WAN Traffic with Windows AD

J

Jasper Rowe

I have a total of 10 Windows 2000 servers across 6 remote
locations. All sites are connected via ADSL VPNs. Each
server is running Windows 2000 server with One Exchange
server at each site. Traffic utilisation across the links
is very high. I have used network monitor to examine the
traffic at each server and have noticed that every 10
seconds (approximately) every server communicates with
every other server. This creates background chatter of
around 20kps 24 hours a day. The packet sequence is as
follows:

SMB C NT create & X, File = \srvsvc Local
Server -> Remote Server
SMB R NT create $ X, FID = 0x4008 Remote
Server -> Local Server
MSRPC c/o RPC Bind: UUID 4B324FC8-1670-01D3-1278-
5A47BF6EE188 call 0x1 assoc grp 0x0 xmit 0x10B8 recv
0x10B8 Local Server -> Remote Server
MSRPC c/o RPC Bind Ack: call 0x1 assoc grp 0x18FF9F
xmit 0x10B8 recv 0x10B8 Remote Server -> Local
Server
MSRPC c/o RPC Request: call 0x1 opnum 0xC context 0x0
hint 0x4C Local Server -> Remote Server
MSRPC c/o RPC Response: call 0x1 context 0x0 hint
0x2BC cancels 0x0 Remote Server -> Local Server
SMB C close file, FID = 0x4008 Local
Server -> Remote Server
SMB R close file Remote
Server -> Local Server

Does anyone know what causes this traffic and how to
reduce it?
 
T

Tomasz Onyszko

Jasper said:
I have a total of 10 Windows 2000 servers across 6 remote
Click to expand...
(...)

-> Local Server
Does anyone know what causes this traffic and how to
reduce it?
Click to expand...

How is replication working in Your network? Are You using KCC created
topology or You have created topology and schedule of this replication
by yourself ?

this traffic can be caused by FRS replication or AD data replication

Read throuh the general document:
http://www.microsoft.com/technet/pr...edirectory/deploy/adguide/adplan/default.mspx

and specific KB articles:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;242780
http://support.microsoft.com/default.aspx?scid=kb;EN-US;244368
http://support.microsoft.com/default.aspx?scid=kb;EN-US;245610
http://support.microsoft.com/default.aspx?scid=kb;en-us;224512&sd=tech
 
S

Steve

Are your remote sites physical sites or are they sites in
the replication sense of the word. I didn't read in your
post that you were using different replication sites. If
you are in the same replication site, then you really have
no controll over the domain controllers updating one
another. If you put them into different replication sites
then you can determine when they will update one another.
If they are in the same replication site (Default First
Site), then updates occur almost immediately. If you
create different replication sites, then you can set the
updates based on time. This would greatly decrease your
traffic over the VPN
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

MSRPC Fault for IRemoteSCMActivator 0
RPC probs with Ntfrs through firewall 1
Offer Remote Assistance - "Permission denied" - Windows XP SP2 2
Brief summary: Windows Server 2003/XP Resource Kit Tools 1
Help with Fatal DNS errors 8
Black ops: how HBGary wrote backdoors for the government (Part 2) 0
HELP! Lost DNS zones in Win2000 1
Help! Explorer.exe crashing due to fault in shell32.dll. 9

Top