Posts in this blog are provided “AS IS” with no warranties, and confers no rights as specified in the Terms of Use.
Like everything in an Enterprise, they should be tested in a test environment before trying in a production system.
Applies to:
Windows Server 2008 R2 SP1
Windows 7 SP1
As more security products are being installed to protect legacy OS’es such as “Windows 7 SP1” and “Windows Server 2008 R2 SP1”, IT Administrators have been troubleshooting slowness introduced by the kernel level filtering of Disk I/O and Network I/O.
Bob Golding (GES EE) wrote the following blog post:
Hotfix to Enable Mini-Filter Performance Diagnostics With XPerf for Windows Server 2008R2
https://blogs.technet.microsoft.com/supportingwindows/2012/05/31/hotfix-to-enable-mini-filter-performance-diagnostics-with-xperf-for-windows-server-2008r2/
Here is a summary of what’s needed.
1) Windows 8.1 ADK or Windows 8.1 SDK
Note: The Windows 10 ADK or Windows 10 SDK do not work with these legacy systems.
2) Set the “DisablePagingExecutive” and set it to 1.
For more info:
WPT: WPR/Xperf: Capture high cpu, disk i/o, file, registry, networking, Private bytes, Virtual bytes, Paged Pool/Nonpaged pool and/or application slowness
https://blogs.technet.microsoft.com/yongrhee/2012/11/23/wpt-wprxperf-capture-high-cpu-disk-io-file-registry-networking-private-bytes-virtual-bytes-paged-poolnonpaged-pool-andor-application-slowness/
Note: You might as well include into the image (WIM).
3) You need to install:
2666390 A hotfix that lets you diagnose mini-filter-based performance issues in Windows Server 2008 R2 is available
https://support.microsoft.com/?id=2666390
Note: You might as well include into the image (WIM).
Note: Steps 2 and 3 require a reboot.
4) You cannot use WPRUI.exe or WPR.exe to collect the MiniFilter data in the legacy OS’es such as Windows 7 SP1 or Windows Server 2008 R2 SP1.
Instead you will use:
xperf -on PROC_THREAD+LOADER+CSWITCH+FILENAME+FILE_IO+FILE_IO_INIT+DRIVERS+FLT_IO_INIT+FLT_IO+FLT_FASTIO+FLT_IO_FAILURE -f kernel.etl -stackwalk CSwitch+DiskReadInit+DiskWriteInit+DiskFlushInit+FileCreate+FileCleanup+FileClose+FileRead+FileWrite+MiniFilterPreOpInit+MiniFilterPostOpInit -BufferSize 1024 -MaxBuffers 512 -MaxFile 4096 -FileMode Circular
timeout.exe /t 60
xperf -stop -d c:temp%computername%_mergedtraceoutput.etl
Yong
More information:
816071 How to temporarily deactivate the kernel mode filter driver in Windows
https://support.microsoft.com/?id=816071