| Author | Messages | |
htc3400
Posts:5
 | | 09/03/2010 7:56 AM |
| Hi All
We have a issue with our file servers,please find the detailed information
about the issue and the troubleshooting we did.
Issue -1 -While opening share drives on file servers there is lag time or
delay for up to 10 -20 secs,but when tried the second time the share opens
instantly
Issue -2- While checking the security permissions for the share the users
who have the security permissions are shown as SID's for few seconds and
then the name gets resolved
Things that have been checked -
The OS on our file server is Windows 2003 Standard Sp2 - 32- bit
Checked the logon server - its the site local DC
Tried to ping the DC from the problem server - ping response time is <1ms
for numerous times and once in a while the response time was = 4 or 5 ms.
Checked the event logs on the problem server and it has multiple warning
messages with event ID - 3019 ,which can be ignored safely as per this MS
article - http://support.microsoft.com/kb/315244
please suggest on how to crack this issue..
Thank you all for your help in advance. :-)
br,
Shiva.
| | | |
| PARRIS
Posts:291
| | 09/03/2010 8:22 AM |
| Are the servers in the same forest, any trusts involved?
Regards,
Mark
MVP-DS,MCT,MCITP:EA:SA,MCSE
t.01372 740373
m.07801 690596
linkedin http://uk.linkedin.com/in/markparris
facebook http://facebook.com/markparris
twitter http://twitter.com/markparris
-----Original Message-----
From: "Shiva ." <shivaa.raj@gmail.com>
Sender: "activedir-owner@mail.activedir.org"
<activedir-owner@mail.activedir.org>
Date: Fri, 3 Sep 2010 07:53:51
To: ActiveDir@mail.activedir.org<ActiveDir@mail.activedir.org>
Reply-To: "activedir@mail.activedir.org" <activedir@mail.activedir.org>
Subject: [ActiveDir] [OT] share drive issue access delay
Hi All
We have a issue with our file servers,please find the detailed information about the issue and the troubleshooting we did.
Issue -1 -While opening share drives on file servers there is lag time or delay for up to 10 -20 secs,but when tried the second time the share opens instantly
Issue -2- While checking the security permissions for the share the users who have the security permissions are shown as SID's for few seconds and then the name gets resolved
Things that have been checked -
The OS on our file server is Windows 2003 Standard Sp2 - 32- bit
Checked the logon server - its the site local DC
Tried to ping the DC from the problem server - ping response time is <1ms for numerous times and once in a while the response time was = 4 or 5 ms.
Checked the event logs on the problem server and it has multiple warning messages with event ID - 3019 ,which can be ignored safely as per this MS article - http://support.microsoft.com/kb/315244
please suggest on how to crack this issue..
Thank you all for your help in advance. :-)
br,
Shiva.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
| | | |
| nidhinck
Posts:64
| | 09/03/2010 9:40 AM |
| Hi Mark,
All the servers and clients are in the same forest and client machines are
using windows 7 & XP OS.
On Fri, Sep 3, 2010 at 12:50 PM, Mark Parris <mark@parris.co.uk> wrote:
> Are the servers in the same forest, any trusts involved?
>
> Regards,
>
> Mark
>
> MVP-DS,MCT,MCITP:EA:SA,MCSE
>
> t.01372 740373
> m.07801 690596
>
> linkedin http://uk.linkedin.com/in/markparris
> facebook http://facebook.com/markparris
> twitter http://twitter.com/markparris
> ------------------------------
> *From: * "Shiva ." <shivaa.raj@gmail.com>
> *Sender: * "activedir-owner@mail.activedir.org" <
> activedir-owner@mail.activedir.org>
> *Date: *Fri, 3 Sep 2010 07:53:51 +0100
> *To: *ActiveDir@mail.activedir.org<ActiveDir@mail.activedir.org>
> *ReplyTo: * "activedir@mail.activedir.org" <activedir@mail.activedir.org>
> *Subject: *[ActiveDir] [OT] share drive issue access delay
>
> Hi All
>
> We have a issue with our file servers,please find the detailed information
> about the issue and the troubleshooting we did.
>
> Issue -1 -While opening share drives on file servers there is lag time or
> delay for up to 10 -20 secs,but when tried the second time the share opens
> instantly
> Issue -2- While checking the security permissions for the share the users
> who have the security permissions are shown as SID's for few seconds and
> then the name gets resolved
>
> Things that have been checked -
> The OS on our file server is Windows 2003 Standard Sp2 - 32- bit
> Checked the logon server - its the site local DC
> Tried to ping the DC from the problem server - ping response time is <1ms
> for numerous times and once in a while the response time was = 4 or 5 ms.
> Checked the event logs on the problem server and it has multiple warning
> messages with event ID - 3019 ,which can be ignored safely as per this MS
> article - http://support.microsoft.com/kb/315244
>
> please suggest on how to crack this issue..
>
> Thank you all for your help in advance. :-)
>
> br,
> Shiva.
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
--
Regards,
Nidhin.CK
Chennai
Phone No: +91 9884622467
| | | |
| RobSilver
Posts:0
| | 09/03/2010 6:45 PM |
| Hi Shiva
Have you checked that there is a subnet object for both the Server and the Client accessing the server in AD Sites and Services? It sounds like the server has some connectivity problems with AD based on the amount of time it takes to resolve the SIDs to readable names. What's the health of the local DC like? Does your _msdcs zone look right for that site? Are there any DCs missing from the site which still exist in _msdcs?
I would get a trace on Wireshark on both the server and client simultaneously while the client is attempting to access the server share. See what is happening on the wire. What is the client requesting and what is the server looking for.
These types of issues are really great to deal with on the wire and it's usually pretty quick to see where the problem is.
Regards,
Rob Silver<http://robsilver.org/>
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of nidhin ck
Sent: 03 September 2010 9:40 AM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] [OT] share drive issue access delay
Hi Mark,
All the servers and clients are in the same forest and client machines are using windows 7 & XP OS.
On Fri, Sep 3, 2010 at 12:50 PM, Mark Parris <mark@parris.co.uk<mailto:mark@parris.co.uk>> wrote:
Are the servers in the same forest, any trusts involved?
Regards,
Mark
MVP-DS,MCT,MCITP:EA:SA,MCSE
t.01372 740373
m.07801 690596
linkedin http://uk.linkedin.com/in/markparris
facebook http://facebook.com/markparris
twitter http://twitter.com/markparris
________________________________
From: "Shiva ." <shivaa.raj@gmail.com<mailto:shivaa.raj@gmail.com>>
Sender: "activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>" <activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>>
Date: Fri, 3 Sep 2010 07:53:51 +0100
To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>>
ReplyTo: "activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>" <activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>>
Subject: [ActiveDir] [OT] share drive issue access delay
Hi All
We have a issue with our file servers,please find the detailed information about the issue and the troubleshooting we did.
Issue -1 -While opening share drives on file servers there is lag time or delay for up to 10 -20 secs,but when tried the second time the share opens instantly
Issue -2- While checking the security permissions for the share the users who have the security permissions are shown as SID's for few seconds and then the name gets resolved
Things that have been checked -
The OS on our file server is Windows 2003 Standard Sp2 - 32- bit
Checked the logon server - its the site local DC
Tried to ping the DC from the problem server - ping response time is <1ms for numerous times and once in a while the response time was = 4 or 5 ms.
Checked the event logs on the problem server and it has multiple warning messages with event ID - 3019 ,which can be ignored safely as per this MS article - http://support.microsoft.com/kb/315244
please suggest on how to crack this issue..
Thank you all for your help in advance. :-)
br,
Shiva.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--
Regards,
Nidhin.CK
Chennai
Phone No: +91 9884622467
| | | |
| gabriel/tfi
Posts:425
| | 09/04/2010 2:17 AM |
| Might be that file server or clients or all are targeting a remote DC? gbr
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Shiva .
Sent: venerdì 3 settembre 2010 8:54
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] [OT] share drive issue access delay
Hi All
We have a issue with our file servers,please find the detailed
information about the issue and the troubleshooting we did.
Issue -1 -While opening share drives on file servers there is lag time or
delay for up to 10 -20 secs,but when tried the second time the share opens
instantly
Issue -2- While checking the security permissions for the share the users
who have the security permissions are shown as SID's for few seconds and
then the name gets resolved
Things that have been checked -
The OS on our file server is Windows 2003 Standard Sp2 - 32- bit
Checked the logon server - its the site local DC
Tried to ping the DC from the problem server - ping response time is <1ms
for numerous times and once in a while the response time was = 4 or 5 ms.
Checked the event logs on the problem server and it has multiple warning
messages with event ID - 3019 ,which can be ignored safely as per this MS
article - http://support.microsoft.com/kb/315244
please suggest on how to crack this issue..
Thank you all for your help in advance. :-)
br,
Shiva.
| | | |
| nidhinck
Posts:64
| | 09/04/2010 4:18 AM |
| Hi Rob,
Please find the answers to your questions.
Q: Have you checked that there is a subnet object for both the Server and
the Client accessing the server in AD Sites and Services?
A: We have two DC's in this site and both server are available in AD sites
and services.
Q: What’s the health of the local DC like?
A: Both DCDIAG and NETDIAG result looks fine.
Q: Does your _msdcs zone look right for that site?
A: We have added secondary zone of _msdcs on both DC's.
Q: Are there any DCs missing from the site which still exist in _msdcs?
A: Since it is a secondary zone all DC's are available in _msdc's and AD
sites and service.
We wont be able to install any third party software on DC's due to security
policy. Is there any other software that will not register any dll's on
DC's? or any Microsoft tools
Rob, really appreciate your response however I'm in need of further
assistance.
On Fri, Sep 3, 2010 at 11:12 PM, [Infraspec] Rob Silver
<rob@infraspec.net>wrote:
> *Hi Shiva*
>
>
>
> Have you checked that there is a subnet object for both the Server and the
> Client accessing the server in AD Sites and Services? It sounds like the
> server has some connectivity problems with AD based on the amount of time it
> takes to resolve the SIDs to readable names. What’s the health of the local
> DC like? Does your _msdcs zone look right for that site? Are there any DCs
> missing from the site which still exist in _msdcs?
>
>
>
> I would get a trace on Wireshark on both the server and client
> simultaneously while the client is attempting to access the server share.
> See what is happening on the wire. What is the client requesting and what
> is the server looking for.
>
>
>
> These types of issues are really great to deal with on the wire and it’s
> usually pretty quick to see where the problem is.
>
>
>
> *Regards, *
>
> * *
>
> *Rob Silver <http://robsilver.org/> *
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *nidhin ck
> *Sent:* 03 September 2010 9:40 AM
> *To:* activedir@mail.activedir.org
> *Subject:* Re: [ActiveDir] [OT] share drive issue access delay
>
>
>
> Hi Mark,
>
>
>
> All the servers and clients are in the same forest and client machines are
> using windows 7 & XP OS.
>
> On Fri, Sep 3, 2010 at 12:50 PM, Mark Parris <mark@parris.co.uk> wrote:
>
> Are the servers in the same forest, any trusts involved?
>
> Regards,
>
> Mark
>
> MVP-DS,MCT,MCITP:EA:SA,MCSE
>
> t.01372 740373
> m.07801 690596
>
> linkedin http://uk.linkedin.com/in/markparris
> facebook http://facebook.com/markparris
> twitter http://twitter.com/markparris
> ------------------------------
>
> *From: *"Shiva ." <shivaa.raj@gmail.com>
>
> *Sender: *"activedir-owner@mail.activedir.org" <
> activedir-owner@mail.activedir.org>
>
> *Date: *Fri, 3 Sep 2010 07:53:51 +0100
>
> *To: *ActiveDir@mail.activedir.org<ActiveDir@mail.activedir.org>
>
> *ReplyTo: *"activedir@mail.activedir.org" <activedir@mail.activedir.org>
>
> *Subject: *[ActiveDir] [OT] share drive issue access delay
>
>
>
> Hi All
>
>
>
> We have a issue with our file servers,please find the detailed information
> about the issue and the troubleshooting we did.
>
>
>
> Issue -1 -While opening share drives on file servers there is lag time or
> delay for up to 10 -20 secs,but when tried the second time the share opens
> instantly
>
> Issue -2- While checking the security permissions for the share the users
> who have the security permissions are shown as SID's for few seconds and
> then the name gets resolved
>
>
>
> Things that have been checked -
>
> The OS on our file server is Windows 2003 Standard Sp2 - 32- bit
>
> Checked the logon server - its the site local DC
>
> Tried to ping the DC from the problem server - ping response time is <1ms
> for numerous times and once in a while the response time was = 4 or 5 ms.
>
> Checked the event logs on the problem server and it has multiple warning
> messages with event ID - 3019 ,which can be ignored safely as per this MS
> article - http://support.microsoft.com/kb/315244
>
>
>
> please suggest on how to crack this issue..
>
>
>
> Thank you all for your help in advance. :-)
>
>
>
> br,
>
> Shiva.
>
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
>
>
>
> --
>
> Regards,
>
> Nidhin.CK
> Chennai
> Phone No: +91 9884622467
>
>
>
--
Regards,
Nidhin.CK
Chennai
Phone No: +91 9884622467
| | | |
| gabriel/tfi
Posts:425
| | 09/04/2010 3:35 PM |
| What do you mean with "pointing to local site DC"? Do you mean (one of the)
local DC(s) is the primary DNS server for the file server?
If that is case, it is not enough to ensure a client or a server target the
local DC for "AD stuff". The local DC is located by a site-specific query
"_ldap._tcp. SiteName ._sites . dc._msdcs. DnsDomainName", if SRV records
for the local DC(s) are not there your clients/servers will target local DC
for DNS name resolution BUT they might contact a DC that is not in the
nearby site through a domain-generic query
(_ldap._tcp.dc._msdcs.DnsDomainName).
Also check the local network address the DC(s), servers and clients reside
in is defined as a subnet object in AD and associated to the proper AD site
object that represent the physical locations (this shows up in DNS in place
of . SiteName . in the query above).
Do you appreciate the same issue when displaying permissions with a slow
group name lookup on a client vs the server?
Does a server restart fix the problem?
gbr
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of nidhin ck
Sent: sabato 4 settembre 2010 5:21
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] [OT] share drive issue access delay
Hi Gabriele,
Q: Might be that file server or clients or all are targeting a remote DC?
A: We haven't checked the client configuration but server is pointing to
local site DC.
On Sat, Sep 4, 2010 at 8:46 AM, nidhin ck <nidhinck@gmail.com> wrote:
Hi Rob,
Please find the answers to your questions.
Q: Have you checked that there is a subnet object for both the Server and
the Client accessing the server in AD Sites and Services?
A: We have two DC's in this site and both server are available in AD sites
and services.
Q: What's the health of the local DC like?
A: Both DCDIAG and NETDIAG result looks fine.
Q: Does your _msdcs zone look right for that site?
A: We have added secondary zone of _msdcs on both DC's.
Q: Are there any DCs missing from the site which still exist in _msdcs?
A: Since it is a secondary zone all DC's are available in _msdc's and AD
sites and service.
We wont be able to install any third party software on DC's due to security
policy. Is there any other software that will not register any dll's on
DC's? or any Microsoft tools
Rob, really appreciate your response however I'm in need of further
assistance.
On Fri, Sep 3, 2010 at 11:12 PM, [Infraspec] Rob Silver <rob@infraspec.net>
wrote:
Hi Shiva
Have you checked that there is a subnet object for both the Server and the
Client accessing the server in AD Sites and Services? It sounds like the
server has some connectivity problems with AD based on the amount of time it
takes to resolve the SIDs to readable names. What's the health of the local
DC like? Does your _msdcs zone look right for that site? Are there any DCs
missing from the site which still exist in _msdcs?
I would get a trace on Wireshark on both the server and client
simultaneously while the client is attempting to access the server share.
See what is happening on the wire. What is the client requesting and what
is the server looking for.
These types of issues are really great to deal with on the wire and it's
usually pretty quick to see where the problem is.
Regards,
<http://robsilver.org/> Rob Silver
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of nidhin ck
Sent: 03 September 2010 9:40 AM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] [OT] share drive issue access delay
Hi Mark,
All the servers and clients are in the same forest and client machines are
using windows 7 & XP OS.
On Fri, Sep 3, 2010 at 12:50 PM, Mark Parris <mark@parris.co.uk> wrote:
Are the servers in the same forest, any trusts involved?
Regards,
Mark
MVP-DS,MCT,MCITP:EA:SA,MCSE
t.01372 740373
m.07801 690596
linkedin http://uk.linkedin.com/in/markparris
facebook http://facebook.com/markparris
twitter http://twitter.com/markparris
_____
From: "Shiva ." <shivaa.raj@gmail.com>
Sender: "activedir-owner@mail.activedir.org"
<activedir-owner@mail.activedir.org>
Date: Fri, 3 Sep 2010 07:53:51 +0100
To: ActiveDir@mail.activedir.org<ActiveDir@mail.activedir.org>
ReplyTo: "activedir@mail.activedir.org" <activedir@mail.activedir.org>
Subject: [ActiveDir] [OT] share drive issue access delay
Hi All
We have a issue with our file servers,please find the detailed information
about the issue and the troubleshooting we did.
Issue -1 -While opening share drives on file servers there is lag time or
delay for up to 10 -20 secs,but when tried the second time the share opens
instantly
Issue -2- While checking the security permissions for the share the users
who have the security permissions are shown as SID's for few seconds and
then the name gets resolved
Things that have been checked -
The OS on our file server is Windows 2003 Standard Sp2 - 32- bit
Checked the logon server - its the site local DC
Tried to ping the DC from the problem server - ping response time is <1ms
for numerous times and once in a while the response time was = 4 or 5 ms.
Checked the event logs on the problem server and it has multiple warning
messages with event ID - 3019 ,which can be ignored safely as per this MS
article - http://support.microsoft.com/kb/315244
please suggest on how to crack this issue..
Thank you all for your help in advance. :-)
br,
Shiva.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--
Regards,
Nidhin.CK
Chennai
Phone No: +91 9884622467
--
Regards,
Nidhin.CK
Chennai
Phone No: +91 9884622467
--
Regards,
Nidhin.CK
Chennai
Phone No: +91 9884622467
| | | |
| nidhinck
Posts:64
| | 09/05/2010 10:43 AM |
| Hi Gabriele,
We have two DC’s in this site and problematic file server is pointing to one
of these DC. Both servers registered SRV record in DNS. Since server is
pointing to the nearest dc I have not cleared the DClocater cache.
Below mentioned points yet to check from my end. I’ll let you know
de findings shortly.
- Restarting of this server
- Client logon server & IP range.
On Sat, Sep 4, 2010 at 8:07 PM, Gabriele Scolaro <gabro@gabro.net> wrote:
> If I recall well (can’t test now) “nltest /dsgetdc:domainname /force”
> should force a DC locator process also it should return the discovered DC
> name and Site information (client and DC).
>
> See if clients and servers target a local DC as you expect- Gabriele.
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *nidhin ck
> *Sent:* sabato 4 settembre 2010 5:17
>
> *To:* activedir@mail.activedir.org
> *Subject:* Re: [ActiveDir] [OT] share drive issue access delay
>
>
>
> Hi Rob,
>
>
>
> Please find the answers to your questions.
>
>
>
> Q: Have you checked that there is a subnet object for both the Server and
> the Client accessing the server in AD Sites and Services?
>
> A: We have two DC's in this site and both server are available in AD sites
> and services.
>
>
>
> Q: What’s the health of the local DC like?
>
> A: Both DCDIAG and NETDIAG result looks fine.
>
>
>
> Q: Does your _msdcs zone look right for that site?
>
> A: We have added secondary zone of _msdcs on both DC's.
>
>
>
> Q: Are there any DCs missing from the site which still exist in _msdcs?
>
> A: Since it is a secondary zone all DC's are available in _msdc's and AD
> sites and service.
>
>
>
>
>
> We wont be able to install any third party software on DC's due to security
> policy. Is there any other software that will not register any dll's on
> DC's? or any Microsoft tools
>
>
>
> Rob, really appreciate your response however I'm in need of further
> assistance.
>
>
>
>
>
> On Fri, Sep 3, 2010 at 11:12 PM, [Infraspec] Rob Silver <rob@infraspec.net>
> wrote:
>
> *Hi Shiva*
>
>
>
> Have you checked that there is a subnet object for both the Server and the
> Client accessing the server in AD Sites and Services? It sounds like the
> server has some connectivity problems with AD based on the amount of time it
> takes to resolve the SIDs to readable names. What’s the health of the local
> DC like? Does your _msdcs zone look right for that site? Are there any DCs
> missing from the site which still exist in _msdcs?
>
>
>
> I would get a trace on Wireshark on both the server and client
> simultaneously while the client is attempting to access the server share.
> See what is happening on the wire. What is the client requesting and what
> is the server looking for.
>
>
>
> These types of issues are really great to deal with on the wire and it’s
> usually pretty quick to see where the problem is.
>
>
>
> *Regards, *
>
> * *
>
> *Rob Silver <http://robsilver.org/> *
>
>
>
> *From:* activedir-owner@mail.activedir.org [mailto:
> activedir-owner@mail.activedir.org] *On Behalf Of *nidhin ck
> *Sent:* 03 September 2010 9:40 AM
> *To:* activedir@mail.activedir.org
> *Subject:* Re: [ActiveDir] [OT] share drive issue access delay
>
>
>
> Hi Mark,
>
>
>
> All the servers and clients are in the same forest and client machines are
> using windows 7 & XP OS.
>
> On Fri, Sep 3, 2010 at 12:50 PM, Mark Parris <mark@parris.co.uk> wrote:
>
> Are the servers in the same forest, any trusts involved?
>
> Regards,
>
> Mark
>
> MVP-DS,MCT,MCITP:EA:SA,MCSE
>
> t.01372 740373
> m.07801 690596
>
> linkedin http://uk.linkedin.com/in/markparris
> facebook http://facebook.com/markparris
> twitter http://twitter.com/markparris
> ------------------------------
>
> *From: *"Shiva ." <shivaa.raj@gmail.com>
>
> *Sender: *"activedir-owner@mail.activedir.org" <
> activedir-owner@mail.activedir.org>
>
> *Date: *Fri, 3 Sep 2010 07:53:51 +0100
>
> *To: *ActiveDir@mail.activedir.org<ActiveDir@mail.activedir.org>
>
> *ReplyTo: *"activedir@mail.activedir.org" <activedir@mail.activedir.org>
>
> *Subject: *[ActiveDir] [OT] share drive issue access delay
>
>
>
> Hi All
>
>
>
> We have a issue with our file servers,please find the detailed information
> about the issue and the troubleshooting we did.
>
>
>
> Issue -1 -While opening share drives on file servers there is lag time or
> delay for up to 10 -20 secs,but when tried the second time the share opens
> instantly
>
> Issue -2- While checking the security permissions for the share the users
> who have the security permissions are shown as SID's for few seconds and
> then the name gets resolved
>
>
>
> Things that have been checked -
>
> The OS on our file server is Windows 2003 Standard Sp2 - 32- bit
>
> Checked the logon server - its the site local DC
>
> Tried to ping the DC from the problem server - ping response time is <1ms
> for numerous times and once in a while the response time was = 4 or 5 ms.
>
> Checked the event logs on the problem server and it has multiple warning
> messages with event ID - 3019 ,which can be ignored safely as per this MS
> article - http://support.microsoft.com/kb/315244
>
>
>
> please suggest on how to crack this issue..
>
>
>
> Thank you all for your help in advance. :-)
>
>
>
> br,
>
> Shiva.
>
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
>
>
>
> --
>
> Regards,
>
> Nidhin.CK
> Chennai
> Phone No: +91 9884622467
>
>
>
>
>
>
> --
>
> Regards,
>
> Nidhin.CK
> Chennai
> Phone No: +91 9884622467
>
>
>
--
Regards,
Nidhin.CK
Mobile No: +91 9884622467
| | | |
| danholme
Posts:165
| | 09/05/2010 8:08 PM |
| I assume the delay you describe is a delay that the CLIENT experiences, yes?
1) Log on to the server and create a mapped drive to a share ON THE SERVER using ALTERNATE CREDENTIALS of a normal user. I expect this will work very quickly. If so, this means the problem is not with your server at all, but with your clients.
2) From a client, what is the PATH that you are trying to open? Be CERTAIN it is a FULLY QUALIFIED DOMAIN NAME (\\server.domain.com<file:///\\server.domain.com>\share) NOT a flat name (\\server\share) ... if that's not the problem...
3) Your CLIENT network configuration is not correct. You have a binding order problem be certain that the binding order for network providers, for NICs, and for protocols is 100% accurate.
I really expect your problem to be #3. Your symptoms are identical to other places where I've seen this happen.
Please "reply all" with your answers. I am not following ActiveDir every day and I will miss your reply unless it also goes to my personal email.
Dan
Dan Holme
808.573.0726 Land Line
808.463.4858 iPhone
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of nidhin ck
Sent: Friday, September 03, 2010 8:21 PM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] [OT] share drive issue access delay
Hi Gabriele,
Q: Might be that file server or clients or all are targeting a remote DC?
A: We haven't checked the client configuration but server is pointing to local site DC.
On Sat, Sep 4, 2010 at 8:46 AM, nidhin ck <nidhinck@gmail.com<mailto:nidhinck@gmail.com>> wrote:
Hi Rob,
Please find the answers to your questions.
Q: Have you checked that there is a subnet object for both the Server and the Client accessing the server in AD Sites and Services?
A: We have two DC's in this site and both server are available in AD sites and services.
Q: What's the health of the local DC like?
A: Both DCDIAG and NETDIAG result looks fine.
Q: Does your _msdcs zone look right for that site?
A: We have added secondary zone of _msdcs on both DC's.
Q: Are there any DCs missing from the site which still exist in _msdcs?
A: Since it is a secondary zone all DC's are available in _msdc's and AD sites and service.
We wont be able to install any third party software on DC's due to security policy. Is there any other software that will not register any dll's on DC's? or any Microsoft tools
Rob, really appreciate your response however I'm in need of further assistance.
On Fri, Sep 3, 2010 at 11:12 PM, [Infraspec] Rob Silver <rob@infraspec.net<mailto:rob@infraspec.net>> wrote:
Hi Shiva
Have you checked that there is a subnet object for both the Server and the Client accessing the server in AD Sites and Services? It sounds like the server has some connectivity problems with AD based on the amount of time it takes to resolve the SIDs to readable names. What's the health of the local DC like? Does your _msdcs zone look right for that site? Are there any DCs missing from the site which still exist in _msdcs?
I would get a trace on Wireshark on both the server and client simultaneously while the client is attempting to access the server share. See what is happening on the wire. What is the client requesting and what is the server looking for.
These types of issues are really great to deal with on the wire and it's usually pretty quick to see where the problem is.
Regards,
Rob Silver<http://robsilver.org/>
From: activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org> [mailto:activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>] On Behalf Of nidhin ck
Sent: 03 September 2010 9:40 AM
To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>
Subject: Re: [ActiveDir] [OT] share drive issue access delay
Hi Mark,
All the servers and clients are in the same forest and client machines are using windows 7 & XP OS.
On Fri, Sep 3, 2010 at 12:50 PM, Mark Parris <mark@parris.co.uk<mailto:mark@parris.co.uk>> wrote:
Are the servers in the same forest, any trusts involved?
Regards,
Mark
MVP-DS,MCT,MCITP:EA:SA,MCSE
t.01372 740373
m.07801 690596
linkedin http://uk.linkedin.com/in/markparris
facebook http://facebook.com/markparris
twitter http://twitter.com/markparris
________________________________
From: "Shiva ." <shivaa.raj@gmail.com<mailto:shivaa.raj@gmail.com>>
Sender: "activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>" <activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>>
Date: Fri, 3 Sep 2010 07:53:51 +0100
To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>>
ReplyTo: "activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>" <activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>>
Subject: [ActiveDir] [OT] share drive issue access delay
Hi All
We have a issue with our file servers,please find the detailed information about the issue and the troubleshooting we did.
Issue -1 -While opening share drives on file servers there is lag time or delay for up to 10 -20 secs,but when tried the second time the share opens instantly
Issue -2- While checking the security permissions for the share the users who have the security permissions are shown as SID's for few seconds and then the name gets resolved
Things that have been checked -
The OS on our file server is Windows 2003 Standard Sp2 - 32- bit
Checked the logon server - its the site local DC
Tried to ping the DC from the problem server - ping response time is <1ms for numerous times and once in a while the response time was = 4 or 5 ms.
Checked the event logs on the problem server and it has multiple warning messages with event ID - 3019 ,which can be ignored safely as per this MS article - http://support.microsoft.com/kb/315244
please suggest on how to crack this issue..
Thank you all for your help in advance. :-)
br,
Shiva.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--
Regards,
Nidhin.CK
Chennai
Phone No: +91 9884622467
--
Regards,
Nidhin.CK
Chennai
Phone No: +91 9884622467
--
Regards,
Nidhin.CK
Chennai
Phone No: +91 9884622467
| | | |
| bigbobcat
Posts:8
| | 09/06/2010 4:08 PM |
| We identified a similar issue late last week.
We are running native 2008 domain and forest (single domain and forest).
We have only seen this problem on a new windows 2008r2 DFS file server (domain based namespace, two servers).
The only clients which experience slow file openings are windows 7 clients.
We have turned off smb2 on both client and server('s) and the slowness persists.
When a user maps their home folder with the FQDN\sharename of a particular server the problem goes away.
When a user (only windows 7 clients) maps their homedrive using the DFS namespace\sharename the problem reoccurs.
We do not see the problem on XP clients or even clients using windows 2008 terminal servers.
Of course we are in the midst of building home directories and rolling out windows 7.
Gregg Overly
Systems Programmer
Texas State University
Fo01@txstate.edu<mailto:Fo01@txstate.edu>
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Dan Holme
Sent: Sunday, September 05, 2010 2:07 PM
To: activedir@mail.activedir.org
Cc: Dan Holme
Subject: RE: [ActiveDir] [OT] share drive issue access delay
I assume the delay you describe is a delay that the CLIENT experiences, yes?
1) Log on to the server and create a mapped drive to a share ON THE SERVER using ALTERNATE CREDENTIALS of a normal user. I expect this will work very quickly. If so, this means the problem is not with your server at all, but with your clients.
2) From a client, what is the PATH that you are trying to open? Be CERTAIN it is a FULLY QUALIFIED DOMAIN NAME (\\server.domain.com<file:///\\server.domain.com>\share) NOT a flat name (\\server\share) ... if that's not the problem...
3) Your CLIENT network configuration is not correct. You have a binding order problem be certain that the binding order for network providers, for NICs, and for protocols is 100% accurate.
I really expect your problem to be #3. Your symptoms are identical to other places where I've seen this happen.
Please "reply all" with your answers. I am not following ActiveDir every day and I will miss your reply unless it also goes to my personal email.
Dan
Dan Holme
808.573.0726 Land Line
808.463.4858 iPhone
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of nidhin ck
Sent: Friday, September 03, 2010 8:21 PM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] [OT] share drive issue access delay
Hi Gabriele,
Q: Might be that file server or clients or all are targeting a remote DC?
A: We haven't checked the client configuration but server is pointing to local site DC.
On Sat, Sep 4, 2010 at 8:46 AM, nidhin ck <nidhinck@gmail.com<mailto:nidhinck@gmail.com>> wrote:
Hi Rob,
Please find the answers to your questions.
Q: Have you checked that there is a subnet object for both the Server and the Client accessing the server in AD Sites and Services?
A: We have two DC's in this site and both server are available in AD sites and services.
Q: What's the health of the local DC like?
A: Both DCDIAG and NETDIAG result looks fine.
Q: Does your _msdcs zone look right for that site?
A: We have added secondary zone of _msdcs on both DC's.
Q: Are there any DCs missing from the site which still exist in _msdcs?
A: Since it is a secondary zone all DC's are available in _msdc's and AD sites and service.
We wont be able to install any third party software on DC's due to security policy. Is there any other software that will not register any dll's on DC's? or any Microsoft tools
Rob, really appreciate your response however I'm in need of further assistance.
On Fri, Sep 3, 2010 at 11:12 PM, [Infraspec] Rob Silver <rob@infraspec.net<mailto:rob@infraspec.net>> wrote:
Hi Shiva
Have you checked that there is a subnet object for both the Server and the Client accessing the server in AD Sites and Services? It sounds like the server has some connectivity problems with AD based on the amount of time it takes to resolve the SIDs to readable names. What's the health of the local DC like? Does your _msdcs zone look right for that site? Are there any DCs missing from the site which still exist in _msdcs?
I would get a trace on Wireshark on both the server and client simultaneously while the client is attempting to access the server share. See what is happening on the wire. What is the client requesting and what is the server looking for.
These types of issues are really great to deal with on the wire and it's usually pretty quick to see where the problem is.
Regards,
Rob Silver<http://robsilver.org/>
From: activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org> [mailto:activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>] On Behalf Of nidhin ck
Sent: 03 September 2010 9:40 AM
To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>
Subject: Re: [ActiveDir] [OT] share drive issue access delay
Hi Mark,
All the servers and clients are in the same forest and client machines are using windows 7 & XP OS.
On Fri, Sep 3, 2010 at 12:50 PM, Mark Parris <mark@parris.co.uk<mailto:mark@parris.co.uk>> wrote:
Are the servers in the same forest, any trusts involved?
Regards,
Mark
MVP-DS,MCT,MCITP:EA:SA,MCSE
t.01372 740373
m.07801 690596
linkedin http://uk.linkedin.com/in/markparris
facebook http://facebook.com/markparris
twitter http://twitter.com/markparris
________________________________
From: "Shiva ." <shivaa.raj@gmail.com<mailto:shivaa.raj@gmail.com>>
Sender: "activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>" <activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>>
Date: Fri, 3 Sep 2010 07:53:51 +0100
To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>>
ReplyTo: "activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>" <activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>>
Subject: [ActiveDir] [OT] share drive issue access delay
Hi All
We have a issue with our file servers,please find the detailed information about the issue and the troubleshooting we did.
Issue -1 -While opening share drives on file servers there is lag time or delay for up to 10 -20 secs,but when tried the second time the share opens instantly
Issue -2- While checking the security permissions for the share the users who have the security permissions are shown as SID's for few seconds and then the name gets resolved
Things that have been checked -
The OS on our file server is Windows 2003 Standard Sp2 - 32- bit
Checked the logon server - its the site local DC
Tried to ping the DC from the problem server - ping response time is <1ms for numerous times and once in a while the response time was = 4 or 5 ms.
Checked the event logs on the problem server and it has multiple warning messages with event ID - 3019 ,which can be ignored safely as per this MS article - http://support.microsoft.com/kb/315244
please suggest on how to crack this issue..
Thank you all for your help in advance. :-)
br,
Shiva.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--
Regards,
Nidhin.CK
Chennai
Phone No: +91 9884622467
--
Regards,
Nidhin.CK
Chennai
Phone No: +91 9884622467
--
Regards,
Nidhin.CK
Chennai
Phone No: +91 9884622467
| | | |
| pbbergs
Posts:281
| | 09/07/2010 1:55 PM |
| If you want to check your sites are properly configured look at netlogon.log. Check the link below for further details.
http://blogs.dirteam.com/blogs/paulbergson/archive/2010/04/19/ad-clients-not-authenticating-to-its-local-site.aspx
Thanks
Paul
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of nidhin ck
Sent: Sunday, September 05, 2010 4:41 AM
To: activedir@mail.activedir.org
Subject: Re: [ActiveDir] [OT] share drive issue access delay
Hi Gabriele,
We have two DC's in this site and problematic file server is pointing to one of these DC. Both servers registered SRV record in DNS. Since server is pointing to the nearest dc I have not cleared the DClocater cache.
Below mentioned points yet to check from my end. I'll let you know de findings shortly.
* Restarting of this server
* Client logon server & IP range.
On Sat, Sep 4, 2010 at 8:07 PM, Gabriele Scolaro <gabro@gabro.net<mailto:gabro@gabro.net>> wrote:
If I recall well (can't test now) "nltest /dsgetdc:domainname /force" should force a DC locator process also it should return the discovered DC name and Site information (client and DC).
See if clients and servers target a local DC as you expect- Gabriele.
From: activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org> [mailto:activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>] On Behalf Of nidhin ck
Sent: sabato 4 settembre 2010 5:17
To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>
Subject: Re: [ActiveDir] [OT] share drive issue access delay
Hi Rob,
Please find the answers to your questions.
Q: Have you checked that there is a subnet object for both the Server and the Client accessing the server in AD Sites and Services?
A: We have two DC's in this site and both server are available in AD sites and services.
Q: What's the health of the local DC like?
A: Both DCDIAG and NETDIAG result looks fine.
Q: Does your _msdcs zone look right for that site?
A: We have added secondary zone of _msdcs on both DC's.
Q: Are there any DCs missing from the site which still exist in _msdcs?
A: Since it is a secondary zone all DC's are available in _msdc's and AD sites and service.
We wont be able to install any third party software on DC's due to security policy. Is there any other software that will not register any dll's on DC's? or any Microsoft tools
Rob, really appreciate your response however I'm in need of further assistance.
On Fri, Sep 3, 2010 at 11:12 PM, [Infraspec] Rob Silver <rob@infraspec.net<mailto:rob@infraspec.net>> wrote:
Hi Shiva
Have you checked that there is a subnet object for both the Server and the Client accessing the server in AD Sites and Services? It sounds like the server has some connectivity problems with AD based on the amount of time it takes to resolve the SIDs to readable names. What's the health of the local DC like? Does your _msdcs zone look right for that site? Are there any DCs missing from the site which still exist in _msdcs?
I would get a trace on Wireshark on both the server and client simultaneously while the client is attempting to access the server share. See what is happening on the wire. What is the client requesting and what is the server looking for.
These types of issues are really great to deal with on the wire and it's usually pretty quick to see where the problem is.
Regards,
Rob Silver<http://robsilver.org/>
From: activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org> [mailto:activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>] On Behalf Of nidhin ck
Sent: 03 September 2010 9:40 AM
To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>
Subject: Re: [ActiveDir] [OT] share drive issue access delay
Hi Mark,
All the servers and clients are in the same forest and client machines are using windows 7 & XP OS.
On Fri, Sep 3, 2010 at 12:50 PM, Mark Parris <mark@parris.co.uk<mailto:mark@parris.co.uk>> wrote:
Are the servers in the same forest, any trusts involved?
Regards,
Mark
MVP-DS,MCT,MCITP:EA:SA,MCSE
t.01372 740373
m.07801 690596
linkedin http://uk.linkedin.com/in/markparris
facebook http://facebook.com/markparris
twitter http://twitter.com/markparris
________________________________
From: "Shiva ." <shivaa.raj@gmail.com<mailto:shivaa.raj@gmail.com>>
Sender: "activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>" <activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>>
Date: Fri, 3 Sep 2010 07:53:51 +0100
To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org><ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>>
ReplyTo: "activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>" <activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>>
Subject: [ActiveDir] [OT] share drive issue access delay
Hi All
We have a issue with our file servers,please find the detailed information about the issue and the troubleshooting we did.
Issue -1 -While opening share drives on file servers there is lag time or delay for up to 10 -20 secs,but when tried the second time the share opens instantly
Issue -2- While checking the security permissions for the share the users who have the security permissions are shown as SID's for few seconds and then the name gets resolved
Things that have been checked -
The OS on our file server is Windows 2003 Standard Sp2 - 32- bit
Checked the logon server - its the site local DC
Tried to ping the DC from the problem server - ping response time is <1ms for numerous times and once in a while the response time was = 4 or 5 ms.
Checked the event logs on the problem server and it has multiple warning messages with event ID - 3019 ,which can be ignored safely as per this MS article - http://support.microsoft.com/kb/315244
please suggest on how to crack this issue..
Thank you all for your help in advance. :-)
br,
Shiva.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--
Regards,
Nidhin.CK
Chennai
Phone No: +91 9884622467
--
Regards,
Nidhin.CK
Chennai
Phone No: +91 9884622467
--
Regards,
Nidhin.CK
Mobile No: +91 9884622467
| | | |
|
|