+ Reply to Thread
Results 1 to 16 of 16
  1. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    1,869

    Certifications
    CCNA, CCNA-Security, SWITCH
    #1

    Default Applying Computer Settings slow 4 to 6 min logons

    hey buds,

    this is the scenario...we have logons that are slow and random
    that take 5 to 6 minutes at "Applying Computer Settings"

    when I logon with my account (Domain Admin/Enterprise Admin)
    it takes like 5 to 6 minutes sometimes to login to network; and everyone else is random as well.

    when I logon as Domain Administrator never does it take 5 minutes or 6 to login never! WTF..i thought it might be a DNS issue but
    why does the domain admin never take that long infact it is fast!
    another clue: I have excluded myself (my personal login)from getting
    computer settings butu still my login take way too long!

    WTF mates?

    what am i missing?
    Reply With Quote Quote  


  2. Login/register to remove this advertisement.
  3. Senior Member
    Join Date
    May 2005
    Location
    PA
    Posts
    1,343

    Certifications
    A+ / Net+ / MCP (270 / 290) - up next 70-291 enroute to MCSA 2003
    #2
    MAke sure you have DNS and DHCP set up correctly.
    Also make sure you have the correct Gateway
    Reply With Quote Quote  

  4. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #3
    Check the event log for userenv and Group Policy errors. Then see if the hyperlink for MS has more info. These issues can be hard to troubleshoot.

    What is your network environment like? Are there NAT'ing routers between clients and DC's?
    Reply With Quote Quote  

  5. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    1,869

    Certifications
    CCNA, CCNA-Security, SWITCH
    #4

    Default our conifg

    right after our DNS was configured to this:

    say we have 4 DCs that are also DNS servers

    they use to be pointing to themselves but our tech changed them to this:
    192.168.1.1 has a DNS or primary and secondary 1.1, 2.1 (2k server)
    192.168.2.1 has 1.1, 2.1(2k server)
    192.168.3.1 has 1.1, 2.1(2k server)
    192.168.4.1 has 1.1, 2.1 (the only 2k3 server)
    all DNS servers which are DC (Active Directory integrated)

    all clients at the 1.1 subnet are config 1.1, 2.1
    all clients at the 2.1 subnet are config 2.1, 1.1

    and at 3.1 and 4.1 clients the secondary is 1.1
    while the primary is the local DNS 3.1 and 4.1.

    i dont like this setup myself; i think it is over loading 1.1
    2.1 dns servers..

    nothing new in event viewers.
    thought it strange that Administrator has no issues with long
    Applying Computer Setting logons but me(enterprise admin) does.
    wtf


    no Nat between clients
    just T1 lines joined by CSU devices and then
    routers for each subnet and then DNS/DC behind that
    i thought once you had the dns/dc setup you can point
    the DNS to themselves you know when that A record of DNS was setup??
    i think the DNS is wrong

    we do have alot of the usr not known errors in the event logs
    what up with that?
    Reply With Quote Quote  

  6. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #5
    Are the clients W2K or WXP?
    Did the error just start after changing the DNS on the servers?
    Reply With Quote Quote  

  7. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    1,869

    Certifications
    CCNA, CCNA-Security, SWITCH
    #6

    Default win2k and winxp

    yes,
    and the xp seems to be affect not the win2k machines i think more so
    Reply With Quote Quote  

  8. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #7

    Default Re: win2k and winxp

    Quote Originally Posted by itdaddy
    yes,
    and the xp seems to be affect not the win2k machines i think more so
    Well my motto is "What changed last?". If it worked before, but not after, then put it back the way it was, one step at a time.

    Also, it's strange that it affects the XP more than the 2K, because by default W2K will "wait for the network" before logging someone in while XP will load a cached profile while waiting for network settings.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Jun 2006
    Location
    Tampa Bay
    Posts
    1,250

    Certifications
    MCSA 2000, MCSE 2003, Exchange 2000, CCNA, CNE, A+, Network+, Security+
    #8
    Run NetDiag /fix on the DCs. This is part of the support tools, so you need the correct version installed on the server.

    If you get DNS error, that's your problem. Could be bad records, or a server is unable to register itself in the DNS. Sometimes you can have bad SRV records in the _MSDCS child zone which Netdiag won't remove if not related to the server running Netdiag. Sometimes it's just best to recreate the zone and run Netdiag.

    If you don't get DNS error, you could still have bad SRV records, but probably not as likely.

    Be sure your clients (and your servers) ONLY point to the DNS servers holding the zone for AD.
    Reply With Quote Quote  

  10. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    1,869

    Certifications
    CCNA, CCNA-Security, SWITCH
    #9

    Default netdiag /fix

    i will try this and see what happens
    thanks
    yeah that SRV record i think is established and then once this happens
    we should put it back to DNS/DC pointingto themselve.
    i will try this
    thanks a million
    Reply With Quote Quote  

  11. SWM
    SWM is offline
    Senior Member SWM's Avatar
    Join Date
    May 2006
    Location
    Australia
    Posts
    293

    Certifications
    MCSE 2003, MCITP 2008, MCTS Vista, MCTS SBS2008, Blackberry Certified Server Specialist
    #10
    I have experienced this with several w2003 servers and it was a roaming profile issue. Disable the user accounts roaming profile and see if logon is quicker.
    Reply With Quote Quote  

  12. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    3,818

    Certifications
    VCAP5-DCA; VCP3/4/5; EMCSA:CLARiiON; MCSE:M 2000/2003; MCSE:S 2000/2003; MCTS:Exch2007; Security+; A+; CCNA (expired)
    #11
    Could it be that you are authenticating to a remote domain controller instead of one in your site? Open a command prompt and run the "set" command on your workstation when this is occuring, and see which DC your workstation is using. If you're going to another site to authenticate, then you need to correctly define subnets in AD sites and services.

    Also run gpresult to see which computer settings are being actually applied via policy.
    Reply With Quote Quote  

  13. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    1,869

    Certifications
    CCNA, CCNA-Security, SWITCH
    #12

    Default policy errors

    i get in GP results on my pc Policy failure.
    but what could cause slow logons which would cause policy failure.


    if i set GPO Default Domain to cache say 5 logon credentials will this
    fix this issue with slow logons? but will it asyncronously apply GPO behind the scense while logged on even though i set this GPO?

    explain: how to align subnets in AD sites and services??
    thanks

    oh yeah, absolutey no windows 2000 machines are affected by slow logons only the XP one we have half xp machines and have 200 pro machines and no 2kpro are affected by slow logons only the XP wtf??
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Jun 2006
    Location
    Tampa Bay
    Posts
    1,250

    Certifications
    MCSA 2000, MCSE 2003, Exchange 2000, CCNA, CNE, A+, Network+, Security+
    #13
    The workstation will (should) contact the closest available DC. If it can't reach the closest, then it will try and contact another one based on what DNS told it are supposedly available DCs. Which points back to possible stale SRV records.

    If you are getting errors with GPO, that could give slow logins. Each DC is supposed to have a copy of all the GPOs in sysvol. Connect ADU&C to each of the DCs, and see if you can read the GPOs on that server using ADU&C. If you get an error reading a GPO for a particular DC, then that DC likely has a bad copy of Sysvol.

    Examine event viewer on your servers and the problem WS for clues, mainly AD/DNS errors.

    Did you run netdiag on all your DCs yet?
    Reply With Quote Quote  

  15. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    3,818

    Certifications
    VCAP5-DCA; VCP3/4/5; EMCSA:CLARiiON; MCSE:M 2000/2003; MCSE:S 2000/2003; MCTS:Exch2007; Security+; A+; CCNA (expired)
    #14
    Ask the network engineer if anything changed on his end lately.

    You can also Check the Active Directory event logs on your DC's for problems finding a global catalog.


    If the subnet where the client PC is located is not defined in AD (and thus not associated with a site), it might authenticate to a local DC and it might not. I've seen them go 2 or 3 hops across a wan to a random DC when there is one available in the same building.
    Reply With Quote Quote  

  16. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    3,818

    Certifications
    VCAP5-DCA; VCP3/4/5; EMCSA:CLARiiON; MCSE:M 2000/2003; MCSE:S 2000/2003; MCTS:Exch2007; Security+; A+; CCNA (expired)
    #15
    I just reread what the tech did to your DNS servers. It is STUPID to not have the network settings on the servers running DNS pointing to the local server for DNS resolution. Flat out Retarded. Why did they do this? I don't think this would directly have an impact on client resolution, but still...

    So the .1.1, .2.1, etc. subnets are connected by wan links and not in the same site, then?
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Jun 2006
    Location
    Tampa Bay
    Posts
    1,250

    Certifications
    MCSA 2000, MCSE 2003, Exchange 2000, CCNA, CNE, A+, Network+, Security+
    #16
    Not always stupid. It wasn't said that all servers were running DNS service first of all. Second, for diagnostics I often have clients only use one server for DNS, and have it's zone set to non-AD integrated.

    Otherwise, AD replication problems will cause DNS replication problems, which will cause AD replication problems, which will cause DNS replication problems....

    Once everything is fixed, then you can make the zone AD integrated, then you can add the other servers back as DNS servers with AD zones. Once you establish that the 'secondary' zones have correct information, then you can have the clients (and servers) start using them.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks