by: Helge, published: Apr 3, 2012, updated: Mar 6, 2013, in

Windows Offline Files Survival Guide

Windows Offline Files have a bad reputation. Many an administrator can tell a story where Offline Files caused issues that sometimes even required a reinstallation of the affected PC. But Microsoft has gradually improved the functionality and ironed out many of the bugs. Today – in Windows 7 SP1 with all post-SP1 fixes – Offline Files is a technology that still has its problems, but can be used in production – if you are adventurous. This article lists the gotchas I am aware of.

Please note: Although this article originally targeted Windows 7, most if not all of its content applies to Windows 8, too.

Documentation

If you want to know what is really going on under the hood, you are mostly on your own. The documentation Microsoft provides is not detailed enough to implement Offline Files in larger production environments. Nor does it help much if things do not work the way you think they should be working.

Configuration

In enterprise environments, Offline Files are configured via Group Policy, the relevant node is Administrative Templates -> Network -> Offline Files.

Caution: Most settings do not apply to Windows 7, but to older operating systems. In the computer part, only 10 out of the 28 settings are relevant to Windows 7. In the user part only 2 out of 15.

Tip: Set a filter in Group Policy Management Console that only includes settings for Windows 7.

Logging

Offline Files messages are logged to a well-hidden part of the event log only: Application and Services Logs -> Microsoft -> Windows -> OfflineFiles. By default, only an Operational log is there, but if you enable Show Analytic and Debug Logs in View menu, you also get logs called Analytic, Debug and SyncLog. Each of those can be (and has to be) enabled separately. Out of these logs, SyncLog is the most interesting. In it you can find one entry per synchronized file. Analytic and Debug have always been empty during my tests.

Readability of the logs generated by Offline Files is generally bad. Many messages are cryptic and difficult to interpret.

Architecture

Modes: Online, Slow Link and Offline

Offline Files have four modes of operation:

  • Online
  • Slow link
  • Auto offline
  • Manual offline

Offline Files transition between the three modes online, slow link and auto offline depending on connection speed. The user can always override the automatic mode selection by manually switching to manual offline mode.

To determine the connection speed two pings with default packet size are sent to the file server. If the average round-trip time is below 80 ms (Windows 7) or 35 ms (Windows 8), the connection is put into online mode, otherwise into slow link mode. The latency value of 35/80 ms is configurable through the Group Policy setting Configure slow-link mode.

Initial & Logon Synchronization

When a user first logs on to a computer, initial synchronization occurs in the background. Once the initial synchronization has completed, the offline files icon in the notification area of the system tray is displayed:

Once initial synchronization has completed, logon synchronization is attempted 5 minutes after every logon. The default delay of 5 minutes can be changed by setting the following registry value:

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache
Value name: AgentFillPeriodMin
Value type: REG_DWORD
Allowed value data: 1-1440 [minutes]

Reads, Writes and Synchronization

In online mode, changes to files are made on the file server as well as in the local cache (this induces a performance hit – see this article for details). Reads are satisfied from the local cache (if in sync).

In slow link mode, changes to files are made in the local cache. The local cache is background-synchronized with the file server every 6 hours (Windows 7) or 2 hours (Windows 8), by default. This can be changed through the Group Policy setting Configure Background Sync.

In auto offline mode, all reads and writes go to the local cache. No synchronization occurs.

In manual offline mode, all reads and writes go to the local cache. No synchronization occurs by default, but background synchronization can be enabled through the Group Policy setting Configure Background Sync.

Permissions

Offline Files do not require any special permissions on the file server. The permissions listed in MS KB2512089 are, at best, misleading. Specifically, Everyone, Local System and Creator Owner need not be granted permissions, neither on the share nor in the file system.

Microsoft recommends, however, to only use Offline Files for paths where only one user has write access in order to prevent synchronization conflicts that invariably arise if multiple users can edit different copies of a document at the same time. The only valid multi-user scenario would be a read-only directory used to push out things like static documentation to the users.

Permissions are synchronized to the offline cache, too. If a user has read access on the file server, he has read access in offline mode – nothing more.

Cache size management

Files that were cached automatically are removed on a least-recently used basis if the maximum cache size is reached.

Files that were cached manually are never removed from the local cache. When the total local cache size limit is reached and all files that were cached automatically have already been removed, you can not make files available offline until you specify a new limit or delete files from the local cache by using the Offline Files control panel applet.

The default limit for the Offline Files cache size is 25% of the total disk space of the drive where the Offline Files cache is located (typically C:\Windows\CSC). The cache size can be configured through the Group Policy setting Limit disk space used by Offline Files.

Encryption

The Offline Files cache can be encrypted using EFS. If enabled, EFS encrypts the files on a per-user basis. If a user does not already have an EFS certificate, a new one will be generated on the fly.

Caution: when a user’s password is reset, the EFS key is discarded and cached Offline Files become invalid: files that have not been synchronized yet are lost. Everything else needs to be re-downloaded.

Recommendations

Network Share Configuration

Availability of Offline Files can be controlled via caching options of network shares. Make sure that the Offline settings of the share are not configured to disable Offline Files.

  • Bad: No files or folders from the shared folder are available offline
  • Good: Only the files and folders that users specify are available offline
  • Use with caution: All files and programs that users open from the share are automatically available offline
  • Optimize for performance has no effect on computers running Vista or newer

If you are using DFS, make sure that the DFS root shares are configured correctly, too.

Software Versions

By all means, use the latest version of Windows and install every patch related to networking and Offline Files you can get your hands on. Microsoft releases new patches for Offline Files regularly. Monitor the KB for new articles and subscribe to this blog’s feed: blogs.technet.com/b/yongrhee.

If you have very long logon times in conjunction with folder redirection it might be due to a bug that is described in the Microsoft Knowledge Base article 2525332 (You encounter a long logon time after you enable the “Do not automatically make redirected folders available offline” Group Policy setting in Windows 7 or in Windows Server 2008 R2). Install the patch that is available on the article’s web page and the problem should go away.

Resetting the Offline Files Cache

To reset the Offline Files cache open a shared network folder in Exlorer and select Tools / Folder Options / Offline Files. Press CTRL+SHIFT while clicking Delete Files.

If you cannot access the Offline Files tab, use the following method to re-initialize the Offline Files cache (CSC) on the system. Add the following registry subkey:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CSC\Parameters
Value name: FormatDatabase
Value type: DWORD
Value data: 1

Notes: The actual value of the FormatDatabase value is ignored. Reinitialization requires a restart. When the computer is restarting, the system will re-initialize the CSC and then delete the FormatDatabase value.

Warning: All files in the cache are deleted and unsynchronized data is lost.

Design Flaws

DFS

When transitioning to an offline state, Offline Files always transitions entire path trees. This is especially bad if DFS is used, since it means that if \\domain.com\dfs\homes\user1 is detected as being offline, the entire tree below \\domain.com\dfs goes offline. To work around that, configure a slow-link policy with values similar to the following:

  • \\domain.com\dfs: Latency=32000
  • \\domain.com\dfs\homes: Latency=60

More information on this configuration can be found on the AskDS blog.

Initial Synchronization

There is no visual feedback that indicates whether initial synchronization has completed. When a user gets a new laptop, there is no simple way for him to determine if all his data has been synchronized to the local disk. Only if manually initiating a synchronization via Sync Center one can be sure that everything is available locally.

Offline Transition and File Server Load

The only criterion used to determine the state of a network path is the connection speed (which is measured by sending two pings). There are cases, however, where a file server is so heavily loaded that it practically ceases serving files, all the while still answering pings quickly. In such a situation Offline Files remain in online mode. As a consequence the files on the network path are inaccessible even though they could be served from the offline cache.

Tools

Robocache

This tool needs still needs some polishing, but it looks promising. It can automate most administrative tasks related to Offline Files. This is the list of its capabilites:

  • info – display status info about the target(s)
  • pin – assure offline availability
  • unpin – unpin the target(s)
  • sync – synchronize cached files with remote files
  • rename – rename cached item
  • delete – delete cached item
  • suspend – suspend the target folders
  • unsuspend – unsuspend the target folders
  • online – transition to online state
  • offline – transition to offline state
  • enable – enable offline files cache
  • disable – disable offline files cache
  • encrypt – encrypts offline files cache
  • decrypt – decrypts offline files cache

Robocache is available as Shareware here. The author describes his tool in his blog.

Further Reading

Microsoft

Other Sources

See also my other articles about offline lines.

Previous Article Windows 8 Storage Spaces: Bugs and Design Flaws
Next Article Microsoft User Experience Virtualization (UE-V): Facts and Review