What does Windows actually do behind the scenes when you request to delete a file from a file share?

-

if user site b connects share on server in site , deletes large amount of data, why there large amount of bandwidth being used action?  what process occurring? 

hi,

the behaviour governed client operating system you're running. server side doesn't of it's own initiation other delete files.

if you're running windows vista or 7, you're going find great deal of traffic generated preview function responsible generating statistical information see (number of files, folders, estimated time complete, etc).

if perform same function command line, won't see of traffic nor take anywhere near long remove files.

personally, work command line, i'm unaware of if there's way disable functionality within windows explorer.

if want confirm what's happening, there's couple of avenues can pursue depending on client operating system , how prepared diagnostics:

  • windows 7 / server 2008 r2: resource monitor
    need administrator run this. it's extremely basic insofar can use confirm behaviour described above. while statistics being compiled, see traffic system process destined port 445 on file server skyrocket.
  • process monitor (download here)
    set trace captures "operation" that equal "querydirectory". kick off delete action , watch events pile up.
  • network monitor (download here)
    if you're keen, can drill network layer network monitor , see literally traffic. i'd still recommend use filter though. following instructions apply network monitor 3.4.

configuring network monitor 3.4

  • launch network monitor 3.4 administrator on client machine
  • deselect adapters other local area connection (or if you've renamed it, whatever primary lan connection named)
  • click new capture
  • click capture settings button in toolbar
  • type in following rule textbox area: smb2 && ipv4.address == <fileserveripaddress>
    replace <fileserveripaddress> ip4 address of file server
  • click apply button close button accept capture filter
  • click start button begin network trace
  • attempt delete operation windows explorer , watch network monitor explode smb2 transactions
  • stop network trace once statistics have finished being calculated

if happen have installed top users expert network monitor 3.4 (download here), can produce chart of how traffic passed between 2 hosts during calculation stage of delete operation.

technically, process monitor , network monitor approaches work on windows xp.

cheers,
lain



Windows Server  >  File Services and Storage



Comments

Post a Comment

Popular posts from this blog

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more

ADFS 3.0 Event ID 4625 | An Error occurred During Logon | Status: 0xC000035B

-
we're getting these random errors on our adfs security logs, how can track down generating them? an account failed log on. subject: security id: null sid account name: - account domain: - logon id: 0x0 logon type: 3 account logon failed: security id: null sid account name: account domain: failure information: failure reason: an error occured during logon. status: 0xc000035b sub status: 0x0 process information: caller process id: 0x0 caller process name: - network information: workstation name: - source network address: - source port: - detailed authentication information: logon process: kerberos authentication package: kerberos transited services: - package name (ntlm only): - key length: 0 event generated when logon request fails. generated on computer access attempted. subject fields indicate account on local system requested logon. commonly service such server service, or local process such ...
Read more

DFSR RPC replication errors 5014 1726 with large files over VPN

-
i have similar issue ryan in reply http://social.technet.microsoft.com/forums/en-gb/winserverfiles/thread/6d49fd71-2236-4fcb-9763-bf1c03459ee8 cited below. start additional thread here because other 1 related windows server 2003 (r2) , i'm (as ryan) on windows 2008 r2 x64. here first of post ryan: i've got same problem on 2008 r2 dfsr server.  the spoke server has 2x intel 1 gigb on-board nics in active/standby teamed configuration. the hub server (running on vmware using 10gbit vmnet3 nic driver) logs dfsr event 5014 every 2-15mins (usually around 5mins). the spoke server not log event. replication running slowly. initial sync/replication. had re-configure replication folder because of lost dfsr database on spoke server.  could teamed nic on spoke causing error on host? a note: last time did initial sync on folder processed @ 30k files , hour. time it's doing few hundred and hour. another note: hub server has several replication groups , conne...
Read more