursiveEvents"=dword:00000001
"NoRemoteChangeNotify"=dword:00000001
"StartRunNoHOMEPATH"=dword:00000001
"NoRecentDocsNetHood"=dword:00000001
"NoDetailsThumbnailOnNetwork"=dword:00000001
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MRXSmb\Parameters]
"InfoCacheLevel"=dword:00000010
[HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\CryptoSignMenu]
"SuppressionPolicy"=dword:00100000
[HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}]
"SuppressionPolicy"=dword:00100000
[HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}]
"SuppressionPolicy"=dword:00100000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SCAPI]
"Flags"=dword:00100c02
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"SafeDllSearchMode"=dword:00000001
"SafeProcessSearchMode"=dword:00000001
 
Not all of these settings apply to every Windows Operating System, however any unused settings will be safely ignored by the OS.  Also, please ensure that you test any changes thoroughly make sure that user productivity is not impacted before rolling out these changes en masse.  You should also ensure that the client machines are updated with the latest SHELL32.DLL hotfix to make sure that all of the options above are properly supported for the operating system in question.  You can download Microsoft hotfixes by visiting our Submit an online request page.
 
There are a couple of other scenarios to consider:
  • If you use DFS in the environment, Windows XP and Windows Server 2003 clients should be updated with the Hotfix from KB 915377 to prevent excessive "Get_DFS_Referrals" traffic.
  • If you use Trend Micro Antivirus software on your client machines, and you notice an unusual amount of SMB traffic to your file server that is causing high CPU utilization and possibly a high handle count in the System process, you should review the information in KB Article 941756

As an aside, there is a major revision of the SMB protocol implemented in Windows Vista.  This revision is identified as SMB 2.0.  Some of the key enhancements of SMB 2.0 include the following:

  • Support for an arbitrary, extensible way to compound operations to reduce round trips.  This makes the protocol less "chatty" when compared to SMB 1.0.
  • Support for much larger buffer sizes
  • Greater scalability
  • Increase in the number of
  • Durable handles that can withstand short network "glitches"
  • Support for Symbolic Links

There's a more detailed post about SMB 2.0 over at the ChkDsk Blog.

That brings us to the end of this post.  As always, there are additional resources below and as you can see there are quite a few KB Articles regarding SMB and Windows Explorer ...

Additional Resources:

Microsoft, Windows, Windows Explorer, Shell, SMB, Troubleshooting, Knowledgebase, Article

Source:→ Performance Team Blog