Re: EFS in the two domain controller environment
From: Drew Cooper [MS] (dcoop@online.microsoft.com)
Date: 09/24/02
- Next message: jbanek: "Setting file\directory SACL"
- Previous message: Torgeir Bakken: "Re: cannot logon to win2000"
- In reply to: ohaya: "Re: EFS in the two domain controller environment"
- Next in thread: ohaya: "Re: EFS in the two domain controller environment"
- Reply: ohaya: "Re: EFS in the two domain controller environment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Drew Cooper [MS]" <dcoop@online.microsoft.com> Date: Mon, 23 Sep 2002 19:10:55 -0700
Both machines have an app running in the context of the same domain user.
They each hit the same server, trying to encrypt.
My best guesses right now:
1. There is some kind of contention when trying to load the user profile on
the remote server.
2. There is contention for a key handle. Both sessions will try to use the
same cached handle on the server.
3. Possibly (outside chance) something to do with winlogon - I'm less
familiar with that on Win2k.
Does this behave any differently if you explicitly "net use" to the share?
I'm kinda grasping at straws until I can see this reproduced and debug it.
I think I do have enough information to get one of our testers to try to
repro your problem in our labs. Maybe we can figure out what's wrong and
help performance in a service pack. (no promises, though - decisions like
that are out of my hands)
If I find out anything useful, I'll post what I find on the newsgroup.
Sorry I can't be more helpful. :-(
-- Drew Cooper [MS] This posting is provided "AS IS" with no warranties, and confers no rights. "ohaya" <ohaya@cox.net> wrote in message news:3D8BA80E.8B0EBF52@cox.net... > Drew, > > Thanks for the help! This has been very frustrating. > > My responses/comments below... > > > > "Drew Cooper [MS]" wrote: > > > > Are you creating lots of new encrypted files? > > The apps on both CLIENTMACHINE1 and CLIENTMACHINE2 have essentially the > same functionality, and YES, they can, at times, create a lot of new > files in the encrypted shared directory. > > > > Are the writes happening in > > the context of the same user? > > I'm not quite sure what you mean by "happening in the context of the > same user", but the same user login (a domain login for the same user > 'xyz') is used on both CLIENTMACHINE1 and CLIENTMACHINE2 when this is > happening. > > Is that what you meant by your question? > > > > Possibly contention for a key handle or > > somesuch. > > Or maybe CLIENTMACHINE1 and CLIENTMACHINE2 are trying to write to the same > > encrypted file? > > No, mostly what the app is doing is creating a new file, writing to the > new file, then closing the file. > > > > > Maybe there's a scenario such that CLIENTMACHINE1 has just > > created file FOO in the encrypted directory, and that logon session is still > > holding a handle from an open with exclusive access, thus the session form > > CLIENTMACHINE2 is blocked. (unscientific speculation) > > Can you clarify the above? As I indicated above, both CLIENTMACHINE1 > and CLIENTMACHINE2 have the same Domain user logged in to them, but the > apps are NEVER writing to the same files. > > However, the apps are ALWAYS writing to the same encrypted shared > directory. > > If it is any of the scenarios that you're alluding to above, would: > > 1) logging into the CLIENTMACHINE1 and CLIENTMACHINE2 with different > logins (e.g., 'xyz1' on CLIENTMACHINE1 and 'xyz2' on CLIENTMACHINE2), or > > 2) having CLIENTMACHINE1 and CLIENTMACHINE2 write to DIFFERENT shared > encrypted directories avoid this hangup? > > > > How frequently do the hangs occur? > > If only one of CLIENTMACHINE1 and CLIENTMACHINE2 is operating, the hang > never occurs. > > The hang only occurs if both machines have the app running > simultaneously, but the hangs do not occur 100% of the time. > > > > >Are they at regular intervals? > > Not as far as we can tell... > > > > Are > > there any clues in the event log on DATASERVER? > > No. We checked Event viewer on both CLIENTMACHINE1 and CLIENTMACHINE2, > as well as the DATASERVER machine. Nothing unusual. > > Jim > > P.S. ONE thing that I forgot to mention earlier (sorry). We THINK > we've noted that if we catch the hang situation while it is occurring > and startup Task Manager on the DATASERVER machine, the hang ends almost > immediately. Again, sorry I forgot to mention this earlier.
- Next message: jbanek: "Setting file\directory SACL"
- Previous message: Torgeir Bakken: "Re: cannot logon to win2000"
- In reply to: ohaya: "Re: EFS in the two domain controller environment"
- Next in thread: ohaya: "Re: EFS in the two domain controller environment"
- Reply: ohaya: "Re: EFS in the two domain controller environment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
