RE: Intermittent Very Long domain logon time
- From: briandel@xxxxxxxxxxxxxxxxxxxx (Brian Delaney [MSFT])
- Date: Thu, 04 Jan 2007 20:58:38 GMT
Hi Ray,
I've worked with a few customers on this problem and the most common root
cause is usually a GPO configuration. Particularly, a File System GPO. I
have seen configurations where a GPO was configured to ACL C:\, C:\Windows,
C:\windows\system32, etc. Setting ACLs on this number of files can take a
long time and cause a slow boot. The reason it is so sporadic is that the
Security CSE (Client Side Extension) will reprocess even when no changes
are made to the GPO every 16 hours. If the computer is left on overnight
this will not really affect the user as it will occur in the background and
only cause minor performance issues. However, if the user has shut the PC
down overnight and this 16 hour threshold is exceeded, when the boot up in
the morning the execution of the Security CSE will be required before the
user will be able to complete their logon.
Please review your GPOs for any config similar to mentioned above. Also,
potentially you could look for a large number of registry security
permissions being set although I have not yet seen this cause the symptoms
you have mentioned.
File System and Registry Policies can be found at:
Computer Configuration \ Windows Settings \ Security Settings \ File System
Computer Configuration \ Windows Settings \ Security Settings \ Registry
If this is not the case I would recommend enabling userenv logging on the
machines that are exhibiting the symptoms and wait for the next occurance.
At the next reported occurance collect the userenv.log file for analysis.
Userenv logging is configured by creating a registry key as follows:
Value Path: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value Name: UserEnvDebugLevel
Value Type: REG_DWORD
Value Data: 10002 (hex)
http://support.microsoft.com/kb/221833
Hope this helps,
Brian Delaney
Microsoft Canada
--
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Intermittent Very Long domain logon timea
thread-index: AccwL75MSJ0FAxxUSpycnOvfl1mWBg==
X-WBNR-Posting-Host: 64.109.7.158
From: =?Utf-8?B?Y215YXI=?= <cmyar@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Intermittent Very Long domain logon time
Date: Thu, 4 Jan 2007 10:40:01 -0800
I have 140 users, XP SP2, connectiong to a W2K domain. Every now and then
few users will have horribly long logon times. The long logon onlyhappens
when logging on after powering on the computer connected to the domain.logon
After the successful logon if I log that user off and log back in, the
happens in about 3-5 seconds versus 5 minutes. I have Gigabit connectionsto
everyones computer, so slow link isn't the issue. The GPO's in place areeveryone
applied to the entire domain, so GPO's shouldn't be the problem or
would be having the same issue. DNS is setup correctly I have verifiedthat
many times. I have had success (not always though) with unbinding the
computer from the domain and rebinding, I have also had success (again not
always) with flushing the dns resolver cache on the local computer and
restarting. Any suggestions would be very helpful.
Thanks Ray
.
- Prev by Date: Re: Ntbackup scenario
- Next by Date: Re: Server Exchange/Rebuild
- Previous by thread: Re: Intermittent Very Long domain logon time
- Next by thread: Re: Windows XP PRo SP 2 installation trouble
- Index(es):
Relevant Pages
|
