Solved

SIDs slow to resolve

Posted on 2008-10-08
7
1,062 Views
Last Modified: 2010-07-07
Our Windows Server 2003 machines in our DMZ are very slow to resolve SIDs when we look at the properties of a folder.  It takes up to 3 minutes to resolve the domain user and group names in the security or sharing properties of folders.  I have tried putting entries into the LMHOSTS file for the DC based on this MS article http://support.microsoft.com/kb/314108 with no luck.  Our network guys say they don't see any traffic being blocked between the DMZ machines and the Domain Controller.  Does anyone have any suggestions?
0
Comment
Question by:InvoiceInsight
  • 4
  • 3
7 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22677014

LMHosts won't help really. How is DNS configured for those hosts?

Chris
0
 

Author Comment

by:InvoiceInsight
ID: 22678154
The Domain Controllers are also the DNS servers, and they are configured as the primary and secondary DNS servers for the hosts.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22678171

I take it there's no NAT? And while I know you mentioned that nothing was blocked... RPC is permitted?

Chris
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:InvoiceInsight
ID: 22682344
I guess I should clarify.  My firewall admin didn't see any traffic getting blocked while the SIDs are resolving.  Looks like port 135 is open between the hosts and the DC.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22682366

You need a lot over 1024 open as well, RPC isn't exactly conservative unless you've set the registry keys to limit the ports used?

Chris
0
 

Author Comment

by:InvoiceInsight
ID: 22730694
We have configured the DCs to use port 1600 by adding a DWORD TCP/IP value to:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters

Port 1600 is open from the DC to the host as well.
0
 

Accepted Solution

by:
InvoiceInsight earned 0 total points
ID: 22845484
Turns out our firewall was denying some traffic between the host and the dc.  The first firewall admin i talked to said there was nothing getting denied, the second guy i talked to saw traffic getting blocked and fixed the issue.  SIDs are resolving normally now.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question