You might also want to fire up Server Performance Advisor on the box and collect some perf stats on the queries. You should be able to see where time is being spent and what kinds of resources are being consumed.
Darren -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Monday, June 13, 2005 7:12 PM To: [email protected] Subject: RE: [ActiveDir] LDAP performance It's hard to really give any sort of analysis with the data provided. Do you have any network traces of entering "failure" state that we could see? With that hopefully we can provide more guidance. ~Eric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, June 13, 2005 5:27 PM To: [email protected] Subject: RE: [ActiveDir] LDAP performance Something similar came up for discussion last week. My response was to increase the maxreceivebuffer size. See Q315071 and Q834317 HTH Sincerely, D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Isenhour, Joseph Sent: Mon 6/13/2005 5:01 PM To: [email protected] Subject: RE: [ActiveDir] LDAP performance Oops one correction: 100 binds per second is the upper limit that I've found. Average of 10 binds per second. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Monday, June 13, 2005 4:55 PM To: [email protected] Subject: [ActiveDir] LDAP performance We're running into what appears to be some performance issues. We have several AD servers that we dedicate to doing LDAP authentications for various applications. We recently added a new application that performs a large number of binds. The day we cut the application over to AD LDAP the application owners began complaining that an average of 1 to 2 LDAP requests are being dropped every minute. Here are the details: Application: Issues an average of 100 binds per second. Average of 50 queries per second using filter "(samaccountname=X)" and requesting the DN as the return. HW: 2 Domain Controllers. Each is quad proc 2.4GHZ. Each has 4GB of RAM with the 3GB switch set. I ran this through ADSizer and it recommended one server with about half the capacity that is built into each of these servers. I've run several performance checks on these machines and it appears that they are barely breaking a sweat in terms of available resources. I've tweaked our default LDAP policies to add additional queries per proc and allowed larger buffers. But the app owner is still complaining. The network team has recommended that I increase the TCP listening queue on the servers. They suspect this because they are seeing a few syns that never get acked. I'm not familiar with how to do this in Windows and am not sure if that is really something I should be concerned with. Can anyone out there vouch for this theory? Or perhaps offer another theory as to why the DCs seem to not keep up with the load? Thanks One other thing, I set the LDAP diags to two and found the following warning poping up from time to time: ***************************************************************************** ********************* Event Type: Warning Event Source: NTDS LDAP Event Category: LDAP Interface Event ID: 1216 Date: 6/13/2005 Time: 6:34:37 PM User: N/A Computer: ****************** Description: Internal event: An LDAP client connection was closed because of an error. Client ID: 427107 Additional Data Error value: 995 The I/O operation has been aborted because of either a thread exit or an application request. Internal ID: c0602ec For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp <http://go.microsoft.com/fwlink/events.asp> . ***************************************************************************** ********************* List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
