I
Ian
We are experiencing periodic slowdowns in our network that I can't explain.
The problem occurs while reading or writing large numbers of files from an
XP client to a 2000 server. The client belongs to an NT4 domain, and the
2000 machine is the only computer (and therefore the domain controller) of
the active directory domain we are slowly migrating too. Both domains trust
each other, the file permissions are all setup properly etc. The strange
thing is that we get decent network access for a while, then it slows down.
Even stranger is that if the client performs an ipconfig /release and
ipconfig /renew, the problem goes away for a short while. It's like we
periodically have to tell the network to stop snoozing. None of the dhcp
settings have changed, even the ip address for the client is reserved, so
it's not due to changing settings. We tried using all static settings
instead of dhcp but the problem still exists. And of course, ipconfig
/renew doesn't do anything in this case so there is no way to tell the
network to wake up once in a while.
Other important information includes:
- The 2000 domain controller , NT4 primary domain controller and xp client
are all on the same subnet
- The NT4 PDC is a 550mhz machine with only 256mb of ram; it is also the
exchange server, file server and Accpac server (I often wonder if it is just
too busy to respond to authentication requests)
- There is an NT4 BDC on the same subnet across a wireless link, so there is
a delay to access it if the PDC is too busy.
- The BDC across the wireless link is the only WINS server on this subnet
- The NT4 PDC is also the dhcp server, so it might be the machine we have to
wake up now and then.
- The 2000 machine is running in native mode
The permissions of the shared files are setup as follows:
- the files exist on the 2000 server (ie a separate domain from the client)
- I setup domain local groups on the 2000 domain and assigned the
permissions to those groups
- I did not create any user accounts on the 2000 domain; instead I added
accounts from the NT4 domain directly into the 2000 domain local groups. I
did this for migration purposes.
The best guess I have is that it has something to do with the files needing
two permission checks to be accessed. The 2000 server needs to ask the NT4
domain if the person asking for the file is who he says he is. Then the
2000 machine needs to check its own database to see if the NT4 user is in a
domain local group that has access to the files. As long as a domain
controller from each domain is able to respond quick enough, I can't see
this being a problem. But if the NT4 PDC is simply too busy to
authenticate, it might have something to do with it. Though this still
doesn't explain the fact that an ipconfig /renew temporarily solves the
problem. I'm at a loss.
I've tried all of the Microsoft knowledge base articles that regularly get
mentioned when someone brings up network issues, but none of them mention
why a /renew works.
If anyone can shed any light on this situation it would be greatly
appreciated.
Thanks in advance.
The problem occurs while reading or writing large numbers of files from an
XP client to a 2000 server. The client belongs to an NT4 domain, and the
2000 machine is the only computer (and therefore the domain controller) of
the active directory domain we are slowly migrating too. Both domains trust
each other, the file permissions are all setup properly etc. The strange
thing is that we get decent network access for a while, then it slows down.
Even stranger is that if the client performs an ipconfig /release and
ipconfig /renew, the problem goes away for a short while. It's like we
periodically have to tell the network to stop snoozing. None of the dhcp
settings have changed, even the ip address for the client is reserved, so
it's not due to changing settings. We tried using all static settings
instead of dhcp but the problem still exists. And of course, ipconfig
/renew doesn't do anything in this case so there is no way to tell the
network to wake up once in a while.
Other important information includes:
- The 2000 domain controller , NT4 primary domain controller and xp client
are all on the same subnet
- The NT4 PDC is a 550mhz machine with only 256mb of ram; it is also the
exchange server, file server and Accpac server (I often wonder if it is just
too busy to respond to authentication requests)
- There is an NT4 BDC on the same subnet across a wireless link, so there is
a delay to access it if the PDC is too busy.
- The BDC across the wireless link is the only WINS server on this subnet
- The NT4 PDC is also the dhcp server, so it might be the machine we have to
wake up now and then.
- The 2000 machine is running in native mode
The permissions of the shared files are setup as follows:
- the files exist on the 2000 server (ie a separate domain from the client)
- I setup domain local groups on the 2000 domain and assigned the
permissions to those groups
- I did not create any user accounts on the 2000 domain; instead I added
accounts from the NT4 domain directly into the 2000 domain local groups. I
did this for migration purposes.
The best guess I have is that it has something to do with the files needing
two permission checks to be accessed. The 2000 server needs to ask the NT4
domain if the person asking for the file is who he says he is. Then the
2000 machine needs to check its own database to see if the NT4 user is in a
domain local group that has access to the files. As long as a domain
controller from each domain is able to respond quick enough, I can't see
this being a problem. But if the NT4 PDC is simply too busy to
authenticate, it might have something to do with it. Though this still
doesn't explain the fact that an ipconfig /renew temporarily solves the
problem. I'm at a loss.
I've tried all of the Microsoft knowledge base articles that regularly get
mentioned when someone brings up network issues, but none of them mention
why a /renew works.
If anyone can shed any light on this situation it would be greatly
appreciated.
Thanks in advance.