Solved

Slow network (AD) response.

Posted on 2010-08-31
12
733 Views
Last Modified: 2012-05-10
We are having a problem where when you open "My Computer" it takes forever to populate the first time, subsiquesnts are fine.  If you leave for a while and come back it may or may not happen again.  Kind of like it's waiting for something.  We have 2 drives mapped to the UK, if we disconnect them the problem goes away.  This does not happen to everyone, and it seems if you create a net profile for the user that fixes it as well, at least for the short term.  We also have a problem where runas takes just as long to come up and ask for credentials.  I think they are linked, and I think it has something to do with the AD and maybe replication?
0
Comment
Question by:XenoSaber
  • 5
  • 3
  • 3
  • +1
12 Comments
 
LVL 31

Expert Comment

by:DrUltima
ID: 33569264
It is just Windows XP machines which do this (Server 2003, Vista, Windows 7, etc. are all OK)?
0
 
LVL 3

Expert Comment

by:robdcoy
ID: 33569366
Make 100% sure that your first DNS server for your network card is the IP address of a Domain Controller (a local one is best).  If it is set to your router, you will encounter slow logons, AD queries, etc.
0
 

Author Comment

by:XenoSaber
ID: 33569597
Just XP's yes.  The 7 and 2003-2008's do not seem to have the problem.

We have a Non DC DHCP server and 2 separate DC's running WINS and DNS for us.  The DHCP serves the DNS server IP's to the clients.  I have to say, all DNS tools and actions seem to run quick like a bunny.
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 33569599
That's what you get with "mapped drives".
Get rid of Mapped Drives,...use UNC Pathes.  There may be some delay when opened depending on where the target is physically "at" with respect to the Client,...but that is expected.

Mapped Drives date back to the 1990's with Novel,...mapped drives, as a concept, needs to die the death of the dinosaurs.

For other issues you need a DC at each physical location.
Each physical location needs to be a different subnet (don't "bridge" over WAN Links)
Configure Active Directory Sites and Services to manage the AD Replication over the WAN Links and to assure that users always authenticate to the closest (quickest) Domain Controller.
0
 

Author Comment

by:XenoSaber
ID: 33569704
We have DC's at each location, We find it odd that it happens some of the time but not all of the time.  Removing the mapped drives will solve the "My Computer" problem, but it doesn't tell us why.  Also we still have the runas problem, I think it is related.  We have 2 DC's here, and those are what we use as login servers, I don't get why it takes so long to find one of them to authenticate for a runas.
0
 
LVL 31

Expert Comment

by:DrUltima
ID: 33569721
When you have a mapped drive in Windows XP, it tries to enumerate it before displaying the request.  A better use would be to have shortcuts to shares using UNC paths, as pwindell suggested.  I won't go so far as to say they need to die the death of the dinosaurs, because there are some legacy apps which require drive letters, but I do understand his sentiment.  An alternative is to use a registry hack to force XP to create all network connections before presenting the desktop.  This would probably get rid of your issue, but it would slow down log in times as a trade off.  Let me know if you are interested in that path, and I can tell you how to do that.

Justin
0
 
LVL 31

Expert Comment

by:DrUltima
ID: 33569732
The runas problem you have is pretty much the same thing.  It is just re-enumerating the path before it runs under the alternate profile.
0
 

Author Comment

by:XenoSaber
ID: 33569819
That's what I was thinking, but how do the paths enumerate, is there a way to see what the computer is doing when I make a request so I can track if it is failing at some point?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 33569823
We have DC's at each location, We find it odd that it happens some of the time but not all of the time.  Removing the mapped drives will solve the "My Computer" problem, but it doesn't tell us why.  Also we still have the runas problem, I think it is related.  We have 2 DC's here, and those are what we use as login servers, I don't get why it takes so long to find one of them to authenticate for a runas.
My posts answered all of that,...and cures most of it (not all is curable,...WANs "are what they are").
I still have a few mapped drives for the same reasons DrUltima mentioned, but none of them run over a WAN link.  I couldn't kill all the dinorsaurs, but I killed all of them I could.
In the end both DrUltima and I are saying the same thing and basically just re-enforcing each other.  But he replied first, he should get the points of any,..I'm not worried about points, I still have a stack of T-shirts I haven't even opened yet. :-)
0
 

Author Comment

by:XenoSaber
ID: 33569882
I agree with you that is a fix, I was just looking for something deeper in, that's all.  We have fixed a whole lot of problems recently, from Replication to DNS and beyond.  Maybe we'll fix it eventually and not even know it.  Thanks all.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 33570053
A fix implies that something is broke.  Nothing is broke,..it is acting exactly like it is expected to do with the methods you are using.    As I said,...WAN links "are what they are",...so they,... "do what they do".  
Use different methods as DrUltima and I suggested and you should be fine.  Having DCs physically located where they should be and using Active Directory Sites & Services to make it "behave" properlyy is a must.  That is what the AD Sites & Services was invented for.  That covers the lag in authentication, which includes the lag in authenticatio when using "Runs As",...but the file execution that happens after the "Run As" is subject to the paragraph below if the WAN LInk is between the user and the Executable.
Beyond that pulling files across a WAN Link is always going to be "what it is".   Coping a Files,...Opening  a File,...Executing a File,...is effectively the same thing,,,it has to move the entire file across the WAN to perform the process and it is going to "take what it takes" due to the limited bandwidth of the WAN Link.
 
0
 

Author Closing Comment

by:XenoSaber
ID: 33636022
I think there is more going on in the background than just that.  I am going to keep investigating.
0

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now