Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » open sessions on RODC
open sessions on RODC [message #355642] Wed, 30 December 2009 12:32 Go to next message
southpaw  is currently offline southpaw  United States
Messages: 61
Registered: July 2009
Member
Hi all

There seem to be a large number of ports connected from the RODC
(137.1.210.1), to RWDC (137.1.202.37) via port 49156 (137.1.210.1),
some time hundreds actually. Network services group claims this is consuming
most of the bandwidth link because each is 2KB and some times there are
hundreds of these connections . Is this normal activity or behavior for
RODCs ? I don't believe we have any issues in other sites where there RWDC
only RODCs seem to exhibit this issue?

TCP 137.1.210.1:53517 137.1.202.37:49156 ESTABLISHED
[lsass.exe]
TCP 137.1.210.1:53757 137.1.202.37:49156 ESTABLISHED
[lsass.exe]
TCP 137.1.210.1:54026 137.1.6.43:61695 ESTABLISHED
[lsass.exe]
TCP 137.1.210.1:54030 137.1.202.37:49156 ESTABLISHED
[lsass.exe]
TCP 137.1.210.1:54452 137.1.202.37:49156 ESTABLISHED
[lsass.exe]
TCP 137.1.210.1:54624 137.1.202.37:49156 ESTABLISHED
[lsass.exe]
Re: open sessions on RODC [message #355725 is a reply to message #355642] Wed, 30 December 2009 13:56 Go to previous messageGo to next message
florian  is currently offline florian  Germany
Messages: 484
Registered: July 2009
Senior Member
Howdie!

southpaw schrieb:
> There seem to be a large number of ports connected from the RODC
> (137.1.210.1), to RWDC (137.1.202.37) via port 49156 (137.1.210.1),
> some time hundreds actually. Network services group claims this is
> consuming most of the bandwidth link because each is 2KB and some times
> there are hundreds of these connections . Is this normal activity or
> behavior for RODCs ? I don't believe we have any issues in other sites
> where there RWDC only RODCs seem to exhibit this issue?

Depending on the sites and services setup, this may be (immediate)
replication of directory changes. lsass.exe is responsible for a number
of services. I'd probably try to get a network trace and look at the
packets and messages involved there. That should give you a good idea on
what is going on. There shouldn't be much always-on talking between the
RODC and the RWDC.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
ANY advice you get on the Newsgroups should be tested thoroughly in your
lab.
Re: open sessions on RODC [message #359307 is a reply to message #355725] Mon, 04 January 2010 17:12 Go to previous messageGo to next message
JustinHa  is currently offline JustinHa
Messages: 8
Registered: September 2009
Junior Member
Are the accounts in the RODC site cached on the RODC? TechNet has information
about how the authentication process works on an RODC at
http://technet.microsoft.com/en-us/library/cc754218(WS.10).aspx#BKMK_AuthRODC

Justin [MSFT]
Active Directory Documentation Team

"Florian Frommherz [MVP]" wrote:

> Howdie!
>
> southpaw schrieb:
> > There seem to be a large number of ports connected from the RODC
> > (137.1.210.1), to RWDC (137.1.202.37) via port 49156 (137.1.210.1),
> > some time hundreds actually. Network services group claims this is
> > consuming most of the bandwidth link because each is 2KB and some times
> > there are hundreds of these connections . Is this normal activity or
> > behavior for RODCs ? I don't believe we have any issues in other sites
> > where there RWDC only RODCs seem to exhibit this issue?
>
> Depending on the sites and services setup, this may be (immediate)
> replication of directory changes. lsass.exe is responsible for a number
> of services. I'd probably try to get a network trace and look at the
> packets and messages involved there. That should give you a good idea on
> what is going on. There shouldn't be much always-on talking between the
> RODC and the RWDC.
>
> Cheers,
> Florian
> --
> Microsoft MVP - Group Policy
> eMail: prename [at] frickelsoft [dot] net.
> blog: http://www.frickelsoft.net/blog.
> ANY advice you get on the Newsgroups should be tested thoroughly in your
> lab.
> .
>
Re: open sessions on RODC [message #377048 is a reply to message #359307] Mon, 25 January 2010 19:24 Go to previous message
southpaw  is currently offline southpaw  United States
Messages: 61
Registered: July 2009
Member
For anyone who wanted to know.. found out this is a bug and has been address
in the following hotfix.. Since I have applied the hotfix to my RODC
upstream DC (RWDCs) all seems fine, not more excessive TCp connections on
the RODCs..


976449 RODCs unnecessarily open many RPC connections to RWDCs on a
computer that is running Windows Server 2008
http://support.microsoft.com/default.aspx?scid=kb;EN-US;976449

"JustinHa" <JustinHa@discussions.microsoft.com> wrote in message
news:89BAAEFF-CFE5-4512-89BE-C262EE08E19A@microsoft.com...
> Are the accounts in the RODC site cached on the RODC? TechNet has
> information
> about how the authentication process works on an RODC at
> http://technet.microsoft.com/en-us/library/cc754218(WS.10).aspx#BKMK_AuthRODC
>
> Justin [MSFT]
> Active Directory Documentation Team
>
> "Florian Frommherz [MVP]" wrote:
>
>> Howdie!
>>
>> southpaw schrieb:
>> > There seem to be a large number of ports connected from the RODC
>> > (137.1.210.1), to RWDC (137.1.202.37) via port 49156 (137.1.210.1),
>> > some time hundreds actually. Network services group claims this is
>> > consuming most of the bandwidth link because each is 2KB and some times
>> > there are hundreds of these connections . Is this normal activity or
>> > behavior for RODCs ? I don't believe we have any issues in other sites
>> > where there RWDC only RODCs seem to exhibit this issue?
>>
>> Depending on the sites and services setup, this may be (immediate)
>> replication of directory changes. lsass.exe is responsible for a number
>> of services. I'd probably try to get a network trace and look at the
>> packets and messages involved there. That should give you a good idea on
>> what is going on. There shouldn't be much always-on talking between the
>> RODC and the RWDC.
>>
>> Cheers,
>> Florian
>> --
>> Microsoft MVP - Group Policy
>> eMail: prename [at] frickelsoft [dot] net.
>> blog: http://www.frickelsoft.net/blog.
>> ANY advice you get on the Newsgroups should be tested thoroughly in your
>> lab.
>> .
>>
Previous Topic:Setting user password
Next Topic:Policy to show logon failures does not work with RD-logons
Goto Forum:
  


Current Time: Wed Jan 17 05:47:15 MST 2018

Total time taken to generate the page: 0.02121 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software