MS Access 2003 + linked tables to SQL Server 2005 + Windows Authentication = slow

4
votes

Our MS Access application with linked tables to SQL Server 2005 is slow when using Windows Authentication from Windows XP clients.

We've been running it successfully using SQL Server authentication, but now we want to move to Windows Authentication for better security control.

Setup:

  • Database server: Windows 2003 Server, SQL Server 2005 SP2
  • Client: Windows XP SP3, SQL Server ODBC driver v2000.85.1132.00
  • MS Access application: MS Access 2003
  • Connection string:
    DRIVER=SQL Server;SERVER=[server name];Connect Timeout=300;Trusted Connection=True;APP=Microsoft Office 2003;WSID=[server name];DATABASE=[db name]
  • Only the TCP/IP network protocol is enabled on the server.

The slowness does not happen in these situations:

  • App on DB server, SQL Server Authentication
  • App on DB server, Windows Authentication
  • App on Windows XP client, SQL Server Authentication
  • SQL Server Management Studio on client, Windows Authentication - I did a small test with running 15 queries in SQL MS. This went fast and did not cause any logon/logoff events in the Security event log on the server.

I've analyzed the slowness using SQL Server Profiler and the event log on the server and it seems to come down to this:

  1. The application runs a query
  2. A new connection to SQL Server is opened (visible in SQL Server Profiler)
  3. The identity of the user is verified (visible in the Security event log on the server, a logon/logoff event happens). This takes several hundreds of milliseconds.
  4. The query runs on SQL Server
  5. Results are returned to Access

This happens for every query. Some of the forms run +- 10 queries when showing a new record (updating sub forms, loading values for combo's etc). This results in very slow performance.

Of course setting up a new connection to SQL Server for every query isn't necessary, and reusing connections might solve the issue. I've been looking around for information on how to make sure Access/ODBC does proper connection pooling. I found these MS KB articles:

Frequently Asked Questions About ODBC Connection Pooling
How to Enable Connection Pooling in an ODBC Application

I've tried calling the SQLSetEnvAttr function from the main form of the Access application, but this didn't improve results.

Any help is greatly appreciated.

2
sql-serverperformancems-accessodbcwindows-authentication
You might also check that you don't have DNS issues with the client resolving the name of the domain controller that's doing the authentication. I've found that DNS issues can be the cause of all sorts of weird problems with Access/ODBC/SQL Server that don't seem related.David-W-Fenton
I think Fenton is on the right track. Is the Front end application running in a different domain/forest than the SQL Server Instance?JohnFx
Can you post your connection string? Please obfusticate your local values. :)David Walker
You might also want to make sure the ODBC drivers are updated on the client machines. I've seen some wierd issues when using SQL 2000 ODBC drivers against SQL 2005.BrianD
Thanks for your comments. Took a while for me to see this because e-mail notification didn't work for me. DNS issues: probably not the cause. It's a small local network, single domain. Both DB server and client can resolve the DNS name of the DC. Connection string: has been added to the post. ODBC drivers: the ODBC drivers of the client (2000.85.1132.00) are indeed older than those on the server (2000.86.3959.00). I've searched high and low for updated drivers for XP, but to no avail. Any idea on where to get newer drivers?AronVanAmmers

2 Answers

3
votes

The first question I have is: are you running a domain controller? This may sound like a crazy question, but I just want to make sure. Although is less and less common, I've seen organizations run Windows networks with workgroups and "pass-through" authentication. The symptoms you describe are the same as would be observed on a network that is set up in this fashion.

Assuming you do have a proper domain set up, you must have a problem somewhere in the Named Pipes network stack. Named Pipes is the default protocol if you're using Windows authentication. It's not a bad idea to get to the bottom of this if you have the time, but if you just want to fix your performance problem, then I would force the TCP/IP protocol in your connection string:

DRIVER=SQL Server;SERVER=tcp:[server name];Connect Timeout=300;Trusted Connection=True;APP=Microsoft Office 2003;WSID=[server name];DATABASE=[db name]

Note the addition of the tcp: prefix. I got this syntax from Jon Galloway's blog. TCP/IP is the default protocol for SQL Server Authentication. You can also make the protocol switch by disabling Named Pipes support on the server, but this is more of a hassle and could cause other unanticipated problems.