Win 2003 & Active Directory : Slow Startup & Shutdow

As the title says, I'm experiencing some problems with starting up and shutting down my PC, after I've installed Active Directory. It seems impossible to find any other topics about this, but I've heard that lots of others have this problem.

Everything New Technology 1823 This topic was started by ,


data/avatar/default/avatar20.webp

2 Posts
Location -
Joined 2003-12-09
As the title says, I'm experiencing some problems with starting up and shutting down my PC, after I've installed Active Directory.
 
It seems impossible to find any other topics about this, but I've heard that lots of others have this problem.
 
Perhaps the biggest disadvantage is that I can't put my PC in standby-mode anymore, which I did everyday before now ...
 
Does anyone have solutions for this? I'd love to hear them !
 
Regards,
 
Niels

Participate on our website and join the conversation

You have already an account on our website? Use the link below to login.
Login
Create a new user account. Registration is free and takes only a few seconds.
Register
This topic is archived. New comments cannot be posted and votes cannot be cast.

Responses to this topic


data/avatar/default/avatar12.webp

1915 Posts
Location -
Joined 2000-03-30
AD will slow it down
 
 
Thats normal

data/avatar/default/avatar19.webp

3857 Posts
Location -
Joined 2000-03-29
Quote:AD will slow it down


Thats normal

Kinda sorta. Basically, a server running AD can run almost as fast at boot up and shut down as most member servers. The big issue here is that Domain Controllers (since NT 4.0) have always needed at least one counterpart in the domain to operate efficiently. This stems from the constant communication that a DC wants to do during startup to validate the network that it is coming up into and shutting down from (Browse Master, WINS host, etc). This is further complicated with AD since there are more functions to track and register with ((D)DNS, WINS, Browse Master, Time Source, etc) during startup and shutdown. In addition, policy configuration has a *major* impact on this. If you have aggressively configured logging either locally or via templates (such as logging all successes and failures in all security objects) you can greatly impact not only startup, but shutdown time. We are testing templates right now that are highly aggressive (modded NSA-based templates) and these cause our DCs to take about 12 - 15min to shutdown. All these servers do is host FSMO roles, and don't have any applications installed at all (besides AV and AD monitoring agents) and yet they are slower than anything else I have used. These templates also generate logs that are so large that they require at least weekly (typically daily) removal via some automation tool in production.

So, in some vague order, here are the major things that slow down the system:

Bringing up the network - This can be an issue since the server will need to register itself against a DDNS server on the network (unless specified not to via a reg tweak). If this box is the only DC, this may not occur properly if the processes are running in asynchronous mode and there are no dependencies declared on the local DNS service to start up before the server tries to register itself. One major help for this is to make sure that all the DDNS servers have their local IP address (the IP that is answering DNS queries) entered into their primary DNS server position in their local IP settings. By having a second DC with DNS on the network, the server can move to the second one during boot since the local DNS service may not have started in time to answer its own request (kind of like needing to be awake before you can answer a phone call; if you are a sleep you can't answer the phone in time but if another person is around they can do that for you and vice-versa). This second DC can also host the Browse Master service and turn over control if the starting DC is also hosting WINS (not needed in a modern AD network unless you have legacy applications, such as Microsoft Exchange 2000 or earlier, that still use NetBIOS name resolution). Properly configured DDNS will reduce the boot time and make it run a lot smoother.

Services - Since a "server" will have more services, this will slow down launching of the system. In addition, many of the services will require authentication, and if the server can't register itself on the network and get the NETLOGON service started fast enough, there will be a noticable delay in the other services getting authenticated and therefore started. Again, this is alleviated with a second DC on the network that can field these calls and let the system get everything running in a timely manner.

Template Application - As mentioned earlier, improperly configured templates for your hosted environment can greatly impact startup performance. Set them as needed to strike the proper balance between security and performance. In addition, the server will scan its local AD DB to make sure that it is by itself (the only DC) on the network. If it finds that there are others, it will want to converse with them about account and template consistency (for example, does it have the newest version of all the accounts and templates).

Hope this explains it somewhat.

data/avatar/default/avatar12.webp

1915 Posts
Location -
Joined 2000-03-30
My Dell Poweredge booted as fast as my desktop, till I installed AD, which installs DNS, and a few other services.
 
Onced installed its slow to bootup and shutdown, for all the reasons clutch mentioned.
 
 
But then again servers aren't supposed to be booted a lot.

data/avatar/default/avatar20.webp

2 Posts
Location -
Joined 2003-12-09
OP
OK, thanks everybody for the information ! Very useful to know what actually causes this slowdown...
 
Regards,
Niels