Re: slow or failed user logon authorization

From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 07/24/04 

Date: Sat, 24 Jul 2004 09:48:57 -0400

Ken,

Slow logons are *typically* an indication that there is something going on
with DNS. A *usual* cause of this is that in the client's TCP/IP settings
the DNS Server entry is the ISP's DNS Server ( or some other external DNS ).
I would suggest that you take a look at the settings on the DHCP Server to
see what it is handing out as Option 006. All WIN2000 and WINXP clients
*MUST* *MUST* *MUST* point to an internal DNS Server that supports SRV
Records and Dynamic Updates.

Please take a look at the following two MSKB Articles that describe what a
WIN2000 and WINXP clients do at logon:

http://support.microsoft.com/?id=247811
http://support.microsoft.com/?id=314861

Another possible problem is a Global Catalog is not available at certain
times ( for God knows what reason ).

Ken, you do not give us any idea of your topology. I am assuming ( I am
almost always wrong when I do this! ) that you have one Site and not
multiple Sites. Please give us some details of your topology.

Also, I would strongly suggest that you install the Support Tools on all of
your WIN2000 Servers and run dcdaig /c /v and netdiag /v. This will give
you a good reading as to the health of your AD environment. I am not sure
why you would want to run ntdsutil? Did you dcpromo a Domain Controller and
it still shows up in the ADSS MMC? and you see it listed as a replication
partner with your currently existing DCs when you run repadmin /showreps?

The Support Tools, by the way, are located on the WIN2000 Server CD as well
as on the WIN2000 Service Pack CD in the Support | Tools folder.

HTH,

Cary

"kend@co.st-clair.il.us" <anonymous@discussions.microsoft.com> wrote in
message news:2e0e01c470c5$dfe26180$a301280a@phx.gbl...
> Single domain network with 2 DC supporting 600 users were
> moved from a ATM network connection to a GE network
> conneciton.
>
> Now I am getting 5-10 users a day that fail intial logon
> authorization. After 2 or 3 tries is allows them to log
> in.
>
> What ntdsutil would help clean up my the slow login
> problem?
>
> Thanks, Ken

Relevant Pages

  • Re: Is her network profile corrupt?
    ... Then, she tried to logon to her laptop in her office, it would let her log ... Logon with a domain account to the laptop ... Almost always this is a DNS issue. ... that internal, dynamic DNS server ...
    (microsoft.public.windows.server.active_directory)
  • Slow logon to Windows 2000 Server
    ... it is configured as the DNS server in the TCP/IP settings ... Windows 2000 Server domain controller with a Windows XP ...
    (microsoft.public.windowsxp.network_web)
  • Re: 2000 Server
    ... When I login into a Windows 2000 active directory from a new xp pro machine ... XP is heavily dependent on DNS to find DC. ... XP clients can find the DNS server. ... Make sure no errors on logon scripts or GPO's that could be causing ...
    (microsoft.public.windowsxp.network_web)
  • Re: Slow logon Windows2000
    ... Slow logon problems are usually related to DNS miss configuration. ... that workstation's DNS setting (under TCP/IP configuration) points to domain ... DNS server. ...
    (microsoft.public.windows.server.general)
  • Re: Utility to identify DCs
    ... Make sure that clients ONLY USE THEIR LOCAL DNS SERVER. ... Make sure that every DNS server can resolve all domains in the forest. ... Make sure that all clients Only uses the localDns Server. ... I have a problem with new users setup in AD unable to logon to the ...
    (microsoft.public.win2000.active_directory)