Re: new server 2003 slow login NOT a DNS problem

On Feb 23, 2:21 pm, Myweb <mei...@xxxxxx> wrote:
Hello rjvale...@xxxxxxxxx,

If i see your DNS server ip's their is a mismatch with your current subnet
mask. 176 to 167?

Best regards

Myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

we have a remote site that had been using Windows 2000 servers until
this week...

we replaced them with Windows Server 2003 R2 Standard, these servers
are in the DMZ behind an IPCop firewall...

the SBS2003 which controls the domain there is in the LAN. it is the
only DC on site, and handles internal DNS.

I can log in to one of these servers and nslookup all night long with
instant and correct replies.

Server1 is in the DMZ at 172.17.176.5 - the SBS is at 172.17.167.3...
and I can put the SBS in to explorer and it instantly brings up the
SBS's shares.

My IPConfig shows:

C:\Documents and Settings\Administrator.DOMAIN>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : SERVER1
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local
Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-08-74-27-F4-64
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.17.176.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.17.176.1
DNS Servers . . . . . . . . . . . : 172.17.167.3
Primary WINS Server . . . . . . . : 172.17.167.3
C:\Documents and Settings\Administrator.DOMAIN>

However, I wait for 5 minutes of 'Applying your personal settings'
when logging in with domain user information - the authentication
seems instant, but (from what I've read) the Group Policy is not
properly getting through...

The firewall has been opened to allow ICMP from server1 to the sbs2003
dc in a desperate attempt to find some little overlooked detail, no
luck.

The firewall is opened between these two machine as follows:
UDP :137(NETBIOS-NS)
UDP :138(NETBIOS-DGM)
TCP :139(NETBIOS-SSN)
TCP :445(MICROSOFT-DS)
UDP : 53(DOMAIN)
UDP : 389(LDAP)
TCP : 636(LDAPS)
TCP : 88(KERBEROS)
TCP : 135(EPMAP)
TCP : 3268
TCP : 1025
UDP : 88(KERBEROS)
So - DNS works, I can access shares through the firewall, I can even
ping, but still I'm getting a 5 minute hang - anyone have any ideas?

thanks all -

Richard



no mismatch - the internal DNS and DC is in the LAN, the servers with
the issue are in the DMZ... i have all those ports pinholed across, i
dont see what could cause this problem.

.

Relevant Pages

  • Re: SMTP delivery failure when NIC DNS server points to router
    ... I learned that the router's DNS server does not listen to TCP queries. ... Configure the SMTPSVC to use UDP for DNS queries. ...
    (microsoft.public.inetserver.iis.smtp_nntp)
  • RE: Help with ipfw rules to allow DNS queries through
    ... If a DNS reply exceeds the maximum size of a udp datagram, it will be sent using TCP so the rule is needed. ... > I have a stand alone server co-located on my employers T1 line. ...
    (FreeBSD-Security)
  • Re: Windows 2003 Help
    ... Reconfigure the DC's as also posted in DNS NG: ... In the private ip range i would not enable the firewall between the DC's. ... 53211 TCP ... 53 TCP and UDP ...
    (microsoft.public.windows.server.general)
  • SMTP Outgoing - Connection Dropped
    ... Searching for Exchange external DNS settings. ... Checking TCP/UDP SOA serial number using DNS server. ... TCP test failed. ... UDP test succeeded. ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange TCP/IP ports
    ... 389 LDAP to GC/DC - TCP/UDP ... 53 DNS to DC - TCP/UDP ... DNS can sometimes use TCP even though most queries are UDP make sure you ...
    (microsoft.public.exchange.admin)
Loading