cjakeman, on 03 June 2020 - 10:16 AM, said:
Any thoughts on what can we can do to help these users?
The 'go to' program to capture file contention is Sysinternals Process Monitor and it's free.
Google search “Process Monitor” and download it only from the docs.microsoft.com site.
This is an executable program and does not install on the computer.
You have to be an administrator on the computer in order for Process Monitor to run.
I would suggest extracting the zip to C:\TEMP and run procmon.exe.
Process Monitor logs can get very large in a short order of time and it starts logging as soon as it starts. Click the 'Capture' (magnifying glass) button to stop the capture if it starts logging on start-up.
Use the 'File>Backing file' menu and change it from using 'virtual' to 'C:\TEMP\OR_LOGGING' or the path/filename of your choice and click on 'OK'.
Click on the 'Clear' speed button to clear the current capture.
Go to the 'Filter' menu and ensure 'Drop filtered events' has a tick next to it.
Use the 'Filter>Filter' menu and click on the 'Reset' button.
Find the tickbox for 'Process Name' 'is' 'System' and uncheck it.
Select the first dropdown that has the word 'Architecture' in it and select 'Path'.
Select the second dropdown that has the word 'is' in it and select 'contains'.
In the field next to that type in the path, or partial path to that users temp folder as recorded in the openrails.txt file e.g. AppData\Local\Temp\tmp
Click on the 'Add' button.
Click on the 'Apply' button.
Click on the 'OK' button.
Now when you click on the 'Capture' speed button so that there is no red cross in it. Process Monitor will start recording any access to files that contain the string entered in the filter.
With Process Monitor running and logging, go into OR and run it till the error is generated then go back to Process Monitor and click on the 'Capture' speed button to stop capture, a red cross appears over the magnifying glass.
Close Process Monitor.
The resultant C:\TEMP\OR_LOGGING.PML file may be large depending on how much activity there was. The PML files compress well when zipped.
These can be opened on another computer that has Process Monitor on it.
Use the filters (they are non destructive) in Process Monitor to refine the view and observe what processes are accessing the file in question and find the point where the file contention occurred. Instead of a 'SUCCESS' result you should see a ACCESS DENIED, NOT GRANTED, SHARING VIOLATION or similar message. From that point, go back up the log and see what other processes were accessing file file prior to the file contention. If OR is accessing the file, see if the process closed the file before attempting to access it again (CREATE FILE) with a different level of file access. Double clicking the event will bring up the details information in a more structured display which may help.
Note, if you click on the 'Capture' button again you will be prompted to confirm you wish to overwrite the previous log. Process Monitor remembers the last filter settings so if you don't capture the event on the first run, you just click on OK to overwrite the existing log to capture the cause of the error on subsequent attempts.
Also I have had many a computer tech tell me that there is no AV running on this computer. Ran Process Monitor and found that to not be the case. Windows Defender for instance will often be running, especially if there is no other AV running on the computer.
Hope this helps.
Cheers,
Marek.