Re: slow login problems at branch office

Hi

Thanks for your reply.

I realise that having a GC on site would speed up logins, but it shouldn't
prevent logins, which is what is happening at the moment.

PCs are logging in with cached credentials and not logging onto the domain
controller - and then cannot access resources from DCs - such as file
shares, although in some cases the "Exchange" client can access the email
server (Exchange Server 2000)

I have a 2003 member server on site and I cannot log onto that using RDP -
it responds with an error "access is denied".(it is headerless) I am not
sure logging on to the console makes any difference but I will try that
tomorrow.

kind regards

Charles


"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:OTROufkiGHA.4276@xxxxxxxxxxxxxxxxxxxxxxx
If your network name resolution works fine, and your machines are taking
20min or more to logon, my advise to you is MAKE A GC per site if you want
to speed up logons.

--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Charles Hunt" <Charles(trying to reduce spam)huntrad.net> wrote in
message news:utbreujiGHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

Thanks for your reply.

just to go through your list.

I don't have a GC at the branch office, according to my MS resource kit
manual, it isn't necessary for just a few PCs across a VPN with
reasonable bandwidth. (>500Kbs)

Yes, I have set up the subnets in Sites and Services

The DNS servers point to themselves and the backup AD DC.

I have set up a local DNS which appears to work properly.

I am not using NetBIOS / WINS.

I don't have a problem resolving FQDNs (both forward and reverse)

I am checking the trouble shooting guide in Q247811 to see if that can
shed any light on the problem.

kind regards

Charles

"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:uW95mgjiGHA.1508@xxxxxxxxxxxxxxxxxxxxxxx
Hi


Couple of things:



- Make sure that you have at least 1 GC per site.

- Make sure that you defined the appropriate subnets in AD Sites and
Services.

- Make Sure that each Dns server only points to itself under Nic
properties.

- Make sure that local clients only use their local Dns server.

- If your between subnets, and you use NetBIOS resolution (for example
to browse network neighborhood), make sure that you have Wins in both
Sites replicating with each other.

- Make sure that your Dns servers can resolve each other domain, or each
other FQDN.




--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Charles Hunt" <Charles(trying to reduce spam)huntrad.net> wrote in
message news:erUutpiiGHA.4040@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

I have two sites linked by a VPN connection which works fine. I can
ping machines from both sides and DNS seems to be happily resolving
FQDNs etc as well as machine names. I can also access the DCs by using
the \\mydomain.com\sysvol so (with a bit of trickery).. All my DCs are
2000 SP4 machines and based in the main site.

The branch office is new and i have moved across some existing
workstations to that office.

BUT all machines in the branch office, are not logging in properly. The
XP/2000 machines take an age to log in (20mins+) and things are not
really working correctly. I have a 2003 member server which i put in to
perform DHCP which I managed to authorize remotely. (after a bit of
effort and it took about 15 mins to finally authorize)

When I try to login to the 2003 server remotely using RDP it won't let
me, the error message is "access denied" and the event log shows a
40960 error which is "domain controller unavailable". What really
perplexes me is that I can ping and access the machines, the DNS seems
to be OK, but obviously there is some kind of problem with the AD. I am
wondering if there is a TCP/UDP port which is being blocked or some
other communication problem which isn't apparent with ping and DNS look
ups. (i have checked the reverse zone on the DNS which seems to be
updating and working fine)

I have the RESKIT2000 but not entirely sure which tool can help me in
this particular problem.

any ideas or tools that could help me get a fix on this problem would
be VERY VERY welcome.

kind regards

Charles









.

Relevant Pages

  • Re: How to enable communication between Two different lans (subnets)/ domains 2003 server based? Ass
    ... You will also almost certainly have DNS problems running a domain behind ... server domain, with a DHCP server running on one of the 2003 boxes. ... the "inner" subnet can see the original subnet and the Internet, ... The .227 machines can see the machines on the 192.168.1.0 subnet and the ...
    (microsoft.public.windows.server.networking)
  • Re: Help with Swing Migration
    ... you can't use your server name references consistently in the ... then the IP address for the Primary DNS Server ... >> the SBSnameDC, then the IP address I should enter into the Primary DNS ... >> DNS entries for the two machines. ...
    (microsoft.public.windows.server.sbs)
  • Re: Group Policy and DNS
    ... > is our only server so it is doing DNS, DHCP, AD, etc. ... I narrowed down to a DNS issue, ... > The machines that are getting the policies ping the server ...
    (microsoft.public.win2000.dns)
  • Re: recommended network/server layout for website, email, and backup hosting
    ... would provide a web server, and email server and back up servers. ... these machines are more than enough. ... both internal LAN backups and DMZ ... secondary DNS with other responsibilities, i.e. email/DNS on one machine, ...
    (Debian-User)
  • REPLY -- XP slowness logging into an AD domain
    ... the server. ... Between the above two items this should fix the issue. ... >machines log in instantly and the XP machines just hang ... >slowing up the logins considerably for XP machines. ...
    (microsoft.public.windows.server.active_directory)