Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

open sessions on RODC

18 views
Skip to first unread message

southpaw

unread,
Dec 30, 2009, 2:32:20 PM12/30/09
to

Hi all

There seem to be a large number of ports connected from the RODC
(137.1.210.1), to RWDC (137.1.202.37) via port 49156 (137.1.210.1),
some time hundreds actually. Network services group claims this is consuming
most of the bandwidth link because each is 2KB and some times there are
hundreds of these connections . Is this normal activity or behavior for
RODCs ? I don't believe we have any issues in other sites where there RWDC
only RODCs seem to exhibit this issue?

TCP 137.1.210.1:53517 137.1.202.37:49156 ESTABLISHED
[lsass.exe]
TCP 137.1.210.1:53757 137.1.202.37:49156 ESTABLISHED
[lsass.exe]
TCP 137.1.210.1:54026 137.1.6.43:61695 ESTABLISHED
[lsass.exe]
TCP 137.1.210.1:54030 137.1.202.37:49156 ESTABLISHED
[lsass.exe]
TCP 137.1.210.1:54452 137.1.202.37:49156 ESTABLISHED
[lsass.exe]
TCP 137.1.210.1:54624 137.1.202.37:49156 ESTABLISHED
[lsass.exe]

Florian Frommherz [MVP]

unread,
Dec 30, 2009, 3:56:10 PM12/30/09
to
Howdie!

southpaw schrieb:


> There seem to be a large number of ports connected from the RODC
> (137.1.210.1), to RWDC (137.1.202.37) via port 49156 (137.1.210.1),
> some time hundreds actually. Network services group claims this is
> consuming most of the bandwidth link because each is 2KB and some times
> there are hundreds of these connections . Is this normal activity or
> behavior for RODCs ? I don't believe we have any issues in other sites
> where there RWDC only RODCs seem to exhibit this issue?

Depending on the sites and services setup, this may be (immediate)
replication of directory changes. lsass.exe is responsible for a number
of services. I'd probably try to get a network trace and look at the
packets and messages involved there. That should give you a good idea on
what is going on. There shouldn't be much always-on talking between the
RODC and the RWDC.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
ANY advice you get on the Newsgroups should be tested thoroughly in your
lab.

JustinHa

unread,
Jan 4, 2010, 7:12:01 PM1/4/10
to
Are the accounts in the RODC site cached on the RODC? TechNet has information
about how the authentication process works on an RODC at
http://technet.microsoft.com/en-us/library/cc754218(WS.10).aspx#BKMK_AuthRODC

Justin [MSFT]
Active Directory Documentation Team

"Florian Frommherz [MVP]" wrote:

> .
>

southpaw

unread,
Jan 25, 2010, 9:24:03 PM1/25/10
to
For anyone who wanted to know.. found out this is a bug and has been address
in the following hotfix.. Since I have applied the hotfix to my RODC
upstream DC (RWDCs) all seems fine, not more excessive TCp connections on
the RODCs..


976449 RODCs unnecessarily open many RPC connections to RWDCs on a
computer that is running Windows Server 2008
http://support.microsoft.com/default.aspx?scid=kb;EN-US;976449

"JustinHa" <Just...@discussions.microsoft.com> wrote in message
news:89BAAEFF-CFE5-4512...@microsoft.com...

0 new messages