cancel
Showing results for 
Search instead for 
Did you mean: 

Improving Policy Manager network performance in high network load in Windows 2003 environments

Symptoms

When deploying Policy Manager Server (PMS) or F-Secure Policy Manager Proxy (PMP) in large environments with hundreds of users, the Windows 2003 server might run out of available, free TCP/IP ports. This issue can manifest itself in various ways, e.g. as problems downloading databases when connecting to the PMS directly, or when connecting via a PMP installation.

The information provided applies both to PMS and PMP installations, when running on top of the Windows 2003 operating system.

Diagnosis

The investigation by R&D suggests that this is typically an issue affecting Windows 2003 users and is related to the TCP ports available on the system.

Solution

To prevent the issue from reoccurring:

  1. Make the following change in the network settings:
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort = 60000 (decimal)
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpTimedWaitDelay = 30 (decimal)
  2. For the setting to be taken into use, restart the server.
  3. If you have more than 100 users connecting directly to PMS, we recommend that you increase the default polling interval for F-Secure Management Agent from 10 minutes to 30 to 60 minutes. The setting in F-Secure Policy Manager Console is available at Policy Manager Console > Settings > Communications > Protocols > HTTP > Incoming Package polling interval AND Outgoing Package polling interval.

More information

If you already have the MaxUserPort entry in the registry, make sure not to specify a value which would lower the current MaxUserPort setting. For more information, see http://support.microsoft.com/kb/956189.

This information does not apply to Windows 2008 where the MaxUserPort registry value specifies the number of dynamic ports. The range is from Start range (default is 49152) to Start range + MaxUserPort. For more information, see http://support.microsoft.com/kb/929851.

Warning: Be very careful when making changes to the MaxUserPort setting. Specifying MaxUserPort = 6000 instead of MaxUserPort = 60000 can easily kill a server especially if it is a Primary, Backup or Domain Controller or has many additional network services installed (DNS, DHCP, SQL etc.).

Pricing & Product Info

For product info please go to our products page

Version history
Revision #:
10 of 10
Last update:
‎16-03-2017 11:54 AM
Updated by:
 
Tags (1)