Windows Offline Files Survival Guide

Windows Offline Files have a bad reputation. Many an administrator can tell a story where Offline Files caused issues that sometimes even required a reinstallation of the affected PC. But Microsoft has gradually improved the functionality and ironed out many of the bugs. Today – in Windows 7 SP1 with all post-SP1 fixes – Offline Files is a technology that still has its problems, but can be used in production – if you are adventurous. This article lists the gotchas I am aware of.

Please note: Although this article originally targeted Windows 7, most if not all of its content applies to Windows 8, too.

Documentation

If you want to know what is really going on under the hood, you are mostly on your own. The documentation Microsoft provides is not detailed enough to implement Offline Files in larger production environments. Nor does it help much if things do not work the way you think they should be working.

Configuration

In enterprise environments, Offline Files are configured via Group Policy, the relevant node is Administrative Templates -> Network -> Offline Files.

Caution: Most settings do not apply to Windows 7, but to older operating systems. In the computer part, only 10 out of the 28 settings are relevant to Windows 7. In the user part only 2 out of 15.

Tip: Set a filter in Group Policy Management Console that only includes settings for Windows 7.

Logging

Offline Files messages are logged to a well-hidden part of the event log only: Application and Services Logs -> Microsoft -> Windows -> OfflineFiles. By default, only an Operational log is there, but if you enable Show Analytic and Debug Logs in View menu, you also get logs called Analytic, Debug and SyncLog. Each of those can be (and has to be) enabled separately. Out of these logs, SyncLog is the most interesting. In it you can find one entry per synchronized file. Analytic and Debug have always been empty during my tests.

Readability of the logs generated by Offline Files is generally bad. Many messages are cryptic and difficult to interpret.

Architecture

Modes: Online, Slow Link and Offline

Offline Files have four modes of operation:

  • Online
  • Slow link
  • Auto offline
  • Manual offline

Offline Files transition between the three modes online, slow link and auto offline depending on connection speed. The user can always override the automatic mode selection by manually switching to manual offline mode.

To determine the connection speed two pings with default packet size are sent to the file server. If the average round-trip time is below 80 ms (Windows 7) or 35 ms (Windows 8), the connection is put into online mode, otherwise into slow link mode. The latency value of 35/80 ms is configurable through the Group Policy setting Configure slow-link mode.

Initial & Logon Synchronization

When a user first logs on to a computer, initial synchronization occurs in the background. Once the initial synchronization has completed, the offline files icon in the notification area of the system tray is displayed:

Once initial synchronization has completed, logon synchronization is attempted 5 minutes after every logon. The default delay of 5 minutes can be changed by setting the following registry value:

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache
Value name: AgentFillPeriodMin
Value type: REG_DWORD
Allowed value data: 1-1440 [minutes]

Reads, Writes and Synchronization

In online mode, changes to files are made on the file server as well as in the local cache (this induces a performance hit – see this article for details). Reads are satisfied from the local cache (if in sync).

In slow link mode, changes to files are made in the local cache. The local cache is background-synchronized with the file server every 6 hours (Windows 7) or 2 hours (Windows 8), by default. This can be changed through the Group Policy setting Configure Background Sync.

In auto offline mode, all reads and writes go to the local cache. No synchronization occurs.

In manual offline mode, all reads and writes go to the local cache. No synchronization occurs by default, but background synchronization can be enabled through the Group Policy setting Configure Background Sync.

Permissions

Offline Files do not require any special permissions on the file server. The permissions listed in MS KB2512089 are, at best, misleading. Specifically, Everyone, Local System and Creator Owner need not be granted permissions, neither on the share nor in the file system.

Microsoft recommends, however, to only use Offline Files for paths where only one user has write access in order to prevent synchronization conflicts that invariably arise if multiple users can edit different copies of a document at the same time. The only valid multi-user scenario would be a read-only directory used to push out things like static documentation to the users.

Permissions are synchronized to the offline cache, too. If a user has read access on the file server, he has read access in offline mode – nothing more.

Cache size management

Files that were cached automatically are removed on a least-recently used basis if the maximum cache size is reached.

Files that were cached manually are never removed from the local cache. When the total local cache size limit is reached and all files that were cached automatically have already been removed, you can not make files available offline until you specify a new limit or delete files from the local cache by using the Offline Files control panel applet.

The default limit for the Offline Files cache size is 25% of the total disk space of the drive where the Offline Files cache is located (typically C:\Windows\CSC). The cache size can be configured through the Group Policy setting Limit disk space used by Offline Files.

Encryption

The Offline Files cache can be encrypted using EFS. If enabled, EFS encrypts the files on a per-user basis. If a user does not already have an EFS certificate, a new one will be generated on the fly.

Caution: when a user’s password is reset, the EFS key is discarded and cached Offline Files become invalid: files that have not been synchronized yet are lost. Everything else needs to be re-downloaded.

Recommendations

Network Share Configuration

Availability of Offline Files can be controlled via caching options of network shares. Make sure that the Offline settings of the share are not configured to disable Offline Files.

  • Bad: No files or folders from the shared folder are available offline
  • Good: Only the files and folders that users specify are available offline
  • Use with caution: All files and programs that users open from the share are automatically available offline
  • Optimize for performance has no effect on computers running Vista or newer

If you are using DFS, make sure that the DFS root shares are configured correctly, too.

Software Versions

By all means, use the latest version of Windows and install every patch related to networking and Offline Files you can get your hands on. Microsoft releases new patches for Offline Files regularly. Monitor the KB for new articles and subscribe to this blog’s feed: blogs.technet.com/b/yongrhee.

If you have very long logon times in conjunction with folder redirection it might be due to a bug that is described in the Microsoft Knowledge Base article 2525332 (You encounter a long logon time after you enable the “Do not automatically make redirected folders available offline” Group Policy setting in Windows 7 or in Windows Server 2008 R2). Install the patch that is available on the article’s web page and the problem should go away.

Resetting the Offline Files Cache

To reset the Offline Files cache open a shared network folder in Exlorer and select Tools / Folder Options / Offline Files. Press CTRL+SHIFT while clicking Delete Files.

If you cannot access the Offline Files tab, use the following method to re-initialize the Offline Files cache (CSC) on the system. Add the following registry subkey:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CSC\Parameters
Value name: FormatDatabase
Value type: DWORD
Value data: 1

Notes: The actual value of the FormatDatabase value is ignored. Reinitialization requires a restart. When the computer is restarting, the system will re-initialize the CSC and then delete the FormatDatabase value.

Warning: All files in the cache are deleted and unsynchronized data is lost.

Design Flaws

DFS

When transitioning to an offline state, Offline Files always transitions entire path trees. This is especially bad if DFS is used, since it means that if \\domain.com\dfs\homes\user1 is detected as being offline, the entire tree below \\domain.com\dfs goes offline. To work around that, configure a slow-link policy with values similar to the following:

  • \\domain.com\dfs: Latency=32000
  • \\domain.com\dfs\homes: Latency=60

More information on this configuration can be found on the AskDS blog.

Initial Synchronization

There is no visual feedback that indicates whether initial synchronization has completed. When a user gets a new laptop, there is no simple way for him to determine if all his data has been synchronized to the local disk. Only if manually initiating a synchronization via Sync Center one can be sure that everything is available locally.

Offline Transition and File Server Load

The only criterion used to determine the state of a network path is the connection speed (which is measured by sending two pings). There are cases, however, where a file server is so heavily loaded that it practically ceases serving files, all the while still answering pings quickly. In such a situation Offline Files remain in online mode. As a consequence the files on the network path are inaccessible even though they could be served from the offline cache.

Tools

Robocache

This tool needs still needs some polishing, but it looks promising. It can automate most administrative tasks related to Offline Files. This is the list of its capabilites:

  • info – display status info about the target(s)
  • pin – assure offline availability
  • unpin – unpin the target(s)
  • sync – synchronize cached files with remote files
  • rename – rename cached item
  • delete – delete cached item
  • suspend – suspend the target folders
  • unsuspend – unsuspend the target folders
  • online – transition to online state
  • offline – transition to offline state
  • enable – enable offline files cache
  • disable – disable offline files cache
  • encrypt – encrypts offline files cache
  • decrypt – decrypts offline files cache

Robocache is available as Shareware here. The author describes his tool in his blog.

Further Reading

Microsoft

Other Sources

See also my other articles about offline lines.

, ,

32 Responses to Windows Offline Files Survival Guide

  1. Aaron April 3, 2012 at 21:00 #

    Great info and resources. Sadly it doesn’t look like Microsoft has made great changes to Offline Files in Windows 8.

    • Helge April 3, 2012 at 21:42 #

      Thanks, Aaron. I have not seen any information regarding Offline Files in Windows 8 either.

  2. xpclient April 5, 2012 at 05:32 #

    Great article. I came across a command line replacement for csccmd.exe for Vista/7 called robocache. http://otb.manusoft.com/tag/robocache Contact the author and he will email it to you.

  3. Tadas June 13, 2012 at 19:42 #

    You can find more info about Offline Cache in “Windows® Internals, Part 1, Sixth Edition” book.
    Cheers.

  4. Timbo September 20, 2012 at 06:34 #

    Hi Great Article,

    Just one question regarding one of your recommendations to do with redirected folders and offline files. You say “If a user’s entire home directory is available offline and folders are redirected from the user profile to subfolders of the home directory, disable the setting in the folder redirection policy that automatically makes redirected folders available offline. Otherwise, the redirected folders would be available offline “twice”, which might confuse the operating system.”
    The setting I’m seeing in Group Policy under User >>policies >> Administrative Templates >> Folder Redirection is “do not automatically make redirected folders offline”. Just to clarify are you suggesting disabling this setting or do you mean enabling this setting?

    • Helge September 20, 2012 at 08:49 #

      I am suggesting enabling the setting “Do not automatically make redirected folders offline” because the redirected folders are already available offline through their placement in the home directory.

  5. Kris October 3, 2012 at 09:03 #

    Hello,
    Good information!
    We are struggling at this time with a user that has offline folders. They work fine.
    When he connects to our network over VPN (Aventail), he is not able to access the data which is NOT in the offline folders. That data is on the same share as the offline folders. Shares/drive letters that do not contain any offline folders are accessible without problems. We have tried and tested different scenario’s, but we can not put our finger on the problem.
    Any thoughts?

    • PaulyGilmour October 15, 2012 at 17:35 #

      Hi,

      I had a simular issue with a user and it turned out he wasn’t clicking the offline/online button in the top rigth of the open ‘my computer’ (or share) window. Because he was offline and then VPN’d the OS was still working from an offline POV. Even though he had VPN’d, the offline files were still in offline mode. When he changed to online (via the toggle) he was able to see all folders.

      • Kris November 12, 2012 at 15:25 #

        Hello Pauly,
        Thank you so much for your reply: it is the question to our problem also! I must admit we from IT also had a look on it, and didn’t figure out that clicking the button is the solution. After all it is a bit strange, as mapped network drives where the user does not have any offline folders show up immediately after connecting to the VPN, without changing anything.
        Thanks again,
        Kris

  6. Anton November 1, 2012 at 12:42 #

    After I enabled offline files, which are sourced from my office server and worked perfectly with XP, my new laptop with Windows 7 will no longer allow access about half of the files. Please help!

  7. Ammar January 9, 2013 at 19:02 #

    Great artiicle, could someone clarify…

    “In online mode, changes to files that are available offline are made in the local cache first. The changes are then immediately synchronized to the file server”

    However according to http://technet.microsoft.com/en-us/library/cc749449(WS.10).aspx#BKMK_Optimized

    “In online mode, all modifications to a file or folder (write, open, or create) are applied to the network server first and then to the local cache”

    Also states that read requests are satisfied from the local cache first if the file in the cache is synchronized with the server.

    So..does this mean that in Online mode files are read from the cache first but then subsequently modified on the server then synced back to the local cache?

    Confused!!!

    • Helge January 9, 2013 at 21:02 #

      Thanks Ammar, fixed it.

  8. Donovan May 27, 2013 at 00:09 #

    Can you provide further clarification about your comments regarding MS KB2512089? If the listed permissions are not needed, why does Microsoft say they are the “Minimum Permissions Required” to resolve the issue described in MS KB2512089?

    • Helge Klein May 27, 2013 at 09:06 #

      From my experience there is nobody, even at Microsoft, who fully understands Offline Files.

  9. ichko June 30, 2013 at 02:29 #

    Offline bible !!!
    Thanks

  10. robert August 28, 2013 at 15:07 #

    hi,

    i’m wondering if transparent caching will work even if “offline use” is disabled for the share at the server side?
    since transparent caching only works while connected and thus it is not an actual offline use.
    e.g., can remote users benefit from the caching feature for shares that are not intended to be used offline?

    robert

  11. Peter September 3, 2013 at 08:22 #

    Hi Helge,

    Question about the “Configure slow link mode” policy for DFS namespace folders and subfolders with wildcards.
    With a normal share you can use Value Name=”\\server\share\*”
    Can you do this also with a DFS namespace or do I have to put every subfolder in the policy.
    Example:
    \\DFSdomainname\rootname = 32000
    \\DFSdomainname\rootname\*” = 20

    Thanks,
    Peter

    • Helge Klein September 3, 2013 at 11:46 #

      The asterisk should work, but make sure to test it!

    • Martin September 25, 2013 at 19:03 #

      Can some please confirm what the offline caching setting should be set to for the underlying folder acting as the DFSRoot on the DFS server?
      For example:
      - I have a Domain namespace of “\\Company.Local\Private”
      - The corresponding folder on the DFS server is “D:\DFSRoots\PRIVATE” which is obviously shared.
      - The default Caching/Offline option is set to “Only the files and programs that users specify are available offline”
      Is this correct or should this be changed to “No files or programs***** available offline”

      For your info:
      The target folders under “\\Company.Local\Private” i.e. “\\Company.Local\Private\Homes” point to a share on a file server. That file servers share is set to “Only the files and programs that users specify are available offline”

      Servers are 2008R2
      Clients Windows 7 sp1

      • Helge Klein September 25, 2013 at 20:12 #

        You won’t get a 100% correct answer to this question even from Microsoft support (I have tried…). So, better be safe than sorry and enable the “correct” offline file caching setting even on the DFS share. In other words:
        “only the files and programs that users specify are available offline” for every file share Offline Files could ever come in contact with.

    • Rob November 4, 2013 at 15:51 #

      Peter or Helge,

      I’ve implemented the DFS 32000 ms Latency suggested in this article since my users were losing access to ALL DFS shares if they experienced any latency greater than the default 80 ms.

      It seams to be working, but I’m curious if either of you know how/where in the registry to confirm that this setting is being applied on the local users machine after receiving the changes via GPO (Running Windows 7 Pro and Server 2008 R2)

      Besides looking online for an answer, I’ve checked the following locations on the users machine:
      1. HKLM\Software\Microsoft\Windows\CurrentVersion\NetCache (and any sub keys)
      2. HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy (and any sub keys)
      3. I searched the entire registry for the latency value of “320000″

      Any help you can provide would be greatly appreciated.

      Thanks,
      Rob

  12. Darren September 10, 2013 at 11:44 #

    Hi Helge

    Came across your site after a lot of searching, have this issue below with a user offline folder any suggestions.
    The problem is the offline files for his U / Home drive do not sync properly. There is a GPO in place which auto maps the shared drives, folder redirection and a few other things.

    If you open his my documents which points to the U drive it lists all the folders but there are no files. If you go to the mapped drive the exact same thing happens. If you use start/run and go the server drive the files list fine and all data is there. So the mapped drives don’t work nor do the offline folders only a direct mapping.

    The permissions on the files don’t seem to be correct and you are unable to copy the data to his machine.

    At the moment the GPO is unlinked and user is using his files saved directly to his pc. This is not safe because if he makes major changes and something happens to the laptop we have an issue.

    I cant see why the folder redirection does not want to sync properly.

    any ideas, I would appreciate your advice

    • Robert October 9, 2013 at 16:28 #

      Hi Helge

      Thanks for taking the time to write this it has been useful. I have been struggling with a silmilar problem to Darren. The root cause is the structure of the share on the server.

      It is in the form \\Server\Users$\%username%

      At the level \User$ on the server the users only have the right to list and traverse the folder structure. because they do not have the right to read at the root of the structure offline files will not cache. you can not switch off make available offline or force a sync. Adding Read to the user rights fixes all these problems. But now all users personal folders are visible.

      Any suggestions on the correct way to set permissions for home folders to use with offline folders? The option to share each home folder is so NT4.0 please someone have something better.

      Thanks

  13. Richard Artes September 20, 2013 at 15:37 #

    Great article Helge. One thing I still can’t get my head around: Offline files are configured in Computer policies, but access to the Sync Centre in control panel is configured at User policy. So how to give only users who have offline files configured, access to the Sync Centre?

    Richard Artes.

  14. Chris Knight January 17, 2014 at 02:32 #

    Thanks for taking the time to compile this excellent resource.

    One tip that might be worth adding is that in Windows 8/8.1, the Work Offline/Work Online action in Windows Explorer has been buried. It’s now located in the Home tab > Easy Access > Work Offline.

  15. Jeff February 18, 2014 at 18:45 #

    I have random users going offline when trying to access a DFS share that is not enabled for Offline use. It all started when we started doing folder redirection for all our users for their Desktop and Documents.

    Folder redirection is accessed via the server name – \\Users\UserFolderRedirection\. The network file shares is published via DFS – \\mydomain.com\files. We started tinkering with GPO’s and here are my settings –

    Configure slow-link mode – Enabled and UNC Path: \\users\UserFolderRedirection / Latency = 50. ( I even tried UNC Path \\mydomain.com\files Latency = 0 AND Latency 1000, nothing worked).
    Enable Transparent Caching – Enabled – 32000

    Can you see anything why the files would go offline?

  16. Ole Kristian March 18, 2014 at 09:42 #

    I work at a company where the support group has enabled offline files for a lot of users since the dawn of time on both xp computers and 7. When migrating to new file servers on several locations, offline files was not handled properly and the pc’s would continue to think that the server is offline and let the user work on cached files indefinitely. Managing all this is still a nightmare with dead pc’s, corrupt offline files cache and strange things happening all over.

    I would like to turn off the offline files feature everywhere, internet access everywhere has diminished the usefulness of this feature. However, I am concerned about data loss for people working from their offline files cache. What happens if I turn off offline files?
    * Will the offline files cached files disappear from the client?
    * Will it sync back any files changed on the client to the server when people who has been out of office returns?
    * Any caveats?

    What is the best way of disabling offline files?
    * So far I have been using cscfix.vbs / csccmd.exe (7/xp versions) to handle server migrations, but it can also turn off the feature
    * Group Policy? I am hoping Group Policy is the best way to go, but it depends on my question regarding data loss.
    * Manually stopping offline files on the client and disabling the service
    * Shared folders? Why is it “bad” to turn it off from here?
    >Availability of Offline Files can be controlled via caching options of network shares. Make sure that the Offline settings of the share are not configured to disable Offline Files.
    >Bad: No files or folders from the shared folder are available offline

    I know I need to do some more testing, but I would love some feedback before my hair turns completely grey..Thanks! :)

    • Helge Klein March 18, 2014 at 15:57 #

      Changing the Offline Files target is indeed something that does not go down well at all. Using DFS namespaces to hide the real server name is very useful.

      However, I can understand why you want to migrate away from Offline Files. Turning OF off is the simpler part (I would do it through Group Policy). Ensuring that no data is lost is much more difficult. Imagine a user is working with data in the OF cache without even realizing it. When you turn off that cache, the data is inaccessible (though not deleted, if I am not mistaken – you would have to delete the cache separately).

      I am afraid that if you want to guarantee that no data is lost you will have to write a script that performs a sync and only when that is successful turns OF off. Of course instead of synchronizing to the file server – which may be slow or not work at all, depending on the state of OF – you could just copy the data to another location on the local hard drive.

  17. Dooley_do April 2, 2014 at 13:02 #

    Great article but should this bit…

    “Caution: when a user’s ****password**** is reset, the EFS key is discarded and cached Offline Files become invalid: files that have not been synchronized yet are lost. Everything else needs to be re-downloaded.”

    …actually read user’s ****profile**** reset, rather than ****password****?

  18. Chris April 21, 2014 at 23:14 #

    Thanks for the information, it has been useful. I am planning a migration of my file server to a new server and use DFS. The old file server does utilize offline files. Any documentation you may have on a migration process (based on the issue Ole Kristian is experiencing)? I have been reluctant to “pull the trigger” on this project because of the potential for data loss.

Leave a Reply