Minimizing WAN Traffic

MORE INFORMATION

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Assume that your Windows NT systems have been spread across several sites interconnected by routers, and consider two typical cases:

• A single domain split into several LANs, with one backup domain controller (BDC) on each LAN.
• Several domains with trust relationships.

This article includes a short description of the network frames that can Be encountered in the absence of the modifications described later in the article. The network traces were captured in a lab with the following configuration:

• Name of domain = DOMWAN
• Name of primary domain controller (PDC) = PDCWAN = 191.75.0.2 (on a separate LAN)
• Name of backup domain controller (BDC) = BDCWAN = 191.76.0.2 (on a separate LAN)

      -----      |                            |     -----
     | PDC |-----|                            |----| BDC | 191.76.0.2
     | WAN |     |                            |    | WAN |
      -----      |            ISDN            |     -----
     191.75.0.2  |--- router <====> router ---|
                 |  191.75.0.1     191.76.0.1 |
  					

The License Service May Generate Traffic Every 15 Minutes

The License service performs licensing replication. Data moves from BDCs and member servers to the PDCs, and then, optionally, from the PDCs to an enterprise server, which maintains licensing information across the whole network.

This replication, by default, is performed one time every 24 hours. If, for some reason, the BDC cannot connect to the license service on the PDC, the BDC will continue to attempt replication one time every 15 minutes until it is successful.

Reducing Exchange of Browse Lists

Every MasterPeriodicity time interval (every 12 minutes, by default), the master browsers, which are the BDCs, try to contact the domain master browser, the PDC, to exchange their browse lists.

This parameter can be changed in the registry of all the BDCs: For additional information about this parameter, click the article number below to view the article in the Microsoft Knowledge Base: To optimize the traffic on your WAN lines, increase the value above on all BDCs.

SAM Replication Between a PDC and Its BDCs

The SAM replication is controlled by Netlogon on the PDC. The following registry value defines the typical pulse frequency (in seconds): For additional information, click the article number below to view the article in the Microsoft Knowledge Base: All SAM/LSA changes made within this time are bundled together. After this period has elapsed, a pulse is sent to each BDC needing the changes. No pulse is sent to a BDC that is up-to-date.

Increasing this value on the PDC reduces the number of replications between the PDC and the BDCs. Nevertheless, the SAM changes are propagated less quickly from the PDC to the BDCs. You must choose a balance between infrequent replication that may increase the number of connections to a PDC to validate changed passwords and frequent replication that may generate excessive ISDN traffic.

The Netlogon PulseMaximum parameter has to be changed: It defines the maximum pulse frequency (in seconds). Every BDC will be sent at least one pulse at this frequency, whether its database is current or not.

NOTE: The replication takes place immediately if a change is made in LSA secrets, for example, when adding a workstation to the domain or changing trusts relationships.

Close of SMB Connections

The following value specifies the maximum amount of time that a connection can be left dormant: In a WAN environment, it is preferable to lower this value to 10 seconds on all the servers and the workstations, so that a new ISDN connection is not established just because of a SMB connection close.

Changing KeepConn may generate significant SMB overhead. As connections are closed very quickly, each new connection implies the establishment of a new SMB connection.

NetBIOS Name Resolution Mode

When you use a domain spanning into multiple sites, the NetBIOS name resolution mode should be set to m-node (broadcasts followed by name server) on all servers and workstations.

This setting ensures that a local (for example, on the same subnet) domain controller is always contacted first (for example, before trying to contact the PDC).

On Windows NT systems, the NetBIOS name resolution mode can be set to m-node with the modification of the following key:

Trusts Relationships

Under certain circumstances, it is possible for 2 PDCs of 2 domains with a trust relationship to generate traffic every 15 minutes. For more information, click the following article number to view the article in the Microsoft Knowledge Base: The following parameter defines the time interval during which Netlogon does miscellaneous work (on the PDC and on the BDCs), for example, finding a domain controller.

Other Services That Generate Traffic

Check out the configuration of your WINS database renewal interval, and the replicator service as well.

The replicator service may be modified as follows: For additional information about how to modify WINS settings, click the article numbers below to view the articles in the Microsoft Knowledge Base: