Re: Network logins take too long!

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hello William,

Make sure that the clients use both DNS servers on the NIC, choose the 2008 as preferred, bcasue it is the newer OS. Additional move the 5 FSMO roles to the 2008 DC. The FSMO roles should be always on the newest OS machine.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


Yes zones are AD integrated. We have one 2003R2 DC and one 2008 SP1
DC.

Will

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> kirjoitti
viestissä:ff16fb661a73f8cb6488210ba844@xxxxxxxxxxxxxxxxxxxxxxx

Hello William,

What kind of zones do you use, AD integrated? Are the servers 2000 or
2003?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hello Meinolf,

We debugged this same problem in the DNS group under headline
"Duplicate DNS entries" or similar...

For a moment I was convinced that this is not a DNS issue. I'm not
convinced anymore because I just checked our DNS records manually
and found few duplicates in forward and reverse zones. Entries were
not for the clients who reported problems but this might indikate
that there's somthing wrong about our DNS. I checked and removed
duplicated also last weeks so these were new duplicates or I'm going
blind...

Also DNS entries for client computers that are removed from our
company years ago appeared in DNS.

All help appreciated

William

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> kirjoitti
viestissä:ff16fb661a70a8cb64754a785794@xxxxxxxxxxxxxxxxxxxxxxx

Hello William,

For DNS make sure that all machines use only domain internal DNS
servers. Please post an unedited ipconfig /all from the DNS server
and a problem machine. Are any of the DC/DNS server multihomed?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hello,

In the last few weeks we have been experiencing some very slow
network
logons. When a user boots his desktop and logs
on to our AD it might take something between 20 seconds to 13
minutes
after
credentials input that his computer has
finished loading and is ready to be used. This happens to some
client
sometimes. Not to all and not every time. Some
clients have not experienced any difficulties (so far).
We have all Dell environment. All desktops are Optiplex 755 or
GX520
with
Intel or Broadcomm network adapters. AD
Domain Controller servers are two Dell PowerEdge2950 servers one
with
Win2003R2 and one with Win2008SP1. Domain
funtional level is 2003.
As in almost all cases of slow network logins the culprit is DNS
or
network
errors. Thats why I have been debugging
our DNS servers and Domain Controllers and I cannot find the
reason
for this
there. No errors in the eventlogs.
replication seems to work OK. We have 2 AD integrated DNS servers
on
the
Domain Controller machines. No client uses
any external DNS servers. All external queries are forwarded via
internal
DNS servers. Also Netdiag and Dcdiag give
clean results. I have also replaced our network swithes. We used
to
use 1Gb
Hp Procurves but I went back to 100Mb
switches for debug reasons. No help there.
This mornign one user reported to me that his login took very
long.
I
checked his Windows XP event log and it was
clean. I also checked the DC's event log which his computer used
for
authentication and it was clean. No errors.
However I noticed that there was 8 succesful audit in the servers
security
log for this user and this login. Time gap
between the first and last was 4 minites and 5 seconds. Is this
normal?
Events logged in DC were ID
540,540,540,538,538,538,540,538 in this order. First at 08:32:12
and
last
08:27:19.
What has changed is what I ask myself? Well before this started
our
company
moved to a new location from 2 separate
offices. During the move one Win2000 DC was demoted using DCPROMO,
one
site
and the corresponding subnet were deleted
from AD, our current site was renamed. All of these operations
were
reported
successful and I gave time for the DC's
to replicate before the move. I gave about 16 hours. I have also
checked
that there's no references to the demoted DC
in DNS anymore.
So where to go from here? I don't have much ideas left anymore so
hope
someone here can assist.
Thanks
William


.

Quantcast