Best practices on a Windows Server 2003 Terminal Server
x86 Windows Server 2003 Terminal Server with Service Pack 2 (SP2)
x64 Windows Server 2003 Terminal Server with Service Pack 2 (SP2)
Before you proceed, it is assumed that you have already read thru the whitepapers for Terminal Server available in https://www.microsoft.com/download
-Terminal Server Best practices
-Windows Server 2003 Terminal Server Capacity and Scaling
WARNING: Before you deploy any of these changes to your Production environment, please make sure to test in your Test or QA environment.
1) Build a firm foundation where the O.S. and Terminal Server will be sitting.
1A) Make sure that all the firmware and drivers are up to date on the server hardware
2B) Make sure that all the storage firmware and drivers are up to date
3B) Make sure that all the network firmware and drivers are up to date
4B) Make sure that the antivirus driver is up to date.
Note: Not to be confused with the antivirus update.
5B) Make sure that the backup software driver is up to date.
6B) Do not install Terminal Services on a Domain Controller if you want optimal performance.
2) Do not install Terminal Services on a disk drive that uses IDE or SATA, preferably use a SCSI Raid-0 or Raid 10.
Why? IDE or SATA based drives might not provide with the disk performance needed when multiple end-users are logging on, working and logging off.
SCSI Raid-5 will is probably not a good idea either if you want optimal performance.
In order of preference:
SCSI RAID 1+0 (10)
SCSI RAID 0
SCSI RAID 5
SAS
SATA
IDE
3) Have two separate physical disks.
C: Where the O.S. and applications are installed.
D: Where the user profiles are installed. (Not on the same physical disk as the C: (%systemdrive%).
4) You want to set the registry keys:
HKLM\System\CurrentControlSet\Control\FileSystem
NtfsDisableLastAccessUpdate (dword) 1 (hex)
Note: Starting with Windows Server 2008 and Windows Server 2008 R2, this is disabled by default.
Details:
894372 Support for Windows Server 2003 SP1 on Windows Storage Server 2003-based server appliances
5) Install all the security updates available in Windows Update or Automatic Updates.
6) Install all the base and network Windows Server 2003 O.S. related hotfixes post Service Pack 2.
7) Install “List of Terminal Services related hotfixes for post Service Pack 2 for Windows Server 2003”
8) You want to set the registry keys:
32-bit (x86)
------------
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters
MaxWorkItems (dword) 2000 (hex)
MaxMpxCt (dword) 800 (hex)
MaxRawWorkItems (dword) 200 (hex)
MaxFreeConnections (dword) 1000 (hex)
MinFreeConnections (dword) 64 (hex)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanworkstation\Parameters
MaxCmds (DWORD) 800 (hex)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Configuration Manager
RegistryLazyFlushInterval (DWORD ) 3C (hex)
64-bit (x64 and IA-64)
----------------------
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters
MaxWorkItems (dword) FFFE (hex)
MaxMpxCt (dword) 800 (hex)
MaxRawWorkItems (dword) 200 (hex)
MaxFreeConnections (dword) 1000 (hex)
MinFreeConnections (dword) 100 (hex)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanworkstation\Parameters
MaxCmds (DWORD) 800 (hex)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Configuration Manager
RegistryLazyFlushInterval (DWORD ) 3C (hex)
Details:
324446 Terminal Server and connected Terminal Services clients pause when a Terminal Services client logs on or logs off
9) You want to set the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoRemoteRecursiveEvents (dword) 1 (hex)
NoRemoteChangeNotify (dword) 1 (hex)
Details:
831129 Folder tree flickers when you view a mapped network drive in Microsoft Windows Explorer
10) You want to set the registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxSmb\Parameters
Entry: MultiUserEnabled (DWORD) 1 (hex)
Details:
818528 Problems when more than one user accesses the same file through Terminal Services
https://support.microsoft.com/?id=818528
Note: Yes, this is a Windows 2000 article but yes, it does apply to Windows Server 2003.
913835 The Windows Server 2003 redirector component limits the number of files that can be open at the same time to 16,383, even when multiple connections are pooled in DFS
11) You want to set the registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
SafeProcessSearchMode (dword) 1 (hex)
SafeDllSearchMode (dword) 1 (hex)
Details:
306850 Programs start slowly or slow logon if the network connection to your home folder is slow
https://support.microsoft.com/?id=306850
905890 A program may run very slowly if the network connection to your home folder is slow in Windows Server 2003 or in Windows XP
12) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MRXSmb\Parameters
InfoCacheLevel (dword) 10 (hex)
Details:
816375 Windows XP Explorer Pane flickers on mapped network drives
https://support.microsoft.com/?id=816375
834350 Your access to network resources is slower in Windows XP than in earlier versions of Windows
https://support.microsoft.com/?id=834350
961657 You cannot access the existing File Share resources on a Windows Server 2003 failover cluster
13) Install the User Profile Hive Clean utility (UPHCLEAN)
https://blogs.technet.com/uphclean/archive/2008/02/28/uphclean-v2-0-beta.aspx
and set the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPHClean\Parameters
SHARING_VIOLATION_REMAP (dwrod) 1 (hex)
14) Turn off Handwriting recognition and speech recognition components (CTFMON.exe)
Why?
316768 Computer runs slowly when you use handwriting recognition and speech recognition components in Office XP programs
https://support.microsoft.com/?id=316768
How?
326526 How to turn off the speech recognition and handwriting recognition features in Office XP
https://support.microsoft.com/?id=326526
823586 How to turn off the speech recognition and the handwriting recognition features in Office 2003
15) Print drivers
Since most of the clients (workstations, laptops and thin clients) get their print driver from the Print Server, it's very important that you have the print drivers up to date.
We can't stress enough before you start focusing on the Terminal Server print drivers.
For example: If you have a bad print driver that causes the spooler to crash on the Terminal Server, and you update the print driver on the Terminal Server, it's just a matter of time for the bad print driver on the Print Server to get re-installed on the Terminal Server.
16) Make sure to have the print driver related hotfixes installed
List of print related hotfixes post Service Pack 2 for Windows Server 2003.
Optional:
---------
Optional 17) If running Outlook 2003 or Outlook 2007, you might want to turn off the alert feature.
What? RDP session may pause when new mail arrives.
How? Turn off the Outlook new mail notifications:
Turn off alerts
1. On the Tools menu, click Options.
2. On the Preferences tab, click E-mail Options, and then click Advanced E-mail Options.
3. Under When new items arrive in my Inbox, clear the Display a New Mail Desktop Alert (default Inbox only) check box.
Note To suppress other notifications such as playing sounds, changing the mouse pointer, or displaying an envelope icon in the notification area, clear the Play a sound, Briefly change the mouse cursor, or Show an envelope icon in the notification area check box, respectively.
831399 How to use the Desktop Alerts feature in Outlook
https://support.microsoft.com/?id=831399
Optional 18)
WARNING: Before proceeding, you need to make sure to add the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
BufferPolicyReads (DWORD) 1 (hex)
319440 Logon delays occur over a slow connection if opportunistic locking is not granted for the policy file in Windows
https://support.microsoft.com/?id=319440
You want to set the registry keys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MRXSmb\Parameters
OplocksDisabled (dword) 1(hex)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
EnableOplocks (dword) 0(hex)
Cachedopenlimit (dword) 0(hex)
Details:
296264 Configuring opportunistic locking in Windows
https://support.microsoft.com/?id=296264
822219 Your system stops responding, you experience slow file server performance, or delays occur when you work with files that are located on a file server
https://support.microsoft.com/?id=822219
Optional 19) You want to set the registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer
UseDesktopIniCache DWORD 1 (hex)
Details:
840309 Browsing the My Documents folder on a network share with Windows Explorer from a Windows XP-based computer takes longer than expected
https://support.microsoft.com/?id=840309
898612 You may experience slow performance in Windows XP SP2 when you use the Favorites menu in Internet Explorer or in Windows Explorer
https://support.microsoft.com/?id=898612
Optional 20) You want to set the registry keys:
HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\CryptoSignMenu
SuppressionPolicy (dword) 100000 (hex)
HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}
SuppressionPolicy (dword) 100000 (hex)
HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}
SuppressionPolicy (dword) 100000 (hex)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SCAPI
Flags (dword) 100c02 (hex)
Details:
265396 Slow network performance occurs when you select a file on a share that uses NTFS
https://support.microsoft.com/?id=265396
816375 Windows XP Explorer Pane flickers on mapped network drives
https://support.microsoft.com/?id=816375
829700 Slow network performance when you open a file that is located in a shared folder on a remote network computer
https://support.microsoft.com/?id=829700
936093 You cannot remove the Manage command from the Windows Explorer shortcut menu in Windows XP Embedded
https://support.microsoft.com/?id=936093
Optional 21) You want to set the registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
StartRunNoHOMEPATH (DWORD) 1(hex)
You want to set the registry keys:
Details:
264061 Home Folder Is Searched First When You Try to Run a Program
https://support.microsoft.com/?id=264061
306850 Programs start slowly or slow logon if the network connection to your home folder is slow
https://support.microsoft.com/?id=306850
Optional 22) If you want to use over a WAN (high latency), you might want to check:
A. 819108 Settings for minimizing periodic WAN traffic
https://support.microsoft.com/?id=819108
B. You want to set the registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoRecentDocsNetHood (dword) 1 (hex)
Details:
242578 HOW TO: Prevent Network Share Shortcuts from Being Added to My Network Places
292504 Policy settings for the Start menu in Windows XP
C. You want to set the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDetailsThumbnailOnNetwork (DWORD) 1 (hex)
Details:
830903 A file in a network folder opens as read-only or returns an error message that the file type cannot be recognized
https://support.microsoft.com/?id=830903
838050 Dialog boxes display an incorrect language after you apply the Q830903 hotfix
https://support.microsoft.com/?id=838050
Otherwise you might want to check out the RDP algorithm optimization on Windows Server 2008 R2 over high latency W.A.N.
For more information:
---------------------
Microsoft Windows Server Terminal Server
www.microsoft.com/TerminalServer
Terminal Server Best practices
https://technet.microsoft.com/en-us/library/cc758409(WS.10).aspx
Windows Server 2003 Terminal Server Capacity and Scaling
What's New in Terminal Services for Windows Server 2003 Service Pack 1
Terminal Services Scaling and Performance on x64-Based Versions of Windows Server 2003
Windows Server 2003 Terminal Server Security
Terminal Server Licensing in Windows Server 2003