Resolution
goal
Why does the 'Synchronize Server Users' report take so long to run in a Windows 2000 domain?
fact
VigilEnt Security Manager 3.0
fact
VigilEnt Security Manager 3.0 SR1
fact
VigilEnt Security Manager 3.0 SR2
fact
VigilEnt Security Manager 4.0
fact
VigilEnt Security Agent for Windows 3.1
fact
VigilEnt Security Agent for Windows 3.2
symptom
Some VigilEnt Security Agent for Windows reports and actions take a long time to complete in a Windows 2000 domain.
symptom
When running a 'Synchronize Server Users' report against a Windows 2000 domain controller, the report takes a long time to complete, even though the domain controller is in close proximity to the VigilEnt Security Server machine.
cause
The VigilEnt Security Agent for Windows attempts to seek out a Windows Primary Domain Controller (PDC) for some functions.
fix
Why does the 'Synchronize Server Users' report take so long to run in a Windows 2000 domain?
fact
VigilEnt Security Manager 3.0
fact
VigilEnt Security Manager 3.0 SR1
fact
VigilEnt Security Manager 3.0 SR2
fact
VigilEnt Security Manager 4.0
fact
VigilEnt Security Agent for Windows 3.1
fact
VigilEnt Security Agent for Windows 3.2
symptom
Some VigilEnt Security Agent for Windows reports and actions take a long time to complete in a Windows 2000 domain.
symptom
When running a 'Synchronize Server Users' report against a Windows 2000 domain controller, the report takes a long time to complete, even though the domain controller is in close proximity to the VigilEnt Security Server machine.
cause
The VigilEnt Security Agent for Windows attempts to seek out a Windows Primary Domain Controller (PDC) for some functions.
fix
Although the VigilEnt Security Agent for Windows (VSAWN) is Windows 2000-aware, it will still look for the Primary Domain Controller (PDC) or PDC-Emulator in the domain to perform some actions such as the 'Synchronize Server Users' report. If the PDC-Emulator is located in a different physical site than the VigilEnt Security Server (VSS), poor performance may result. In addition, if the machine hosting the agent is not the PDC-Emulator for the domain, some actions run against that agent will attempt to locate the PDC-Emulator regardless. This will also cause performance issues.
To minimize the impact on performance, the following guidelines should be used when installing the agent and VSM in a Windows Domain:
- Ensure that the VigilEnt Security Agent for Windows is installed on the PDC in a Windows NT4 domain, or on the PDC-Emulator in a Windows 2000 domain, regardless of whether or not you are running in Native-Mode.
- Ensure that the PDC or PDC-Emulator is defined as the primary 'Windows Domain' endpoint in VigilEnt Security Manager (VSM). Run all domain reports and actions against this endpoint. This will ensure that actions such as 'Synchronize Server Users' take minimal time to run.
- If possible, ensure that the machine hosting the VigilEnt Security Server (VSS) is in the same physical site as the PDC or PDC-Emulator. This will ensure minimal communication across Wide Area Network (WAN) links that can hinder performance.
Additional Information
Formerly known as NETIQKB28213