Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
ForumsIT Pro and developersIs a local DC/GC server needed


4962 posts

Uber Geek
+1 received by user: 103

Trusted

Topic # 67714 7-Sep-2010 15:37
Send private message

A friend asked me the following question which I coudn't answer so I thought I would post here.

His organisation began experiencing major performance issues with Outlook once the DC/GC was moved out of the subnet all their PC's are in to another subnet (on the same GB LAN to be sure). Performance was fine when the DC/GC was on the same subnet.

They have been told the problem is heavy traffic to the GC is causing the problem and that the way to alleviate that is to install another DC on the same subnet as their PC's and the problem will go away.

They are also told that Global Catalogue lookup is done by broadcast, therefore, it cannot cross routers/subnets. That seems strange to me since if the GC is in a different subnet, how are the Outlook clients able to look it up?

Any folks have any ideas on this?

Thanks




System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Samsung 4K player, Google Chromecast

 


My Google+ page 

 

 

 

https://plus.google.com/+laurencechiu

 

 

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
2282 posts

Uber Geek
+1 received by user: 370

Trusted
Subscriber

  Reply # 378707 11-Sep-2010 00:50
Send private message

communication between subnets is done via then gateway (router) that connects the two subnets. If performance has become an issue then perhaps check that the router has the grunt to route the necessary amount of traffic that it needs to?

I see there are many articles online which talk about the best number and placement of GC's



4962 posts

Uber Geek
+1 received by user: 103

Trusted

  Reply # 379204 13-Sep-2010 08:51
Send private message

I asked and I was told the Exchange Server and the DC are in the same subnet. The Global Catalogue is also on the Exchange Server. Given Exchange hits the GC frequently, it doesn't seem as if there is a network issues crossing subnets here. And when folks use Outlook late at night it works much better which does suggest more of a performance issue. Maybe they need to have two Global Catalogues?




System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Samsung 4K player, Google Chromecast

 


My Google+ page 

 

 

 

https://plus.google.com/+laurencechiu

 

 

2282 posts

Uber Geek
+1 received by user: 370

Trusted
Subscriber

  Reply # 379420 13-Sep-2010 19:48
Send private message

Is the exchange server overworked for its hardware? Are there any IO bottle necks on the exchange server?

gjm

748 posts

Ultimate Geek
+1 received by user: 91


  Reply # 379430 13-Sep-2010 20:11
Send private message

lchiu7: I asked and I was told the Exchange Server and the DC are in the same subnet. The Global Catalogue is also on the Exchange Server. Given Exchange hits the GC frequently, it doesn't seem as if there is a network issues crossing subnets here. And when folks use Outlook late at night it works much better which does suggest more of a performance issue. Maybe they need to have two Global Catalogues?


The global catalogue is also on the Exchange Server? So is the Exchange server a domain controller as well then? So are there 2 DC's or just 1?

In AD how are the sites setup and do they have the subnets configured there?

GC lookup is not done by broadcast as far as I understand. A client will use DNS to lookup service records for the GC in their site if there is one.

It sounds like your friend is giving you/receiving some strange information. I would ask for some clarification of the facts.




[Amstrad CPC 6128: 128k Memory: 3 inch floppy drive: Colour Screen]



4962 posts

Uber Geek
+1 received by user: 103

Trusted

  Reply # 379607 14-Sep-2010 11:37
Send private message

gjm:
lchiu7: I asked and I was told the Exchange Server and the DC are in the same subnet. The Global Catalogue is also on the Exchange Server. Given Exchange hits the GC frequently, it doesn't seem as if there is a network issues crossing subnets here. And when folks use Outlook late at night it works much better which does suggest more of a performance issue. Maybe they need to have two Global Catalogues?


The global catalogue is also on the Exchange Server? So is the Exchange server a domain controller as well then? So are there 2 DC's or just 1?

In AD how are the sites setup and do they have the subnets configured there?

GC lookup is not done by broadcast as far as I understand. A client will use DNS to lookup service records for the GC in their site if there is one.

It sounds like your friend is giving you/receiving some strange information. I would ask for some clarification of the facts.


I asked my friend to provide more information and he has the Exchange Best Practice tool run on the server. The interesting items that came out are

- Exchange server is running DNS services. This is not a recommended best practice.
- The primary WINS server address for network interface '[00000009] VMware Accelerated AMD PCNet Adapter' on server XXX is blank. Exchange relies on short server name resolution.
- Exchange server xxxx is also a global catalog server. This is a supported configuration, but is not recommended.
- There is only one global catalog server in the Directory Service Access (DSAccess) topology on server xxxx. This configuration should be avoided for fault tolerant reasons.

Reading this it seems there is only one GC but he said they have two DC's. One is the Exchange Server, the other the File and Print server.  Perhaps they should create another GC on the File and Print server?

I don't really understand the implications of the other warnings - perhaps others can help out here?

Your point about clients using DNS to look up service records for the GC in their site is interesting since it appears that the Exchange Server is also running DNS. That would seem to impose one extra overhead on the server which is already running enough stuff already.

Any other questions I should ask him?




System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Samsung 4K player, Google Chromecast

 


My Google+ page 

 

 

 

https://plus.google.com/+laurencechiu

 

 

gjm

748 posts

Ultimate Geek
+1 received by user: 91


  Reply # 380019 15-Sep-2010 09:19
Send private message

sounds like a bit of a mess to me to be honest. Might be a bit hard to troubleshoot over the internet but a few things you / he can do...

1) Is the fileserver on the same subnet as exchange? If so is file access slow like Outlook? If not then its probably not anything to do with your router

2)  "- There is only one global catalog server in the Directory Service Access (DSAccess) topology on server xxxx. This configuration should be avoided for fault tolerant reasons."

They should make the other domain controller a global catalogue server as well. Then in Exchange System manager go to the properties of the server and look at the directory access tab. Can Exchange see both DC's / GC's

3) Put a machine with outlook onto the same subnet as the server....does outlook function properly again?

4) Do some performance monitoring on the Exchange box. Is it getting hammered? Would explain slow access as well




[Amstrad CPC 6128: 128k Memory: 3 inch floppy drive: Colour Screen]



4962 posts

Uber Geek
+1 received by user: 103

Trusted

  Reply # 380085 15-Sep-2010 12:14
Send private message

My friend just gave me more information. He was told because GC looksup are not using broadcast, when the client times out getting information from the GC in the other subnet, it then uses DNS. So depending on the number of users who are active, this manifests itself as a delay on the Outlook response.

The recommendation was to install a local DC/GC in the same subnet which might make sense except for the cost of another server and OS licence.

So he is thinking of adding the DC/GC to a local Windows Server running on a desktop that has another use but very lightly loaded. Then if that box dies, it clients will revert back to the main DC/GC running on the Exchange server until the box is fixed. The local server runs on a HP desktop, Core 2Duo with 1G of RAM but he would upgrade that to 4G if necessary. It has been up for 12 months and has never died and one would expect the additional load of a local DC shouldn't over tax the box.




System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Samsung 4K player, Google Chromecast

 


My Google+ page 

 

 

 

https://plus.google.com/+laurencechiu

 

 

gjm

748 posts

Ultimate Geek
+1 received by user: 91


  Reply # 380087 15-Sep-2010 12:19
Send private message

thats not a solution thats a hack. I have my domain controllers (infact all my servers) in a different subnet and everything works fine...as it should.

Tell him to find the root of the problem and fix that. "Solutions" like those you mentioned will come back to haunt you one day. 




[Amstrad CPC 6128: 128k Memory: 3 inch floppy drive: Colour Screen]



4962 posts

Uber Geek
+1 received by user: 103

Trusted

  Reply # 380097 15-Sep-2010 12:51
Send private message

Well my friend is at a loss what to suggest to the provider. When they discussed the output from the tool, they said there nothing awry in that. The issue is Outlook client timing out when trying to reach the GC and having to then use DNS to get to it. The DNS server is also in another subnet but that is pingable so should be no network issues in that area.

What else could I tell him to ask the provider?




System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Samsung 4K player, Google Chromecast

 


My Google+ page 

 

 

 

https://plus.google.com/+laurencechiu

 

 

gjm

748 posts

Ultimate Geek
+1 received by user: 91


  Reply # 380107 15-Sep-2010 13:14
Send private message

So we need to define the exact problem here. You are talking about broadcast and dns (in the context of name resolution). Outlook will need to find a global catalogue server in order to work. To find a GC it will use DNS. I cannot find anything that says otherwise.

So what is the issue really then? Is it in finding a GC or is it in communicating with the GC once it is found....these are 2 different issues. That is, do you have name resolution problems or do you have GC communication problems.

Run this at a command line from a client

nltest /dsgetdc:yourdomainnamehere /GC 

it will tell you the name of  GC server that the PC is talking to. How quick is the response? If its very quick then you dont have a lookup problem....you have something else. GC problems will also result in long logon times as a pc will need to find one when logging on.

Now try telnetting to the port that GC servers talk on

telnet yourservernamehere 3268

Does it work? How fast is it? 

Need more? Put a packet sniffer on a client machine e.g. Wireshark, open outlook, send email....what is happening on the network.

These are the kinds of things / tests that should be happening. Making a desktop machine a critical part of the network infrastructure is a perfect example of what not should be happening. 




[Amstrad CPC 6128: 128k Memory: 3 inch floppy drive: Colour Screen]



4962 posts

Uber Geek
+1 received by user: 103

Trusted

  Reply # 380124 15-Sep-2010 13:36
Send private message

Thanks for that. I asked him those questions and he said

1. The nltest comes back almost immediately
2. Telnet to the exchange server doesn't do anything - it just completes and returns a blank screen and when he presses enter he gets the command prompt
3. He will install wireshark and see what that shows and then report back to me




System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Samsung 4K player, Google Chromecast

 


My Google+ page 

 

 

 

https://plus.google.com/+laurencechiu

 

 

gjm

748 posts

Ultimate Geek
+1 received by user: 91


  Reply # 380131 15-Sep-2010 13:49
Send private message

That means that your clients are not having a problem finding a GC. The blank window means that they can connect to the GC without a problem (all it does is open the port).

It sounds like your problems lie elsewhere as your GC setup seems ok. Again I suggest he puts a client in the server subnet and see's what the performance of Outlook is like. 

Also a CTRL and Right click on the outlook icon in the taskbar brings up a connection status option. Click on that and look at the req/fail and avg respon time to get more of an idea of what is happening.

 




[Amstrad CPC 6128: 128k Memory: 3 inch floppy drive: Colour Screen]

187 posts

Master Geek


  Reply # 380156 15-Sep-2010 14:37
Send private message

"VMware Accelerated AMD PCNet Adapter"
So these are all or partly virtualised? Is the virtual server handling the 'routing' between subnets?
Are you able to provide a high level network diagram showing exactly how things are 'connected' and which is physical and which is virtual? MSPaint will do the job!
The lack of precise information is making this a difficult one to troubleshoot further....

Have you configured autodicovery?
http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/exchange...



4962 posts

Uber Geek
+1 received by user: 103

Trusted

  Reply # 380269 15-Sep-2010 18:41
Send private message

I will ask my friend to see if he can knock up a picture and I will upload it.

Autodiscovery doesn't seem relevant since he is running Exchange 2003 and Outlook 2003. But he tells me he is eligible to upgrade to Exchange 2007 at no software cost so is that worth doing?




System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen. Harman Kardon HK AVR 254 7.1 receiver, Samsung 4K player, Google Chromecast

 


My Google+ page 

 

 

 

https://plus.google.com/+laurencechiu

 

 

187 posts

Master Geek


  Reply # 380287 15-Sep-2010 19:25
Send private message

not while you are having 'issues'!

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.