From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, June 14, 2005 6:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP performance
TCP fastmofo:2526 2k3dc10.child1.joe.com:ldap TIME_WAIT
TCP fastmofo:2535 2k3dc10.child1.joe.com:ldap TIME_WAIT
TCP fastmofo:2552 2k3dc10.child1.joe.com:ldap TIME_WAIT
TCP fastmofo:2575 2k3dc10.child1.joe.com:ldap TIME_WAIT
TCP fastmofo:2597 2k3dc10.child1.joe.com:ldap TIME_WAIT
TCP fastmofo:2602 2k3dc10.child1.joe.com:ldap TIME_WAIT
TCP fastmofo:2609 2k3dc10.child1.joe.com:ldap TIME_WAIT
TCP fastmofo:2665 2k3dc10.child1.joe.com:ldap TIME_WAIT
TCP fastmofo:2675 2k3dc10.child1.joe.com:ldap TIME_WAIT
TCP fastmofo:2686 2k3dc10.child1.joe.com:ldap TIME_WAIT
TCP fastmofo:2697 2k3dc10.child1.joe.com:ldap TIME_WAIT
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph
Sent: Tuesday, June 14, 2005 12:06 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP performance
6827 32.129301 **.**.**.** **.**.**.** TCP 42217 > ldap [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460 WS=0 TSV=5999338 TSER=0
Ethernet II, Src: 00:01:d7:14:d2:c1, Dst: 00:00:0c:07:ac:0e
802.1q Virtual LAN
Internet Protocol, Src Addr: **.**.**.** (**.**.**.**), Dst Addr: **.**.**.** (**.**.**.**)
Transmission Control Protocol, Src Port: 42217 (42217), Dst Port: ldap (389), Seq: 0, Ack: 0, Len: 0
6943 33.121101 **.**.**.** **.**.**.** TCP 42217 > ldap [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460 WS=0 TSV=5999340 TSER=0
Ethernet II, Src: 00:01:d7:14:d2:c1, Dst: 00:00:0c:07:ac:0e
802.1q Virtual LAN
Internet Protocol, Src Addr: **.**.**.** (**.**.**.**), Dst Addr: **.**.**.** (**.**.**.**)
Transmission Control Protocol, Src Port: 42217 (42217), Dst Port: ldap (389), Seq: 0, Ack: 0, Len: 0
7692 36.132503 **.**.**.** **.**.**.** TCP 42217 > ldap [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460 WS=0 TSV=5999346 TSER=0
Ethernet II, Src: 00:01:d7:14:d2:c1, Dst: 00:00:0c:07:ac:0e
802.1q Virtual LAN
Internet Protocol, Src Addr: **.**.**.** (**.**.**.**), Dst Addr: **.**.**.** (**.**.**.**)
Transmission Control Protocol, Src Port: 42217 (42217), Dst Port: ldap (389), Seq: 0, Ack: 0, Len: 0
8267 39.142852 **.**.**.** **.**.**.** TCP 42217 > ldap [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460 WS=0 TSV=5999352 TSER=0
Ethernet II, Src: 00:01:d7:14:d2:c1, Dst: 00:00:0c:07:ac:0e
802.1q Virtual LAN
Internet Protocol, Src Addr: **.**.**.** (**.**.**.**), Dst Addr: **.**.**.** (**.**.**.**)
Transmission Control Protocol, Src Port: 42217 (42217), Dst Port: ldap (389), Seq: 0, Ack: 0, Len: 0
9160 43.155866 **.**.**.** **.**.**.** TCP 42217 > ldap [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460 WS=0 TSV=5999360 TSER=0
Ethernet II, Src: 00:01:d7:14:d2:c1, Dst: 00:00:0c:07:ac:0e
802.1q Virtual LAN
Internet Protocol, Src Addr: **.**.**.** (**.**.**.**), Dst Addr: **.**.**.** (**.**.**.**)
Transmission Control Protocol, Src Port: 42217 (42217), Dst Port: ldap (389), Seq: 0, Ack: 0, Len: 0
************************************************************************************************************************************************************
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, June 13, 2005 10:09 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP performance
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph
Sent: Monday, June 13, 2005 7:55 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] LDAP performance
We're running into what appears to be some performance issues. We have several AD servers that we dedicate to doing LDAP authentications for various applications. We recently added a new application that performs a large number of binds. The day we cut the application over to AD LDAP the application owners began complaining that an average of 1 to 2 LDAP requests are being dropped every minute. Here are the details:
Application: Issues an average of 100 binds per second. Average of 50 queries per second using filter "(samaccountname=X)" and requesting the DN as the return.
HW: 2 Domain Controllers. Each is quad proc 2.4GHZ. Each has 4GB of RAM with the 3GB switch set.
I ran this through ADSizer and it recommended one server with about half the capacity that is built into each of these servers.
I've run several performance checks on these machines and it appears that they are barely breaking a sweat in terms of available resources. I've tweaked our default LDAP policies to add additional queries per proc and allowed larger buffers. But the app owner is still complaining.
The network team has recommended that I increase the TCP listening queue on the servers. They suspect this because they are seeing a few syns that never get acked. I'm not familiar with how to do this in Windows and am not sure if that is really something I should be concerned with. Can anyone out there vouch for this theory? Or perhaps offer another theory as to why the DCs seem to not keep up with the load?
Thanks
One other thing, I set the LDAP diags to two and found the following warning poping up from time to time:
**************************************************************************************************
Event Type: Warning
Event Source: NTDS LDAP
Event Category: LDAP Interface
Event ID: 1216
Date:
6/13/2005
Time:
6:34:37 PM
User:
N/A
Computer: ******************
Description:
Internal event: An LDAP client connection was closed because of an error.
Client ID:
427107
Additional Data
Error value:
995 The I/O operation has been aborted because of either a thread exit or
an application request.
Internal ID:
c0602ec
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
**************************************************************************************************