Settings for minimizing periodic WAN traffic (819108)



The information in this article applies to:

  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Professional 64-Bit Edition (Itanium)
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Professional MultiLanguage Version
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Server MultiLanguage Version
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Advanced Server MultiLanguage Version
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Server 4.0

SUMMARY

This article describes the registry settings and the Group Policy settings that affect periodic wide area network (WAN) traffic and Integrated Services Digital Network (ISDN) costs. If you have a dial-on-demand link, it might be unexpectedly enabled by periodic WAN traffic. You can configure the system's components and services to minimize periodic WAN traffic and to reduce ISDN costs.

SYMPTOMS

Your dial-on-demand link activates while the computer is idle if the following conditions are true:
  • You are using a Microsoft Windows 2000 Professional-based computer or a Microsoft Windows XP-based computer on a remote network.
  • The computer is a member of one of the following domains:
    • Microsoft Windows NT 4.0
    • Windows 2000
    • Microsoft Windows Server 2003
  • You are connected to the domain controllers over a dial-on-demand link.

RESOLUTION

The following sections contain a comprehensive summary of registry settings and Group Policy settings that you can add or modify to minimize WAN traffic. Some of the settings depend on the operating system version that the computer is running.

Part 1: A description of the relevant registry settings

The following registry settings affect WAN traffic and ISDN costs. To minimize periodic WAN traffic and to reduce ISDN costs, configure these settings as appropriate.

The Browser service registry settings

The domain master browser periodicityDescription: The primary domain controller (PDC) is always the domain master browser. Therefore, a master browser on a network that does not host the PDC for the domain activates dial-on-demand links when a server that participates as a master browser tries to locate the PDC. By default, the attempt interval is five minutes. You can create a MasterPeriodicity registry entry that instructs the Browser service to adjust its default interval for contacting a domain master browser. By default, the MasterPeriodicity entry is not present. The recommended default for dial-on-demand deployments is 86,400 seconds (one day).

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters
Entry: MasterPeriodicity
Type: DWORD
Recommended value (seconds): 86400

Server list maintenanceDescription: If you enable a server to participate as a browser and to potentially be elected as a master browser for its network, the server will periodically contact the PDC for its domain. By default, the MaintainServerList registry entry is set to Auto. The recommended value is No unless you must have browser functionality on the network. If you must have browser functionality, set this value to Yes. However, make sure to configure the MasterPeriodicity interval to a large enough interval to reduce the number of PDC contacts.

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters
Entry: MaintainServerList
Type: String
Default value: Auto
Recommended value: No

The SAM replication registry settings

Security Accounts Manager (SAM) replication is controlled by the Net Logon service on the PDC. The pulse frequencyDescription: The Pulse entry defines the typical pulse frequency.

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
Entry: Pulse
Type: DWORD
Default value (seconds): 300
Recommended value: 60 to 172800 (48 hours)
Minimum and maximum values: In Windows Server 2003, the minimum value is 60. The maximum value is 172800.

The maximum pulse frequencyDescription: The PulseMaximum entry defines the maximum pulse frequency.

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
Entry: PulseMaximum
Type: DWORD
Recommended value (seconds): 60 to 172800 (48 hours)

The dial-up latency registry settings

The expected dial-up delayDescription: The ExpectedDialupDelay entry specifies the time that is required for a dial-up router to dial when it sends a message from a client computer to a domain across a slow link. In this scenario, the domain is trusted by the client computer. Typically, the Net Logon service assumes that it can quickly reach a domain controller. By setting the ExpectedDialupDelay entry, you inform the Net Logon service to expect an additional delay. The recommended value for this setting is the average time in seconds that is required for the dial-on-demand link to be established, plus a constant of 5 seconds for variance.

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Entry: ExpectedDialupDelay
Type: DWORD
Recommended value (seconds): 90

The Net Logon service registry settings

The AvoidPdcOnWan entryDescription: The AvoidPdcOnWan entry instructs the server that is running the Net Logon service to avoid going to the PDC operations master roles as much as it can. (The operations master roles are also known as flexible single master operations or FSMO.) The AvoidPdcOnWan entry also instructs other components, such as the SAM, that use this information. For example, assume that this entry is enabled on a domain controller in a remote site. In this scenario, the remote domain controller will not try to verify a password with the PDC operations master roles if the client does not authenticate with the local domain controller.

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Entry: AvoidPdcOnWan
Type: DWORD
Recommended value: 1 (enabled)

In Windows 2000 Service Pack 2 and in later Windows 2000 service packs, in Windows XP, and in Windows Server 2003, the Directory service client queries are issued one time per hour. You can adjust the following registry entries to extend this query time beyond one hour.The negative cache periodDescription: The NegativeCachePeriod entry specifies the time that a client will remember that a domain controller could not be found in a domain. If a program tries again within this time, the client call immediately fails without trying to find a domain controller again.

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Entry: NegativeCachePeriod
Type: DWORD
Default value (seconds): 45
Recommended value: 84600

The background retry initial periodDescription: Some programs periodically try to find a domain controller. If the domain controller is not available, these periodic retries can be costly in dial-on-demand scenarios. The BackgroundRetryInitialPeriod entry defines the minimum amount of elapsed time before the first retry occurs. If the value is smaller than the value set in the NegativeCachePeriod entry, the NegativeCachePeriod value is used.

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Entry: BackgroundRetryInitialPeriod
Type: DWORD
Recommended value (seconds): 84600

The background retry back-off periodDescription: The BackgroundRetryMaximumPeriod entry defines the maximum interval that the retries will be backed off. For example, if the first retry is after 10 minutes, the second retry will be after 20 minutes, and the next retry will be after 30 minutes. This continues until the value in the BackgroundRetryMaximumPeriod entry is reached. Then, the BackgroundRetryBackoffPeriod value is used for the retry interval until the value in the BackgroundRetryQuitTime entry is reached.

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Entry: BackgroundRetryMaximumPeriod
Type: DWORD
Recommended value (seconds): 84600 seconds

The background retry quit timeDescription: When a program runs a periodic search for domain controllers and cannot find a domain controller, the value that is set in this entry determines when retries are no longer possible.

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Entry: BackgroundRetryQuitTime
Type: DWORD
Recommended value (seconds): 600

For more information about these parameters, click the following article number to view the article in the Microsoft Knowledge Base:

265395 Windows 2000 member runs discovery every 15 minutes with possible high dial-on-demand line costs

DFS registry settings

The frequency of domain controller queries by DFSDescription: The DfsDcNameDelay entry can reduce the frequency of domain controller queries by Distributed File System (DFS). Modify this entry on the client computer.

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters
Entry: DfsDcNameDelay
Type: DWORD
Windows Server 2003 and Windows 2000 default value (minutes): 15

On Window XP-based computers, the default value is set to 60 minutes by using a Group Policy setting. This setting determines how frequently a DFS client discovers the domain controllers.

Windows XP-based client computers dynamically look for updates to the DFS discovery interval. The valid range for DfsDcNameDelay is from 15 minutes to 360 minutes. No restart is required for new settings to take effect.

For more information about the DfsDcNameDelay parameter, click the following article number to view the article in the Microsoft Knowledge Base:

291377 Policy to control the frequency of Windows XP client DFS queries

Note The procedure that is described in Microsoft Knowledge Base article 291377 does not reduce the number of DFS queries that the Windows XP-based computer issues after you add the following registry key:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DFSClient\DfsDcNameDelay

To resolve this problem, obtain the latest service pack for Windows XP. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

322389 How to obtain the latest Windows XP service pack

You can also resolve the problem in Windows XP by installing hotfix 829104. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

829104 The DFS client ignores the DfsDcNameDelay registry key setting

The frequency of PDC queries by DFSEvery DFS server that has a domain-based DFS root polls the PDC for changes on the root object. You can control the interval between pollings by setting the SyncIntervalInSeconds registry entry on the DFS root server or servers. By setting this entry, you can control when DFS returns referrals that are based on cached data. If you increase this value, DFS caches namespaces and referrals for a longer duration.

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DFS
Entry: SyncIntervalInSeconds
Type: DWORD
Default value (seconds): 3600 (1 hour)

The maximum password ageDescription: The MaximumPasswordAge entry defines how long users can log on to the network before they are prompted to change their passwords.

Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters Entry: MaximumPasswordAge Type: DWORD
Default value (decimal, number of days): 7 (in Windows NT) , 30 (Windows 2000/XP/2003)
Recommended range: 42 to 70

For more information about the MaximumPasswordAge entry, click the following article number to view the article in the Microsoft Knowledge Base:

175468 Effects of machine account replication on a domain

Intrasite domain controller replicationDescription: The "Replicator notify pause after modify (secs)" entry defines the delay after a domain controller writes a change to its local copy of the Active Directory directory service and before the domain controller's replication partners are notified of the change. When this interval elapses, the domain controller initiates a notification to each intrasite replication partner that changes exist that must be propagated.

Subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
Entry: "Replicator notify pause after modify (secs)"
Type: DWORD
Default value (seconds): 300 (5 minutes)

The Knowledge Consistency Checker (KCC) replication topology update periodDescription: The "Repl topology update period (secs)" value defines the number of seconds between intervals.

Subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
Entry: "Repl topology update period (secs)"
Type: DWORD
Default value (seconds): 900 (15 minutes)

Windows XP Group Policy settings

The following policy settings control the frequency of Net Logon-based traffic and of DFS-based traffic on Windows XP clients. To locate these settings, click Start, click Run, type gpedit.msc, and then click OK.Computer Configuration/Administrative Templates/System/Net Logon
  • Scavenge Interval
  • Positive Periodic DC Cache Refresh for Non-Background Callers
  • Positive Periodic DC Cache Refresh for Background Callers
  • Final DC Discovery Retry Settings for Background Callers
  • Maximum DC Discovery Retry Interval Settings for Background Callers
  • Initial DC Discovery Retry Settings for Background Callers
  • Negative DC Discovery Cache Settings
  • Contact PDC on logon failure
  • Expected dial-up delay on logon
Computer Configuration/Administrative Templates/Network
  • Sets how often a DFS Client discovers DCs

    By default, a DFS client tries to discover domain controllers every 15 minutes. If you enable the Sets how often a DFS Client discovers DCs setting, you can change the interval. This value is specified in minutes. If you disable this setting or do not configure it, the default value of 15 minutes applies. The corresponding registry subkey is the following:

    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DFSClient\DfsDcNameDelay

"Group Policy domain controller selection" setting

By default, Group Policy reads and writes changes to the domain controller that is designated as the PDC operations master for the domain. We recommend that you change the Group Policy domain controller selection value on the domain controller that Active Directory Users and Computers or Active Directory Sites and Services uses. The corresponding registry subkey is the following:

Subkey: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Group Policy Editor\DCOption
Description: The DCOption registry entry determines the domain controller that Group Policy uses.
Type: DWORD
Recommended value: 2
Range: 1, 2, 3
Default value: 1

The DCOption entry stores the setting of the Group Policy domain controller selection Group Policy setting. Group Policy adds the DCOption entry to the registry when you enable the policy. If you disable the policy or set it to "Not configured," Group Policy deletes this entry from the registry, and the computer behaves as if the value is 1.

To change the value of the DCOption entry, configure the Group Policy domain controller selection policy in Group Policy Object Editor. To locate the Group Policy domain controller selection policy, see the following Group Policy object:

User Configuration\Administrative Templates\System\Group Policy

The following table describes the settings.
ValueDescription
1 or not in the registryUse the PDC. Group Policy reads and writes changes to the domain controller that is designated as the PDC operations master for the domain.
2Inherit from the Active Directory directory service snap-ins. Group Policy reads and writes changes to the domain controller that Active Directory Users and Computers or Active Directory Sites and Services uses.
3Use any available domain controller. Group Policy can read and write changes to any available domain controller.

Part 2: Default values

Default values for packet types

The following table shows the packet types and their default send intervals.
Packet typeProtocolTransportIntervalNotes
NetLogonServer message block (SMB)TCP/IP and NetBIOS Enhanced User Interface (NetBEUI)300 seconds
BrowseSMBTCP/IP and NetBEUI720 seconds This value applies to Microsoft Windows NT.
KeepAliveNetwork basic input/output system (NetBIOS)TCP/IP3600 seconds (60 minutes)
SessionAliveNetBIOSNetBEUI30 seconds This value applies to Microsoft LAN Manager.
KeepAliveNetBIOSInternetwork Packet Exchange (IPX)30 seconds
Echo SMBSMBDirect Host IPX240 seconds
Echo NetBIOS over TCP/IP (NetBT)NetBIOSTCP/IP and NetBEUI120 seconds If a session is idle, the file server sends an SMB echo frame at the specified interval.
Windows ExplorerSMBTCP/IP and NetBEUI 32 seconds This value controls the frequency that the file server sends an SMB echo frame to the client as long as the client has an outstanding long-term request open.
KeepAliveNetBIOSTCP/IP300 seconds (5 minutes) This entry corresponds to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlServices\NetBT\parameters\SessionKeepAlive
KeepAliveTCPTCP/IP1 second This entry corresponds to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\KeepAliveTime
Notes
  • The Browse packet type in this table indicates network traffic between a Windows NT-based PDC and its backup domain controllers (BDCs).
  • The Windows NT redirector echoes an SMB echo frame every 30 seconds or 32 seconds to each file server that has an associated long-term request that is outstanding. For example, a file server might have a NotifyChange request in Microsoft Internet Explorer. To avoid these packets, you can set the NoRemoteChangeNotify key.

    For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

    831129 Folder tree flickers when you view a mapped network drive in Microsoft Windows Explorer

    816375 Windows XP Explorer pane flickers on mapped network drives

  • If there is no data transfer between the client and the server for the KeepAlive interval (120 seconds), the server sends the first keep-alive probe. After two minutes of inactivity (idle tree connects), the file server sends a 1-byte session message. The TCP payload is "02". The TCP sequence number starts with the last received acknowledgement (ACK) minus 1 and ends with the current acknowledgement.
  • If the connection against the server is made by using named pipes, the server sends an "NetBT: SS - Session Keep Alive" message to the client approximately every 300 seconds.

    The NetBT SessionKeepAlive entry is in the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters

  • A Common Internet File System (CIFS) TCP session keep-alive message includes a byte with an 0x85 value, followed by three bytes with a 0 (zero) value in the NetBT header. The keep-alive message may be sent if no messages have been sent for a client-configurable interval.

The default values for Microsoft Office Outlook 2003 and for Microsoft Exchange Server

By default, the client publishes free or busy information to the server for 15 minutes (900 seconds). In Outlook 2003, the default interval is 45 minutes. To change this interval, follow these steps:
  1. Start Microsoft Outlook.
  2. On the Tools menu, click Options.
  3. On the Preferences tab, click Calendar Options.
  4. In the Calendar Options dialog box, click Free/Busy Options.
  5. In the Update free/busy information on the server box, type the number of minutes that you want to use as the interval.

The default values for Windows NT 4.0

ComponentDefault interval settingNotes
SAM replication 300 seconds (5 minutes)To change this value, use the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters\Pulse Trusts
Relationships900 seconds (15 minutes)To change this value, use the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters\ScavengeInterval
WINS replication300 seconds (5 minutes)To change this value, use the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Replicator\Parameters\Interval, Pulse
License Service Replication 24 hours By default, the License service replication is performed one time every 24 hours. If, for some reason, the BDC cannot connect to the License Service on the PDC, the BDC continues to try replication one time every 15 minutes until it succeeds. To change this value, use the user interface in Licensing Application, Replication Frequency in Control Panel, or stop the License Logging service (LLS).

For more information about how to minimize the traffic over the routers in a Windows NT 4.0 environment, click the following article number to view the article in the Microsoft Knowledge Base:

142692 Minimizing WAN traffic
DFS client 21 minutesThis problem was fixed after Windows NT SP6a was released. To fix this problem, install the hotfix that is described in the following Microsoft Knowledge Base article:

271374 Windows NT 4.0 SP6 clients contact the PDC every 21 minutes

You must also disable DFS by setting the following registry subkey to 1:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup\DisableDFS

Default values for Windows NT 4.0 and Windows 2000

ComponentDefault interval settingNotes
Domain browsing720 seconds (12 minutes)To change this value, use the following registry subkeys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MasterPeriodicity
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\BackupPeriodicity
WINS replication30 minutesTo change this value, use the WINS graphical user interface (GUI).
Printer browsing600 seconds (10 minutes)To disable the browse thread on the current print server, set the following registry subkey to 1:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\DisableServerThread
SMB connections600 seconds (10 minutes) after closeTo change this value, use the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\KeepConn
NetBIOS node type4 (mixed, or m-node)To change this value, use the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBt\Parameters\NodeType

This registry subkey specifies the mode of NetBIOS name resolution that is used by NetBIOS over TCP/IP, where 1 is b-node, 2 is p-node, 4 is m-node, and 8 is h-node. You can configure this value by using DHCP Manager on the DHCP server. The default is 1 (b-node) if no value is specified. If WINS servers are specified and if the NodeType value is not specified, the default is 8 (h-node).
PPTP "keep-alive" packet60 secondsTo change this value, use the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Raspptpe\Parameters\Configuration\InactivityIdleSeconds

This registry subkey specifies the number of seconds that Point-to-Point Tunneling Protocol (PPTP) will continue without activity on the control channel. By default, PPTP sends a "keep-alive" packet every 60 seconds.

Default values for Windows 2000

ComponentDefault interval settingNotes
The Net Logon domain controller discovery900 seconds (15 minutes)In Windows 2000 Service Pack 2 (SP2), the Directory service client code was changed so that queries are issued one time per hour. For more information about how to create registry keys to extend this query time beyond one hour, click the following article number to view the article in the Microsoft Knowledge Base:

265395 Windows 2000 member runs discovery every 15 minutes with possible high dial-on-demand line costs
DFS queries for domain controllers900 seconds (15 minutes)To change this value, use the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\DfsDcNameDelay

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

265395 Windows 2000 member runs discovery every 15 minutes with possible high dial-on-demand line costs
GPO refresh interval90 minutesFor more information, click the following article number to view the article in the Microsoft Knowledge Base:

265395 Reoccurring WAN traffic every five minutes may cause high line costs
Link Tracking service4 hoursThis interval may cause additional DNS queries. This problem was fixed in Windows 2000 SP2. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

279117 The Distributed Link Tracking Server service may cause additional DNS queries in Windows 2000 Server
MMC, extraneous DNS queriesOn action in Group Policy Object Editor This problem was fixed in Windows 2000 SP3. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

295165 Extraneous DNS queries generate network overhead
DNS service300 seconds (5 minutes)This interval may cause high line costs. This problem was fixed in Windows 2000 SP3. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

311736 Reoccurring WAN traffic every five minutes may cause high line costs
The Net Logon service LSA remote procedure call (RPC)300 seconds (5 minutes)RPC Active Directory and Exchange replication traffic.
Intrasite domain controller replication300 seconds (5 minutes)To change this value, use the following registry subkey:

CurrentControlSet\Services\NTDS\Parameters\"Replicator notify pause after modify (secs)"

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

214678 How to modify the default intrasite domain controller replication interval

Default values for Windows XP and for Windows Server 2003

ComponentDefault interval settingNotes
Time service (W32time) 17 minutesThis value is found in the following registry subkeys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32time\Config\MaxPollInterval

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32time\Config\MinPollInterval

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

823456 Windows Time Service ignores the local polling interval values in Windows Server 2003 and Windows XP

If you change the MaxPollInterval and MinPollInterval local polling values for the Microsoft Windows Time service (W32time), the values are ignored. The service always polls at 17-minute intervals.

MORE INFORMATION

Microsoft Knowledge Base articles

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

134985 Browsing and other traffic incur high costs over ISDN routers

135360 Periodic re-transmit times for packets

136712 Common questions about browsing with Windows

140552 How to optimize Windows NT to run over slow WAN links w/TCP/IP

142692 Minimizing WAN traffic

150350 NetLogon maximum value of pulse should exceed 3600

152719 WAN and trust: traffic on the wire

164257 Inactivity timeout not passed through to TAPI service provider

193841 Adjusting PPTP KeepAlive frequency

207552 Windows NT 4.0 domain controllers across RAS or slow links

265395 Windows 2000 member runs discovery every 15 minutes with possible high dial-on-demand line costs

295165 Extraneous DNS queries generate network overhead

311736 Reoccurring WAN traffic every five minutes may cause high line costs

314053 TCP/IP and NBT configuration parameters for Windows XP

816649 DBNetLib sets hard-coded KeepAliveTime and KeepAliveInterval

214678 How to modify the default intra-site domain controller replication interval

291377 Policy to control the frequency of Windows XP client DFS queries

829104 The DFS client ignores the DfsDcNameDelay registry key setting

831129 Folder tree flickers when you view a mapped network drive in Microsoft

816375 Windows XP Explorer Pane flickers on mapped network drives

823456 FIX: Windows Time Service ignores the local polling interval values in Windows Server 2003 and Windows XP

A Microsoft white paper

A white paper that is titled "Using Microsoft Windows XP Professional with Service Pack 1 in a Managed Environment" is available for download. This white paper provides information about the communication that flows between components in Windows XP Professional Service Pack 1 (SP1) and sites on the Internet.

The following file is available for download from the Microsoft Download Center:

DownloadDownload the white paper package now.

Release Date: October 26, 2004

For more information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Specific problems and their associated Microsoft Knowledge Base articles

Windows NT 4.0 and Windows 2000 browsing and WINS replication

  • Article:

    134985 Browsing and other traffic incur high costs over ISDN routers


    Cause: This problem may be caused by incorrect configuration of the default interval for the following components:
    • Domain browsing
    • WINS replication
    • Directory replication
    • User accounts database (SAM) replication
    • Printer browsing
    Occurrence: Varies depending on default interval parameters.
    Resolution: Increase appropriate intervals.

Windows NT 4.0

  • Article:

    142692 Minimizing WAN traffic


    Cause: This problem may be caused by incorrect configuration of the default interval for the following components:
    • License Logging service
    • Browsing
    • SAM replication
    • Closing of SMB connections
    • NetBIOS node type
    • Trust relationships
    • Replicator service
    • WINS replication
    Occurrence: Varies depending on default interval parameters.
    Resolution: Change the appropriate intervals to greater values.

Windows NT 4.0 Service Pack 6a (SP6a)

  • Article:

    271374 Windows NT 4.0 SP6 clients contact the PDC every 21 minutes

    Cause: Windows NT 4.0 may contact the PDC every 21 minutes to obtain a DFS referral.
    Occurrence: Every 21 minutes.
    Resolution: Install hotfix 271374.

Windows 2000

  • Article:

    265395 Windows 2000 member runs discovery every 15 minutes with possible high dial-on-demand line costs

    Cause: This problem is caused by the DsGetDcName function that is used in Net Logon service domain controller discovery, DFS queries for the domain controller, or the GPO refresh interval.
    Occurrence: Varies depending on the default interval parameters.
    Resolution: Install Windows 2000 Service Pack 2 (SP2). Windows 2000 SP2 sets the default interval to one hour and enables configuration of longer intervals.
  • Article:

    279117 The Distributed Link Tracking Server service may cause extra DNS queries in Windows 2000 Server

    Cause: This problem is caused by an additional DNS query for "_ldap._tcp.Site_Name._sites.dc._msdcs.Server_Name"
    Occurrence: Every four hours.
    Resolution: Install Windows 2000 SP2.
  • Article:

    295165 Extraneous DNS queries generate network overhead

    Cause: This problem is caused by a bogus DNS query for "_ldap._tcp.Site-Site_Name._sites.dc_msdcs.Server_Name.Domain_Name
    Occurrence: Every time the Security section of the domain Group Policy setting on the DNS client domain controller is opened.
    Resolution: Install Windows 2000 Service Pack 3 (SP3).
  • Article:

    311736 Reoccurring WAN traffic every five minutes may cause high line costs

    Cause: This problem occurs when the following conditions are true:
    • Remote procedure call (RPC) LsaLookupNames for "Authenticated Users" are forwarded to trusted domains.
    • Non-English versions of Windows 2000 are running DNS servers that have Active Directory integrated zones.
    Occurrence: Every 5 minutes or 300 seconds.
    Resolution: Install Windows 2000 SP3.

Windows XP

  • Article:

    330929 Windows XP may cause extra SMB notify change traffic

    Cause: There is a bug in Windows XP that causes the client to send KeepAlive traffic even though the SessionKeepAlive setting has been modified.
    Occurrence: Every 32 seconds.
    Resolution: Apply hotfix 330929, and then set the NoRemoteRecursiveEvents registry entry to 1.
  • Article: For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

    829104 The DFS client ignores the DfsDcNameDelay registry key setting

    Cause: The procedure that is described in Microsoft Knowledge Base article 291377 does not reduce the number of Distributed File System (DFS) queries that the computer issues after you add the DfsDcNameDelay registry key.
    Occurrence: Every 15 minutes.
    Resolution: Apply hotfix 829104, and then set the DfsDcNameDelay registry entry to a value between 15 and 360 minutes.
  • Article:

    323713 Description of Universal Plug and Play features in Windows XP

    Cause: UPnP devices can automatically periodically announce their presence on a network subnet.
    Occurrence: The occurrence varies.
    Resolution: Disable the UPnP device host service, if you do not require it.

Modification Type:MinorLast Reviewed:9/19/2006
Keywords:kbhowto kbwinservnetwork kbwinservsetup KB819108 kbAudITPRO