Re: slow or failed user logon authorization
kend_at_co.st-clair.il.us
Date: 07/26/04
- Next message: mark: "LDIFDE export"
- Previous message: Teri: "Math"
- In reply to: Cary Shultz [A.D. MVP]: "Re: slow or failed user logon authorization"
- Next in thread: Cary Shultz [A.D. MVP]: "Re: slow or failed user logon authorization"
- Reply: Cary Shultz [A.D. MVP]: "Re: slow or failed user logon authorization"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 26 Jul 2004 10:08:55 -0700
Thanks for your reply.
Answer to your questions are
My DHCP servers have option 006 set to my internal DNS
servers 10.3.1.18,10.3.1.9
My topology is a single domain and site with 2 DC on the
same subnet and 600 users on 6 other local subnets.
Test dcdiag /c /v and netdiag /v ran clean on both DC's.
Test repadmin /showreps displays only the other DC from
each to the 2 DC's I have.
All my failures are on my older Win98 PC's and I can ping
both my DC's when they are failing. All the PC have WINS
and DNS configured staticly or by DHCP.
Am I correct in saying that the Win98 PC's use WINS to
authenticate to AD only and DNS is not used?
Since I can ping my DC's by name does at the time of the
failure, does this tell me that WINS is working?
Thanks Ken
>-----Original Message-----
>Ken,
>
>Slow logons are *typically* an indication that there is
something going on
>with DNS. A *usual* cause of this is that in the
client's TCP/IP settings
>the DNS Server entry is the ISP's DNS Server ( or some
other external DNS ).
>I would suggest that you take a look at the settings on
the DHCP Server to
>see what it is handing out as Option 006. All WIN2000
and WINXP clients
>*MUST* *MUST* *MUST* point to an internal DNS Server that
supports SRV
>Records and Dynamic Updates.
>
>Please take a look at the following two MSKB Articles
that describe what a
>WIN2000 and WINXP clients do at logon:
>
>http://support.microsoft.com/?id=247811
>http://support.microsoft.com/?id=314861
>
>Another possible problem is a Global Catalog is not
available at certain
>times ( for God knows what reason ).
>
>Ken, you do not give us any idea of your topology. I am
assuming ( I am
>almost always wrong when I do this! ) that you have one
Site and not
>multiple Sites. Please give us some details of your
topology.
>
>Also, I would strongly suggest that you install the
Support Tools on all of
>your WIN2000 Servers and run dcdaig /c /v and
netdiag /v. This will give
>you a good reading as to the health of your AD
environment. I am not sure
>why you would want to run ntdsutil? Did you dcpromo a
Domain Controller and
>it still shows up in the ADSS MMC? and you see it listed
as a replication
>partner with your currently existing DCs when you run
repadmin /showreps?
>
>The Support Tools, by the way, are located on the WIN2000
Server CD as well
>as on the WIN2000 Service Pack CD in the Support | Tools
folder.
>
>HTH,
>
>Cary
>
>
>"kend@co.st-clair.il.us"
<anonymous@discussions.microsoft.com> wrote in
>message news:2e0e01c470c5$dfe26180$a301280a@phx.gbl...
>> Single domain network with 2 DC supporting 600 users
were
>> moved from a ATM network connection to a GE network
>> conneciton.
>>
>> Now I am getting 5-10 users a day that fail intial logon
>> authorization. After 2 or 3 tries is allows them to log
>> in.
>>
>> What ntdsutil would help clean up my the slow login
>> problem?
>>
>> Thanks, Ken
>
>
>.
>
- Next message: mark: "LDIFDE export"
- Previous message: Teri: "Math"
- In reply to: Cary Shultz [A.D. MVP]: "Re: slow or failed user logon authorization"
- Next in thread: Cary Shultz [A.D. MVP]: "Re: slow or failed user logon authorization"
- Reply: Cary Shultz [A.D. MVP]: "Re: slow or failed user logon authorization"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
