Minimizing WAN Traffic

This article was previously published under Q142692
This article has been archived. It is offered "as is" and will no longer be updated.
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
This article lists the modifications that have to be made to your computersdeployed in a WAN environment, if you want to minimize the traffic over therouters. This information applies only to Windows NT 4.0 and Windows NT3.51 Service Pack 5.

This information can become very useful if, for example, you are using ISDNlines rather than leased lines. When using ISDN, each frame sent across theISDN line may establish a new connection and, therefore, costs money. Thus,the operating cost of your ISDN lines can become very high.

Because much of the traffic is generated by Windows NT domain controllers,this traffic can be dramatically reduced using these modifications.

CAUTION: The parameter change included in this article has not beenextensively tested in large installations. Microsoft cannot guarantee thatmodification of registry settings as recommended herein will accomplish theobjective described in this article under all circumstances and in allconfigurations.
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Assume that your Windows NT systems have been spread across several sitesinterconnected by routers, and consider two typical cases:
  • A single domain split into several LANs, with one backup domain controller (BDC) on each LAN.
  • Several domains with trust relationships.
This article includes a short description of the network frames that canBe encountered in the absence of the modifications described later in thearticle. The network traces were captured in a lab with the followingconfiguration:
  • Name of domain = DOMWAN
  • Name of primary domain controller (PDC) = PDCWAN = (on a separate LAN)
  • Name of backup domain controller (BDC) = BDCWAN = (on a separate LAN)
        -----      |                            |     -----   | PDC |-----|                            |----| BDC |   | WAN |     |                            |    | WAN |    -----      |            ISDN            |     -----  |--- router <====> router ---|               | |					

The License Service May Generate Traffic Every 15 Minutes

The License service performs licensing replication. Data moves from BDCsand member servers to the PDCs, and then, optionally, from the PDCs to anenterprise server, which maintains licensing information across the wholenetwork.

This replication, by default, is performed one time every 24 hours. If, forsome reason, the BDC cannot connect to the license service on the PDC, theBDC will continue to attempt replication one time every 15 minutes until itis successful.

Reducing Exchange of Browse Lists

Note This setting also applies to Windows Server 2008.

Every MasterPeriodicity time interval (every 12 minutes, by default), themaster browsers, which are the BDCs, try to contact the domain masterbrowser, the PDC, to exchange their browse lists.

This parameter can be changed in the registry of all the BDCs:
Value : MasterPeriodicity DWORD number in seconds
Default : 720
For additional information about this parameter, click the article number below to view the article in the Microsoft Knowledge Base:
134985 Browsing & Other Traffic Incurs High Costs Over ISDN Routers
To optimize the traffic on your WAN lines, increase the value above on allBDCs.

SAM Replication Between a PDC and Its BDCs

The SAM replication is controlled by Netlogon on the PDC. The followingregistry value defines the typical pulse frequency (in seconds):
Value : Pulse REG_DWORD 60 to 172800 seconds (48 hours)
Default : 300
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
150350 NetLogon Maximum Value of Pulse Should Exceed 3600
All SAM/LSA changes made within this time are bundled together. After thisperiod has elapsed, a pulse is sent to each BDC needing the changes. Nopulse is sent to a BDC that is up-to-date.

Increasing this value on the PDC reduces the number of replicationsbetween the PDC and the BDCs. Nevertheless, the SAM changes are propagatedless quickly from the PDC to the BDCs. You must choose a balance betweeninfrequent replication that may increase the number of connections to aPDC to validate changed passwords and frequent replication that maygenerate excessive ISDN traffic.

The Netlogon PulseMaximum parameter has to be changed:
Value : PulseMaximum REG_DWORD 60 to 172800 seconds (48 hours)
It defines the maximum pulse frequency (in seconds). Every BDC will besent at least one pulse at this frequency, whether its database is currentor not.

NOTE: The replication takes place immediately if a change is made in LSA secrets, for example, when adding a workstation to the domain or changing trusts relationships.

Close of SMB Connections

The following value specifies the maximum amount of time that a connection can be left dormant:
Value : KeepConn REG_DWORD 1 to 65535 seconds
Default : 600 (10 minutes)
In a WAN environment, it is preferable to lower this value to 10 seconds onall the servers and the workstations, so that a new ISDN connection is notestablished just because of a SMB connection close.

Changing KeepConn may generate significant SMB overhead. As connections areclosed very quickly, each new connection implies the establishment of a newSMB connection.

NetBIOS Name Resolution Mode

When you use a domain spanning into multiple sites, the NetBIOS nameresolution mode should be set to m-node (broadcasts followed by nameserver) on all servers and workstations.

This setting ensures that a local (for example, on the same subnet) domaincontroller is always contacted first (for example, before trying to contactthe PDC).

On Windows NT systems, the NetBIOS name resolution mode can be set tom-node with the modification of the following key:
Value : NodeType REG_DWORD 4 (4 is for M-NODE)

Trusts Relationships

Under certain circumstances, it is possible for 2 PDCs of 2 domains with atrust relationship to generate traffic every 15 minutes.For more information, click the following article number to view the article in the Microsoft Knowledge Base:
152719 WAN and Trust: Traffic on the Wire
The following parameter defines the time interval during which Netlogon does miscellaneous work (on the PDC and on the BDCs), for example, finding a domain controller.
Value : ScavengeInterval REG_DWORD 60 to 172800 seconds (48 hours)
Default : 900 (15 minutes)

Other Services That Generate Traffic

Check out the configuration of your WINS database renewal interval, and thereplicator service as well.

The replicator service may be modified as follows:
Value : Interval REG_DWORD 60 (minutes)
Default : 5 (minutes)

Value : Pulse REG_DWORD 6 (6 * 60 minutes = 6 hours)
Default : 3
For additional information about how to modify WINS settings, click the article numbers below to view the articles in the Microsoft Knowledge Base:
142305 Min. and Max. Interval Values for WINS Configuration
135922 Windows NT Registry Parameters for WINS

Article ID: 142692 - Last Review: 02/28/2014 08:01:17 - Revision: 3.2

  • Microsoft Windows NT 3.51 Service Pack 5
  • Microsoft Windows NT Server 4.0 Standard Edition
  • kbnosurvey kbarchive kbinfo kbnetwork KB142692