Profile loading takes a long time due to full DFS namespace sync with PDC

Applies to: Windows 7 Service Pack 1Windows 7 EnterpriseWindows 7 Professional More

Symptoms


Assume that you have an environment that contains users' roaming profile location (server-based profiles). The server-based profiles are accessed from Windows 7 Service Pack 1 (SP1) or Windows Server 2008 R2 SP1 through a domain-based Distributed File System (DFS) share. It takes longer than expected to load or unload the profiles. Additionally, you may notice the following behavior:
  1. When you view the network traces of the slow transactions, you notice that the DFS API request NetrDfsGetInfo or dfs_GetInfo is taking some time.

    Note The combined load of all domain controllers in a big domain against the Primary Domain Controller (PDC) might become so big that the connection to the PDC fails and that the DFS API does not respond with a valid path. When this happens, the roaming profile cannot be loaded after the delay. Please review the "More Information" section in this article.
  2. When you view the processing of the request at the DFS server, which is usually the local domain controller (local DC), you see that it has communication with the PDC. There are two basic scenarios where a delay happens:
    1. When the DFS volume has many links and the PDC is attached over a low wide area network (WAN) link, it can take a long time to retrieve the data that the local DC requests by using the LDAP protocol.
    2. When the local DC cannot reach the PDC, it spends significant time retrying a connection with it.

Cause


To learn about the real location of a path within a DFS volume, the Profile Service contacts the DFS service via a NetDfsGetInfo call. This issue occurs because the domain controller makes sure that the NetDfsGetInfo call has the most current information on the DFS volume and queries the PDC for it. The NetDfsGetInfo call does not have prerequisites but is considered a management API.

Resolution


Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, you must be running Windows 7 SP1 or Windows Server 2008 R2 SP1.

For more information about how to obtain a Windows 7 or Windows Server 2008 R2 service pack, click the following article number to view the article in the Microsoft Knowledge Base:

976932 Information about Service Pack 1 for Windows 7 and for Windows Server 2008 R2

Registry information

To apply this hotfix, you do not have to make any changes to the registry.

Restart requirement

You do not have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

Workaround


To work around this issue, you can disable the RootScalability mode. The DFS server will then always use the PDC to sync, and it will use incremental synchronization to the PDC, which is typically much faster. To do this, you can run the following command: 
dfsutil /root:\\domain\dfsroot /RootScalability /Disable 
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
305027 Summary of "piling on" scenarios in Active Directory domains

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information


With this hotfix installed, the profile service does not rely on NetDfs API any longer that would require the DFS service to contact the PDC. It uses a different method that builds on the DFS Get Referral SMB command. For more information, go to the following Microsoft TechNet website: If you are affected by this combination of profile service and DFS service behavior, we recommend you install this update on all computers that users who have roaming profiles are logging on. This typically applies to all workstations and remote desktop servers. The problem that the user profile links are missing after the update is already addressed with an update for DFS service. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2916267 The DFS Namespace reparse point for folder targets are missing in Windows Server 2008 R2
Note This update does not resolve the performance problem behind the PDC dependency.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates