Very Computer

    When the Remote Access inbound network interface ("Internal" in RRAS) is active, browsing the network becomes 10-15 times slower (a client need not be connected, only the interface active). Once the interface is disabled, browsing is back to normal speed. What is the cause and, if it exists, remedy?

--
Annihilator
Head of the SawMan's Consortium
[ http://consortium.come.to/ ]

I think I may have a related issue.  We have an imaging program that
authenticates user logons by using NetServerEnum to browse its way to a
domain controller.  When I have RRAS enabled on the Win2K PDC (yes I know
there's not a PDC as such - but it's the machine with the FSMO PDC role and
there's also 1 other Win2K DC and an NT4 DC on this domain), sometimes
browsing will get totally screwed up throughout our network and the
NetServerEnum calls fail.  I disabled RRAS and we haven't had the problem
since.  I didn't try just disabling the internal interface.

If you have more than one Win2K domain controller, check the even logs and
see if there's anything about one of them, probably the one not running
RRAS, has any error messages about not being able to connect to the other
for browse list updates.  In my case, the entry looks like this:

Event Type: Error
Event Source: BROWSER
Event Category: None
Event ID: 8032
Date:  4/5/2000
Time:  8:32:16 AM
User:  N/A
Computer: TEAK
Description:
The browser service has failed to retrieve the backup list too many times on
transport \Device\NetBT_Tcpip_{9844688D-AEB4-4119-B0E0-E759DD1E7689}. The
backup browser is stopping.
Data:
0000: 33 00 00 00               3...

    When the Remote Access inbound network interface ("Internal" in RRAS) is
active, browsing the network becomes 10-15 times slower (a client need not
be connected, only the interface active). Once the interface is disabled,
browsing is back to normal speed. What is the cause and, if it exists,
remedy?

--
Annihilator
Head of the SawMan's Consortium
[ http://consortium.come.to/ ]

    Hmm... no such error in my event log. Must be a different thing. But the source is the same - RAS.

--
Annihilator
Head of the SawMan's Consortium
[ http://consortium.come.to/ ]

Quote:> I think I may have a related issue.  We have an imaging program that
> authenticates user logons by using NetServerEnum to browse its way to a
> domain controller.  When I have RRAS enabled on the Win2K PDC (yes I know
> there's not a PDC as such - but it's the machine with the FSMO PDC role and
> there's also 1 other Win2K DC and an NT4 DC on this domain), sometimes
> browsing will get totally screwed up throughout our network and the
> NetServerEnum calls fail.  I disabled RRAS and we haven't had the problem
> since.  I didn't try just disabling the internal interface.

> If you have more than one Win2K domain controller, check the even logs and
> see if there's anything about one of them, probably the one not running
> RRAS, has any error messages about not being able to connect to the other
> for browse list updates.  In my case, the entry looks like this:

...

I have the exact same thing (and errors) as you have had happen!

Arch Willingham

I'm not exactly certain which interface you are referring to or what you
mean by "active", but when a machine has the MS Client connected to
multiple interfaces, it will attempt to obtain browse lists for all
interfaces. Unless you particularly need to make MS Networking connections
on all interfaces, it's commonly a good idea to disable the MS Client, as
well as File & Print Sharing, on all but one interface (especially on
'external' interfaces). This gives you a little additional security and
should reduce browsing delays.

Quote:>    When the Remote Access inbound network interface ("Internal" in RRAS) is active, browsing the network becomes 10-15 times slower (a client need not be connected, only the interface active). Once the interface is disabled, browsing is back to normal speed. What is the cause and, if it exists, remedy?

--
Note, I seldom respond to email questions. Please keep discussions in
the news group, so everyone can benefit from them (including me <g>).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

John R Buchan   Independent Consultant       Orlando, Florida     USA
MCSE -++- MVP   ......................        j.buchan(at)att(dot)net

Ah. I just realized which interface you were referring to. I assume, by
'active' you mean, when a RAS client is connected. I haven't been able to
produce the kind of delay you describe, but I have only tested it with LAN
based VPN connections, not dial up client.

If your RAS server is using an IP pool in the same subnet as it's LAN
connection, you might try configuring it to use a different subnet (this
means you may need to make routing adjustments to LAN devices to allow RAS
clients access to them).

It may be that I just haven't dug enough yet, but Win2k seems to offer you
considerably less control of a number of features. RAS server is a good
example. I haven't figured out how to disable the bind between MS Client
and RAS server. I also haven't seen to option to allow RAS clients to
specify an IP. Or the equivalent of "Allow access to entire network" (i.e.
act as a NetBIOS gateway or proxy ARP, instead of routing clients).

On Sun, 16 Apr 2000 22:10:21 -0400, John R Buchan

--
Note, I seldom respond to email questions. Please keep discussions in
the news group, so everyone can benefit from them (including me <g>).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

John R Buchan   Independent Consultant       Orlando, Florida     USA
MCSE -++- MVP   ......................        j.buchan(at)att(dot)net

Quote:> Ah. I just realized which interface you were referring to. I assume, by
> 'active' you mean, when a RAS client is connected. I haven't been able to
> produce the kind of delay you describe, but I have only tested it with LAN
> based VPN connections, not dial up client.

The Internal interface goes active whenever a connection is established by RRAS (incoming OR outgoing), and stays active even when everything disconnects. This can be seen by running "ipconfig" prior to and after the connection.

Quote:> If your RAS server is using an IP pool in the same subnet as it's LAN
> connection, you might try configuring it to use a different subnet (this
> means you may need to make routing adjustments to LAN devices to allow RAS
> clients access to them).

This would inhibit access to the entire network via dial-in. Or wouldn't it? And it doesn't seem to matter - browsing is still as slow as before.

Quote:> It may be that I just haven't dug enough yet, but Win2k seems to offer you
> considerably less control of a number of features. RAS server is a good
> example. I haven't figured out how to disable the bind between MS Client
> and RAS server. I also haven't seen to option to allow RAS clients to
> specify an IP. Or the equivalent of "Allow access to entire network" (i.e.
> act as a NetBIOS gateway or proxy ARP, instead of routing clients).

All this is set via properties of the "Incoming Connections" connection in N&DUC.

--
Annihilator
Head of the SawMan's Consortium
[ http://consortium.come.to/ ]

Quote:>> Ah. I just realized which interface you were referring to. I assume, by
>> 'active' you mean, when a RAS client is connected. I haven't been able to
>> produce the kind of delay you describe, but I have only tested it with LAN
>> based VPN connections, not dial up client.

>The Internal interface goes active whenever a connection is established by RRAS (incoming OR outgoing), and stays active even when everything disconnects. This can be seen by running "ipconfig" prior to and after the connection.

Interesting. I hadn't noticed that it becomes active, when a dial out
connection is made. That is strange.

I had noticed that once it becomes active, it seems to stay active
indefinitely. I'm not certain I'd consider it a bug, but it does seem a bit
odd.

Quote:

>> If your RAS server is using an IP pool in the same subnet as it's LAN
>> connection, you might try configuring it to use a different subnet (this
>> means you may need to make routing adjustments to LAN devices to allow RAS
>> clients access to them).

>This would inhibit access to the entire network via dial-in. Or wouldn't it? And it doesn't seem to matter - browsing is still as slow as before.

The only other suggestion I can think of on this would be to disable MS
Client and F&P Sharing on the RAS interfaces (though I'm not entirely sure
how to this with W2k).

Sorry I can't be more help on this.

Quote:

>> It may be that I just haven't dug enough yet, but Win2k seems to offer you
>> considerably less control of a number of features. RAS server is a good
>> example. I haven't figured out how to disable the bind between MS Client
>> and RAS server. I also haven't seen to option to allow RAS clients to
>> specify an IP. Or the equivalent of "Allow access to entire network" (i.e.
>> act as a NetBIOS gateway or proxy ARP, instead of routing clients).

>All this is set via properties of the "Incoming Connections" connection in N&DUC.

I hadn't seen this one, because it isn't present on DCs. You use RRAS
instead. It does look like some of these settings are available through
RRAS's Remote Access Policies.

--
Note, I seldom respond to email questions. Please keep discussions in
the news group, so everyone can benefit from them (including me <g>).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

John R Buchan   Independent Consultant       Orlando, Florida     USA
MCSE -++- MVP   ......................        j.buchan(at)att(dot)net

Quote:> Interesting. I hadn't noticed that it becomes active, when a dial out
> connection is made. That is strange.
> I had noticed that once it becomes active, it seems to stay active
> indefinitely. I'm not certain I'd consider it a bug, but it does seem a bit
> odd.

Not any dialout connection. Only dial-on-demand interface connection. It really is strange, and quite unnecessary. The iface should go up only when there's an inbound connection and terminate when the connection is terminated.

Quote:> The only other suggestion I can think of on this would be to disable MS
> Client and F&P Sharing on the RAS interfaces (though I'm not entirely sure
> how to this with W2k).

It doesn't seem like it can be done.

Quote:> I hadn't seen this one, because it isn't present on DCs. You use RRAS
> instead. It does look like some of these settings are available through
> RRAS's Remote Access Policies.

Try using NetShell (netsh ras ip) for a raw, direct approach.

--
Annihilator
Head of the SawMan's Consortium
[ http://consortium.come.to/ ]