<<I realized that though it shows through in the traces, I erred in the post. Specifically, I included Windows 2000 in the list of operating systems that refresh every 24 hours. I have included the corrections here and all corrections to posts are in red. Also, I need to give credit to the one post (that I have seen) that had the intervals correct. Tim Springston’s blog about NETLOGON DNS SRV records can be found here.>>
Nothing has helped me more often to identify and resolve issues than a nice targeted Google search against Microsoft’s site. I am very grateful to Microsoft for the open approach that they take to documenting technology and its behavior. Allowing and even encouraging their engineers at any level to contribute to the content in their KB library has not only increased the number of articles but also reduced the time it takes to get the knowledge published, as well as broadened and deepened the technical range of the articles.
There is one downside that I see over and over again that has affected me both directly and indirectly. This is that sometimes – not a lot, but sometimes – there is erroneous or confusing content. There are a lot of reasons for it. Sometimes the article isn’t completely clear about what operating systems or applications it applies to (yes, I know there is an applies to section but that isn’t always reliable or complete). Sometimes the article is, or appears, inconsistent with some other similar technical article. And least often of all, sometimes the articles are just flat out wrong.
Case in Point
Recently I was questioned by my friend on the interval at which NETLOGON registers the DNS SRV resource records. I dutifully pointed out an article on Microsoft’s site, which I believed to be accurate, that said the registration interval is 1 hour. The article didn’t mention that 5 minutes after initial registration occurred, a DNS update would be sent for the same records. It also didn’t mention that this interval doubled until it got to an hour. So I passed that info along as well.
My friend responded by referencing all of the other articles in the knowledge base, and industry blogs, that say something different. Confidently, I assured them that those other articles were wrong and that I had sent my friend the correct info. After he told me about the repro testing that he and some friends had done, I decided to fire up some VMs and show them where they were mistaken.
This Is What Crow Tastes Like
I fired up my Windows 2003 SP2 domain controller and another Windows 2003 SP2 member server that hosted DNS. I configured my domain controller to point to my DNS server and removed the service off of the DC altogether. I cleared all records from the DNS database and cycled the NETLOGON service on my domain controller.
Immediately the registration request came in for the DC’s SRV records. 5 minutes after the initial registration came the update request for the same records. 10 minutes after that it came again. And then 20 minutes and 40 minutes. Now I knew the next one would come in 1 hour later because that’s what I had said and that’s what I had seen…right?
However, an hour went by and I was served a nice big plate of crow. It took 20 minutes longer than I had expected to capture another update.
This interval continued to double until it reached 24 hours. Then 24 hours it kicked off again. Okay, I thought, I was wrong – but only partially. Maybe in service pack 2 (the latest service pack at the time) and updates the interval was changed to 24 hours, but not in the RTM bits or in Service Pack 1. It couldn’t be.
Well, it turns out that it could. All major service packs maintained the same 24 hour NETLOGON refresh of the DNS SRV records. The NETLOGON DNS SRV record registration test was run on all supported versions of the server OS up until Windows 2008 including:
- Windows Server 2000, SP4
- Windows Server 2003, RTM
- Windows Server 2003, SP1
- Windows Server 2003, SP2
- Windows Server 2003, Current patches through 01-Jan-2009
- Windows Server 2008 SP1
- Windows Server 2008 SP2
Sorry friend. :-<
In Windows 2000, the NETLOGON SRV registration interval was hourly. With 2003, the interval went up to 24 hours and then starting with Windows 2008 SP1 (which is the first release of 2008), the SRV refresh interval for NETLOGON is hourly. I guess that makes Microsoft’s KB articles kinda right, huh?
I’ve provided the network trace files that were used to capture the behavior. The captures were made with Microsoft NetMon 3.1 so if you aren’t looking at it with that you will see a couple of odd packets in the beginning of the network capture file. If you look at the data in those packets you can see the filter that was used for the network capture. I filtered on only a single SRV record update just so that I could have a cleaner view of registration intervals.
If you’re smart, you’ll realize you’re not that smart.
netlogon_srv_registration_interval_01JAN09.zip (9.18 kb)
I’ll be updating this for the latest OS and SP soon. I wish Microsoft hadn’t made it impossible to use virtual pc for testing their operating system. Microsoft, please, please, please, either put out a 32-bit version of 2008 R2 for testing or fix virtual pc to support 64-bit guest operating systems. As it stands now, I have to update all of my labs to VMWare workstation since I want to continue using my win7 box instead of a 2008 machine.