Windows 2000::WMI problems - UPDATED

I have a problem for many of our machines. WinMgmt.exe consumes all CPU.
- MS article 225154 refers to an update to Windows Management Instrumentation 1.10 that fixes a similiar problem.
- MS article Q298130 is no longer available on Microsoft's support site, but it recommended stopping the service(s) and deleting all files under %SystemRoot%\System32\Wbem\Repository then restarting the service. - I have had *some* success with this, but does not fix all issues.
- Articles also refer to a fix: Q263119.exe that I can't seem to find.
- There is a download for the WMI Core at (it states that WMI core is already included in Win2K.)
I believe SP3 people don't have this problem. But there doesn't seem to be a release of the updated WMI that is included in SP3. And SP3 pulls some BS on us: autoupdate client enabled by default, Outlook Express, "set program access and defaults" in start menu. We don't want all that crap and don't want to spend a month creating an automated installation that will install SP3 then undo all the BS.


Citrix::ICA Keepalive



After a ICA_TCP session is abnormally terminated, subsequent viewing of the ICA-TCP session in either Citrix Server Administration, mfadmin.exe, Terminal server Administration, tsadmin.exe, or CMC, Citrix Management Console shows the connection in an ACTIVE not a DISCONNECTED state.

TCP/IP uses the initial packet round-trip time at the moment when the session is initiated to determine what is "normal" for that connection. Because of this, it is better to have a consistently slow WAN connection and worse to have a connection that starts out fast and then becomes slow. Such an erosion of connection speed is common when connecting through an Internet Service Provider (ISP), particularly when the connection is opened in the morning and maintained into the work day.

Using an algorithm, TCP tunes itself to the "normal" delay of a connection. Because the default number of retries is five, the round-trip time can double four times (or in other words become 16X slower than its initial value) before the session is dropped. By increasing this number to 10, you are allowing the round-trip time to double nine times instead of four, thereby allowing the connection quality to erode up to 512X its original value before being dropped. For example, a connection that begins with a roundtrip time of 20 milliseconds would have to erode to a round-trip time of 10,240 milliseconds before being dropped by the server.

In environments where the TCP/IP network has high latency, modifying the operation of the Windows TCP/IP stack can improve TCP-based ICA sessions.

The TCP/IP retransmission is controlled by the Windows Terminal Server TcpMaxDataRetransmissions registry value. See Microsoft Knowledgebase Articles Q120642 , Q158474 and Q170359 for more information.

MetaFrame 1.8 (SP1 or higher) for Windows Terminal Server, MetaFrame 1.8 (SP2 or higher) for Windows 2000, and MetaFrame XP Application Server for Windows

In some networks, ICA Clients might time out when connected to a session and then receive a new session upon reconnect, instead of being reconnected to the dropped session. This new session is received on reconnect because the former host server is not aware that the previous session was dropped due to high network latency.

The Service Packs add a new “ICA KeepAlive” feature so the MetaFrame server can recognize broken ICA sessions and take appropriate action. When the ICA KeepAlive expires, the server disconnects or resets the broken session based on the setting “On broken or timed-out connection...,” which is configurable for the user or ICA connection. Two registry values control the ICA KeepAlive feature. Both values can be manually added to the registry key:


IcaEnableKeepAlive REG_DWORD: 0 or 1
When this value is 0, ICA KeepAlives are disabled. When this value is set to 1, ICA KeepAlives are enabled. The IcaEnableKeepAlive is set to 1 by the Service Pack installation.

ICAKeepAliveInterval REG_DWORD:
This parameter determines the interval separating keep alive retransmissions until a response is received. Once a response is received, the delay until the next keep alive transmission is again controlled by the value of KeepAliveTime. The connection is ended after the number of retransmissions specified by TcpMaxDataRetransmissions have gone unanswered. If the IcaEnableKeepAlive value is 1, this value controls the frequency at which ICA KeepAlives are sent to the client. This IcaKeepAlive Interval is set to 60 seconds by this hotfix installation. Sixty seconds is also the default interval if this value is not defined but IcaEnableKeepAlive is set to 1.
Default: 60 seconds

The time that elapses between an ICA broken client connection and the MetaFrame server disconnect (or reset) event may be longer than the IcaKeepAliveInterval. For instance, suppose the IcaKeepAliveInterval is set to 15 seconds. A client’s ICA WAN connection is dropped at 12:00:00. The server may not put the session into a disconnected (or reset) state until sometime after 12:00:15, although the session will usually disconnect (or reset) within approximately IcaKeepAliveInterval +2 minutes. This is because the Windows NT 4.0, Terminal Server Edition TCP/IP stack retransmits the ICA keep alive packet a number of times at increasing intervals before timing out. When the TCP/IP stack finishes its retransmissions, the session is disconnected (or reset).



Very interesting resource of information about locations and people:

NT4::Server service will not start

After applying SP3 the server service will not start. The event log shows an event stating "there is not enough server storage"
Applied SP6 and still have the issue.
Describes my exact event log errors. In the situation reference in the KB a network card had just been installed.
It recommends reinstalling the service pack.
Perhaps for some other reason my Srv.sys file got reverted back to the original CD copy....

A guy on usenet also recommends checking and possibly increasing IRPSTACKSIZE value from 6 to 11 under registry key:


Exchange 2000::Export E-Mail Aliases


ldifde -f c:\email.ldf -l mail,proxyaddresses
The above generates a huge export file designed to import someplace else.

Out of this file extract all the lines that start with: proxyAddresses: smtp: (NOT case sensitive.)

This is a list of all the aliases!

Active Directory Schema Attributes

Default Active Directory Attributes in the Windows 2000 Schema:;EN-US;q257218&

Exchange::E-Mail Address Listing

How in the heck do I export a list of e-mail addresses (including aliases if that's not too much to ask) ????

Here is a good article about using LDAP & VB script to get a list of e-mail addresses:
However I think part of it is missing - I can't get it to run.

The Microsoft Conspiracy

I've never bought into the belief that Microsoft is a plague on the earth sent by satan. I believe most Microsoft "issues" (mildly put) stem from greed and technical oversight and maybe sometimes intentional technical oversight serving the interest of greed.
"Microsoft's Really Hidden Files" is a very interesting article at:
I'm using W2K Professional and IE6 patched and patched and patched and patched. I followed those instructions for seeing the IE hidden cache but didn't find much--a couple URL's from yesterday. However, since I had emptied my cache and cleared my history I really should have seen nothing. I doubt there is a "big brother" at Microsoft planning to read through everybodies deleted mail in Outlook Express or purged URL history, but it makes you think. We all have to be mindful that once we store something on a computer it can be very hard to remove.
I once heard a computer forensics analyst say that when she finds evidence that someone tried to wipe freespace on a drive or otherwise destroy evidence that just made her look even harder because she knows there is something to be found -- and often finds it elsewhere in a place nobody thought to try to purge.