If you have logon/network validation problems, with multiple DCs and/or when workstations and the Domain Controllers are on different subnets, and you use WINS for name resolution, you may have an overloaded DC.

If Server Manager shows hundreds of connects to Pipe\Lsarpc and Network Monitor shows lots of failures to Pipe\Lsarpc and Performance Monitor shows a large Handle Count and Thread Count in LSASS and CPU usage approaching 100% for LSASS and System processes, you may want to load balance between Domain Controllers.

Using WINS, a workstation's %LOGONSERVER% is selected by sending a WINS name query for DomainName<1C> records. A list of up to 25 DC IP Addresses is returned. The workstation sends a directed SAM logon request to each address in the list, in the order they are listed. The first Domain Controller to respond becomes the %LOGONSERVER%. Normally, a DC on the local subnet respondes first.

Starting with SP5, the Randomize1cList entry is available to randomize the list of Ip Addresses, before it is returned to the workstation, though there should be no need for this in most networks. If you elect to implement Randomize1cList, be sure to monitor to verfiy that the results are appropriate.

To implement, use Regedt32, on your WINS Server(s), to navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wins\Parameters

On the Edit menu, Add Value name Randomize1cList, a type REG_DWORD value, and enter a 1 in the DWORD Editor. A value of 1 causes the WINS server to randoms the IP Address list, prior to returning it to the requesting workstation. A value of 0 causes the list to always be sent in the same order.

NOTE: Implementing Randomize1CList can overcome uneven loading of Domain Controllers caused by network and/or router congestion.