Slow initial connection to network resources

[James Blevins]

A million pardons in advance if this question has already been asked
and answered, or if this should be posted elsewhere. I've tried
googling for a solution, but I probably don't
know the proper terminology and am therefore not searching correctly.

Here is what is happening. All clients are WinXP SP2. We have several
Windows 2003 Enterprise R2
servers that host file shares and network applications. All network
drives are mapped correctly and are not showing up as disconnected, so
that is not the problem.

Whenever a user on our network attempts to access a network resource,
be it a shared file or an application that retrieves data from the
network, there is a significant (perhaps 10 seconds or more) pause
before it finally responds. Subsequent attempts are near
instantaneous.

Except that's not exactly true. If the user hasn't accessed said
resource for some period of time, then it's back to that same initial
delay. Again, after that delay, future accesses are immediate.

Here is what I think is happening, but I'm not an expert and don't
know the proper terminology. As this is on a domain and access to
resources is controlled by Active Directory ACLs, the first attempt to
access the network resource requires credentials to be sent and
verified. Once the user has validated his/her credentials, the server
"remembers" them for a set length of time, if during which there is no
further activity, those credentials expire.

Is this correct? If so, what is the name for this behavior and what
(if anything) can I do to lengthen the period of time that elapses
before credentials have to be reverified. Or is this a bad idea?

Thank you so much for your assistance.

James Blevins

 

[Malke]

A million pardons in advance if this question has already been asked
and answered, or if this should be posted elsewhere. I've tried
googling for a solution, but I probably don't
know the proper terminology and am therefore not searching correctly.

Here is what is happening. All clients are WinXP SP2. We have several
Windows 2003 Enterprise R2
servers that host file shares and network applications. All network
drives are mapped correctly and are not showing up as disconnected, so
that is not the problem.

Whenever a user on our network attempts to access a network resource,
be it a shared file or an application that retrieves data from the
network, there is a significant (perhaps 10 seconds or more) pause
before it finally responds. Subsequent attempts are near
instantaneous.

Except that's not exactly true. If the user hasn't accessed said
resource for some period of time, then it's back to that same initial
delay. Again, after that delay, future accesses are immediate.

Here is what I think is happening, but I'm not an expert and don't
know the proper terminology. As this is on a domain and access to
resources is controlled by Active Directory ACLs, the first attempt to
access the network resource requires credentials to be sent and
verified. Once the user has validated his/her credentials, the server
"remembers" them for a set length of time, if during which there is no
further activity, those credentials expire.

Is this correct? If so, what is the name for this behavior and what
(if anything) can I do to lengthen the period of time that elapses
before credentials have to be reverified. Or is this a bad idea?

I'll let a server guru comment on the length of time credentials are
retained, although I haven't ever noticed this being an issue on Win2k3
servers/workstations I've set up.

Most commonly delays in connecting to a server are caused by incorrect
DNS settings. The server should only look to itself for DNS with
forward/reverse lookup zones set. Workstations should only look to the
server for DNS. Here are some explanatory links:

How Domain Controllers Are Located in Windows XP -
http://support.microsoft.com/default.aspx?scid=kb;en-us;314861

DNS and AD FAQs - http://support.microsoft.com/?id=291382


Malke

 

[James Blevins]

I'll let a server guru comment on the length of time credentials are
retained, although I haven't ever noticed this being an issue on Win2k3
servers/workstations I've set up.

Most commonly delays in connecting to a server are caused by incorrect
DNS settings. The server should only look to itself for DNS with
forward/reverse lookup zones set. Workstations should only look to the
server for DNS. Here are some explanatory links:

How Domain Controllers Are Located in Windows XP -http://support.microsoft.com/default.aspx?scid=kb;en-us;314861

DNS and AD FAQs -http://support.microsoft.com/?id=291382

Malke

Thanks, Malke.

I took a look at the DNS server on the DC and didn't find anything
that looked strange. I ran ipconfig /all and saw that the DNS server
for the NIC is 127.0.0.1. Now, as far as the workstations are
concerned, they have the DC's IP address as the primary DNS server,
but they have our ISP's DNS servers as their secondary and tertiary
DNS servers. Could that be causing delays in connecting to our file/
app server?

James

 

[Malke]

Thanks, Malke.

I took a look at the DNS server on the DC and didn't find anything
that looked strange. I ran ipconfig /all and saw that the DNS server
for the NIC is 127.0.0.1. Now, as far as the workstations are
concerned, they have the DC's IP address as the primary DNS server,
but they have our ISP's DNS servers as their secondary and tertiary
DNS servers. Could that be causing delays in connecting to our file/
app server?

I never set the server's DNS to localhost but to its actual static IP
address, but I suppose that could work. Most definitely you should *not*
have the ISP's DNS servers on the workstations OR the server. The ISP's
DNS shows up in the forward lookup zone on the server ONLY and NEVER on
the workstations.


Malke