Slow login - delay by 45 seconds - SLP related

I just setup a nice new nework with OES for 25 users.  All running well
except for the login lag.
With tree name specified we see exactly _45_seconds_of_delay_ before
the login script processing starts.
But with an IP address in place of the tree name, the login is almost
instant so this must be an SLP issue right?


Server: OES2 SP3 SLES 10 SP4
Client Win XP with client 4.91 SP5 (IR1)

I've spent hours on this, so I hope  hope someone can give me a pointer
or two.
Here are some of my checks and configs.  

Windows PC:
On the client side everything is set to static
C:\>*slpinfo /d*


*****************************************************
***         Novell Client for Windows NT          ***
***         Service Location Diagnostics          ***
*****************************************************

SLP Version:             4.91.5.11
SLP Start Time:          9:36:31pm    3/3/2012
Last I/O:                8:08:09pm    3/4/2012
Total Packets:           Out: 161         In: 82
Total Bytes:             Out: 12545       In: 2782


DA IP Address     Source(s)   State   Version  Local Interface  
Scope(s)
---------------   ---------   -----   -------  ---------------  
---------------

192.168.1.3       CNFG        UP      SLPV2    192.168.1.99     
DEFAULT
192.168.1.5       CNFG        UP      SLPV2    192.168.1.99     
DEFAULT


On the server:
SLPTOOL FINDSRVS SERVICE:
service:directory-agent://192.168.1.5,65535
service:directory-agent://192.168.1.3,65535

server1:~ # *slptool findsrvs service:ndap.novell*
service:ndap.novell:///PARK-TREE.,3540


# grep -v "#" /etc/*slp.conf* | grep -v ";" | more

net.slp.DAAddresses = 192.168.1.5
net.slp.interfaces = 192.168.1.3  # this is the LAN subnet
net.slp.traceDrop = true
net.slp.useScopes = DEFAULT
net.slp.isDA = true
net.slp.DASyncReg = false
net.slp.isDABackup = true
net.slp.DABackupLocalReg = true


Regards
Gordon


-- 
gordon_mzano
------------------------------------------------------------------------



0
gordon
3/4/2012 12:46:02 PM
novell.netware.winnt-2x-xp 10573 articles. 1 followers. Follow

6 Replies
621 Views

Similar Articles

[PageSpeed] 44

The best way to debug this kind of problems is to take a packet trace and 
to see whatt he client really asks on the network and what replies it gets 
(or doesn't get).
A simple option might for example be to install Wireshark on a sample 
workstation ( http://www.wireshark.org/ ), do a workstation only login, 
start a packet capture with wireshark and then do a manual login (hoping 
the problem does also show in that scenario).

-- 
Marcel Cox
http://support.novell.com/forums
------------------------------------------------------------------------
Marcel Cox's Profile: http://forums.novell.com/member.php?userid=8
0
Marcel
3/5/2012 9:03:29 PM
What Marcel says. But from your description the issue is almost
certainly name resolution within Windows; it's probably trying a number
of other services (eg DNS, host file) before trying SLP. Look in the
client's Protocol Preferences tab, that's the order the client will try.


-- 
Andrew C Taubman
(Sorry, support is not provided via e-mail)

Opinions expressed above are not
necessarily those of Novell Inc.
------------------------------------------------------------------------
ataubman's Profile: http://forums.novell.com/member.php?userid=34
View this thread: http://forums.novell.com/showthread.php?t=452934

0
ataubman
3/5/2012 11:26:02 PM
I did a trace with Wireshark and I think I have found the problems,
though not 100% on the best way to fix it...

ISSUE 1.
Initially the client looks up DNS for the tree name, but strangely the
DNS request is not just for "Tree name" but for the *-context.treename-*
which is -*ou.o.treename.dns-suffix*-.
We don't have the tree name A record in DNS, but nonetheless
_shouldn't_the_client_just_query_for_the_tree_name_without_the_context?_
As a workaround we could put in a DNS entry for ou.o.treename and
o.treename and ou2.o.treename etc, but it is not very elegant.

ISSUE 2.
0.5 sec into the login process, after DNS bombed out, SLP kicks in, and
immediately following, the pc (on 192.168.1.x) tries to connect to
10.0.0.2 via NCP on port 524, which is the the OES server's second NIC
for the backup network.
Obviously the PC can't connect to this address, so why would SLP return
this address, surely it should be intelligent enough to return the
correct 192.168.1.3 address of the server.
There are repeated attempts to make NCP communications with 10.0.0.2
So I think I need to unbind NCP from that interface...What is the best
way to achieve this?

If anyone would like to see the packet capture it is just 55kb so I can
email it.

--Gordon


-- 
gordon_mzano
------------------------------------------------------------------------
gordon_mzano's Profile: http://forums.novell.com/member.php?userid=7639
View this thread: http://forums.novell.com/showthread.php?t=452934

0
gordon
3/6/2012 3:56:04 AM
FIXED

As per previous post, for tree name resolution SLP was returning an IP
address of the second NIC of the eDir server that was on a different
subnet to the PC.

CONFIRM NDS BINDINGS:
netstat -nape | grep ndsd
Both ip addresses listed: 192.168.1.3 and 10.0.0.2.

Second confirmation with:
# ndsconfig get n4u.server.interfaces

SOLUTION - remove the 10.x.x.x binding
# ndsconfig set n4u.server.interfaces=192.168.1.3
# rcndsd restart

Logins are now 1 sec! 
A saving of 44 seconds!!
:-)

IF WOULD BE NICE IF THE SLPD HAS LOGIC BUILT IN TO RETURN IP ADDRESSES
RELEVANT TO THE SUBNET OF THE REQUESTING PC.

With the DNS, I still think that the resolution isn't quite right, and
would like to have that working 100% as a backup to SLP.  BTW the
_DNS_server_is_Windows_2008_R2_
Using the following:
tree name =pine-tree;  
o=pe;  
ou=perth
DNS suffix for LAN: pe.local  

here are the DNS queries in order. 
perth.pe.pine-tree
perth.pe.pine-tree.pe.local
perth.pe.pine-tree
perth.pe.pine-tree.pe.local

To account for the users at this site, I could just add O and OU CNAME
records in DNS but it doesn't scale well for some sites that could have
many more OU's.  Do others use DNS for Tree name resolution and if so,
what records are you using and more importantly are they working as you
expect?  If we were using contexteless logins it could solve the issue
too.  Thoughts on this anyone ?

--Gordon


-- 
gordon_mzano
------------------------------------------------------------------------
gordon_mzano's Profile: http://forums.novell.com/member.php?userid=7639
View this thread: http://forums.novell.com/showthread.php?t=452934

0
gordon
3/6/2012 10:06:02 AM
Hi.

First, good debugging. Proves how extremely useful lan traces are.

See further comments inline..

On 06.03.2012 11:06, gordon mzano wrote:
>
> FIXED
>
> As per previous post, for tree name resolution SLP was returning an IP
> address of the second NIC of the eDir server that was on a different
> subnet to the PC.

That's basically an always existing problem, and isn't even limited to 
Novell in any way, shape or form. Having a machine with multiple nics or 
IP addresses that aren't always reachable for everybody require a great 
deal of planning beforehand, on basically *all* servers.

> IF WOULD BE NICE IF THE SLPD HAS LOGIC BUILT IN TO RETURN IP ADDRESSES
> RELEVANT TO THE SUBNET OF THE REQUESTING PC.

Please do not shout. SLP is a standard protocol, it's not Novells 
invention. It doesn't have that feature, and even if it had, it would 
only be of very limited use. What if your server in general isn't on any 
same subnet with clients? That is a very common setup.

*But*, the Novell client should have a feature that solves this. It is 
supposed to find the closest IP of a server to it's own if multiple IPs 
are returned. It would be interesting to find out why this didn't work here.

> With the DNS, I still think that the resolution isn't quite right, and
> would like to have that working 100% as a backup to SLP.  BTW the
> _DNS_server_is_Windows_2008_R2_
> Using the following:
> tree name =pine-tree;
> o=pe;
> ou=perth
> DNS suffix for LAN: pe.local
>
> here are the DNS queries in order.
> perth.pe.pine-tree
> perth.pe.pine-tree.pe.local
> perth.pe.pine-tree
> perth.pe.pine-tree.pe.local

And are you absolute sure this DNS query is for the *tree*? It could 
very well be a query for the server context, or even the context itself. 
And even worse, it's not even certain that query is produced by the 
Novell Client at all. It could be windows itself.
BTW, DNS will *never* be a 100% backup of SLP, as it doesn't even 
remotely has the same features as SLP does. *Personally*, I disable all 
DNS name resolutions in the Novell client. SLP can be made *extremely* 
redundant and fault tolerant, and is always the better option than 
adding DNS into the mix.

Of course, *if* this really is the DNS requests resulting from the 
Novell clients attempt to find the tree, then this looks like a bug. But 
that has to be confirmed first. And actually, I doubt it. You have SLP 
working, as such the client has a better and *working* way to find the 
tree itself (which would be the very first name reolution attempt ever). 
In that case, the client won't do another DNS request for the tree. That 
said, I'm almost certain you're misinterpreting that DNS request for the 
clients attempt to find the tree by name.

CU,
-- 
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
0
Massimo
3/6/2012 10:39:25 AM
mrosen;2179739 Wrote: 
> 
> 
> *But*, the Novell client should have a feature that solves this. It is
> supposed to find the closest IP of a server to it's own if multiple
> IPs
> are returned. It would be interesting to find out why this didn't work
> here.
> 

Agree, it would be good to know why this didn't happen.  But the final
SLP response from the server (192.168.1.3) to the client for tree name
resolution doesn't provide IP's from what I can tell. 
(All this runs on ESXi hence the "Vmware"  bits.)
------------------------------------------------------------------------------------------------------------------------------------------------------
No.     Time        Source                Destination          
Protocol Length Info
159 2.514576    192.168.1.3           192.168.1.74          SRVLOC 
225    Attribute Reply, V2 XID - 1898

Frame 159: 225 bytes on wire (1800 bits), 225 bytes captured (1800
bits)
Ethernet II, Src: Vmware_fa:15:13 (00:0c:29:fa:15:13), Dst:
Vmware_16:45:98 (00:0c:29:16:45:98)
Destination: Vmware_16:45:98 (00:0c:29:16:45:98)
Address: Vmware_16:45:98 (00:0c:29:16:45:98)
.... ...0 .... .... .... .... = IG bit: Individual address
(unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Source: Vmware_fa:15:13 (00:0c:29:fa:15:13)
Address: Vmware_fa:15:13 (00:0c:29:fa:15:13)
.... ...0 .... .... .... .... = IG bit: Individual address
(unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 192.168.1.3 (192.168.1.3), Dst:
192.168.1.74 (192.168.1.74)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00:
Not-ECT (Not ECN-Capable Transport))
Total Length: 211
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0xb67c [correct]
Source: 192.168.1.3 (192.168.1.3)
Destination: 192.168.1.74 (192.168.1.74)
User Datagram Protocol, Src Port: svrloc (427), Dst Port: blackjack
(1025)
Source port: svrloc (427)
Destination port: blackjack (1025)
Length: 191
Checksum: 0xe0de [validation disabled]
Service Location Protocol
Version: 2
Function: Attribute Reply (7)
Packet Length: 183
Flags: 0x0000
0... .... .... .... = Overflow: Message will fit in a datagram
.0.. .... .... .... = Fresh Registration: Not a new Service
Registration
..0. .... .... .... = Multicast requested: Not multicast or
broadcast
Next Extension Offset: 0
XID: 1898
Lang Tag Len: 2
Lang Tag: en
Error Code: No Error (0)
Attribute List Length: 162
Attribute List:
(svcaddr-ws=2-1-6-c0a80103020c000000000000000000,2-2-17-c0a80103020c000000000000000000,2-1-6-c0a80105020c000000000000000000,2-2-17-c0a80105020c000000000000000000)
Item 1: (svcaddr-ws=2-1-6-c0a80103020c000000000000000000
Item 2: 2-2-17-c0a80103020c000000000000000000
Item 3: 2-1-6-c0a80105020c000000000000000000
Item 4: 2-2-17-c0a80105020c000000000000000000)
Attr Auths: 0
------------------------------------------------------------------------------------------------------------------------------------------------------

mrosen;2179739 Wrote: 
> 
> 
> > With the DNS, I still think that the resolution isn't quite right,
> and
> > would like to have that working 100% as a backup to SLP.  BTW the
> > _DNS_server_is_Windows_2008_R2_
> > Using the following:
> > tree name =pine-tree;
> > o=pe;
> > ou=perth
> > DNS suffix for LAN: pe.local
> >
> > here are the DNS queries in order.
> > perth.pe.pine-tree
> > perth.pe.pine-tree.pe.local
> > perth.pe.pine-tree
> > perth.pe.pine-tree.pe.local
> 
> And are you absolute sure this DNS query is for the *tree*? It could
> very well be a query for the server context, or even the context
> itself.
> And even worse, it's not even certain that query is produced by the
> Novell Client at all. It could be windows itself.
> 

I've traced this issues number of times and each time it was from a PC
that was already logged into the workstation, and I always saw the DNS
resolution attempt immediately after I pressed the key to login.

mrosen;2179739 Wrote: 
> 
> SLP can be made *extremely*
> redundant and fault tolerant, and is always the better option than
> adding DNS into the mix. 
> 
Hmmm - I could consider this.

mrosen;2179739 Wrote: 
>  the client has a better and *working* way to find the
> tree itself (which would be the very first name resolution attempt
> ever).
But in our case we saw DNS first out of the blocks by about 1.2sec for
several traces, then immediately after, SLP had a turn.
Interestingly the DNS resolution attempts to 1.2 sec, which included
the failed responses, while the SLP resolution when fixed took just
0.002 seconds.

But if the DNS ability is there in the client it still should work and
I have used it in the past and it would have got me out of this issue,
but in the end the extra binding would have caused us other issues
anyway.

Does anyone else bother with DNS name resolution for the Novell client?
It would be interesting to know if the DNS resolution is behaving like
my traces and trying to resolve ou.o.treename rather than just tree
name.

-- Gordon


-- 
gordon_mzano
------------------------------------------------------------------------
gordon_mzano's Profile: http://forums.novell.com/member.php?userid=7639
View this thread: http://forums.novell.com/showthread.php?t=452934

0
gordon
3/6/2012 11:26:02 AM
Reply:

Similar Artilces:

NetWare Servr Only
We only have a NetWare Server (that will be updated to OES2 at a later date. We need to have a few Windows XP PCs setup so when I login into my tree using the Novell Client, that I also log into the local windows XP PC. Are there settings somewhere that I need to review? I can't use a generic windows local ID because the local ID needs adinistrator privileges and I don't want to setup a local ID with no password where it could be accessed by anyone Any suggestions? IDM, It appears that in the past few days you have not received a response to your posting. That...

C2s Slow netware login
Hi; I have a working IKE based C2s vpn. We are running NW60SP4 and BM38SP2a. Its a pretty simple Vpn with 2 Traffic rules (default and Allow everybody everything) Nmas Athentication ( logged). The problem that I am having is, the Netware login to our servers behind the Bordermanager box takes anywhere from 1 to 3 minutes even over a T1 connection. It takes about the same time over 28.8k Dialup oddly enough. Has anyone seen this? Does anyone have any ideas? We are Ip only and there is a DA on the inside. Thanks for any advice. How long does it take if you stick a PC on the pub...

Login to Netware on an XP machine
We have an XP machine with Windows XP SP1 installed, aswell Novell Client 4.90. Aswell as having the client installed on an XP machine you need to have a local XP account setup. This is not a very viable option as we run in a school and can not have over 1000 user accounts on every pc. After some research I have created just the 1 XP and have enabled AutoAdminLogon in the registry. The only problem now is that when the PC boots the Auto logon happens for the XP account and loads straight to the desktop with giving you the option to logon to the Netware system. The onl...

slow login on all netware clients
For a few months now, all of our Netware clients (we have different versions, starting from 4.83 to the newest one) experience slow logins. There are two issues: - Once you enter username and password the screen turns black or blue (depending on the standard windows background) and it take 10 to 30 seconds until windows show the box "loading user preferences...etc...". This issue occurs with different workstation images, on windows 2000 and XP. Even when default user is ultra small and no group policies are applied the delay is still there. - When are netware server that...

Auto Login Netware 6 and XP
I have scoured the net for a solution to this and can not find a single thing for v6, only 4.6 etc. I have it so that Xp auto logs on, and for some reason is bypassing Novell logon, and logs right into windows. But i need it to autologon into novell then windows. In the registry I have the autologon = 1 and the default un/pw set. What else am i missing? Thanks See http://support.novell.com/cgi-bin/search/searchtid.cgi?/10052847.htm -- Edison Ortiz Novell Product Support Forum SysOp (No Email Support, Thanks !) The following is what it says for 4.9 yet I cant find th...

XP/Netware login security message
Hey- WHen I log onto XP machine (Netware 6.5, client 4.9sp2), 4 separate and identical windows pop up, all labelled "Automating Security Configuration Management". I can close the windows, and all is well; but how do I stop the windows from coming up at all? I have used msconfig and can find nothing calling for these windows to come up. This only happens on XP machines. Any suggestions? Russell, Do you have Group Policy running those tasks?... Automating security configuration tasks http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve...

Login to Netware on an XP machine #2
We have an XP machine with Windows XP SP1 installed, aswell Novell Client 4.90. Aswell as having the client installed on an XP machine you need to have a local XP account setup. This is not a very viable option as we run in a school and can not have over 1000 user accounts on every pc. After some research I have created just the 1 XP and have enabled AutoAdminLogon in the registry. The only problem now is that when the PC boots the Auto logon happens for the XP account and loads straight to the desktop with giving you the option to logon to the Netware system. The onl...

OS9 login to Netware 5 okay, OSX login to Netware 5 fails
--____DBOIMFUIYTYUEXTAEQAR____ Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable I have 3 Netware 5 (SP6) servers all configured the same and are running = Netware 5 Services for Appleshare v4.5. This just started happening a few days ago. It was working perfectly fine = before. I can't think of anything I might have done to this one particular= server to make it go "bad". I can login under OS X to 2 out of the 3. I can login under OS 9 to all of them. The one I can't login to: No matter what user login I use, I a...

Slow login windows xp sp2
these should help http://support.novell.com/techcenter/search/search.do?cmd=displayKC&docType=kc&externalId=10096451xml0&sliceId=&dialogID=2410564 http://support.novell.com/techcenter/search/search.do?cmd=displayKC&docType=kc&externalId=10096911xml8&sliceId=&dialogID=2410566 make sure to set "always allow ip fragmentation = on" at the server and check all your MTU and TCP window size settings. Was this meant to be in reply to someone else, or posted for general consumption? bd NSC Volunteer SysOp ...

XP Roaming Profiles Slow at Login
Hi, We are using ZfD4.0.1 with Windows XP and the latest Novell client. We have the roaming profile policy enabled and I've edited the ExcludeProfileDirs registry key so that it now only contains 'History;Temp;Temporary Internet Files'. The reason I edited this was to enable the users Outlook profiles to be included in the roaming profile. This works fine but now we are getting complaints from some users that it takes ages to login. A profile in the region of 20MB takes around 10mins to download at login. Surely this shouldn't be the case? Has anyone seen th...

extermely slow logins win xp
I have been investigating this problem for some time but have no solution. Server is NW6SPK4 and has no errors. Clients are windows xp spk2 with client 4.9 sp1 with zenworks 4b latest agent. Login times are excruciatingly slow. Like 3 minutes Zenworks pushes a Windows Group Policy Object to the students desktop which limits their access as users - there are no computer settings. And we use Dynamic User Login. The symptom is user puts name and password on login screen presses OK and the workstation stays right there for 3 minutes - with the local drive seeking and...

XP browsing slow with Netware 5
All, Like many people, when I add new XP(SP2)PCs to my Netware 5 LAN, there are immediate gripes about how long it takes to access the network drives, delayed file access time, etc....in other words SLOW. I have seen many postings. Some say to use a certain client, then others say that didn't work, etc.. I have not seen a definitive answer as to what the problem and fix really is. I saw one really promising thread but the end result was said to have been a bad NIC in the server. Surely everyone all over the world that adds XP to their LANs are not having bad server ...

slow login on Win XP restart
We have Netware 6.5 SP7 with Windows XP Pro SP3 on the workstations (about 75 workstations). We are running IP only (gigabit speed) on the entire network. The workstations are running 4.91 SP4 of the Novell client. My problem, as described below, happens on every pc. Considering that it happens to every person and on every pc I don't think it is cable related, switch related, computer related (unless it's a client setting), user name related, etc. Scenario 1 (slow): - user is logged in to the network and they restart their pc (not a shutdown, but a restart) - after typ...

SLOW SLOW SLOW
Name: Tom Horstman Email: th577atyahoodotcom Product: Firefox Summary: SLOW SLOW SLOW Comments: I have been a user for 2-3 years. It seams that each "new" version gets slower and slower to load the pages. The latest is the slowest. Just some feed back to think about. MS Explorer is now much faster than Firefox. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 ...

Slow slow very slow
Hi I have updated my opensuse 11.2 to 11.3. i use it on HP Laptop pavillion when the PC boot, i wait at least 5 min before to get kdm screen login i have look at the boot text console, and saw opensuse is block on line sm_notify " "idmapd" any idea ? i don't think is a nfs problem but ? regards -- Enthalpie ------------------------------------------------------------------------ What is the output of: Code: -------------------- rpm -qa | grep courier-imap -------------------- and Code: -------------------- ...

Web resources about - Slow login - delay by 45 seconds - SLP related - novell.netware.winnt-2x-xp

Second Gear
Second Gear creates beautiful iPhone and iPad applications, including Elements for storing your writing and notes on Dropbox.

United States Court of Appeals for the Second Circuit - Wikipedia, the free encyclopedia
The United States Court of Appeals for the Second Circuit (in case citations , 2d Cir. ) is one of the thirteen United States Courts of Appeals ...

Beijing issues second red alert for pollution as China braces for weekend of choking smog
Authorities in Beijing issue the city's second red alert for pollution as a wave of choking smog bears down on the city.

Dennis Oland found guilty of second-degree murder in death of father
A New Brunswick jury has found Dennis Oland guilty of second-degree murder in the death of his father, prominent businessman Richard Oland.

Apple facing second (unrelated) lawsuit over excess data usage, this one for iPhone 5/5s
... facing one class action lawsuit alleging that customers were unknowingly using up substantial amounts of mobile data, and it now faces a second ...

Ryan Fitzpatrick Goes Nuts for a Second in Postgame Interview, Asks If It's Live - Bleacher Report
New York Jets quarterback Ryan Fitzpatrick is like a mad scientist—extremely smart (Harvard!) but also a little kooky...

Kurt Russell to ‘The View': Founding Fathers Had ‘Very Strong Reason’ for Second Amendment
Kurt Russell: 2nd Amendment Protects the Ability to Fight Your Own Government

Balam Acab finally releases a second album, 'Child Death'
by Andrew Sacher Balam Acab's 2011 debut album Wander/Wonder was one of the real gems of the unfortunately-named and short-lived witch house ...

Goldman Sachs on Fed Funds rate: "Fairly easy path to a second hike in March"
... attention to the pace of subsequent hikes. While the median dot indicates a further 100bp increase in the funds rate in 2016, implying a second ...

​The second most-famous Christmas story ever told
Published in 1843, Charles Dickens' "A Christmas Carol" is a perennial testament to the holiday spirit

Resources last updated: 12/20/2015 4:15:59 PM