Why is ftp login so slow?

Hi Everyone,
We have a Windows 2003 R2 SP2 box running ftp. When people try to connect to it the message they receive is Connected to xdomain.com However it takes about 30 -45 seconds for the login to come up. Why would this be taking so long?

Thanks for your help
cireduranAsked:
Who is Participating?
 
giltjrCommented:
O.K. going back and re-reading, I think the ftp slow login and the alerts on the dns server may be two separate issues.

The dns alerts are because you have the one invalid IP address in the list.  I would suggest that you get the invalid IP address out.

Then what you may want to do is install a packet capture product on the ftp server and capture packets to see what it is doing.

I still think that you may have an option enabled to do reverse look-up and that the ftp server is waiting for a response for the reverse look-up.  This can easily be confirmed by a packet trace.

I recommend using Wireshark (http://www.wireshark.org), but if you have MS netmon utility installed that will work also.
0
 
giltjrCommented:
Are you using IIS's FTP server or some other ftp server?

Are the users on the same LAN, is this over the Internet, or a private WAN link?
0
 
cireduranAuthor Commented:
Hi Thanks responding. It is IPswitch ftp server and it is mostly over the wan.I can connect to the wan internally easy but outside seems to take some time to get the login prompt.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
giltjrCommented:
O.K.  IIRC that ftp server has an option to do reverse look-ups, that is take the IP address and try and find out what host name is associated with it.  Since the majority of IP addresses do NOT have PRT records defined, the ftp server is most likely timing out trying waiting for a response.

I don't know where or how to disable this, but I would look for things like IP address identifying or look up.
0
 
cireduranAuthor Commented:
Hi giltjr,

I think this is a dns issue. I keep getting the following in my dns event log.
Event Type:      Warning
Event Source:      DNS
Event Category:      None
Event ID:      409
Date:            2/14/2009
Time:            2:32:00 PM
User:            N/A
Computer:      dc1
Description:
The DNS server list of restricted interfaces contains IP addresses that are not configured for use at the server computer.
 
Use the DNS manager server properties, interfaces dialog, to verify and reset the IP addresses the DNS server should listen on.  For more information, see "To restrict a DNS server to listen only on selected addresses" in the online Help.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
giltjrCommented:
Is the DNS server running on the same server as the ftp server is?

What this sounds like is that the server DNS is running on has multiple IP addresses and the DNS server is configured so that it does NOT listen on all of them.  Further more the FTP server may be sending resolution requests to one of the IP addresses that the DNS server is configured NOT to listen on.

Does the DNS server have multiple IP addresses?
Is the DNS server configured to only listen on specific ones?
0
 
ChiefITCommented:
I think your last analysis is accurate giltjr. Mind if I stick around to see how things go?
0
 
cireduranAuthor Commented:
Hi giltjr,
The ftp server did have dns server running on it before but i didn't have any problems before this. The only thing I changed last week was moved the dhcp server to a different server. Should the dns server take requests from the ftp server?
0
 
giltjrCommented:
It should.  What IP address do you have configured on the ftp server  to use as its DNS server?

Can you verify that the DNS server is setup to listen on that IP address?

ChiefIT, stick around as long as you want.  It's always nice to have a second set of eyes looking at the problem.
0
 
cireduranAuthor Commented:
Hi giltjr,
So I noticed that on the secondary DNS server if i click on all ip addresses there is an address that should not be there but the button to remove is grayed out unless I check the radio button for specific ip address. Any ideas?
thanks for your help
0
 
giltjrCommented:
On the ftp server does it have that IP address listed in the DNS server box?
0
 
cireduranAuthor Commented:
no it does not.
0
 
cireduranAuthor Commented:
Hi giltjr,
where would i find the reverse lookup option though?
0
 
ChiefITCommented:
I was thinking something a little different and hope you don't mind a little side track:

You probably have multiple IPs on the same NIC card. Sometimes people set these up for multiple web sites on one server:

example:
the main domain is on xxx.xxx.xxx.xxx
Web page 1 has the IP of xxx.xxx.xxx.xxy
Web page 2 has the IP of xxx.xxx.xxx.xxz

To direct traffic to these sites directly instead of confusing the server, you should add what is called a conical name entry in DNS (Also known as a CNAME entry). This points your remote clients and server right to the correct IP for the site. So, let's say your FTP site has an IP of xxx.xxx.xxx.xxb, you could create a FTP CNAME entry in DNS that points directly to your FTP site so, it isn't delayed in finding the site and you probably will not get the 409 error that is basically telling you, "I am confused as to what IP I need to go to for FTP business"
0
 
cireduranAuthor Commented:
Hi ChieftIT,
There is already an A record for this site should that matter?
Thanks!
0
 
cireduranAuthor Commented:
Is there any chance that wins could affect this? Let me back track for a second. The ftp server was the small business server which we then transitioned into a windows standard 2003 server. We then started moving things off of it. ie. first the domain controller, then the exchange server, then I added a secondary domain controller. and then the last thing that I have moved was the dhcp database. wins is still running on this box however but I don't see any particular settings that may affect anything. Over the course of one week is when this all started happening. I created a CNAME under the www.domain.com zone in dns but this hasn't done anything yet.
Thanks for all your help,
0
 
giltjrCommented:
I don't have access to IP Switch's FTP server software.  I would assume that this option would exist someplace under logging options.
0
 
giltjrCommented:
Is the ftp server running under SBS or Windows 2003 standard?

I would still say that a packet trace would show if reverse look-up is being used.  If that is being used, then that could be the issue.  In fact if WINS or any other network based problem is the issue a packet trace would show.

I can't think of how WINS would come into play.  The FTP server should only be using real DNS, not WINS.
0
 
ChiefITCommented:
"I created a CNAME under the www.domain.com zone in dns but this hasn't done anything yet."

the www is a qualifier telling your query that you are using the world wide web. I wonder if this is trying to go to port 80 for an FTP connection.

Check out the CNAME example on wiki to see if we can get this CNAME record in DNS to work.  

http://en.wikipedia.org/wiki/List_of_DNS_record_types
0
 
cireduranAuthor Commented:
Well I wanted to thank you guys for all the help. It definitely helped in narrowing down the issue. The actual problem was that we have a linux box that was sending requests to that ftp every few seconds. Solution was to turn off the box and send it back to the vendor who manages it. Thanks again.
0
 
giltjrCommented:
An ftp request ever few seconds was slowing it down?  I guess that is why I still like IBM Mainframes.  We can get 100 ftp requests in a single second (which we do quite often) and not notice and we are only running a 5 way that is two generations old.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.