| Author | Messages | |
gabriel/tfi
Posts:425
 | | 08/23/2010 3:02 AM |
| What's the difference between the "ForceRediscoveryInterval" and
"CloseSiteTimeOut" values under the registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Is there any correlation between the two?
Thanks a lot - Gabriele.
| | | |
| gabriel/tfi
Posts:425
| | 08/24/2010 10:31 PM |
| Has anybody an idea about the difference between these two NETLOGON values?
J Thanks Gabriele.
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Gabriele Scolaro
Sent: lunedì 23 agosto 2010 4:01
To: activedir@activedir.org
Subject: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut" (DC
Locator)
Whats the difference between the "ForceRediscoveryInterval" and
"CloseSiteTimeOut" values under the registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Is there any correlation between the two?
Thanks a lot Gabriele.
| | | |
| gabriel/tfi
Posts:425
| | 09/04/2010 2:05 AM |
| I am still a bit unclear
. L
The 2nd link explains the DC Stickiness problem and how it has been
addressed since the introduction of Vista/2008 Ώ] by setting a hard
lifetime for the cache that stores the discovered DC name
("ForceRediscoveryInterval"=12hr by default).
The 1st link seems to describe a mechanism to discovery a nearby domain
controller before sending the request to the remote non optimal domain
controller that seems to solve the DC Stickiness either
(CloseStimeTimeOut=15mins by default), but it does not seem to be
something that always happens
. This is the statement I cant clearly
understand: This value does NOT apply when NetLogon is finding a domain
controller to authenticate an interactive logon that is using pass-through
authentication on a secure channel. These transactions do not need time
between attempts.
Thanks a lot Gabriele.
Ώ] - and former WinXP/2003 with KB939252 included in WinXP SP3.
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Castillo, Daniel
(Directory Services)
Sent: mercoledì 25 agosto 2010 3:04
To: activedir@activedir.org
Subject: RE: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut"
(DC Locator)
Just in case someone wants to read further on this
This link is pretty cool; it explains must of the subkeys.
http://technet.microsoft.com/en-us/library/cc786511(WS.10).aspx
And this one is for the DCLocator.
http://msdn.microsoft.com/en-us/library/ms675983(VS.85).aspx
~D
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of febrero@dlpmx.com
Sent: Tuesday, August 24, 2010 3:22 PM
To: activedir@mail.activedir.org; activedir@activedir.org
Subject: RE: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut"
(DC Locator)
CloseSiteTimeout
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Data type
Range
Default value
REG_SZ
0x3C0x418937 ( seconds ) ( 1 minute49.7 days ) 49.7 days)
0x384 ( 15 minutes )
Description
Determines how often the Net Logon service attempts to find a nearby domain
controller. The value of this entry specifies the minimum time that must
elapse between attempts. The value is used when Net Logon is using a domain
controller in a
<http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentr
y/startPopups('Site')> site that is not nearby, but a client requires a
domain controller in a site near it.
This value does not apply when Net Logon is finding a domain controller to
authenticate an interactive logon that is using pass-through authentication
on a secure channel. These transactions do not need time between attempts.
This value helps separate attempts to locate domain controllers when a
secure channel is used for other communications, such as pass-through
authentication of a network logon.
ForceRediscoveryInterval
The ForceRediscoveryInterval registry entry specifies the number of seconds
that the DsGetDcName function waits before it tries to rediscover the domain
controller name. The value of the ForceRediscoveryInterval registry entry
must be between 0 and 4294967295. The default value is 43200 seconds (12
hours). If the value of the ForceRediscoveryInterval registry entry is set
to 0, the client always performs rediscovery. If the value is set to
4294967295, the cache never expires, and the cached domain controller
continues to be used. We recommend that you do not set the
ForceRediscoveryInterval registry entry to a value that is less than 3600
seconds (60 minutes).
_____
From: activedir-owner@mail.activedir.org
[activedir-owner@mail.activedir.org] on behalf of Gabriele Scolaro
[gabro@gabro.net]
Sent: Tuesday, August 24, 2010 4:09 PM
To: activedir@activedir.org
Subject: RE: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut"
(DC Locator)
Has anybody an idea about the difference between these two NETLOGON values?
J Thanks Gabriele.
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Gabriele Scolaro
Sent: lunedì 23 agosto 2010 4:01
To: activedir@activedir.org
Subject: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut" (DC
Locator)
Whats the difference between the "ForceRediscoveryInterval" and
"CloseSiteTimeOut" values under the registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Is there any correlation between the two?
Thanks a lot Gabriele.
| | | |
| ZJORZ
Posts:363
| | 09/04/2010 10:19 PM |
| I have been through the same quest
As I understand it
ForceRediscoveryInterval works without conditions and just happens
automatically after the interval has passed
CloseSiteTimeout only works on demand when something uses the secure
channel
I consider ForceRediscoveryInterval to be the better working version of
CloseSiteTimeout
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
Ing. Jorge de Almeida Pinto
Senior Technical Consultant
MVP Identity & Access - Directory Services
(MVP Profile <https://mvp.support.microsoft.com/profile/jorge1> ) (Blog
<http://blogs.dirteam.com/blogs/jorge/default.aspx> )
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Gabriele Scolaro
Sent: Saturday, September 04, 2010 03:04
To: activedir@activedir.org
Subject: RE: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut"
(DC Locator)
I am still a bit unclear
. L
The 2nd link explains the DC Stickiness problem and how it has been
addressed since the introduction of Vista/2008 Ώ] by setting a hard
lifetime for the cache that stores the discovered DC name
("ForceRediscoveryInterval"=12hr by default).
The 1st link seems to describe a mechanism to discovery a nearby domain
controller before sending the request to the remote non optimal domain
controller that seems to solve the DC Stickiness either
(CloseStimeTimeOut=15mins by default), but it does not seem to be
something that always happens
. This is the statement I cant clearly
understand: This value does NOT apply when NetLogon is finding a domain
controller to authenticate an interactive logon that is using pass-through
authentication on a secure channel. These transactions do not need time
between attempts.
Thanks a lot Gabriele.
Ώ] - and former WinXP/2003 with KB939252 included in WinXP SP3.
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Castillo, Daniel
(Directory Services)
Sent: mercoledì 25 agosto 2010 3:04
To: activedir@activedir.org
Subject: RE: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut"
(DC Locator)
Just in case someone wants to read further on this
This link is pretty cool; it explains must of the subkeys.
http://technet.microsoft.com/en-us/library/cc786511(WS.10).aspx
And this one is for the DCLocator.
http://msdn.microsoft.com/en-us/library/ms675983(VS.85).aspx
~D
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of febrero@dlpmx.com
Sent: Tuesday, August 24, 2010 3:22 PM
To: activedir@mail.activedir.org; activedir@activedir.org
Subject: RE: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut"
(DC Locator)
CloseSiteTimeout
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Data type
Range
Default value
REG_SZ
0x3C0x418937 ( seconds ) ( 1 minute49.7 days ) 49.7 days)
0x384 ( 15 minutes )
Description
Determines how often the Net Logon service attempts to find a nearby domain
controller. The value of this entry specifies the minimum time that must
elapse between attempts. The value is used when Net Logon is using a domain
controller in a
<http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentr
y/startPopups('Site')> site that is not nearby, but a client requires a
domain controller in a site near it.
This value does not apply when Net Logon is finding a domain controller to
authenticate an interactive logon that is using pass-through authentication
on a secure channel. These transactions do not need time between attempts.
This value helps separate attempts to locate domain controllers when a
secure channel is used for other communications, such as pass-through
authentication of a network logon.
ForceRediscoveryInterval
The ForceRediscoveryInterval registry entry specifies the number of seconds
that the DsGetDcName function waits before it tries to rediscover the domain
controller name. The value of the ForceRediscoveryInterval registry entry
must be between 0 and 4294967295. The default value is 43200 seconds (12
hours). If the value of the ForceRediscoveryInterval registry entry is set
to 0, the client always performs rediscovery. If the value is set to
4294967295, the cache never expires, and the cached domain controller
continues to be used. We recommend that you do not set the
ForceRediscoveryInterval registry entry to a value that is less than 3600
seconds (60 minutes).
_____
From: activedir-owner@mail.activedir.org
[activedir-owner@mail.activedir.org] on behalf of Gabriele Scolaro
[gabro@gabro.net]
Sent: Tuesday, August 24, 2010 4:09 PM
To: activedir@activedir.org
Subject: RE: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut"
(DC Locator)
Has anybody an idea about the difference between these two NETLOGON values?
J Thanks Gabriele.
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Gabriele Scolaro
Sent: lunedì 23 agosto 2010 4:01
To: activedir@activedir.org
Subject: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut" (DC
Locator)
Whats the difference between the "ForceRediscoveryInterval" and
"CloseSiteTimeOut" values under the registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Is there any correlation between the two?
Thanks a lot Gabriele.
| | | |
| gabriel/tfi
Posts:425
| | 09/04/2010 11:20 PM |
| Thanks for your reply Jorge, thats my thought either! I am just wondering
in what cases the secure channel is used that would trigger a rediscovery of
a nearby DC if CloseSitTimeou is expired. I think Ill give up! Gabriele.
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Jorge de Almeida
Pinto
Sent: sabato 4 settembre 2010 11:17
To: activedir@mail.activedir.org; activedir@activedir.org
Subject: RE: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut"
(DC Locator)
I have been through the same quest
As I understand it
ForceRediscoveryInterval works without conditions and just happens
automatically after the interval has passed
CloseSiteTimeout only works on demand when something uses the secure
channel
I consider ForceRediscoveryInterval to be the better working version of
CloseSiteTimeout
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
Ing. Jorge de Almeida Pinto
Senior Technical Consultant
MVP Identity & Access - Directory Services
(MVP Profile <https://mvp.support.microsoft.com/profile/jorge1> ) (Blog
<http://blogs.dirteam.com/blogs/jorge/default.aspx> )
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Gabriele Scolaro
Sent: Saturday, September 04, 2010 03:04
To: activedir@activedir.org
Subject: RE: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut"
(DC Locator)
I am still a bit unclear
. L
The 2nd link explains the DC Stickiness problem and how it has been
addressed since the introduction of Vista/2008 Ώ] by setting a hard
lifetime for the cache that stores the discovered DC name
("ForceRediscoveryInterval"=12hr by default).
The 1st link seems to describe a mechanism to discovery a nearby domain
controller before sending the request to the remote non optimal domain
controller that seems to solve the DC Stickiness either
(CloseStimeTimeOut=15mins by default), but it does not seem to be
something that always happens
. This is the statement I cant clearly
understand: This value does NOT apply when NetLogon is finding a domain
controller to authenticate an interactive logon that is using pass-through
authentication on a secure channel. These transactions do not need time
between attempts.
Thanks a lot Gabriele.
Ώ] - and former WinXP/2003 with KB939252 included in WinXP SP3.
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Castillo, Daniel
(Directory Services)
Sent: mercoledì 25 agosto 2010 3:04
To: activedir@activedir.org
Subject: RE: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut"
(DC Locator)
Just in case someone wants to read further on this
This link is pretty cool; it explains must of the subkeys.
http://technet.microsoft.com/en-us/library/cc786511(WS.10).aspx
And this one is for the DCLocator.
http://msdn.microsoft.com/en-us/library/ms675983(VS.85).aspx
~D
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of febrero@dlpmx.com
Sent: Tuesday, August 24, 2010 3:22 PM
To: activedir@mail.activedir.org; activedir@activedir.org
Subject: RE: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut"
(DC Locator)
CloseSiteTimeout
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Data type
Range
Default value
REG_SZ
0x3C0x418937 ( seconds ) ( 1 minute49.7 days ) 49.7 days)
0x384 ( 15 minutes )
Description
Determines how often the Net Logon service attempts to find a nearby domain
controller. The value of this entry specifies the minimum time that must
elapse between attempts. The value is used when Net Logon is using a domain
controller in a
<http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentr
y/startPopups('Site')> site that is not nearby, but a client requires a
domain controller in a site near it.
This value does not apply when Net Logon is finding a domain controller to
authenticate an interactive logon that is using pass-through authentication
on a secure channel. These transactions do not need time between attempts.
This value helps separate attempts to locate domain controllers when a
secure channel is used for other communications, such as pass-through
authentication of a network logon.
ForceRediscoveryInterval
The ForceRediscoveryInterval registry entry specifies the number of seconds
that the DsGetDcName function waits before it tries to rediscover the domain
controller name. The value of the ForceRediscoveryInterval registry entry
must be between 0 and 4294967295. The default value is 43200 seconds (12
hours). If the value of the ForceRediscoveryInterval registry entry is set
to 0, the client always performs rediscovery. If the value is set to
4294967295, the cache never expires, and the cached domain controller
continues to be used. We recommend that you do not set the
ForceRediscoveryInterval registry entry to a value that is less than 3600
seconds (60 minutes).
_____
From: activedir-owner@mail.activedir.org
[activedir-owner@mail.activedir.org] on behalf of Gabriele Scolaro
[gabro@gabro.net]
Sent: Tuesday, August 24, 2010 4:09 PM
To: activedir@activedir.org
Subject: RE: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut"
(DC Locator)
Has anybody an idea about the difference between these two NETLOGON values?
J Thanks Gabriele.
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Gabriele Scolaro
Sent: lunedì 23 agosto 2010 4:01
To: activedir@activedir.org
Subject: [ActiveDir] "ForceRediscoveryInterval" vs. "CloseSiteTimeOut" (DC
Locator)
Whats the difference between the "ForceRediscoveryInterval" and
"CloseSiteTimeOut" values under the registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Is there any correlation between the two?
Thanks a lot Gabriele.
| | | |
|
|