SLOW network access - Resolved!

T

Tracy L. Baker

This may be a little long, but I felt that posting this
would help quite a lot of you out there. Please read
through to the end to see if it'll apply to you!

I have now done this "fix" in both WinNT Server (primary
domain controller) environments with Win2000 Pro clients
as well as with Win2000 Server (both PDC/active directory
and non-active directory) environments with Win2000 Pro
and WinXP (Home and Pro) clients. It has worked equally
well in all cases. This DOES NOT pertain to Win2000
Pro/Win98/WinXP peer-to-peer networks, nor does it seem to
be particularly useful when using all Win98 clients [in
the context of client to client speed, but it CAN make a
difference in client to server speed] -- so if you have
one of those, the only thing that may help you is un-
checking the "Register this connection's address in DNS"
box which is found in the advanced properties for the
TCP/IP protocol under the DNS tab [Win2000 and WinXP
only]. (See below.)

All of the installations to which I'm referring are all
small businesses with no more than 20 clients or so.

Also, none of these servers are acting as a DHCP or DNS
server in these installations (although, DNS and DHCP
services may be loaded). All have external DHCP boxes
(DSL/cable routers) -- although none of the clients are
using DHCP. All are using static IP addressing and have
their DNS server IP's pointing to the ISP's DNS addresses.

A few weeks ago, I posted a thread about a condition that
had arisen with one of my customers where a 26mb file
being copied from a Win98 client to a Win2000 client (both
in the same WinNT 4.0 domain) was very very slow (13
minutes). I also said that this slowness DID NOT occur
until the Win98 client actually logged into the domain.
[In other words, if you copied the same file while the
Win98 client was sitting at the name/password/domain login
screen, it would copy much faster.]

A few people said here that the clients' needed to
be "pointed at the server-IP", and not much more than that
was said. Obviously, this statement isn't really of much
use. After more research I found that the server-IP being
mentioned was in context of DNS and/or DHCP. This,
however, made no sense to me since DNS and DHCP aren't
being used in these installations. In fact, I saw no
reason to go through all the hassle to set up an "in-
house" DNS server since my only real need for DNS was to
resolve internet addresses -- so why not just use the ISP
DSN addresses? Also, since all clients are using static
IP addressing, setting up DHCP on the server was moot.

However, this did remind me that before Microsoft embraced
DNS in Win2000, they used WINS. Ultimately, that is
the "fix". Set up and start WINS on the WinNT or Win2000
Server and point all the clients (and server) to the
server's IP under the WINS tab (TCP/IP protocol and then
advanced). It is interesting to note that WINS is NOT
installed on the server by default. Good news is that
installing WINS on a Win2000 Server does not require a
reboot (WinNT may have to reboot a couple of times,
because after installing the WINS service, you'll was to
re-install Service Pack 6).

You may also want to uncheck the box "Register this
connection's address in DNS" as mentioned in paragraph
two, above -- as there is no reason to do this function in
quite a lot of small-business or personal networking
applications where an in-house DNS server is not used, or
really needed.
See Microsoft's KB article: http://support.microsoft.com/?
kbid=275554
See also:
http://www.incentre.net/incentre/frame/win2000dns.html

How did my "fix" turn out? Well, that 26mb file that used
to take 13 minutes to copy from a Win98 client to a
Win2000 Pro client now only takes 25 seconds. Also, one
Win2000 Pro user's Outlook, where the Outlook files are on
the WinNT server, runs very much faster. In other
installations, the users are absolutely amazed at the
speed increase -- from file and application server access
to print servers. (As an aside, all these network
installations are ones I recently took over, and were not
installed by me initially.)

A few other notes:
- Sometimes, setting your NIC's speed setting to something
specific (100mbit/full duplex or even 10mbit/full duplex)
instead of leaving it as AUTO is helpful.
- Removing all unnecessary protocols (IPX/SPX, NetBEUI) is
really helpful. Just take care than some old application
doesn't need one of these.
- Due to their decreased cost per port, switches should be
used instead of hubs.
- Use known good and tested Cat5 (Cat5e) cable runs and
patch cords.
- Use updated NIC drivers
- Install the newest service packs for your OS.

Well, I hope this helps a few people out there.
 
D

Doug Sherman [MVP]

WINS can solve a host of problems in non-AD domains and in AD domains with
Win9x clients. However, in an AD domain, your users cannot log onto the
domain if their machines point to your ISP's DNS server.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

Tracy L. Baker said:
This may be a little long, but I felt that posting this
would help quite a lot of you out there. Please read
through to the end to see if it'll apply to you!

I have now done this "fix" in both WinNT Server (primary
domain controller) environments with Win2000 Pro clients
as well as with Win2000 Server (both PDC/active directory
and non-active directory) environments with Win2000 Pro
and WinXP (Home and Pro) clients. It has worked equally
well in all cases. This DOES NOT pertain to Win2000
Pro/Win98/WinXP peer-to-peer networks, nor does it seem to
be particularly useful when using all Win98 clients [in
the context of client to client speed, but it CAN make a
difference in client to server speed] -- so if you have
one of those, the only thing that may help you is un-
checking the "Register this connection's address in DNS"
box which is found in the advanced properties for the
TCP/IP protocol under the DNS tab [Win2000 and WinXP
only]. (See below.)

All of the installations to which I'm referring are all
small businesses with no more than 20 clients or so.

Also, none of these servers are acting as a DHCP or DNS
server in these installations (although, DNS and DHCP
services may be loaded). All have external DHCP boxes
(DSL/cable routers) -- although none of the clients are
using DHCP. All are using static IP addressing and have
their DNS server IP's pointing to the ISP's DNS addresses.

A few weeks ago, I posted a thread about a condition that
had arisen with one of my customers where a 26mb file
being copied from a Win98 client to a Win2000 client (both
in the same WinNT 4.0 domain) was very very slow (13
minutes). I also said that this slowness DID NOT occur
until the Win98 client actually logged into the domain.
[In other words, if you copied the same file while the
Win98 client was sitting at the name/password/domain login
screen, it would copy much faster.]

A few people said here that the clients' needed to
be "pointed at the server-IP", and not much more than that
was said. Obviously, this statement isn't really of much
use. After more research I found that the server-IP being
mentioned was in context of DNS and/or DHCP. This,
however, made no sense to me since DNS and DHCP aren't
being used in these installations. In fact, I saw no
reason to go through all the hassle to set up an "in-
house" DNS server since my only real need for DNS was to
resolve internet addresses -- so why not just use the ISP
DSN addresses? Also, since all clients are using static
IP addressing, setting up DHCP on the server was moot.

However, this did remind me that before Microsoft embraced
DNS in Win2000, they used WINS. Ultimately, that is
the "fix". Set up and start WINS on the WinNT or Win2000
Server and point all the clients (and server) to the
server's IP under the WINS tab (TCP/IP protocol and then
advanced). It is interesting to note that WINS is NOT
installed on the server by default. Good news is that
installing WINS on a Win2000 Server does not require a
reboot (WinNT may have to reboot a couple of times,
because after installing the WINS service, you'll was to
re-install Service Pack 6).

You may also want to uncheck the box "Register this
connection's address in DNS" as mentioned in paragraph
two, above -- as there is no reason to do this function in
quite a lot of small-business or personal networking
applications where an in-house DNS server is not used, or
really needed.
See Microsoft's KB article: http://support.microsoft.com/?
kbid=275554
See also:
http://www.incentre.net/incentre/frame/win2000dns.html

How did my "fix" turn out? Well, that 26mb file that used
to take 13 minutes to copy from a Win98 client to a
Win2000 Pro client now only takes 25 seconds. Also, one
Win2000 Pro user's Outlook, where the Outlook files are on
the WinNT server, runs very much faster. In other
installations, the users are absolutely amazed at the
speed increase -- from file and application server access
to print servers. (As an aside, all these network
installations are ones I recently took over, and were not
installed by me initially.)

A few other notes:
- Sometimes, setting your NIC's speed setting to something
specific (100mbit/full duplex or even 10mbit/full duplex)
instead of leaving it as AUTO is helpful.
- Removing all unnecessary protocols (IPX/SPX, NetBEUI) is
really helpful. Just take care than some old application
doesn't need one of these.
- Due to their decreased cost per port, switches should be
used instead of hubs.
- Use known good and tested Cat5 (Cat5e) cable runs and
patch cords.
- Use updated NIC drivers
- Install the newest service packs for your OS.

Well, I hope this helps a few people out there.
 
T

Tracy Baker

WINS can solve a host of problems in non-AD domains and in AD domains with
Win9x clients. However, in an AD domain, your users cannot log onto the
domain if their machines point to your ISP's DNS server.

Now that is a very interesting statement. Its interesting because I
do exactly that in my very own shop.

I have a Win2000 Server with AD going, all the clients' DNS addresses
point to the ISP DNS, and all the clients' log into the domain just
fine as well. I have Win9x, Win2000 Pro and WinXP Pro clients in this
arrangement (its also my little test bed -- but don't tell my boss :)

When I have them logging into the domain, I do not do so by domain
NAME, rather I use the IP address of the domain controller. Perhaps
that is why its working?

Heck, now that I think about it, I have a customer with a Win2000
Server with AD and all Win2000 Pro client PC's set up the same way
(DNS pointing to the ISP and not internally) and they all work fine as
well. They log into the domain by name...

Or, perhaps, there's something on the Win2000 Pro clients that I
should be looking at that may not be working? They have access to all
the resources and such -- and the login script works ok, so I've not
seen any issues...

(Obviously I'm not an expert on Win2000 Server and AD...)
 
S

Steven L Umbach

If it is working it is not because they are pointing to ISP dns servers.
They "may" be finding the domain controller via netbios name resolution
using ntlm authentication only in a small basic network where every computer
is dealing with the pdc fsmo since dns will fail for them. I don't know
because I have never tried it but I do know that many, many AD problems
relate to dns misconfiguration. If you are not in a domain, unchecking
register this connection is good advice. I can tell you that if you do no
use AD internal dns servers there can be a lot of consequences such as not
being able to logon to the domain in Native mode due to failure of finding
global catalog server, not being able to search Active Directory for
published shared resources, not being able to use ipsec security due to not
using kerberos, no being able to have additional W2K domain controllers, not
being able to have child domains, not being able to use domain group policy,
etc. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382
 
D

Doug Sherman [MVP]

Hmmmmm. I guess that since Win9x machines cannot be joined to a domain and
domain users logon using the NetBIOS name of the domain, such users can
logon without DNS. However, I don't know how a Win2k machine could even
join a domain without using AD DNS - maybe the ISP is hosting the domain,
has SVR records and provides dynamic updates? Also, you can certainly
connect to a machine by IP address - access resources, etc., but how do you
logon to a domain using an IP address instead of a domain name?

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
 
S

Steven L Umbach

I am a bit flummoxed about the configuration as it is contrary to everything I have
ever learned/experienced. I can recall more than a few times I could not join a
machine to a domain and it was because of wrong dns configuration. I suppose it is
possible the ISP dns server is/was being accommodating but then he would not have had
the need to disable "register this connection" if the ISP dns was indeed doing
dynamic updates or maybe at one time it was and they figured it out and subsequently
disabled it. Another possibility is that originally the computers were configured to
use the domain controller for dns, joined to the domain, then switched over to ISP
when internet name resolution failed, and the computers now are not logging onto the
domain but are instead using cached domain logons? I also have never heard of
logging onto the domain by IP address after using ctrl-alt-delete to bring up logon
window. I have a small domain at home and right know I have no option to enter
anything in the logon to box, just the two domains are listed that I use. Though I
always appreciate it when a NG participant shares their experiences and what works
for you always has some merit, I question the methods and caution others from
configuring their domain the same way --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top