Re: windows 2003 active directory and slow logons

Tech-Archive recommends: Fix windows errors by optimizing your registry

Jorge,

habla espanol? anyways i am heading away from the topic at hand.... ;-)

I have run all the commands and I am still looking thru them however i dont
see any failures at this stage.

I had a look at the netlogon.dns and yes i do see the site name in the file.
I had a look at this file earlier as part of the troubleshooting according to
article 247811.

I will keep looking at the netdiag and dcdiag but i think the domain
controller and AD looks ok.

like i mentioned before people are authenticating to this server...however
not everyone who is on the 10.30.x.x range is authenticating to this server
this is my concern.....and its intermittent which is also hard to trace..

thanks for your help so far...is there any other ideas? is it wise to turn
on nltest /dbflag:2080ffff ??? will this get everyone's logins or only the
machines that login to the server? thus missing out the other machines that
are authenticating across the WAN...

Maybe i need a network sniffer on the whole subnet?





"Jorge de Almeida Pinto [MVP]" wrote:

ok...

on that DC open NETLOGON.DNS
you can find it in %WINDIR%\SYSTEM32\CONFIG

do you see records that contain the site name of that location?

run:
IPCONFIG /REGISTERDNS
NET STOP NETLOGON & NET START NETLOGON

also run:
DCDIAG /C /V /D
NETDIAG /DEBUG /V

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"exchange_confused" <exchangeconfused@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:D3F1E2FE-1FDB-4410-812F-157AC8E36F42@xxxxxxxxxxxxxxxx
sorry jorge typo on my part the subnet is configured to be 10.30.x.x/16 in
sites and services.



"Jorge de Almeida Pinto [MVP]" wrote:

are you saying that location has 10.30.0.0/16 for itself?

so WHY not create a subnet in AD that covers that. Instead of
"10.30.x.x/26"
create one like "10.30.x.x/16" which covers all the IPs you mentioned
below

because of that the clients and servers cannot determine the site they
are
in and instead of asking a DC for a site they will ask for a DC in the
domain and that can be ANY DC in the domain no matter where it is!

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"exchange_confused" <exchangeconfused@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:23D0BD1B-2328-4042-ADCA-95266B08DCC8@xxxxxxxxxxxxxxxx
sorry,

the subnet mask is 255.255.0.0/16 they have a whole 10.30 to themselves
;-)


"Jorge de Almeida Pinto [MVP]" wrote:

and what is the subnet mask for clients and servers?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"exchange_confused" <exchangeconfused@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in
message news:3BEFD983-D13C-4A6A-92FF-AF6ADA2EB233@xxxxxxxxxxxxxxxx
ok,

DHCP provided by linux box and clients get ip addresses from the
following
range

10. 30. 5.x
10. 30. 9.x
10. 30. 6.x
10. 30. 4.x
10. 30. 7. x

The ip address range for the server is 10.30.254.x
Just to let you know as well as I was reading your website, this
server
sits
on a vmware esx.
I am wondering wether this has anything to do with it? I am also
thinking
that it may be a half duplex/full duplex, portfast issue you know
switch
related issue??
as the problem is intermittent and not solely tied to one computer??

any ideas?


"Jorge de Almeida Pinto [MVP]" wrote:

ok... nothing strange...


what is an example IP and subnetmask for clients AND servers?
what is the layout of the DHCP scope?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers
no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"exchange_confused" <exchangeconfused@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote
in
message news:7343ED76-0C18-4327-9677-53EA6F20DE9B@xxxxxxxxxxxxxxxx
Hi Jorge,

Thanks for answering so quickly,

I have setup the sites and services as follows

Created a new site called Location B
moved DC into site name location B
created a subnet range = 10.30.x.x/26 which is matched up to site
name
B
site link is from location A - Location B based on IP hub and
spoke
type
scenario all our other sites are configured this way.
The server in Location B is also a GC

does this help I am online currently as well so ask away if you
are
still
online


"Jorge de Almeida Pinto [MVP]" wrote:

how about the answer for the sites and subnets I asked?

how is that setup? the sites and subnets setup determine to
which
DCs
a
user/computer is authenticated

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory
Services

BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)-->
http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and
confers
no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"exchange_confused" <exchangeconfused@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote
in
message
news:38686A26-BB48-4AD4-9A13-80A5E8B1AAE2@xxxxxxxxxxxxxxxx
Hi guys,

thank you all for your answers. I will draw out the scenario
for
you.

We have two structures DNS AD and BIND for the clients.

We delegate the AD zone to the BIND servers so the clients
know
how
to
reach
the DC's.

The remote site has a local DC that is also a DNS for the AD
DNS
integrated
domain. The DC DNS configuration is as follows

Primary DNS points to itself
Secondary DNS points to the linux BIND DNS

This is our configuration for all the other sites as well.

The sites and subnets is defined with the ip address of
10.30.x.x
which
covers the local site.

The clients all point to a linux server for DNS as this server
is
used
for
all the clients.

The issue is intermittent, so sometimes the clients will
authenticate
to
the
local server...

Day 1 - client A authenticates against local DC
Day 2 - client A (same client as above) authenticates to
remote
DC



"Jorge de Almeida Pinto [MVP]" wrote:

is the DC also a DNS server?
are clients/servers pointing to that DNS server?
do you have a site for the location the DC and the clients
are
in?
are subnets within that location linked to that site?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory
Services

BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)-->
http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and
confers
no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"exchange_confused"
.

Relevant Pages

  • RE: VPN Clients Not Registering in AD DNS
    ... via VPN, the DNS records of the VPN clients are unable to be registered. ... Windows 2003 server? ... please let me know whether the clients get the IP ...
    (microsoft.public.windows.server.sbs)
  • Re: Permissions across 2 Forrest
    ... Primary DNS server on 1.x and the 18.x network along with DHCP and WINS. ... For instance ForrestA DNS is now a secondary for Forrest B and vise versa. ... WINS clients must use the same "WINS Database"* ...
    (microsoft.public.windows.server.active_directory)
  • Re: Still strange not fully working DNS server
    ... On none of the computers (both DC and clients) no firewall software is ... For the rest nothing happens in the DNS forward lookup zone. ... Is the new server Global catalog? ... The config you mentioned was not configured so I have configured ...
    (microsoft.public.windows.server.dns)
  • Re: Client installation frustration.
    ... not, apparently, any DNS lookup issues on my network. ... connection's addresses in DNS" and "Use this connection's DNS suffix in DNS ... is a file and print server that we have at one of our secondary sites. ... Is there any way to cancel all current requests to install clients? ...
    (microsoft.public.sms.admin)
  • Re: problem with xp clients and windows 2003
    ... We now have the cross cable running from the room's switch ... >> policy but logs into the server. ... >> aware that this is a DNS issue but I have TRIPLE checked the DNS ... >> If I do NSlookup from the problematic clients, ...
    (microsoft.public.windows.server.networking)