Re: very long login times for certain user accounts
- From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
- Date: Fri, 29 Sep 2006 00:53:30 -0400
In news:73B415A0-5E6D-4190-97F9-CF7A01B8FDEA@xxxxxxxxxxxxx,
Mike <Mike@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I commented on below:
We have a small single domain (no-subs) network running WIN2003 sp1
servers. We have so far 2 accounts that have experienced a very long
time to login and logoff. Approximately 10 mins. We have re-created
of of those accounts and it has been fine until now. There are
successfull login entries for that id in the security log of one of
the DC's. It definately is not machine specific, that was tested and
ruled out. One thing we have observed during troubleshooting is that
there is a corealation (it seems) between the length of the user
names and the amount of group memberships. I have setup test accounts
with short and long names with same group membership as toubled
accounts. The short named account is fine the long named acouunt has
that issue. If I remove the group memberships on test account with
long name it's fine.
????
Thank you
If you are having problems with the "long names", which I assume that you
are talking about the UPN (Universal Principal Name), such as
username@xxxxxxxxxx, then that would indicate it cannot contact a GC. Same
if you put it in a universal group. Both of these will force it to enumerate
the name or group in the GC (Global Catalog). THe GC is found by querying
for the gc.msdcs.domain.com record, one of the SRV records in DNS.
Therefore, this may look more like a DNS problem, or a domain name problem.
Rule of thumb (just to get this out of the way), is to only specifiy the
internal DC/DNS servers in ALL domain machines' IP properties (DCs, member
servers and clients), otherwise numerous issues will result if an ISP's DNS
or the LInksys router's address is specified as a DNS address.
Another issue that can cause this (either in conjunction with the above or a
standalone), is if the domain name is a single label name ("DOMAIN" rather
than the required format of 'domain.com', or 'childdomain.domain.com', etc).
To better assist, it will be helpful if you can please post an unedited
ipconfig /all of one of the DCs and of a workstation.
--
Ace
Innovative IT Concepts, Inc
Willow Grove, PA
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."
The only constant in life is change...
.
- Follow-Ups:
- Prev by Date: Accessing files from other domain on another subnet
- Next by Date: Re: fail on logon
- Previous by thread: Accessing files from other domain on another subnet
- Next by thread: Re: very long login times for certain user accounts
- Index(es):
Relevant Pages
|
