Site Server 3.0 Post-SP1 LDAP Group Performance Scalability Fixes

ID: Q195821

The information in this article applies to:

Microsoft Site Server version 3.0

SYMPTOMS

The issues resolved in this set of fixes include those resolved in the 10K patch. Refer to the Knowledge Base article Q192166, "Site Server 3.0 Post- Service Pack 1 LDAP Patch," as noted in the Dependencies section below. The following symptoms are addressed:

Symptom 1
The MDM returns the following error as a popup when adding ACLs or members to a group when there are more than 250 groups in a membership instance.

Specified base DN not found.

Symptom 2
The LDAP server failed to start due to an LDAP timeout that occurs during the loading of the Director Information Tree (DIT) and group cache. On large systems with thousands of groups, the startup time may be observed to take many minutes including the caching process.
Symptom 3
LDAP subtree searches may fail with 200 or more containers or groups.
Symptom 4
System availability during group and DIT re-cache.
Symptom 5
Partial subtree searches fail to complete.

A number of scalability issues may be observed regarding group configuration on Microsoft Membership Server. To allow for a configuration including 100K groups, the following issues have been addressed:

Scalability Issue 1
The LDAP server may fail to start if the size of the LDAP cache of the DIT exceeds the limit of 10K.
Scalability Issue 2
The following message may be displayed in the event log:

MAX DIT CONTAINERS EXCEEDED

Scalability Issue 3
The group and DIT cache does not scale well for a large number of groups and/or containers. Memory is consumed and poor directory re- caching performance may result. The group cache was storing full DNs and the service can be observed to be exhausting 1K paged-pool memory as each group is added.
Scalability Issue 4
Subtree searches timeout. Searching across vast numbers of containers submits a containers list to the SQL Server computer, resulting in delayed responses and timeouts.
Scalability Issue 5
By default, DsRecacheEnabled is set, resulting in re-caching following group creation. In configurations involving a large number of groups, performance can be degrading. Accessing the directory through the MDM may result in delayed responses as well.
Scalability Issue 6
When utilizing and manipulating ACLs with a large number of groups, you may observe that performance degrades, responsiveness is inadequate, and re-caching may occur during ACL manipulation.

RESOLUTION

To resolve this problem, apply the latest Site Server 3.0 service pack.

STATUS

Microsoft has confirmed this to be a problem in Microsoft Site Server version 3.0. This problem has been corrected in the latest U.S. service pack for Microsoft Site Server version 3.0. For information on obtaining the service pack, query on the following word in the Microsoft Knowledge Base (without the spaces):

S E R V P A C K


Keywords          : SS3SP2Fix 
Version           : WINNT:3.0
Platform          : winnt 
Issue type        : kbbug

Last Reviewed: July 15, 1999