WinNT 4.0 in a WAN environment
Because Windows NT 4.0 assumes to be installed in a high bandwith LAN environment it can
generate a lot of unnecessary network traffic if not configured and tuned correctly. This
document should give a brief overview about tuning your installation(s). If you need more
detailed information on various services please consult
Microsofts TECHNET or obtain the book "Optimizing Network Traffic" published by
Microsoft Press.
- Overview of optimizable NT Services
- View local NETBIOS names
- Browsing
- WINS
- DHCP
- FILE COPY VIA SMB
- BROADCASTS
- PRINT SERVERS
- LICENSE SERVICE
- OUTLOOK
- IP ROUTING
Overview of optimizable NT Services
The following services/settings should be reconfigured if Windows NT 4.0 is used in a WAN
environment with small-medium bandwith.
DHCP
- increase the lease period
- install dhcp servers on local LAN
- use static ip addresses
WINS
- increase the renewal period
- tune multihomed or RAS hosts (KB: Q164308)
- use LMHOSTS in small sites (use the #INCLUDE feature)
- use a local WINS server
- see KB article Q139270
BROWSING
- increase the MasterPeriodicty value
- disable the browser service on workstations
WORKSTATION AND SERVER SERVICES
- change the timeout value of both server and workstation service
(e.g. from 15 to 2 -> see KB: Q138365, Q102981 & Q105134
MESSENGER SERVICE
- disable the messenger service if not used
LICENSE LOGGING SERVICE
- extended the replication period (1-72 hours) or disable it
SPOOLER SERVICE
- disable browsing update (DisableServerThreat)
SCHEDULER SERVICE
DIRECTORY REPLICATION
- change the interval (pulse value)
- use 3rd party tools like robocopy (does not copy ALL files)
NETLOGON SERVICE
- disable the automatic machine account password change (see KB: Q154501)
- change the intervals (Pulse- & PulseMaximum values)
- change the bandwith usage (ReplicationGovernor value)
View local NETBIOS names
|
C:\WINNT>nbtstat -n
NetBIOS Local Name Table
Name Type Status
-----------------------------------
COMPUTER-1 <00> UNIQUE Registered [computername (workstation service)]
COMPUTER-1 <03> UNIQUE Registered [Messenger service]
COMPUTER-1 <20> UNIQUE Registered [computername (server service)]
COMPUTER-1 <21> UNIQUE Registered [computername (RAS client service)]
MYDOMAIN <00> GROUP Registered [member of domain]
MYDOMAIN <1B> UNIQUE Registered [PDC and domain master browser]
MYDOMAIN <1C> GROUP Registered [netbios group (domain controller)]
MYDOMAIN <1D> UNIQUE Registered [master browser of subnet]
MYDOMAIN <1E> GROUP Registered [netbios group (browser service)]
..__MSBROWSE__.<01> GROUP Registered [netbios group (master browser)]
|
BROWSING
Each LAN segment has one master browser and up to 3 backup browsers. Each domain has one domain master browser.
Browsing produces a high amount of network traffic:
- Every 12 minutes [MasterPeriodicity] each (local) master browser contacts the domain master browser to update the browse lists -> WAN issue !!
- Every 12 minutes each hosts announces itself in the local subnet (broadcast) -> LAN issue
- Every 12 minutes each backup browser contacts its local master browser to retrieve an updated browse list -> LAN issue
- Every 15 minutes each master browser announces itself to the master browsers of other domains in the local subnet -> LAN issue
Comment: If the browser service is disabled on the client he will still be able to browse the network (if at least one master browser is active).
WINS
WINS produces little network traffic only the transfer of the browse list (once again) can produce a lot of network traffic – which can fill up WAN bandwidth. There are 3 basic types of work performed:
- Client registration / renewal (every 4 days)
- WINS client queries
- WINS server replication
DHCP
DHCP also uses little network traffic and if DHCP requests
are not sent via the WAN but serviced by a local DHCP server bandwith is not an
issue. One DHCP request (4-way) consumes about 2121 byte.
FILE COPY VIA SMB
It will always depend on the situation, but take this is a general rule: The less files you copy the faster it will be. Expect a file copy of one zipped file compared to many small files (with the same total size) to be about three times (if not more) faster.
BROADCASTS
Broadcasts not only produce a lot of traffice they also cause degrade of performance on the clients. Every broadcast is a packet directed to a host which means it will have to be analyzed by the NIC and OS. This takes CPU time.
PRINT SERVERS (BROWSING)
The Windows NT Spooler can cause excess dialing in the process of distributing information on available printers throughout the enterprise. Windows NT Spooler sends out print browser information every 777 seconds. To change this behaviour add this value to the registry:
Registry Path HKLM\System\CurrentControlSet\Control\Print
Parameter DisableServerThread
Type REG_DWORD
Default Value 0 (enabled)
Suggested Value 1 (disabled)
LICENSE MANAGMENT
License replication is performed on all DCs (domain controllers) and member servers. The replication occurs every 24 hours – if a BCD or member server cannot contact the PDC he will try again every 15 minutes. To turn of license replication simply disable the LicenseService in the control panel or registry.
OUTLOOK
You can specify which protocol order outlook uses when starting up. You can modify it by editing this registry value:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\EXCHANGE\EXCHANGE PROVIDER\RPC_BINDING_ORDER
· NCALRPC
Local RPC is the first in the binding order. This is a local RPC internal to the machine; it does not pass over the network.
· NCACN_IP_TCP
This binding creates an RPC connection using the TCP transport (a connection state instead of a connectionless state).
· NCACN_SPX
This binding creates an RPC connection using the Sequenced Package Exchange (SPX) protocol.
· NCACN_NP
This binding creates an RPC connection using a NamePipe interface. When more than one NetBIOS is loaded, the provider tries each in the NetBIOS binding order.
· NETBIOS
This binding creates an RPC connection using the NetBEUI protocol.
· NCACN_VNS_SPP
This binding creates an RPC connection using the Banyan Vines scalable parallel processing (SPP) protocol (a connection state instead of a connectionless state).
IP ROUTING
As you might already know routing is handled by IP on the network layer. For troubleshooting routing with WinNT it might be useful to use the route command.
To view all active routes on your NT system (including all NICs and RAS
interfaces) type route print at the command prompt. This will work
on any installation (no resource kit necessary). You can also modify the local routing table
with this tool. Enter route at the command prompt for available options.
What you will see by typing route print on the command prompt will
look similar to the outputs below. Please note the different IP addresses AND subnet mask
used in the examples. Here the explanation of the 6 lines, only one NIC was used in each of
the examples:
- This is the default gateway used, all IP adresses will be sent to 172.24.64.1
- This is the local loopback address. Every address starting with 127. will be considered a local address. Used mainly for testing purposes.
- Since the subnet mask 255.255.255.0 was used, every ip address starting with 172.24.64. will be in the same subnet and routing will not be required. Please note the difference between example I and II in line 3. The actual IP address is used for the gateway.
- This is the local address, therefore 127.0.0.1 is once again used for the gateway.
- This is the broadcast address, note that there is NO difference between examples I & II, even though a different subnet mask was used
- This is a class D network, used for multicasts
Example I
Used IP address: 172.24.64.245, 255.255.255.0
===========================================================================
Active Routes:
Network Dest. Netmask Gateway Interface Metric
(1) 0.0.0.0 0.0.0.0 172.24.64.1 172.24.64.245 1
(2) 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
(3) 172.24.64.0 255.255.255.0 172.24.64.245 172.24.64.245 1
(4) 172.24.64.245 255.255.255.255 127.0.0.1 127.0.0.1 1
(5) 172.24.255.255 255.255.255.255 172.24.64.245 172.24.64.245 1
(6) 224.0.0.0 224.0.0.0 172.24.64.245 172.24.64.245 1
===========================================================================
Example II
Used IP address: 172.24.64.245, 255.255.0.0
===========================================================================
Active Routes:
Network Dest. Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.24.64.1 172.24.64.245 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.24.0.0 255.255.0.0 172.24.64.245 172.24.64.245 1
172.24.64.245 255.255.255.255 127.0.0.1 127.0.0.1 1
172.24.255.255 255.255.255.255 172.24.64.245 172.24.64.245 1
224.0.0.0 224.0.0.0 172.24.64.245 172.24.64.245 1
===========================================================================
Example III
Used IP address: 194.24.64.245, 255.255.255.0
===========================================================================
Active Routes:
Network Dest. Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 194.24.64.1 194.24.64.245 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
194.24.64.0 255.255.255.0 194.24.64.245 194.24.64.245 1
194.24.64.245 255.255.255.255 127.0.0.1 127.0.0.1 1
194.24.64.255 255.255.255.255 194.24.64.245 194.24.64.245 1
224.0.0.0 224.0.0.0 194.24.64.245 194.24.64.245 1
===========================================================================
Example IV
Used IP address: 194.24.64.245, 255.255.0.0
===========================================================================
Active Routes:
Network Dest. Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 194.24.64.1 194.24.64.245 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
194.24.0.0 255.255.0.0 194.24.64.245 194.24.64.245 1
194.24.64.245 255.255.255.255 127.0.0.1 127.0.0.1 1
194.24.64.255 255.255.255.255 194.24.64.245 194.24.64.245 1
224.0.0.0 224.0.0.0 194.24.64.245 194.24.64.245 1
===========================================================================
Author: Ingmar Koecher
EMail: ingmar.koecher@netikus.net
URL: http://www.netikus.net/documents/winnt40_networktraffic.htm
Date: AUGUST, 1999