Home
  •  

AKN542883

Monitor_AKN542883 (UnitMonitor)

Missing Operating System Update KB2814923 may affect Windows performance when mounting large USN Journal files.

Knowledge Base article:

External

http://go.microsoft.com/fwlink/?LinkId=301490

Element properties:

TargetMicrosoft.KnowledgeServices.Windows.OperatingSystem
Parent MonitorSystem.Health.ConfigurationState
CategoryAlert
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityHigh
Alert Auto ResolveTrue
Monitor TypeMicrosoft.KnowledgeServices.Library.PowerShellMonitorEx
RemotableTrue
AccessibilityPublic
Alert Message
Missing Operating System Update KB2814923 may affect Windows performance when mounting large USN Journal files.
<Details>
<Content>When you have a large USN journal on your large sized disk volume, Windows Server 2008 R2 might take a long time or even timeout to mount the volume. To improve the performance, you can install the fix available in KB2814923. See the following KB article for more information.</Content>
<CollectedInformation>
<Info>
<Name>Ntfs.sys required version</Name>
<Value>{0}</Value>
</Info>
<Info>
<Name>Ntfs.sys installed version</Name>
<Value>{1}</Value>
</Info>
</CollectedInformation>
</Details>
RunAsDefault
CommentSupportTopic=TBD;VersionNumber=1.0.0.0;

Source Code:

<UnitMonitor ID="Monitor_AKN542883" Comment="SupportTopic=TBD;VersionNumber=1.0.0.0;" Accessibility="Public" Enabled="true" Target="MicrosoftKnowledgeServicesWindowsLibrary!Microsoft.KnowledgeServices.Windows.OperatingSystem" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="High" TypeID="KnowledgeServicesLibrary!Microsoft.KnowledgeServices.Library.PowerShellMonitorEx" ConfirmDelivery="true">

  <Category>Alert</Category>

  <AlertSettings AlertMessage="MonitorMessage7f14ec4295634571bac38ff4814ceaa9">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>High</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/Property[@Name='StrNTFSRequiredFileVersionOutput']$</AlertParameter1>

      <AlertParameter2>$Data/Context/Property[@Name='StrNTFSFileVersionOutput']$</AlertParameter2>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>

    <OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Error"/>

  </OperationalStates>

  <Configuration>

    <ScriptName>AKN542883.ps1</ScriptName>

    <Parameters/>

    <ScriptBody><Script>



$ErrorActionPreference = "Stop"



# Set up the arguments

$scriptargs = new-object psobject



# Set up the output

$global:scriptoutput = new-object psobject

$scriptoutput | add-member NoteProperty "HasIssue" $false

$scriptoutput | add-member NoteProperty "StrNTFSRequiredFileVersionOutput" ""

$scriptoutput | add-member NoteProperty "StrNTFSFileVersionOutput" ""

#----------------------------------------------------- 

# MAIN CODE SECTION

#----------------------------------------------------- 



# Environment



$scriptenv = New-Object System.Management.Automation.PSObject

$scriptenv | Add-Member NoteProperty "RuntimeError" $false

$scriptenv | Add-Member NoteProperty "NTFSFileVersionEnv" ""

$scriptenv | Add-Member NoteProperty "NTFSRequiredFileVersionEnv" "6.1.7601.22244"

$scriptenv | Add-Member NoteProperty "NTFSFileVersionIsLowerEnv" $false

$scriptenv | Add-Member NoteProperty "USNBigSizeIsBiggerEnv" $false





function CheckNtfsSysVersion()

{

    $ntfsSysPath = Join-Path -Path $ENV:windir "System32\Drivers\ntfs.sys"

    if (Test-Path $ntfsSysPath)

    {

        $fileVer = [System.Diagnostics.FileVersionInfo]::GetVersionInfo($ntfsSysPath)

		$scriptenv.NTFSFileVersionEnv = "{0}.{1}.{2}.{3}" -f $fileVer.FileMajorPart,$fileVer.FileMinorPart,$fileVer.FileBuildPart,$fileVer.FilePrivatePart

        If($fileVer.FileMajorPart -eq 6 -and $fileVer.FileMinorPart -eq 1)

        {

			#http://msdn.microsoft.com/en-us/library/a5ts8tb6.aspx

            If(([Version]$scriptenv.NTFSFileVersionEnv).CompareTo([Version]$scriptenv.NTFSRequiredFileVersionEnv) -lt 0)

            {

                $scriptenv.NTFSFileVersionIsLowerEnv = $true

            }

        }

    }

}



function CheckUSNBigSize()

{

	 $source = @'

using System;

using System.IO;

using System.Runtime.InteropServices;

using System.Security; 

namespace SCAWindows

{

    public class WindowsHelper

    {

        /// &lt;summary&gt;

        /// Check if USN Journal file size is big enough.

        /// &lt;/summary&gt;

        /// &lt;returns&gt;

        /// If USN Journal Size bigger than 1GB, return true, else return false

        /// &lt;/returns&gt;

        public static bool CheckUSNBigSize()

        {

            string[] drives = Directory.GetLogicalDrives();

            foreach (string drive in drives)

            {

                string volumeName = String.Format("\\\\.\\{0}", drive.Replace("\\", ""));

                try

                {

                    IntPtr volumeHandle = NativeMethods.CreateFileW(

                        volumeName,

                        NativeMethods.GENERIC_READ | NativeMethods.GENERIC_WRITE,

                        NativeMethods.FILE_SHARE_READ | NativeMethods.FILE_SHARE_WRITE,

                        IntPtr.Zero,

                        NativeMethods.OPEN_EXISTING,

                        0,

                        IntPtr.Zero);

                    if (volumeHandle != IntPtr.Zero)

                    {

                        int usnJournalDataSize = Marshal.SizeOf(typeof(NativeMethods.USN_JOURNAL_DATA_V0));

                        IntPtr usnJournalData = Marshal.AllocHGlobal(usnJournalDataSize);

                        uint bytesReturned = 0;

                        if (0 != NativeMethods.DeviceIoControl(

                            volumeHandle,

                            NativeMethods.FSCTL_QUERY_USN_JOURNAL,

                            IntPtr.Zero,

                            0,

                            usnJournalData,

                            (uint)usnJournalDataSize,

                            ref bytesReturned,

                            IntPtr.Zero))

                        {

                            if (usnJournalData != IntPtr.Zero)

                            {

                                NativeMethods.USN_JOURNAL_DATA_V0 usnData =

                                (NativeMethods.USN_JOURNAL_DATA_V0)Marshal.PtrToStructure(usnJournalData, typeof(NativeMethods.USN_JOURNAL_DATA_V0));

                                Marshal.FreeHGlobal(usnJournalData);

                                if (((usnData.MaximumSize + usnData.AllocationDelta) &gt;&gt; 30) &gt;= 1)

                                {

                                    return true;

                                }

                            }

                        }

                        Marshal.FreeHGlobal(volumeHandle);

                    }

                }

                catch (AccessViolationException) { }

                catch (COMException) { }

                catch (Exception) { }

            }

            return false;

        }

    }

    [SuppressUnmanagedCodeSecurity()]

    internal static class NativeMethods

    {

        internal const uint GENERIC_READ = 0x80000000;

        internal const uint GENERIC_WRITE = 0x40000000;

        internal const uint FILE_SHARE_READ = 0x00000001;

        internal const uint FILE_SHARE_WRITE = 0x00000002;

        internal const uint OPEN_EXISTING = 3;

        internal const uint FILE_DEVICE_FILE_SYSTEM = 0x00000009;

        internal const uint METHOD_BUFFERED = 0;

        internal const uint FILE_ANY_ACCESS = 0;

        [StructLayout(LayoutKind.Sequential)]

        internal struct USN_JOURNAL_DATA_V0

        {

            public UInt64 UserJournalID;

            public Int64 FirstUsn;

            public Int64 NextUsn;

            public Int64 LowestValidUsn;

            public Int64 MaxUsn;

            public UInt64 MaximumSize;

            public UInt64 AllocationDelta;

        }

        internal static uint FSCTL_QUERY_USN_JOURNAL

        {

            get

            {

                return CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS);

            }

        }

        private static uint CTL_CODE(uint DeviceType, uint Function, uint Method, uint Access)

        {

            return ((DeviceType &lt;&lt; 16) | (Access &lt;&lt; 14) | (Function &lt;&lt; 2) | Method);

        }

        [DllImport("kernel32.dll", EntryPoint = "CreateFileW")]

        public static extern IntPtr CreateFileW(

            [In, MarshalAs(UnmanagedType.LPWStr)] string lpFileName,

            uint dwDesiredAccess,

            uint dwShareMode,

            [In] IntPtr lpSecurityAttributes,

            uint dwCreationDisposition,

            uint dwFlagsAndAttributes,

            [In] IntPtr hTemplateFile);

        [DllImport("Kernel32.dll", CharSet = CharSet.Auto)]

        public static extern int DeviceIoControl(

            IntPtr device,

            uint ioControlCode,

            IntPtr inBuffer,

            uint inBufferSize,

            IntPtr outBuffer,

            uint outBufferSize,

            ref uint bytesReturned,

            IntPtr overlapped);

    }

}

'@



	Add-Type -TypeDefinition $source

	$scriptenv.USNBigSizeIsBiggerEnv = [SCAWindows.WindowsHelper]::CheckUSNBigSize()

}





# Main function



function AdvisorRule($scriptargs, $scriptoutput)

{ 

	# All parameters should be populated outside of the main function. 

	# The main function should only include the detection logic so that it can be easily reused by the Atlanta authoring tool.



	trap [Exception] {

		$scriptenv.RuntimeError = $true

      	continue

   	}

	

	# Initialize parameters

	$scriptoutput.HasIssue = $false

	$scriptoutput.StrNTFSFileVersionOutput = ""

	$scriptoutput.StrNTFSRequiredFileVersionOutput = ""

	

	# Set parameter values

	CheckNtfsSysVersion

	

	if($scriptenv.NTFSFileVersionIsLowerEnv -eq $true)

	{

		CheckUSNBigSize

		if($scriptenv.USNBigSizeIsBiggerEnv -eq $true)

		{

			if($scriptenv.RuntimeError -eq $false)

			{

				$scriptoutput.HasIssue = $true

				$scriptoutput.StrNTFSFileVersionOutput = $scriptenv.NTFSFileVersionEnv

				$scriptoutput.StrNTFSRequiredFileVersionOutput = $scriptenv.NTFSRequiredFileVersionEnv

			}

		}

	}

}

AdvisorRule $scriptargs $scriptoutput



# set the output

$mom = new-object -comobject "MOM.ScriptAPI"

$bag = $mom.CreatePropertyBag()



if ($scriptoutput.HasIssue -ne $null)

{

	$bag.AddValue("HasIssue", $scriptoutput.HasIssue)

}



if ($scriptoutput.StrNTFSRequiredFileVersionOutput -ne $null)

{

	$bag.AddValue("StrNTFSRequiredFileVersionOutput", $scriptoutput.StrNTFSRequiredFileVersionOutput)

}



if ($scriptoutput.StrNTFSFileVersionOutput -ne $null)

{

	$bag.AddValue("StrNTFSFileVersionOutput", $scriptoutput.StrNTFSFileVersionOutput)

}



$bag



</Script></ScriptBody>

    <SnapIns/>

    <TimeoutSeconds>300</TimeoutSeconds>

    <Schedule>86393</Schedule>

    <ErrorExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="Boolean">Property[@Name='HasIssue']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="Boolean">true</Value>

        </ValueExpression>

      </SimpleExpression>

    </ErrorExpression>

    <SuccessExpression>

      <Not>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="Boolean">Property[@Name='HasIssue']</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="Boolean">true</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </Not>

    </SuccessExpression>

  </Configuration>

</UnitMonitor>