Is a local DC/GC server needed

Forums › IT Pro and developers › Is a local DC/GC server needed

lchiu7

6470 posts

Uber Geek

Trusted

#67714 7-Sep-2010 15:37

A friend asked me the following question which I coudn't answer so I thought I would post here.

His organisation began experiencing major performance issues with Outlook once the DC/GC was moved out of the subnet all their PC's are in to another subnet (on the same GB LAN to be sure). Performance was fine when the DC/GC was on the same subnet.

They have been told the problem is heavy traffic to the GC is causing the problem and that the way to alleviate that is to install another DC on the same subnet as their PC's and the problem will go away.

They are also told that Global Catalogue lookup is done by broadcast, therefore, it cannot cross routers/subnets. That seems strange to me since if the GC is in a different subnet, how are the Outlook clients able to look it up?

Any folks have any ideas on this?

Thanks

Staying in Wellington. Check out my AirBnB in the Wellington CBD. https://www.airbnb.co.nz/h/wellycbd PM me and mention GZ to get a 15% discount and no AirBnB charges.

1 | 2

3239 posts

Uber Geek

ID Verified

Trusted

#378707 11-Sep-2010 00:50

communication between subnets is done via then gateway (router) that connects the two subnets. If performance has become an issue then perhaps check that the router has the grunt to route the necessary amount of traffic that it needs to?

I see there are many articles online which talk about the best number and placement of GC's

lchiu7

6470 posts

Uber Geek

Trusted

#379204 13-Sep-2010 08:51

I asked and I was told the Exchange Server and the DC are in the same subnet. The Global Catalogue is also on the Exchange Server. Given Exchange hits the GC frequently, it doesn't seem as if there is a network issues crossing subnets here. And when folks use Outlook late at night it works much better which does suggest more of a performance issue. Maybe they need to have two Global Catalogues?

Staying in Wellington. Check out my AirBnB in the Wellington CBD. https://www.airbnb.co.nz/h/wellycbd PM me and mention GZ to get a 15% discount and no AirBnB charges.

insane

3239 posts

Uber Geek

ID Verified

Trusted

#379420 13-Sep-2010 19:48

Is the exchange server overworked for its hardware? Are there any IO bottle necks on the exchange server?

gjm

808 posts

Ultimate Geek

#379430 13-Sep-2010 20:11

lchiu7: I asked and I was told the Exchange Server and the DC are in the same subnet. The Global Catalogue is also on the Exchange Server. Given Exchange hits the GC frequently, it doesn't seem as if there is a network issues crossing subnets here. And when folks use Outlook late at night it works much better which does suggest more of a performance issue. Maybe they need to have two Global Catalogues?

The global catalogue is also on the Exchange Server? So is the Exchange server a domain controller as well then? So are there 2 DC's or just 1?

In AD how are the sites setup and do they have the subnets configured there?

GC lookup is not done by broadcast as far as I understand. A client will use DNS to lookup service records for the GC in their site if there is one.

It sounds like your friend is giving you/receiving some strange information. I would ask for some clarification of the facts.

Do surveys for Beer money (referral link) - Octopus Group

Link for buying beer (not affiliated, just like beer) - Good George

lchiu7

6470 posts

Uber Geek

Trusted

#379607 14-Sep-2010 11:37

gjm:
lchiu7: I asked and I was told the Exchange Server and the DC are in the same subnet. The Global Catalogue is also on the Exchange Server. Given Exchange hits the GC frequently, it doesn't seem as if there is a network issues crossing subnets here. And when folks use Outlook late at night it works much better which does suggest more of a performance issue. Maybe they need to have two Global Catalogues?

The global catalogue is also on the Exchange Server? So is the Exchange server a domain controller as well then? So are there 2 DC's or just 1?

In AD how are the sites setup and do they have the subnets configured there?

GC lookup is not done by broadcast as far as I understand. A client will use DNS to lookup service records for the GC in their site if there is one.

It sounds like your friend is giving you/receiving some strange information. I would ask for some clarification of the facts.

I asked my friend to provide more information and he has the Exchange Best Practice tool run on the server. The interesting items that came out are

- Exchange server is running DNS services. This is not a recommended best practice.
- The primary WINS server address for network interface '[00000009] VMware Accelerated AMD PCNet Adapter' on server XXX is blank. Exchange relies on short server name resolution.
- Exchange server xxxx is also a global catalog server. This is a supported configuration, but is not recommended.
- There is only one global catalog server in the Directory Service Access (DSAccess) topology on server xxxx. This configuration should be avoided for fault tolerant reasons.

Reading this it seems there is only one GC but he said they have two DC's. One is the Exchange Server, the other the File and Print server. Perhaps they should create another GC on the File and Print server?

I don't really understand the implications of the other warnings - perhaps others can help out here?

Your point about clients using DNS to look up service records for the GC in their site is interesting since it appears that the Exchange Server is also running DNS. That would seem to impose one extra overhead on the server which is already running enough stuff already.

Any other questions I should ask him?

Staying in Wellington. Check out my AirBnB in the Wellington CBD. https://www.airbnb.co.nz/h/wellycbd PM me and mention GZ to get a 15% discount and no AirBnB charges.

gjm

808 posts

Ultimate Geek

#380019 15-Sep-2010 09:19

sounds like a bit of a mess to me to be honest. Might be a bit hard to troubleshoot over the internet but a few things you / he can do...

1) Is the fileserver on the same subnet as exchange? If so is file access slow like Outlook? If not then its probably not anything to do with your router

2) "- There is only one global catalog server in the Directory Service Access (DSAccess) topology on server xxxx. This configuration should be avoided for fault tolerant reasons."

They should make the other domain controller a global catalogue server as well. Then in Exchange System manager go to the properties of the server and look at the directory access tab. Can Exchange see both DC's / GC's

3) Put a machine with outlook onto the same subnet as the server....does outlook function properly again?

4) Do some performance monitoring on the Exchange box. Is it getting hammered? Would explain slow access as well

Do surveys for Beer money (referral link) - Octopus Group

Link for buying beer (not affiliated, just like beer) - Good George

lchiu7

6470 posts

Uber Geek

Trusted

#380085 15-Sep-2010 12:14

My friend just gave me more information. He was told because GC looksup are not using broadcast, when the client times out getting information from the GC in the other subnet, it then uses DNS. So depending on the number of users who are active, this manifests itself as a delay on the Outlook response.

The recommendation was to install a local DC/GC in the same subnet which might make sense except for the cost of another server and OS licence.

So he is thinking of adding the DC/GC to a local Windows Server running on a desktop that has another use but very lightly loaded. Then if that box dies, it clients will revert back to the main DC/GC running on the Exchange server until the box is fixed. The local server runs on a HP desktop, Core 2Duo with 1G of RAM but he would upgrade that to 4G if necessary. It has been up for 12 months and has never died and one would expect the additional load of a local DC shouldn't over tax the box.

Staying in Wellington. Check out my AirBnB in the Wellington CBD. https://www.airbnb.co.nz/h/wellycbd PM me and mention GZ to get a 15% discount and no AirBnB charges.

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

gjm

808 posts

Ultimate Geek

#380087 15-Sep-2010 12:19

thats not a solution thats a hack. I have my domain controllers (infact all my servers) in a different subnet and everything works fine...as it should.

Tell him to find the root of the problem and fix that. "Solutions" like those you mentioned will come back to haunt you one day.

Do surveys for Beer money (referral link) - Octopus Group

Link for buying beer (not affiliated, just like beer) - Good George

lchiu7

6470 posts

Uber Geek

Trusted

#380097 15-Sep-2010 12:51

Well my friend is at a loss what to suggest to the provider. When they discussed the output from the tool, they said there nothing awry in that. The issue is Outlook client timing out when trying to reach the GC and having to then use DNS to get to it. The DNS server is also in another subnet but that is pingable so should be no network issues in that area.

What else could I tell him to ask the provider?

Staying in Wellington. Check out my AirBnB in the Wellington CBD. https://www.airbnb.co.nz/h/wellycbd PM me and mention GZ to get a 15% discount and no AirBnB charges.

gjm

808 posts

Ultimate Geek

#380107 15-Sep-2010 13:14

So we need to define the exact problem here. You are talking about broadcast and dns (in the context of name resolution). Outlook will need to find a global catalogue server in order to work. To find a GC it will use DNS. I cannot find anything that says otherwise.

So what is the issue really then? Is it in finding a GC or is it in communicating with the GC once it is found....these are 2 different issues. That is, do you have name resolution problems or do you have GC communication problems.

Run this at a command line from a client

nltest /dsgetdc:yourdomainnamehere /GC

it will tell you the name of GC server that the PC is talking to. How quick is the response? If its very quick then you dont have a lookup problem....you have something else. GC problems will also result in long logon times as a pc will need to find one when logging on.

Now try telnetting to the port that GC servers talk on

telnet yourservernamehere 3268

Does it work? How fast is it?

Need more? Put a packet sniffer on a client machine e.g. Wireshark, open outlook, send email....what is happening on the network.

These are the kinds of things / tests that should be happening. Making a desktop machine a critical part of the network infrastructure is a perfect example of what not should be happening.

Do surveys for Beer money (referral link) - Octopus Group

Link for buying beer (not affiliated, just like beer) - Good George

lchiu7

6470 posts

Uber Geek

Trusted

#380124 15-Sep-2010 13:36

Thanks for that. I asked him those questions and he said

1. The nltest comes back almost immediately
2. Telnet to the exchange server doesn't do anything - it just completes and returns a blank screen and when he presses enter he gets the command prompt
3. He will install wireshark and see what that shows and then report back to me

Staying in Wellington. Check out my AirBnB in the Wellington CBD. https://www.airbnb.co.nz/h/wellycbd PM me and mention GZ to get a 15% discount and no AirBnB charges.

gjm

808 posts

Ultimate Geek

#380131 15-Sep-2010 13:49

That means that your clients are not having a problem finding a GC. The blank window means that they can connect to the GC without a problem (all it does is open the port).

It sounds like your problems lie elsewhere as your GC setup seems ok. Again I suggest he puts a client in the server subnet and see's what the performance of Outlook is like.

Also a CTRL and Right click on the outlook icon in the taskbar brings up a connection status option. Click on that and look at the req/fail and avg respon time to get more of an idea of what is happening.

Do surveys for Beer money (referral link) - Octopus Group

Link for buying beer (not affiliated, just like beer) - Good George

BartManGeek

187 posts

Master Geek

#380156 15-Sep-2010 14:37

"VMware Accelerated AMD PCNet Adapter"
So these are all or partly virtualised? Is the virtual server handling the 'routing' between subnets?
Are you able to provide a high level network diagram showing exactly how things are 'connected' and which is physical and which is virtual? MSPaint will do the job!
The lack of precise information is making this a difficult one to troubleshoot further....

Have you configured autodicovery?
http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/exchange...

lchiu7

6470 posts

Uber Geek

Trusted

#380269 15-Sep-2010 18:41

I will ask my friend to see if he can knock up a picture and I will upload it.

Autodiscovery doesn't seem relevant since he is running Exchange 2003 and Outlook 2003. But he tells me he is eligible to upgrade to Exchange 2007 at no software cost so is that worth doing?

Staying in Wellington. Check out my AirBnB in the Wellington CBD. https://www.airbnb.co.nz/h/wellycbd PM me and mention GZ to get a 15% discount and no AirBnB charges.

BartManGeek

187 posts

Master Geek

#380287 15-Sep-2010 19:25

not while you are having 'issues'!

1 | 2