Re: User Based Slow Logon and Auth

Maybe someone esle will get a different take, but I'm pretty well stumped

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"BrainStomp" <BrainStomp@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4129874D-D1E4-45FA-A124-5EC1806DBA41@xxxxxxxxxxxxxxxx
The users are in the same OU and outside of a couple of differences in
membership to distribution groups. Neither user is a member of the Power
Users group. All the users where created using the Wizard, all the GPOs
are
the same. I can create a different user in AD U&C by copying each of these
users and log in as the new user and all works fine for both users
(granted
with different SIDs I get a different profile but since there are no
roaming
profiles I see the profile as a non issue).

"Cris Hanna [SBS-MVP]" wrote:

well I'm quite surprised to hear that you haven't had issues until now
I could point you to numerous articles about the adverse effects of a
multi-homed Domain Controller

you are correct that it is odd that it is only these two users and not
everyone

But slow logons are 9 times out of 10, DNS/Network related

were these two users created differently (non-wizard vs wizard)? Are
they
in a separate OU? Security Group Any GPOs for these two?

Any chance they are assigned to Power Users group? (seen some unusual
things
in the SBS world with the Power User's group)

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"BrainStomp" <BrainStomp@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BE357C53-1726-4717-B3DA-198021DF8673@xxxxxxxxxxxxxxxx
LAN2 is the default and it is setup as such under the advanced network
settings. LAN1 is not connected at all. The internet connection is via
a
NAT
router on 192.168.16.1 The extra IP addresses are there to handle some
extra
websites we needed to run under IIS. The thing is that this server has
been
up and running for over 2 years without issue and this problem is
linked
to
users, how does the extra IP addresses only affect two users? If this
where
affecing all users I could see making the change.



"Cris Hanna [SBS-MVP]" wrote:

LAN 2 is your default internal network?
1. You can't have 3 IP addresses assigned to your DC internal nic

LAN 1 is your connection to the internet?
Unless you've altered the IP for some reason, the address assigned to
it
is
a private ip used only when the nic cannot obtain an IP through DHCP

So there are two issues from the get go

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"BrainStomp" <BrainStomp@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:989EC571-532F-4104-AE48-2A1E7E6576BC@xxxxxxxxxxxxxxxx
Okay here it goes - I'll answer by the numbers.

1. 3 servers, SBS and two different SQL servers. SBS is R1 w/ SP1,
Both
SQL
are Windows Server 2003 w/ SQL 2000 SP3a

2. SBS Server has 2 NIC.

3. No ISA this is all behind a NAT router.

4. Network connectivity via a Gigabit Switch (dell)

5. <Server IPConfig>
C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : pspsrv01
Primary Dns Suffix . . . . . . . : MyFQDN.Local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : MyFQDN.Local

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.109
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter LAN2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-C0-9F-20-2E-83
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.252
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.16.250
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2

Ethernet adapter LAN1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Server
Adapter
Physical Address. . . . . . . . . : 00-02-B3-C9-5A-E7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 169.254.236.136
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2

C:\>

<IPConfig on one of the workstations>
C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : PSPWS01
Primary Dns Suffix . . . . . . . : MyFQDN.Local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : MyFQDN.Local
MyFQDN.Local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : MyFQDN.Local
Description . . . . . . . . . . . : Broadcom NetXtreme
Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-10-18-09-08-75
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.16.104
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
DHCP Server . . . . . . . . . . . : 192.168.16.2
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
Lease Obtained. . . . . . . . . . : Friday, May 04, 2007
12:12:52
PM
Lease Expires . . . . . . . . . . : Saturday, May 12, 2007
12:12:52
PM

Time is scynched up with the server at every loging via a logon
script
using
the "net time" command.



"Cris Hanna [SBS-MVP]" wrote:

Give us as much detail as you can i.e.
1. How many servers in your network?
2. How many nics in the SBS server
3. Do you have ISA installed?
3. What they connected to?
4. Run "ipconfig /all" from the SBS Server, any other server, and a
workstation and then post the results here



--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"BrainStomp" <BrainStomp@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:5C642B5D-26F8-48BE-B963-2B9A65E410F4@xxxxxxxxxxxxxxxx
I have to add some more information to this.

Anything that requires authentication is taking a very long time
to
complete. I am setting one of these users up on a new workstation
and
the
logon took just over 5 minutes and the proccess of setting up
outlook
to
open
the users mail so far is at 15 minutes counting right after
clickin
on
the
"Check Name" button.

The ERP is tied to the domain user for logon and that times out
completely.

"BrainStomp" wrote:

I have searched the newsgroups here and tried a number of things
discussed in
similar threads but I have not had any luck.

Here is my situation; I have an SBS 2003 R1 server running my
domain.
I
have
two users that when you log in as them it takes about 5 minutes
for
the
logon
process to finish. The problem seems to be related to the two
user
accounts
directly because this behavior follows the user account
regardless
of
the
workstation that the user logs into. There are no roaming
profiles
on
this
network, the same logon scripts and policies apply to all the
other
users
of
the domain and they are not having the problem. The workstations
are
set
to
get their IP information from the DHCP server running on the SBS
server
and I
have verified that all the options on the DHCP server are
correct.
I
have
made the user accounts in questions local administrators to the
workstations
to see if this fixes the issue and it does not. I have thought
about
making
new accounts for the users and just moving on but there is a
problem
with
accountability that is inherited from this. Our ERP runs off an
MS
SQL
Database and that database tracks transactions by users based on
the
SID
of
the user account, so simply making a new account for the user
and
assigning
it the olf mailbox from exchange won't do the trick for me.

Have I missed something? Is there anything I can do?

Thanks












.

Loading