Keith Smith - My Blog

Keith Smith - My Blog


SQL Server and Locking Pages in Memory (LPIM)

Wednesday, October 11, 2017 - Posted by Keith A. Smith, in Microsoft

A question came up recently around using the feature to Lock Pages in Memory (LPIM) for SQL Server and is it still needed?

What is LPIM?

When processes are running, they ask Windows for memory to perform operations.  Windows will assign physical memory space to these processes.  When a process has physical memory allocated, and windows needs it back, windows will move that information from physical memory to virtual memory (Page File on Disk).  Accessing data from physical memory is very fast, while from virtual memory, not so much.  When you enable the LPIM feature for a process, you are basically instructing Windows that it cannot take this memory back, and must look else where for it’s needs.

How does it apply to SQL Server?

SQL Server allocates as much RAM as it can from the operating system.  Out of the box, there is no memory limit set (Maximum Server Memory).  There are many formulas out there to calculate this, but lets take the following example.  You have a 64 bit OS with 32 GB of RAM.  You set Max Memory to 26 GB, and leave 6 GB free for Windows to use.  When SQL Server starts up, it will allocate all of the memory it can (26 GB) to the SQL Server process.  It will then begin using this memory to improve the performance of database operations.  If another process outside of SQL starts up (say backup software or a virus scanner) and Windows starts to get low on physical memory, then it will move some of the items SQL Server has stored in physical memory to virtual memory, all the while SQL Server doesn’t know it.  When it needs to access this data in memory, instead of being extremely fast, it is slow since it has to be read from the disk, thus slowing SQL Server down.

When LPIM is enabled for SQL server, then Windows will not be able to move this data to virtual memory.  This allows SQL Server to continue perform at an optimal level.

Why isn’t this turned on by default?

There are some dangers to enabling this feature, that many people don’t know or talk about.  Take the example above, if Windows was in a situation where it was really pressed for memory, and was not able to find it / release it from somewhere else, then Windows would encounter an out of memory error and potentially a blue screen of death (BSOD).  This scenario is not feasible for a production server, so caution must be taken not to allow this to occur.

So should I enable it?

After researching this topic quite extensively, I have come to conclude that this is one of the bigger debates in the SQL Server community.  There are some very smart and influential people on each side of the debate.  That wasn’t enough for me though, I wanted a clear, cut definition on it.  So I dug and dug until I was satisfied with an answer I can live with.

So – what’s the results?

As with anything in technology, IT DEPENDS!

I don’t believe it’s as important today as it used to be, when servers had smaller amounts of RAM and we had 32-bit operating systems and applications.  There are some considerations on to whether you enable it or not and what you set the values to.

Is this a physical or virtual server?

Is this a shared or dedicated server?

Is there one or multiple instances on the server?

Is this a 64 bit server (please say yes)?

Is this a highly utilized server or used for smaller loads?

When setting the LPIM feature, it is important to make sure you also set the Server Maximum Memory setting for the server correctly.  As for myself, luckily I am not a DBA, so I don’t have to dwell over this, but I now know what it is, and why it should or should not be used.

Popular Posts / Debates

Below are a couple of posts that I found useful while digging into this.

Jonathan Kehayias – Recommends it, very in-depth post on the subject –  https://www.red-gate.com/simple-talk/sql/database-administration/great-sql-server-debates-lock-pages-in-memory/

Brent Ozar – doesn’t usually enable it – https://www.brentozar.com/archive/2016/07/video-office-hours-20160706-with-transcriptions/

Other Resources:

Enabling LPIM in SQL 2012 – https://support.microsoft.com/en-us/help/2659143/how-to-enable-the-locked-pages-feature-in-sql-server-2012

Enabling for Process in Windows – https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/enable-the-lock-pages-in-memory-option-windows
View Comments 0 Comments
Share Post   

How to import the VCSA certificate for VMware vSphere

Monday, September 18, 2017 - Posted by Keith A. Smith, in VMware, Microsoft

How to import the VCSA certificate so VMware vSphere browser security warnings go away in Windows 10

  1. Open the Edge or google chrome Brower, type in the FQDN for your VCSA 6.5 then press enter, when warned, click 'Details'.
  2. Bypass the security warning in order to proceed to the Getting Started page of the VCSA
  3. Click on 'Download trusted root CA certificates' on the right to download the zip file which contains the certs
  4. Navigate to the zip file location, extract the contents of the zip. Open the folder downloads folder then go into certs
  5. The certs vary by what OS you are using so choose the right folder then double-click 'filename.0.crt' (your exact filename will vary)
  6. Click 'Install Certificate' and choose local machine (Note: If you get any prompts click yes to proceed)
  7. On the certificate store screen choose place all certifications in the following store and click browse
  8. Select 'Trusted Root Certification Authorities' then click 'OK'
  9. Click next and then finish then ok.

Now to test it close the browser then visit the  FQDN for your VCSA 6.5 you should see the green pad lock now and shouldn’t see the security warning any longer.


-End
View Comments 0 Comments
Share Post   

Edit self service port page video ManageEngine Service Desk

Sunday, September 17, 2017 - Posted by Keith A. Smith

To edit the Watch this portal usage video link do the following

If you want to remove the Watch this portal video you need to execute an update query in the database. If you are using Postgres database connect to postgres ,

C:\ManageEngine\ServiceDeskPlus-MSP\pgsql\bin> psql.exe -p 65432 -U postgres -w servicedesk

and execute the below query,

UPDATE GLOBALCONFIG SET paramvalue=’false’ WHERE parameter=’SHOW_VIDEO_TO_USER’;



If you want to change the url to point to another video file do the following

To change the URL for the Portal Usage video, login as a user in the ServiceDesk Plus application. Right-click on the video link and select Copy Link location. Open a Note Pad and Paste the URL content.

The default original URL is:
http://www.manageengine.com/products/service-desk/video-zone.html?video=content4

 
To change the above url login as a Technician in ServiceDesk Plus. Go to Admin -> Translations under general and search for the above URL. When you get the URL, change it to the your required name. For example: http://www.keithit.com/videofile.extension . Save it and restart ManageEngine ServiceDesk Plus Service. In some cases it make take a few minutes for the changes to take effect.

I figured I'd write this up for anyone else that wants to make the changes to the self service port page video in the ManageEngine Service Desk. I’ve deployed this product a few times now, and it’s always one of my many to do items during the build process.


-End
View Comments 0 Comments
Share Post   

August Cumulative updates for Windows 10 (1607 and 1703) Dell machines

Friday, August 18, 2017 - Posted by Keith A. Smith, in Microsoft

Just wanted to leave a little note that the August Cumulative updates for Windows 10 (1607 and 1703) caused us to experience BSOD on our Dell AIO 9030 machines.

Using WinDbg I was able to identify that the Intel Wireless 7260 driver was responsible for the crashes.

The only thing I can think is that there were some security updates to the KMDF included in the August updates. Pair that with the fact that the Driver Catalog CAB provided by Dell included a really old wireless driver (from 2015) and the result was BSOD reporting:
BAD_POOL_HEADER (19)
Upgrading to the latest wireless driver directly from Intel version:
18.33.7.2 https://www.intel.com/content/www/us/en/support/network-and-i-o/wireless-networking/000006024.html

Resolved the issues.

Hope this saves someone some time.

-End
View Comments 0 Comments
Share Post   

WatchGuard Wireless, AP320 Access Points Review

Thursday, June 15, 2017 - Posted by Keith A. Smith, in Network

I’m a big fan of WatchGuard, and I’ve been using their appliances for some time now. Some other people I know have had concerns about the quality of the firmware or WatchGuard Fireware OS, and I can say that this was an issue in the earlier versions (pre-2014) when the UI was flash based. Since 2014 the UI has significantly improved, I generally get the kit with five years’ live security, knowing at the end of that five years, the kit is probably going to be obsolete and a refresh will be required anyway.

I had never used the WatchGuard Ap's before this deployment, after doing some research I saw that they integrate very tightly with the firewalls and the Dimension products, so I decided to give them a shot.  I think personally the units look great, they’re very discreet and very powerful.




They have 2 Radio’s (5GHz and 2.4GHz), 6 antennas, Up to 1.3 Gbps for 11ac Up to 450 Mbps for 11n, up to 8 SSID’s per radio, PoE, support for all the wireless standards (802.11 a/b/g/n/ac) and Fast Roaming and Band Steering.


The Wi-Fi AP's also comes boxed with a ceiling mount kit and even more useful an T-rail ceiling mounting kit which is nice for most commercial offices.



In my case, I had to "macgyver" a mounting solution for our AP’s using L shelf brackets + chrome head screws + automotive fasteners that I purchased from a local ACE hardware store shown below since none of our locations have T-rail ceiling or anything close to it.

                         

The Wi-Fi AP's also run PoE and I’m currently using a few HP 3500 Series PoE switches to provide power to them. By using PoE to power, the Access Points which great because I can also reboot any AP by turning off the PoE for that port should any of the AP's have issues down the line.

I have configured a few VLAN’s with each AP320 broadcasting wireless networks. I currently have the AP320’s set to auto regarding the channels and so it does a lot of the work in working out which channel to run on for me to ease wireless congestion. They were very easy to deploy, and wireless SSID configuration was deployed very quickly thanks to the firewall acting as the wireless controller. I've also found the updates for the AP's to be basic and can be done from the firewall (acting as the wireless controller) in a few clicks.

When you have multiple WatchGuard firewalls and WatchGuard access points it's best to use the WatchGuard System Manager  for managing all of this. The monitoring of this is also great, I can see at any point any wireless device, which AP it is connected to, the traffic volume and also its signal strength etc.

One of the issues that I ran into was a few of the AP’s rebooting during of the work hours, which as you can imagine was somewhat annoying. Initially, I though this issue was caused by HP 3500 PoE switches, but after directly connecting in a 12v 1.25A PSU it kept happening. The HP switch firmware did have a defect (PoE CR_0000207335) in the version that was running on the switches at the time of the AP deployment, however I was able to resolve that by contacting HPE support and applying the supplied software update. After the software updates for the HP PoE switches had been applied, I opened a case with WatchGuard support about the AP320's randomly crashing and restarting. I had all the latest firmware installed for the AP's at the time I  submitted the fault reports to WatchGuard, after the support person investigated the fault reports they agreed was a newly discovered bug (bug "AP-17"), which as of right now is still being worked on.

Technical Details
This bug (bug "AP-17") is related to the DFS channels being used and the scan interval. At this time the bug isn't resolved, but the workaround to this was to set the wireless scan interval to 24 hours in the Gateway Wireless Controller Settings. Here is a link on how to do this http://www.watchguard.com/help/docs/fireware/11/en-US/Content/en-US/wireless/ap_global_settings_c.html

You can also configure the channels manually to further reduce this issue. Be sure to select non-DFS channels. DFS channels are 50 through 144.


All in all, I’m very happy with the AP’s and the support has always been great from WatchGuard which is one of the many reasons I like company. Once the bug above is resolved, I will call this a successful deployment. I found the WatchGuard AP's to be easily scalable and easy to manage, these devices are built with quality can fit any long-term wireless solution.



-End


View Comments 0 Comments
Share Post   

Page  <1...56789...18>