Microsoft KB Archive/246461

From BetaArchive Wiki
< Microsoft KB Archive
Revision as of 16:13, 18 July 2020 by 3155ffGd (talk | contribs) (importing KB archive)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Knowledge Base


How to Prevent Validation on a Specific Backup Domain Controller (BDC)

Article ID: 246461

Article Last Modified on 11/1/2006



APPLIES TO

  • Microsoft Windows NT Server 4.0 Standard Edition



This article was previously published under Q246461

SUMMARY

This article discusses issues regarding validation on a backup domain controller, and how to prevent validation on this backup domain controller.

MORE INFORMATION

You can prevent validation on a specific backup domain controller by pausing the Netlogon service. The backup domain controller does not allow any new connections, but it does not disconnect any existing connections.

When users attempt to directly obtain access to resources on the backup domain controller with the paused Netlogon service, validation occurs locally at that backup domain controller, and is not forwarded to any other domain controller. So pausing the Netlogon service on a particular backup domain controller is useful for reducing the load on that backup domain controller, because workstations and other member servers are not able to set up their secure channels with that backup domain controller.

Stopping the service instead of pausing it prevents the backup domain controller from receiving updates from the primary domain controller. Pausing it after your computer starts permits the domain controller to set up a secure channel with the primary domain controller to receive updates to the accounts database. If this occurs, users may be unable to obtain access with valid passwords after a password change has occurred.

You cannot set the Netlogon service to pause on startup, and it would be inadvisable to do so because the Netlogon service must run long enough to set up a secure channel with the primary domain controller. However, you can automate the service to pause after startup by using the AT scheduler to run the NET PAUSE NETLOGON command. You can also use the Windows NT Server Resource Kit Sleep.exe utility to start a batch file to run this command in a loop, and set the delay between intervals.


Additional query words: netlogon load

Keywords: kbinfo KB246461