Thankfully for us all, I have no responsibility over the documentation. :)
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
... and you wonder why people criticize MS documentation ;-) LOL! (just teasing) --
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman That was a -*, indicating that there is some switch you should use, and that was an exercise I was leaving to the reader.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
You did a "*" the first time! :-)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Eric Fleischman The one that comes on the XP CD. :)
C:\>netstat -o
Active Connections
Proto Local Address Foreign Address State PID TCP ericslaptop:2832 someServer:1025 ESTABLISHED 4056 TCP ericslaptop:2843 anotherServer:1025 ESTABLISHED 4056
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Not on any of my versions of netstat, boss. Which version do YOU have? :-)
Windows Server 2003 sp1
C:\>filever
c:\windows\system32\netstat.exe Windows Server 2003 RTM
C:\>filever c:\windows\system32\netstat.exe Windows XP sp2
C:\>filever
c:\windows\system32\netstat.exe
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Netstat -* will yield this info.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Isenhour, Joseph
Great article joe. It definitely sounds like it could be relevant in our scenario. On that note, do you know of any perf counter that can tell me how many active ports above 1024 are being used at any given time?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe What errors specifically are the clients seeing? Is the server returning any extended information or are the connections just dying on the vine? And if so are you sure? As Eric indicated, running through a trace would probably be mucho helpful.
What type of client? If Windows, this KB may seem odd, but check out http://support.microsoft.com/?id=836429
What you are describing sounds like something I heard from another friend of mine doing some auth testing and the KB above ended up being what the issue was related to.
I am assuming they are most likely doing simple binds? If so, possibly the app developers may want to look at LDAP_OPT_FAST_CONCURRENT_BIND available in Windows Server 2003 AD which allows multiple binds over a single connection and should be faster overall. Read more here
http://msdn.microsoft.com/library/default.asp?url="">
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph We're running into what appears to be some performance issues. We have several AD servers that we dedicate to doing LDAP authentications for various applications. We recently added a new application that performs a large number of binds. The day we cut the application over to AD LDAP the application owners began complaining that an average of 1 to 2 LDAP requests are being dropped every minute. Here are the details: Application: Issues an average of 100 binds per second. Average of 50 queries per second using filter "(samaccountname=X)" and requesting the DN as the return. HW: 2 Domain Controllers. Each is quad proc 2.4GHZ. Each has 4GB of RAM with the 3GB switch set. I ran this through ADSizer and it recommended one server with about half the capacity that is built into each of these servers. I've run several performance checks on these machines and it appears that they are barely breaking a sweat in terms of available resources. I've tweaked our default LDAP policies to add additional queries per proc and allowed larger buffers. But the app owner is still complaining. The network team has recommended that I increase the TCP listening queue on the servers. They suspect this because they are seeing a few syns that never get acked. I'm not familiar with how to do this in Windows and am not sure if that is really something I should be concerned with. Can anyone out there vouch for this theory? Or perhaps offer another theory as to why the DCs seem to not keep up with the load? Thanks One other thing, I set the LDAP diags to two and found the following warning poping up from time to time: **************************************************************************************************
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ************************************************************************************************** |
Title: LDAP performance
- RE: [ActiveDir] LDAP performance Medeiros, Jose
- RE: [ActiveDir] LDAP performance Eric Fleischman
- RE: [ActiveDir] LDAP performance Dean Wells
- RE: [ActiveDir] LDAP performance joe
- RE: [ActiveDir] LDAP performance Eric Fleischman
- RE: [ActiveDir] LDAP performance joe
- RE: [ActiveDir] LDAP performance Rick Kingslan
- RE: [ActiveDir] LDAP performance Isenhour, Joseph