Re: Network logins take too long!

Hello Everyone,

I am going to approach this issue from a slightly different angle......

Have you been at one of these client machines when one of the longer delays
have occurred?

The reason I am asking is that this can give us a little better idea where
the delay is occuring, meaning is the delay occurring from machine bootup til
you reach the GINA or is the delay from when the user enter their credentials
til them reaching the desktop.

The next step I recommend is enabling user environment logging on one of the
client machines in which the delay occurs frequently. The log will show what
is taking place from machine bootup, to user logon and is time-stamped as
well.


How to enable user environment debug logging in retail builds of Windows
http://support.microsoft.com/kb/221833

-Brian

"Mark Parris [ADUG]" wrote:

The DHCP scopes for the clients have the DNS servers defined in the scopes,
if you have been changing the DNS configuration, the defined DNS Server IP
addresses may be incorrect, or not in an optimum order.

--
Mark Parris
MCSE: NT4.0, 2000, 2003
MCITP: EA, SA

Founder: [ADUG] UK Active Directory User Group http://adug.co.uk

"William Stokes" <will@xxxxxxxxxxxxx> wrote in message
news:Om5dJAzlJHA.5112@xxxxxxxxxxxxxxxxxxxxxxx
And as a reminder if this has any relevance:

"Domain Controller servers are two Dell PowerEdge2950 servers one with
Win2003R2 and one with Win2008SP1. Domain
funtional level is 2003.
"

"Mark Parris [ADUG]" <info@xxxxxxxxxx> kirjoitti
viestissä:OtJZ5vplJHA.4372@xxxxxxxxxxxxxxxxxxxxxxx
Did you update DHCP?

--
Mark Parris
MCSE: NT4.0, 2000, 2003
MCITP: EA, SA

Founder: [ADUG] UK Active Directory User Group http://adug.co.uk

"William Stokes" <will@xxxxxxxxxxxxx> wrote in message
news:utgcKGolJHA.1292@xxxxxxxxxxxxxxxxxxxxxxx
Yes zones are AD integrated. We have one 2003R2 DC and one 2008 SP1 DC.

Will


"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> kirjoitti
viestissä:ff16fb661a73f8cb6488210ba844@xxxxxxxxxxxxxxxxxxxxxxx
Hello William,

What kind of zones do you use, AD integrated? Are the servers 2000 or
2003?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Hello Meinolf,

We debugged this same problem in the DNS group under headline
"Duplicate DNS entries" or similar...

For a moment I was convinced that this is not a DNS issue. I'm not
convinced anymore because I just checked our DNS records manually and
found few duplicates in forward and reverse zones. Entries were not
for the clients who reported problems but this might indikate that
there's somthing wrong about our DNS. I checked and removed duplicated
also last weeks so these were new duplicates or I'm going blind...

Also DNS entries for client computers that are removed from our
company years ago appeared in DNS.

All help appreciated

William

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> kirjoitti
viestissä:ff16fb661a70a8cb64754a785794@xxxxxxxxxxxxxxxxxxxxxxx

Hello William,

For DNS make sure that all machines use only domain internal DNS
servers. Please post an unedited ipconfig /all from the DNS server
and a problem machine. Are any of the DC/DNS server multihomed?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hello,

In the last few weeks we have been experiencing some very slow
network
logons. When a user boots his desktop and logs
on to our AD it might take something between 20 seconds to 13
minutes
after
credentials input that his computer has
finished loading and is ready to be used. This happens to some
client
sometimes. Not to all and not every time. Some
clients have not experienced any difficulties (so far).
We have all Dell environment. All desktops are Optiplex 755 or GX520
with
Intel or Broadcomm network adapters. AD
Domain Controller servers are two Dell PowerEdge2950 servers one
with
Win2003R2 and one with Win2008SP1. Domain
funtional level is 2003.
As in almost all cases of slow network logins the culprit is DNS or
network
errors. Thats why I have been debugging
our DNS servers and Domain Controllers and I cannot find the reason
for this
there. No errors in the eventlogs.
replication seems to work OK. We have 2 AD integrated DNS servers on
the
Domain Controller machines. No client uses
any external DNS servers. All external queries are forwarded via
internal
DNS servers. Also Netdiag and Dcdiag give
clean results. I have also replaced our network swithes. We used to
use 1Gb
Hp Procurves but I went back to 100Mb
switches for debug reasons. No help there.
This mornign one user reported to me that his login took very long.
I
checked his Windows XP event log and it was
clean. I also checked the DC's event log which his computer used for
authentication and it was clean. No errors.
However I noticed that there was 8 succesful audit in the servers
security
log for this user and this login. Time gap
between the first and last was 4 minites and 5 seconds. Is this
normal?
Events logged in DC were ID
540,540,540,538,538,538,540,538 in this order. First at 08:32:12 and
last
08:27:19.
What has changed is what I ask myself? Well before this started our
company
moved to a new location from 2 separate
offices. During the move one Win2000 DC was demoted using DCPROMO,
one
site
and the corresponding subnet were deleted
from AD, our current site was renamed. All of these operations were
reported
successful and I gave time for the DC's
to replicate before the move. I gave about 16 hours. I have also
checked
that there's no references to the demoted DC
in DNS anymore.
So where to go from here? I don't have much ideas left anymore so
hope
someone here can assist.
Thanks
William











.