Re: Client performance problem windows 2003 server...
- From: v-amanwa@xxxxxxxxxxxxxxxxxxxx (Amanda Wang [MSFT])
- Date: Fri, 17 Jun 2005 12:19:43 GMT
Hi,
How are things going on your side after trying my previous suggestions?
I have performed further research on your issue and found the following
things we need to confirm:
1. Make sure that all systems are up to the latest service packs because
there was a DFS performance issue in your previous post which had been
resolved by hotfix in SP2 for Windows 2000.
2. In my last reply I have checked userenv.log file and Win2k3's Network
MPSReport and given the related suggestions on them. However, after I
checked the Win2k's MPSReport today, I found it is a non-ENG version, we
will provide a best effort on this issue and you may need to seek
assistance from local product support team so that you can get the most
efficient support on it.
I suggest you contact the local PSS or newsgroup. Currently we offer
Partner newsgroups in the following languages:
English - http://members.microsoft.com/partner/newsgroups/default.aspx
Simplified Chinese - : http://www.mspartnersupport.com Traditional Chinese
- http://www.microsoft.com/taiwan/community
Japanese
-http://communities.microsoft.com/newsgroups/default.asp?ICP=JPN_DA&sLCID=jp
German
-http://communities.microsoft.com/newsgroups/default.asp?icp=Germany_PSS_VAP
&slcid=de
Spanish - visit
http://www.microsoft.com/spain/partner/soporte/gruposnoticias/default.asp
for instructions to access Spanish partner newsgroups Portuguese -
http://www.microsoft.com/brasil/parceiros/sup/for/default.aspx for
instructions to access Portuguese partner newsgroups Greek -
http://www.microsoft.com/hellas/partner/default.asp for instructions to
access Greek partner newsgroups.
If you are posting in a language that is not listed here, please visit
www.microsoft.com/partner and click on the Worldwide Sites link to find the
appropriate resources for your language.
Thanks for your understanding.
Thanks & Regards
Amanda Wang [MSFT]
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
====================================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================================
--------------------
>X-Tomcat-ID: 245765645
>References: <7C9E0C9C-D9DA-4D57-B9CF-AED3E4DC28E1@xxxxxxxxxxxxx>
<OJ0BRIqYFHA.3336@xxxxxxxxxxxxxxxxxxxxx>
<rXCSomcZFHA.3336@xxxxxxxxxxxxxxxxxxxxx>
<eSMob8eZFHA.584@xxxxxxxxxxxxxxxxxxxx>
<eEuVRqoZFHA.2996@xxxxxxxxxxxxxxxxxxxx>
<R#5uTOpZFHA.2184@xxxxxxxxxxxxxxxxxxxxx>
<ycK8FypZFHA.3336@xxxxxxxxxxxxxxxxxxxxx>
<#ESZc8AcFHA.3912@xxxxxxxxxxxxxxxxxxxx>
<tfMrfqZcFHA.3052@xxxxxxxxxxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain
>Content-Transfer-Encoding: 7bit
>From: v-amanwa@xxxxxxxxxxxxxxxxxxxx (Amanda Wang [MSFT])
>Organization: Microsoft
>Date: Thu, 16 Jun 2005 14:50:00 GMT
>Subject: Re: Client performance problem windows 2003 server...
>X-Tomcat-NG: microsoft.public.windows.server.networking
>Message-ID: <4yMivKocFHA.1264@xxxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.networking
>Lines: 396
>Path: TK2MSFTNGXA01.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.networking:16672
>NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
>
>Hello,
>
>Thanks for your effort on this issue.
>
>I have checked the MPSReports and userenv.log file. Then I would provide
>the results I have found separately as following:
>
>I. In userenv.log file, I found the error as following:
>
>USERENV(1d0.1d4) 10:43:29:812 MyRegUnLoadKey: Failed to unmount hive
>00000005
>USERENV(1d0.1d4) 10:43:29:822 DumpOpenRegistryHandle: 2 user registry
>Handles leaked from
>\Registry\User\S-1-5-21-923867646-1928005521-2076119496-1018
>USERENV(1d0.1d4) 10:43:29:832 UnloadUserProfileP: Didn't unload user
>profile <err = 5>
>USERENV(1d0.1d4) 10:43:30:422 UnloadUserProfile: UnloadUserProfileP failed
>with 0
>USERENV(22c.230) 10:44:09:412 CUserProfile::CleanupUserProfile: Ref Count
>is not 0
>USERENV(22c.230) 10:44:09:412 CUserProfile::CleanupUserProfile: Ref Count
>is not 0
>USERENV(22c.230) 10:44:09:412 CUserProfile::CleanupUserProfile: Ref Count
>is not 0
>USERENV(22c.230) 10:46:44:876 GetUserDNSDomainName: MyGetUserNameEx
failed
>for NameDnsDomain style name with 1332
>USERENV(26c.2d0) 10:46:44:996 GetUserDNSDomainName: MyGetUserNameEx
failed
>for NameDnsDomain style name with 1332
>USERENV(26c.2d0) 10:46:45:006 GetUserDNSDomainName: MyGetUserNameEx
failed
>for NameDnsDomain style name with 1332
>USERENV(22c.230) 10:46:46:348 GetUserDNSDomainName: MyGetUserNameEx
failed
>for NameDnsDomain style name with 1332
>
>***According to these errors, it appears that the client cannot get the
DNS.
>
>
>II. In Win2k3's Network MPSReport, found the errors as following:
>
>Doing initial required tests
>
> Testing server: Verkstadsgatan\VERKTYG
> Starting test: Connectivity
> * Active Directory LDAP Services Check
> * Active Directory RPC Services Check
> [VERKTYG] DsBindWithSpnEx() failed with error 1753,
> Win32 Error 1753.
> Printing RPC Extended Error Info:
> Error Record 1, ProcessID is 9788 (DcDiag)
> System Time is: 6/1/2005 9:12:11:65
> Generating component is 2 (RPC runtime)
> Status is 1753: There are no more endpoints available from the
>endpoint mapper.
> Detection location is 500
> NumberOfParameters is 4
> Unicode string: ncacn_ip_tcp
> Unicode string:
>ee5d8aed-846c-43c6-984c-9051a63a0fc9._msdcs.smedjan.local
> Long val: -481213899
> Long val: 65537
> Error Record 2, ProcessID is 9788 (DcDiag)
> System Time is: 6/1/2005 9:12:11:65
> Generating component is 2 (RPC runtime)
> Status is 1722: The RPC server is unavailable.
> Detection location is 761
> NumberOfParameters is 1
> Unicode string: 1025
> Error Record 3, ProcessID is 9788 (DcDiag)
> System Time is: 6/1/2005 9:12:11:65
> Generating component is 8 (winsock)
> Status is 1722: The RPC server is unavailable.
> Detection location is 313
> Error Record 4, ProcessID is 9788 (DcDiag)
> System Time is: 6/1/2005 9:12:11:65
> Generating component is 8 (winsock)
> Status is 10048: Only one usage of each socket address
>(protocol/network address/port) is normally permitted.
> Detection location is 311
> NumberOfParameters is 3
> Long val: 1025
> Pointer val: 0
> Pointer val: 0
> Error Record 5, ProcessID is 9788 (DcDiag)
> System Time is: 6/1/2005 9:12:11:65
> Generating component is 8 (winsock)
> Status is 10048: Only one usage of each socket address
>(protocol/network address/port) is normally permitted.
> Detection location is 318
> ......................... VERKTYG failed test Connectivity
>
>***The error point to the RPC server is unavailable and there are no more
>endpoints available from the endpoint mapper.
>
>
>Therefore, according to the above errors, we can confirm the issue should
>be a DNS replication issue. There are many reasons can cause the issue:
>
>1. Please refer to the following articles to configure an Authoritative
>Time Server first:
>
>216734 How to Configure an Authoritative Time Server in Windows 2000
>http://support.microsoft.com/?id=216734
>
>314054 How to Configure an Authoritative Time Server in Windows XP
>http://support.microsoft.com/?id=314054
>
>816042 How to configure the Windows Time service on a Windows Server
>2003-based http://support.microsoft.com/?id=816042
>
>2. Please check the configuration of two sites and refer to the following
>articles:
>
>Windows Server 2003 Active Directory Branch Office Guide
>
>http://www.microsoft.com/downloads/details.aspx?FamilyID=9353a4f6-a8a8-40bb
-
>9fa7-3a95c9540112&displaylang=en
>
>Deploying Active Directory for Branch Office Environments
>
>http://www.microsoft.com/technet/archive/windows2000serv/technologies/activ
e
>directory/deploy/adguide/addeploy/default.mspx
>
>Active Directory Branch Office Planning Guide
>
>http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/bran
c
>hoffice/default.asp
>
>Please pay more attention to the following contents in these articles:
>
>Configuring Automated Site Coverage
>Another situation that requires configuration of SRV resource records
>results from not having a domain controller in a particular site. This
>might happen because there are no users who require constant logon access,
>or because replication to the site might be too expensive or too slow. To
>ensure that a domain controller is located in the site closest to a client
>computer, if not the same site, Windows Server?2003 automatically attempts
>to register a domain controller in every site by using an automated site
>coverage algorithm. The algorithm determines how one site can "cover" a
>second site when no domain controller exists in the second site. By
>default, the process uses the replication topology.
>The algorithm works as follows: each domain controller checks all sites in
>the forest and then checks the replication cost matrix. A domain
controller
>advertises itself (registers a site-related SRV record in DNS) in any site
>that does not have a domain controller for that domain and for which its
>site has the lowest-cost connections. This process ensures that every site
>has a domain controller even though its domain controller might not be
>physically located in that site. The domain controllers that are published
>in DNS are those from the closest site (as defined by the replication
>topology).
>In a branch office environment, automated site coverage should be
disabled.
>Figure 4.9 shows where this process fits into the overall DNS planning
>process.
>Figure 4.9 Configuring Automated Site Coverage
>
>In the branch office scenario, computers should not locate domain
>controllers in any other branch office. A client should always communicate
>with a local domain controller, and if that is not available, use a domain
>controller in the data center site. Automated site coverage makes it
>possible for a situation to occur where a client might be able to locate a
>domain controller in another branch office. For this reason, automated
site
>coverage should be disabled in a branch office environment. Use the Group
>Policy snap-in to achieve this:
>1. Disable the "Automated Site Coverage by DC Locator DNS SRV Records"
>Group Policy on all domain controllers, not only in the branches but also
>in the data center. You can do this by modifying the Default Domain
>Controllers Group Policy.
>2. Do not register generic records, as described in "Finding a Domain
>Controller in the Data Center" earlier in this chapter.
>If both of these configurations are performed, then all clients within a
>branch office site will discover the local domain controller if it is
>available or the data center domain controller if no local domain
>controller is available.
>When a site with a domain controller for some domain is closer to another
>site than to the data center site, the administrator has the ability to
>configure that domain controller with the specific ("close") sites to be
>covered using the following Group Policy settings:
>" Sites Covered by the DC Locator DNS SRV Records
>" Sites Covered by the GC Locator DNS SRV Records
>" Sites Covered by the Application Directory Partition Locator DNS SRV
>Records
>However, physical proximity or network performance are not the only
>criteria. If firewalls or dial-on-demand lines do not allow traffic in
this
>direction, incorrectly applied site coverage will be bad for clients
>because they will fall back to an unreachable domain controller and not to
>the data center.
>
>HTH! And I will continue checking the MPSReports to see if there are any
>other clues I can found. If you have anything update, please feel free to
>let me know. I'm looking forward to your reply.
>
>Thanks & Regards
>
>Amanda Wang [MSFT]
>
>Microsoft Online Partner Support
>
>Get Secure! - www.microsoft.com/security
>
>====================================================================
>
>When responding to posts, please "Reply to Group" via your newsreader so
>that others may learn and benefit from your issue.
>
>=====================================================================
>
>--------------------
>>X-Tomcat-ID: 233018892
>>References: <7C9E0C9C-D9DA-4D57-B9CF-AED3E4DC28E1@xxxxxxxxxxxxx>
><OJ0BRIqYFHA.3336@xxxxxxxxxxxxxxxxxxxxx>
><rXCSomcZFHA.3336@xxxxxxxxxxxxxxxxxxxxx>
><eSMob8eZFHA.584@xxxxxxxxxxxxxxxxxxxx>
><eEuVRqoZFHA.2996@xxxxxxxxxxxxxxxxxxxx>
><R#5uTOpZFHA.2184@xxxxxxxxxxxxxxxxxxxxx>
><ycK8FypZFHA.3336@xxxxxxxxxxxxxxxxxxxxx>
><#ESZc8AcFHA.3912@xxxxxxxxxxxxxxxxxxxx>
>>MIME-Version: 1.0
>>Content-Type: text/plain
>>Content-Transfer-Encoding: 7bit
>>From: v-amanwa@xxxxxxxxxxxxxxxxxxxx (Amanda Wang [MSFT])
>>Organization: Microsoft
>>Date: Wed, 15 Jun 2005 11:08:53 GMT
>>Subject: Re: Client performance problem windows 2003 server...
>>X-Tomcat-NG: microsoft.public.windows.server.networking
>>Message-ID: <tfMrfqZcFHA.3052@xxxxxxxxxxxxxxxxxxxxx>
>>Newsgroups: microsoft.public.windows.server.networking
>>Lines: 131
>>Path: TK2MSFTNGXA01.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl
>microsoft.public.windows.server.networking:16613
>>NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
>>
>>Hello,
>>
>>Thanks for your response.
>>
>>First, I would like give a summary of this issue including setup
>>environment, main issue you encountered and the actions we have performed.
>>
>>Setup environment:
>>============
>>A Windows 2000 server was at first installed in site A (both
>geographically
>>and in the site configuration) this is acting as the "primary" domain
>>controller.
>>This server is GC, DDNS, DHCP, WINS, Print and file server.
>>
>>Then at site B there is a windows 2003 server. This is acting as a GC,
>>DDNS,
>>WINS, file and print server.
>>
>>The sites are connected through a VPN tunnel with cisco pix firewalls.
The
>>internet connection is at site A a dedicated connection and at site B a
>>ADSL 1Mbit connection.
>>
>>Issue:
>>==============
>>When the connection between the two sites is terminated, the clients at
>>site B becomes extremely slow to logon and even to access the local
server
>>at site B.
>>
>>Actions:
>>====================
>>1. Yes every client in Site B is suffering from this
>>2. The DNS is replicated through sites and services
>>3. The DNS settings on site B is distributed the following way to the
>>clients: (the DHCP scope settings)
>>Primary dns: site Bs win2k3 server
>>Secondary dns: site As win2k server
>>Same setup for wins...
>>4. The mappings on the clients are mapped like this:
>>NET USE G: \\smedjan.local\DFSroot\Verktyg_Gemensam /PERSISTENT:NO
>>If change it to NET USE G: \\verktyg\Verktyg_Gemensam$ /PERSISTENT:NO
>>then the problem with slow connections disappears.
>>\\smedjan.local is the domain name and verktyg is the file server's name.
>>a, the file server is Server B in site B
>>b, If don't map the shares there is no problem
>>
>>5. If change the group policy setting on the w2k3 server at site B the
>>policy won't be applied to the clients until the w2k server at site A has
>>that group policy information. Even if run GPUPDATE on the clients and
>>server.
>>If make a change in the policies on w2k server at site A the clients gets
>>that policy applied directly with GPUPDATE.
>>
>>Now from the above conclusion, we can find the issue should have two
>>aspects:
>>
>>1. It seems that Site B's clients cannot authenticate by Win2k3 server.
>It
>>may be caused by DNS replication.
>>2. It may be caused by the mappings and it looks like a DFSroot issue
>>
>>Therefore, we can perform the following steps to isolate the issue:
>>1. Terminate the connection between site A and B
>>2. Boot one client computer by using safe mode with network
>>3. Don't map the shares and check if the slow logon issue still persists
>on
>>this client.
>>4. How long will it take in logging on?
>>This test will help us isolate if the issue is caused by replication
>>between A and B or by DFSroot.
>>
>>The issue is complex and Network MPSReport and Userenv log on files are
>>very important for us to perform further research on it.
>>
>>I don't know why I haven't received your E-mail last time. Would you
>>please use two different E-mail accounts to send the information I
>>requested to me at v-amanwa@xxxxxxxxxxxxx? You effort on this issue
would
>>be appreciated and I'm looking forward to hearing from you.
>>
>>Thanks & Regards
>>
>>Amanda Wang [MSFT]
>>
>>Microsoft Online Partner Support
>>
>>Get Secure! - www.microsoft.com/security
>>
>>====================================================================
>>
>>When responding to posts, please "Reply to Group" via your newsreader so
>>that others may learn and benefit from your issue.
>>
>>=====================================================================
>>
>>--------------------
>>>From: <fc9a9f82-2129692850@xxxxxxxxxxxxxx>
>>>References: <7C9E0C9C-D9DA-4D57-B9CF-AED3E4DC28E1@xxxxxxxxxxxxx>
>><OJ0BRIqYFHA.3336@xxxxxxxxxxxxxxxxxxxxx>
>><rXCSomcZFHA.3336@xxxxxxxxxxxxxxxxxxxxx>
>><eSMob8eZFHA.584@xxxxxxxxxxxxxxxxxxxx>
>><eEuVRqoZFHA.2996@xxxxxxxxxxxxxxxxxxxx>
>><R#5uTOpZFHA.2184@xxxxxxxxxxxxxxxxxxxxx>
>><ycK8FypZFHA.3336@xxxxxxxxxxxxxxxxxxxxx>
>>>Subject: Re: Client performance problem windows 2003 server...
>>>Date: Mon, 13 Jun 2005 13:57:41 +0200
>>>Lines: 19
>>>X-Priority: 3
>>>X-MSMail-Priority: Normal
>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>>X-RFC2646: Format=Flowed; Original
>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>>Message-ID: <#ESZc8AcFHA.3912@xxxxxxxxxxxxxxxxxxxx>
>>>Newsgroups: microsoft.public.windows.server.networking
>>>NNTP-Posting-Host: mail.wermtec.se 194.132.162.3
>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
>>>Xref: TK2MSFTNGXA01.phx.gbl
>>microsoft.public.windows.server.networking:16505
>>>X-Tomcat-NG: microsoft.public.windows.server.networking
>>>
>>>Hi,
>>>
>>>I will try to mail you the previously discussed files again.
>>>
>>>1. The Site B has server B in that site and Site A has server A in its
>>site.
>>>Do you want me to pu both of the servers in site A?
>>>
>>>2. \\smedjan.local is the domain name and verktyg is the file servers
>name.
>>>a, the file server is Server B in site B
>>>b, If I dont map the shares theere is no problem, so the mapping is a
>>>problem, or to find the right way to map drives seems to be a problem...
>>>
>>>3. I will get you a report next time I go to my customer wich I hope can
>>be
>>>this week.
>>>
>>>Best Regards
>>>Perra
>>>
>>>
>>>
>>
>>
>
>
.
- Follow-Ups:
- Re: Client performance problem windows 2003 server...
- From: fc9a9f82-2129692850
- Re: Client performance problem windows 2003 server...
- References:
- Re: Client performance problem windows 2003 server...
- From: fc9a9f82-2129692850
- Re: Client performance problem windows 2003 server...
- From: Amanda Wang [MSFT]
- Re: Client performance problem windows 2003 server...
- From: Amanda Wang [MSFT]
- Re: Client performance problem windows 2003 server...
- From: fc9a9f82-2129692850
- Re: Client performance problem windows 2003 server...
- From: Amanda Wang [MSFT]
- Re: Client performance problem windows 2003 server...
- From: Amanda Wang [MSFT]
- Re: Client performance problem windows 2003 server...
- Prev by Date: Re: Adding another server?
- Next by Date: Re: Client performance problem windows 2003 server...
- Previous by thread: Re: Client performance problem windows 2003 server...
- Next by thread: Re: Client performance problem windows 2003 server...
- Index(es):
Relevant Pages
|
