help with domain browsing

[ne0-reloaded]

Computer Browser problems:

I think i've tracked down the reason for the slow SMB response on our network and would like some input. For a long time now we've had the prob of pc's not being listed in My Network Places. Even more aggravating is the often slow response we'd get from shared folders on Win servers. I knew the 1st issue had something to do with netbios/computer browser service, but it didnt make sense until i used the browstat utility. I realized my problem was the master browser in the domain wasn't the PDC Emulator (The domain browser) and that the domain controller holding the PDC Emulator role was multihomed. After i fixed those problems my network places and SMB browsing is a lot better. The last issue I have is making sure the PDC Emulator ALWAYS becomes the master domain browser. it's jumping around from PC to PC, and different PC's recognize different servers as the master browser. The network consists of few windows 98 clients, around 10 or so NT4 servers, and hundreds of win 2000/xp/2003 machines. Im thinking of disabling the browser service on all of the machines, except for PDC Emulator, but I'm not sure if that would cause any problems down the road.

so if anyone could help me out with always making the PDC emulator be the master domain browser id appreciate it.

Thanks

 

[MorfiusX]

Set a policy to disable the computer browser service on every machine other than the PDC emulator. You will still be able to browse with out problem. There's a reg hack to stop 9x machines from becoming master as well.

 

[ne0-reloaded]

i set a gpo to disable/stop the browser service a while back, i just wasn't sure if that alone would fix the problems. i was gonna go around to the 9x/nt machines and disable the service manually, aint too many of em.

 

[MorfiusX]

I do what you mentioned and assign the GPO to the entire domain. The one machine that I want to allow master election gets excluded from the policy using security filtering. You do that by denying the machine full control of the GPO.

 

[YeOldeStonecat]

I'd be reviewing to make sure TCP/IP properties are setup properly also....specifically DNS. 2K/XP clients..on 2K/2K3 domains...it's all about DNS. Since you're stuck with some 9X rigs...you're stuck with old WINS too. Having all those proper on the servers, and clients..is important. Keep those broadcasts down.

A network that large...you're bound to have networked printers..print servers often default to having IPX and CrApple talk enabled...un-necessary chat on the network..kill those?

 

[ne0-reloaded]

I do what you mentioned and assign the GPO to the entire domain. The one machine that I want to allow master election gets excluded from the policy using security filtering. You do that by denying the machine full control of the GPO.

i denied the pdc emu role and the 2nd dc from the policy when i made it, thanks for the heads up tho.

I'd be reviewing to make sure TCP/IP properties are setup properly also....specifically DNS. 2K/XP clients..on 2K/2K3 domains...it's all about DNS. Since you're stuck with some 9X rigs...you're stuck with old WINS too. Having all those proper on the servers, and clients..is important. Keep those broadcasts down.

A network that large...you're bound to have networked printers..print servers often default to having IPX and CrApple talk enabled...un-necessary chat on the network..kill those?

i've checked those on all the machines in the domain. i wrote a script to set the tcp/ip settings on all the machines in the domain so that things are consistent. didn't know about the appletalk part tho, ill check right now to see if that's enabled. unfortunately i'm stuck with ipx/spx since we have novell servers still running. id like to completely migrate from novell, but gotta wait on the higher ups.

i've migrated the printers from novell to win03, and the only protocol on the servers are tcp/ip. i double-checked, and the only protocols in use are tcp/ip

 

[MorfiusX]

unfortunately i'm stuck with ipx/spx since we have novell servers still running.

IPX/SPX can kill your network speeds when you are using TCP/IP as well. You can still use TCP/IP to talk to the Novell servers. The last place I worked was mainly a Novell network when I started. We eventually migrated to Windows 2003. When we disabled IPX/SPX, we saw a 300% increase in network performance. I would enable TCP/IP on the Novell servers if it's not already. Then take a single client and install the Novell client with only TCP/IP. You should see a huge difference in browsing speed. Just speaking from experience here.

 

[YeOldeStonecat]

IPX/SPX can kill your network speeds when you are using TCP/IP as well.

:nods: chatty chatty

 

[YeOldeStonecat]

i wrote a script to set the tcp/ip settings on all the machines in the domain so that things are consistent

No DHCP?

 

[ne0-reloaded]

IPX/SPX can kill your network speeds when you are using TCP/IP as well. You can still use TCP/IP to talk to the Novell servers. The last place I worked was mainly a Novell network when I started. We eventually migrated to Windows 2003. When we disabled IPX/SPX, we saw a 300% increase in network performance. I would enable TCP/IP on the Novell servers if it's not already. Then take a single client and install the Novell client with only TCP/IP. You should see a huge difference in browsing speed. Just speaking from experience here.

well, the reason i'm in a mad dash to get rid of novell is because i don't know shit about it. it wouldn't be an issue if someone else knew it, but they don't. ive been there for less than a year, and the people who've been there for 10+ years dont know shit about it either. someone else set it up, and noone bothered to pickup a novell book. the thing is constantly crashing, and their only solution is to reboot. complete imcompetance, but what can u do in those situations.

i said all that to say im not sure how to enable tcp/ip on a novell server. if you could point me to some docs to set it up, id give it a try. i knew ipx was bad, but i didn't think it was as bad ur saying.

No DHCP?

we have dhcp, but i had to write that script because for some awkward reason, they weren't using dhcp properly. some off brand dhcp software was giving out ip addresses, subnet masks and the def gateway, but nothing else. dns servers were set static, wins was set static, dns suffix was static. i had no fuckin clue why they did that, but like i said, incompetance. they changed dns/wins/dhcp servers, and some other shit, and all hell broke loose.....i'm not even gonna get into it. lets just stay i dont think very highly of my co-workers. they didn't even really consult me on the project, then when i gave them some advice on how not to look like complete assholes, they pretty much blew me off. so after that, i wrote the script so all the clients would have everything dynamic settings. dns and dhcp were also screwed the f*ck up so i had to fix that after the fact. pretty much my time there has been the cleanup crew....really frustrating.

 

[YeOldeStonecat]

some off brand dhcp software was .

Oh........I saw 2003..figure you were running Active Directory...and DHCP on a Windows server. Some clunky 3rd party thing? Ack..yuck.

 

[ne0-reloaded]

oh i already did that. they were running nt4 and some gay dns/dhcp server. we did the migration from nt4 to 2003 ad/dhcp/dns/wins last september. i told them i could do it. even did a test migration to prove it. they decided it would be best to have a consultant (fuckin hate those guys) to do it. he did a half assed job at best, leaving me to play the e-maid.

ive thought about picking up a novell book, but in my opinion, 1) novell is pretty much dead, and 2) hopefully we'll be migrated from it in the next 3 months. I usually take a passive role in fixing things, not wanting to cross the imaginary boundry between sr and jr admins, but im just getting tired of the bullshit theyre dealing with. from what i know, and have been told of novell, i see no reason to keep it now that we're running AD

ill just take it upon myself to do it, instead of waiting for the higher ups....fuck-em!

 

[MorfiusX]

When I did our migration, I didn't know a lot about Novell. I did a ton of searching. Novell's site had some good info, but they have been phasing out the Netware stuff in favor of Linux. If you do some digging, you should be able to fingure out how to do it. Novell is a pain, especially when no one knows how to manage it.