Microsoft KB Archive/928576

= New performance counters for Windows Server 2003 let you monitor the performance of Netlogon authentication =

Article ID: 928576

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Datacenter x64 Edition
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems

-



INTRODUCTION
New performance counters are available for Microsoft Windows Server 2003. These performance counters let you use System Monitor to monitor the performance of Netlogon authentication. To enable this feature, you must install the update that is described in this article.



Scenarios in which you might use the Netlogon performance counters
On a server that is running Microsoft Internet Security and Acceleration (ISA) Server, the Netlogon.log file may display the following information:

[LOGON] SamLogon: Network logon of \  from   Returns 0xC000005E

The 0xC000005E error code corresponds to a STATUS_NO_LOGON_SERVERS error. This error indicates one of the following situations:
 * A network outage has occurred.
 * The local domain controller has not responded to the authentication request within 45 seconds.

To troubleshoot this problem, you can perform a two-way network traffic trace to determine whether the error is related to one of these situations. If the local domain controller is too busy, you can adjust the load on the domain controller. Or, you can adjust the number of remote procedure calls (RPC) to the local domain controller by using the MaxConcurrentApi registry entry. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

326040 How to configure an ISA Server computer for a very large number of authentication requests

However, the local domain controller may be waiting for another remote domain controller to authenticate a user account that is in a remote domain. In this case, the local domain controller becomes the remote procedure call (RPC) client to the remote domain controller. The delay may be caused by the remote domain controller instead of by the local domain controller.

For example, assume that domain A has a domain controller that is named DC_A. Domain B has a domain controller that is named DC_B. A user in domain B uses NTLM to log on to the ISA Server computer in domain A. In this situation, the ISA Server computer sends a user authentication request to DC_A. DC_A forwards the user authentication request to DC_B, because DC_A does not have the user data for domain B.

In this example, both DC_A and DC_B may be potential bottlenecks. Additionally, the primary domain controller (PDC) emulator determines incorrect passwords. Therefore, DC_B may also have to contact the PDC emulator in domain B to check whether the user has entered an incorrect password.

The Netlogon performance counters help you determine which domain controller is the bottleneck. For example, you can use the Semaphore Waiters counter and the Semaphore Timeouts counter to determine whether the bottleneck is on a remote domain controller.

How to use the new Netlogon performance counters
To use the new Netlogon performance counters, follow these steps:
 * 1) Click Start, click Run, type perfmon.msc, and then click OK.
 * 2) In the details pane, click the Add button. The Add button appears as a plus sign (+).
 * 3) In the Performance object list, click Netlogon.
 * 4) In the Select counters from list list, click the performance counter that you want to add.
 * 5) Click Explain to display the explanation for the selected performance counter.
 * 6) Click Add, and then click Close.

Explanations for the new Netlogon performance counters
Five performance counters are available in the Netlogon performance object. The following table lists the names and explanations for these performance counters.

Update information
A supported hotfix is now available from Microsoft. However, it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Windows Server 2003 service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Customer Support Services to obtain the hotfix. For a complete list of Microsoft Customer Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

Prerequisites
To apply this update, you must have Windows Server 2003 Service Pack 1 or Windows Server 2003 Service Pack 2 installed. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

889100 How to obtain the latest service pack for Windows Server 2003

Restart requirement
You must restart the computer after you apply this update.

Update replacement information
This update does not replace any other updates.

File information
The English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Server 2003 with Service Pack 1, Itanium-based versions
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684Description of the standard terminology that is used to describe Microsoft software updates

Keywords: kbqfe kbpubtypekc kbexpertiseinter kbhotfixserver kbwinserv2003postsp2fix KB928576

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.