Too Many Servers Spoil Network Performance

Thelife of an NT systems administrator is fraught with peril. In one location, youhave a rapidly growing network with about 240 client nodes running a combinationof Windows NT 4.0 Workstation, Windows 95, and a few Windows for Workgroups(WFW) 3.11 machines (you just haven't had the time to standardize, or maybe youhave no choice). You also have six NT 4.0 servers with one Primary DomainController (PDC) and--because you're paranoid--three Backup Domain Controllers(BDCs) for your single-domain structure (DOMAIN_MAIN), an Exchange server, and aSQL server. The BDCs also function as your print servers. The six NT serverscontain all network files and necessary resources. The company has standardizedon TCP/IP but has yet to implement routers, so you have decided not to implementWindows Internet Name Service (WINS) at this time. Because you have a legacyNetWare server, you are also running IPX/SPX (NWLink). Your users access theNetWare box using NT's Gateway Services for NetWare, and you plan to phase itout in the near future.

You are steadily replacing the old WFW machines with new hardware running NT4.0 Workstation (good move). Life used to be good. But over the past few months,as you've added more nodes to the wire, the system has begun to slow down atunpredictable times. And to top it all off, every client's Network Neighborhood(Connect Network Drive in the WFW machines) now lists most of the 240 nodes andthe six NT servers.

Your customers are complaining about several problems: 1) general networkperformance is slower than it used to be and getting worse ("Some upgrade!");2) mapping drives is a pain because the NT servers and the NT clients are alllumped together in the same list under DOMAIN_MAIN, and the Win95 and WFWclients are listed in the first screen instead of being grouped in a domain; and3) every once in a while, for no reason, the entire network slows to a crawl forwhat seems like a minute or two, causing timeouts, resends, and ticked-offusers. You are at a loss because you bought high-end hardware and followed allof Microsoft's default installation instructions. Deep inside, you're certainthat if you don't fix this problem soon, management is going to suggest that youcall a consultant. That possibility is not good in your environment: Thelast consultant they called is now the CIO.

But don't despair. Some slowdown in network performance is a result of theway Microsoft handles network browsing. By making some minor changes in theserver components in your system and disabling the browser, you can recoup someof your lost performance.

Clients and Servers
To better understand Microsoft's network browsing, let's look briefly atsome of the technology underlying all Microsoft operating systems since WFW 3.1.I'm oversimplifying a bit, but every Microsoft operating system contains twomajor component types that govern network access: a workstation component and aserver component. These components take the form of services in NT, but theyexist in Win95 and WFW, too.

In Win95 and WFW, you can't separate the workstation component from theproduct. Each of these products exists simply to be the OS for standalone boxesor workstations on a network. However, in both NT Workstation and Server, theworkstation component is a separate service that you can manage individuallythrough the Services applet in Control Panel. The purpose of this service is toprovide the client portion of a client/server connection--that is, to connect toshared folders and shared printers in a Microsoft network.

The server component creates the capability for a given machine (runningWFW, Win95, LanMan, or NT) to function as a server on the network. Active bydefault, this component lets you share directories, folders, and printers sothat clients running the workstation component can connect to the servermachine. On request, Network Neighborhood or Connect Network Drive presentslists of every computer (grouped by domain or workgroup) that has an activeserver component in the Microsoft network, even if a particular computer hasnothing shared (no folders, no printers). By default, the computer's Browserservice (which runs automatically in all Microsoft OSs) manages the creation ofthis list.

The Browser

The NT Browser service is designed to give users a dynamically updated listof available resources (in Network Neighborhood or Connect Network Drive). TheBrowser runs under the covers in every Microsoft network.

A master browser runs the Browser service. A master browser is a machinethat acts as a sort of name service that keeps track of all servers that reportthemselves to it; it creates and maintains the browse list. A backup browserreceives the browse list from the master browser and sends it to computers thatask for it. (For more information about browsers, see Mark Minasi, "Domainsand Workgroups," April 1996.)

Every computer with the server component active announces itself as itboots (technically, as every service starts) to the master browser at 1, 2, 4,8, and then 12 minute intervals, and then continues to announce itself every 12minutes as long as the computer or service is up. The backup browsers also get afresh copy of the master browser list every 12 minutes. (You can find out whichof your machines is serving in what browser capacity with the browser monitorutility--Browmon.exe--in the Windows NT Server 4.0 Resource Kit.) Whenthe user clicks on Network Neighborhood, the client software requests a currentlist of resources (any machine with the server component running) from thebackup browser. That list of servers shows up in the Network Neighborhood (orConnect Network Drive) window. When the user double-clicks on a particularcomputer, NT sends a request directly to that computer to return a list of itsshared resources. The user then sees a display of that list.

Conceptually, the Browser service is hierarchical. In DOMAIN_MAIN, forexample, because the PDC and the BDCs are on the same subnet, the PDC becomesthe domain master browser, and two of the BDCs are backup browsers. After youadd routers to the network, each subnet will have a master browser, probably aBDC.

Master and Backup Browsers
The system chooses master and backup browsers through an election process.This election is like playing king of the hill, with an assistant king of thehill, and king of the sub-hill, with an assistant king of the sub-hill. Theprocess runs something like this: Every time a domain controller boots, abrowser election takes place. The PDC will always win the domain master browserrole, and a BDC will always win the backup browser role (unless you have a BDCon a different subnet from the PDC; in that case, one BDC will be the masterbrowser on that subnet). Special broadcast election packets announce theseelections, and every machine that has its server component settings activeparticipates (the server component is turned on in all machines by default).

These domain controller elections work fairly well because when computerswith server components broadcast election packets, the packets contain theinformation that the computers are NT 4.0 servers and domain controllers, and NTserver domain controllers are always king of the hill. The problem with thisarrangement occurs when an ordinary client--let's say a WFW machine--requests abrowse list from the Browser service and doesn't get a timely answer. The WFWclient then calls an election and sends out a broadcast election packetproclaiming to one and all, "I am the master browser unless someone morepowerful than me responds." Because every machine on the network is morepowerful than the WFW client, this announcement forces every machine (withactive server component settings) to respond. In many networks, hundreds ofmachines might send election packet responses to knock this guy off. Afterseveral seconds of the election broadcast storm, the winners are decided, and(surprise!) they are the NT servers again.

Solving the Problem
The solution to the performance problem that browsing creates is to turn offthe server component on every machine that is not performing the serverfunction. To turn off the server component in NT Workstation, from ControlPanel, select Services, and highlight Server, as you see in Screen 1. ClickStartup and then Disabled, as Screen 2 shows. Click OK, then Close, then reboot.

On any NT box that is not functioning as a server, you must also disablethe Computer Browser service. From Control Panel, Services, select ComputerBrowser, Startup, Disabled. If you don't disable the Computer Browser, you willreceive error messages on bootup. But don't disable the Server service or theBrowser service on the real NT servers in your network. These NT servers aresupposed to have the server component active and announce themselves to theworld and share their stuff.

In Win95, go to Control Panel, Network. Highlight File and printer sharingfor Microsoft Networks, as you see in Screen 3. Click Remove.

In WFW, use Notepad or Sysedit to add the following entry to theSYSTEM.INI:

This command disables the server components; the user can't turn them backon without editing the SYSTEM.INI.

After you've disabled the server components, these client machines won'tannounce themselves to the computer Browser service, nor will they participatein any browser elections, thus eliminating a sizable portion of the totalnetwork traffic. In addition to disabling the server components, don't forget totrim additional network traffic by eliminating unnecessary network protocolswherever possible. This action will reduce browser-related traffic even further.

Pros and Cons
By disabling the server components on nonserver machines of all types, youcan reduce network traffic by 30 percent to 40 percent, increase overall networkperformance dramatically, and clean up the Network Neighborhood display in Win95clients. The disadvantages of disabling the Server components are that NT userscan't use Network Neighborhood to browse the network; instead, Administrators(not users) must map drive letters to shares via logon scripts, NET USE, orpersistent connections. In addition, the Administrative shares (C$, D$, E$,ADMIN$) become unavailable for remote administration.

ad">Best of Both Worlds
Some situations require the server components to remain active, such as whenindividual users have a shared printer or shared team or project folders ontheir hard drive. An NT Workstation user may also want the ability to browsenetwork resources and choose them at will. In those cases, you can make onebeneficial change to every machine that must run the server component but thatyou don't want to participate in browser elections and that you never want to bethe master or backup browser.

By editing the Registry, you can prevent each machine from becoming amaster browser and from participating in browser elections. At the same time,you still let them function as servers and place themselves (and theirrespective shares) on the list of available resources. NT Workstations also willbe able to browse the network using Network Neighborhood.

In NT (Workstation or Server), edit the Registry.In HKEY_LOCAL_MACHINESystemCurrentControlSetServicesBrowserParameters change the value ofthe REG_SZ entry in MaintainServer List to No.

To make the same change in Win95, go to Control Panel, Network, asScreen 3shows. Highlight File and printer sharing for Microsoft Networks, clickProperties, and set the value for Browse Master to Disabled. In WFW, comment outor remove the previously described entry that disabled the browser, and add thefollowing entry to the SYSTEM.INI:

Server components and browsing have always been an integral part ofMicrosoft networking. This arrangement has worked well in the past for smallnetworks. But as Microsoft and NT push toward larger enterprise networks,browsing and the electoral process have to go. NT 5.0 eliminates the concept ofbrowsing. Until then, users have no choice but to carefully tweak their NT 4.0and NT 3.51 networks to make them fly.