new server 2003 slow login NOT a DNS problem

we have a remote site that had been using Windows 2000 servers until
this week...

we replaced them with Windows Server 2003 R2 Standard, these servers
are in the DMZ behind an IPCop firewall...

the SBS2003 which controls the domain there is in the LAN. it is the
only DC on site, and handles internal DNS.

I can log in to one of these servers and nslookup all night long with
instant and correct replies.

Server1 is in the DMZ at 172.17.176.5 - the SBS is at 172.17.167.3...
and I can put the SBS in to explorer and it instantly brings up the
SBS's shares.

My IPConfig shows:


C:\Documents and Settings\Administrator.DOMAIN>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : SERVER1
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-08-74-27-F4-64
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.17.176.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.17.176.1
DNS Servers . . . . . . . . . . . : 172.17.167.3
Primary WINS Server . . . . . . . : 172.17.167.3

C:\Documents and Settings\Administrator.DOMAIN>


However, I wait for 5 minutes of 'Applying your personal settings'
when logging in with domain user information - the authentication
seems instant, but (from what I've read) the Group Policy is not
properly getting through...

The firewall has been opened to allow ICMP from server1 to the sbs2003
dc in a desperate attempt to find some little overlooked detail, no
luck.

The firewall is opened between these two machine as follows:
UDP :137(NETBIOS-NS)
UDP :138(NETBIOS-DGM)
TCP :139(NETBIOS-SSN)
TCP :445(MICROSOFT-DS)
UDP : 53(DOMAIN)
UDP : 389(LDAP)
TCP : 636(LDAPS)
TCP : 88(KERBEROS)
TCP : 135(EPMAP)
TCP : 3268
TCP : 1025
UDP : 88(KERBEROS)

So - DNS works, I can access shares through the firewall, I can even
ping, but still I'm getting a 5 minute hang - anyone have any ideas?

thanks all -


Richard

.

Relevant Pages

  • Re: problem with UDP broadcast on Windows XP
    ... between UDP & TCP - can the socket actually rx UDP? ... are you taking any action in your service to ignore Windows ... Hm, seeing that it processes TCP and "directed" UDP packets just fine, ...
    (comp.lang.python)
  • Re: major DNS hiccup
    ... Some DNS queries are done via UDP, others via TCP, so firewalling TCP is ... I see traffic passing both ways (all udp, no tcp, incidentally), and all with correct checksums, and nothing being blocked. ... What I get is nameserver reply packets from assorted unrelated servers with defects in them - either no answer record but with the question returned to me, or no answer /and/ no question. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Ports other than 53 required for proper DNS operation????
    ... DNS should be straight TCP/IP on port 53, ... UDP first, then TCP. ... With Windows communication within a network, or even on the local server, ...
    (microsoft.public.windows.server.dns)
  • Re: Server with UDP and TCP
    ... servers using TCP. ... servers use UDP. ... TCP sockets and the same time. ... same issue occurs if i use the UDP recvfrom comand. ...
    (comp.lang.c)
  • Re: ISA Always Blocks DNS Zone Transfers
    ... I do allow both TCP Incoming and Receive Send UDP. ... Maybe the NAT is inteferring with the Zone Transfer. ... You should change this setting only to allowed DNS Servers! ...
    (microsoft.public.isaserver)