06-29-2017 06:43 AM
I need your help in sorting something which looks little tricky to me.
I have 40 EV 11 Servers
3 SQL Servers
1,30,000 Active Users
My question is, how many domain controllers do I need to address these many numbers of servers?
The issue is: My AD team is complaining that they are getting high netlogon requests from Enterprise Vault servers via SQL and the question directed to us is, how many DCs do we need and what number cores should they be on?
Thanks in advance for your help.
06-29-2017 10:54 PM
Hi, I have seen this issue with one of the customer and in my opinion there is no straight answer unless someone review entire environment and pinpoint certain areas. At this moment, my suggestion to know why too many NetLogon request coming from SQL via EV? The possible reason is, SQL using NTLM authentication instead of Kerberos due to missing SPN. The detailed information can be found from https://pradeeppapnai.com/2017/01/22/sqlspn/ Other than SQL, If Archiving task & storage service running from different server then it’s expected to see transitive login (pass through login) in Netlogon logs. Regards Pradeep Papnai
06-30-2017 12:10 AM
Thank you for your reply Pradeep, however, the SPN is registered correctly on all the SQL Servers.
Do we have any Technote from Veritas that talks about the "archiving tasks and storage services running on the different servers"?
Also, does it matter how many DC you need to have to cater the above number of EV servers?
Thanks in advance.
06-30-2017 04:09 AM
Unfortunately I am not aware documentation in regards ‘pass through auth’ when task & storage running from different server, I got to know this stuff during my testing. This could be because how dcom communicate with each other but haven’t got chance to dig any further.