We have recently been experiencing PDCe piling on issues where we notice that NTLM authentications hit 50+ per second on the AD PDCe.
I am researching various methods to address this issue, including changing the weight and/or priority of the PDCe DNS SRV records as well as WINS 1C list randomisation and / or removing the 1B entry from the 1C list.
My question / concern is that I don't fully appreciate the difference that a higher DNS priority will result in - will the PDCe never be used for logon requests/NTLM auth/Kerberos auth or all of the above? Does it depend upon the method of auth used by the client?
I set the priority for the PDC SRV records to 200 and traced a logon by a client. I am still sifting through the trace but the client shows that its logon server is indeed the PDCe (checked by typing 'set' at the command line.)
1. Does the above behaviour actually prove that the priority change worked or is it a red herring?
2. Has anyone any experience and feedback regarding the reduction of load on a PDCe?
3. How did you test that the changes made (DNS or WINS) were actually working as expected / desired?
4. Can the above techniques be used regardless of auth type used within the environment?
Thanks in advance for any responses,
Neil
Neil Ruston, MCSE, MVP (AD)
==============================================================================
This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure.
==============================================================================
