nsriram
asked on
slow win2k domain logon on new Dell Dimension XP machines
we have a win2k server defining a small domain (no more than a dozen PCs belong to this domain) on a 10/100 network.
Recently we got new XP Pro preconfigured Dell Dimension desktops. These have a choice of broadcom gigabit or Intel pro/100 cards (there are 2 cards in the PC). Both seem to work but we decided to use the Intel (as we are not on a gigabit network) option and it reports to be working at 10 Mbit mode
access to the net is fine BUT logon from these machines to the win2k domain is SLOOOOOOOW (2 minutes at least).. takes a while to load the settings and then apply them
the user profiles are very large on these machines (80 MB etc.) but the profiles for the same users on other machines are less than 1 MB. I am not sure if this is the issue.
I tried looking for similar problems on EE and tried tweaking some MMC settings (something about logon) but to no avail. For what it is worth all of the settings in MMC for the older machines (they use 3com cards) are also not configured and there is no systematic difference that I can tell.
Would appreciate any tips to address the slow login and large user profiles problem.. AFAIK both xp and win2k are patched.
So its not clear why these DELL machines have this problem.
I check the network activity on the DELL machines it is very less compared to the older machines (where for some reason there are tons of packets being processed by the 3 com card)
ASKER
No... This is not the solution as I tried this before.
What worked is the following:
1. Disable netbios over tcpip.. this enabled fast logins (no DNS specified)
2. Enabled netbios over tcpip and set the win2k server as the first choice on the DNS list
both of these solutions resulted in fast logons.
If anyone can explain why these work (and seem to be equivalent) I can give them points. else I will close the post.
What worked is the following:
1. Disable netbios over tcpip.. this enabled fast logins (no DNS specified)
2. Enabled netbios over tcpip and set the win2k server as the first choice on the DNS list
both of these solutions resulted in fast logons.
If anyone can explain why these work (and seem to be equivalent) I can give them points. else I will close the post.
win2k uses DNS to locate a domain controller.
1. With no DNS specified, it was forced to do a broadcast and hence found the DC
2. With the win2k server as the DNS server, it requests the IP address for the DC and gets it immediately.
for more info on how the DC is located:
http://support.microsoft.com/default.aspx?scid=kb;en-us;247811&Product=win2000
From my experience about 75% of problems with Active Directory are DNS problems. Always check your DNS settings !
1. With no DNS specified, it was forced to do a broadcast and hence found the DC
2. With the win2k server as the DNS server, it requests the IP address for the DC and gets it immediately.
for more info on how the DC is located:
http://support.microsoft.com/default.aspx?scid=kb;en-us;247811&Product=win2000
From my experience about 75% of problems with Active Directory are DNS problems. Always check your DNS settings !
see if this helps
exclude items from the roaming profile
----------------
y default, the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from a user's profile. This means that these folders are not stored on the network and do not follow the user from PC to PC.
You can exclude addition folders by ADDing the Default Domain Policy to the MMC and setting Exclude
directories in roaming profile, by navigating through User Configuration\Administrati
Templates\System\Logon/Log
There is no way to use this policy to include the folders that are excluded by default.
The results of the GPO are stored in the registry at:
HKEY_CURRENT_UsER\Software
ExcludeProfileDirs value name is a REG_SZ data type, that stores the additional excluded folders in
Folder-name[;Folder-name..
If you subsequently disable the policy, or set it to Not configured, Group Policy deletes the ExcludeProfileDirs
value name.
NOTE: If you add ExcludeProfileDirs, you must also add it at:
HKEY_CURRENT_USER\Software
Objects\LocalUser\Software
---------------------
excluding folders from roaming profiles.
In Windows 2000, the default value of ExcludeProfileDirs at
HKEY_CURRENT_USER\Software
Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook.
The Exclude directories in roaming profile Group Policy at User Configuration\Administrati
Templates\System\Logon/Log
The additional folders that you configure are stored in the ExcludeProfileDirs value name, as a string variable
(REG_SZ), at HKEY_CURRENT_USER\Software
NOTE: You could reduce the number of Days to keep pages in history on the General tab of Internet Options,
and check the Empty temporary Internet Files when browser is closed box on the Advanced tab.
3712 » Excluded profile folders are being uploaded to your Windows 2000 profile?
Even though you have excluded some directories from your profile (tips 3868 and 3543), these excluded folders are
uploaded to your profile when you log off?
When Windows 2000 retrieves the ExcludeProfileDirs value, it writes the data to Ntuser.ini. If the data exceeds 260
characters, a buffer overflow occurs and the entire string is considered to be NULL.
To resolve the issue, limit the total length of the exclusion list to 260 characters.
--------------------------
http://www.jsiinc.com/subg/tip3400/rh3496.htm
496 » You MUST disable the cache option for Offline Files on a roaming profile share?
If you do not disable the cache option for Offline Files on a user profile share, the profile will become unstable, as
both the Offline Files and roaming profile attempt to synchronize the files in the profile.
The cache option is SMB share based. If you enable the cache option on a share, and roaming profiles are below that
share, Offline Files caches files in the profile.
NOTE: Whenever possible, store roaming profiles and offline-enabled shares on different servers.
To resolve the problem:
Create a separate share for user profiles and disable the cache option on the new share by opening a CMD prompt and
typing:
net share \\Server\Sharename /cache:no
You can use Windows Explorer to disable the cache by right-clicking the shared folder and press Properties. On the
Sharing tab, press the Caching button and clear the Allow caching of files in this folder box
exclude items from the roaming profile
----------------
y default, the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from a user's profile. This means that these folders are not stored on the network and do not follow the user from PC to PC.
You can exclude addition folders by ADDing the Default Domain Policy to the MMC and setting Exclude
directories in roaming profile, by navigating through User Configuration\Administrati
Templates\System\Logon/Log
There is no way to use this policy to include the folders that are excluded by default.
The results of the GPO are stored in the registry at:
HKEY_CURRENT_UsER\Software
ExcludeProfileDirs value name is a REG_SZ data type, that stores the additional excluded folders in
Folder-name[;Folder-name..
If you subsequently disable the policy, or set it to Not configured, Group Policy deletes the ExcludeProfileDirs
value name.
NOTE: If you add ExcludeProfileDirs, you must also add it at:
HKEY_CURRENT_USER\Software
Objects\LocalUser\Software
---------------------
excluding folders from roaming profiles.
In Windows 2000, the default value of ExcludeProfileDirs at
HKEY_CURRENT_USER\Software
Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook.
The Exclude directories in roaming profile Group Policy at User Configuration\Administrati
Templates\System\Logon/Log
The additional folders that you configure are stored in the ExcludeProfileDirs value name, as a string variable
(REG_SZ), at HKEY_CURRENT_USER\Software
NOTE: You could reduce the number of Days to keep pages in history on the General tab of Internet Options,
and check the Empty temporary Internet Files when browser is closed box on the Advanced tab.
3712 » Excluded profile folders are being uploaded to your Windows 2000 profile?
Even though you have excluded some directories from your profile (tips 3868 and 3543), these excluded folders are
uploaded to your profile when you log off?
When Windows 2000 retrieves the ExcludeProfileDirs value, it writes the data to Ntuser.ini. If the data exceeds 260
characters, a buffer overflow occurs and the entire string is considered to be NULL.
To resolve the issue, limit the total length of the exclusion list to 260 characters.
--------------------------
http://www.jsiinc.com/subg/tip3400/rh3496.htm
496 » You MUST disable the cache option for Offline Files on a roaming profile share?
If you do not disable the cache option for Offline Files on a user profile share, the profile will become unstable, as
both the Offline Files and roaming profile attempt to synchronize the files in the profile.
The cache option is SMB share based. If you enable the cache option on a share, and roaming profiles are below that
share, Offline Files caches files in the profile.
NOTE: Whenever possible, store roaming profiles and offline-enabled shares on different servers.
To resolve the problem:
Create a separate share for user profiles and disable the cache option on the new share by opening a CMD prompt and
typing:
net share \\Server\Sharename /cache:no
You can use Windows Explorer to disable the cache by right-clicking the shared folder and press Properties. On the
Sharing tab, press the Caching button and clear the Allow caching of files in this folder box
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes.. this is sensitive to how the settings are applied
even if things are toggled and set back to the original state it works..
so it is probably a settings bug
so after providing a DNS and/or disabling netbios over tcpip it seemed to work
now I have both on the original (no DNS, no disabling netbios) and it still continues to work
clearly this is not a reversible process.. something happens when one toggles these settings. even if one goes back to the old setting the behavior is changed.
even if things are toggled and set back to the original state it works..
so it is probably a settings bug
so after providing a DNS and/or disabling netbios over tcpip it seemed to work
now I have both on the original (no DNS, no disabling netbios) and it still continues to work
clearly this is not a reversible process.. something happens when one toggles these settings. even if one goes back to the old setting the behavior is changed.
Toggling the settings may actually change the name-resolution order to what it should be. That's the beauty and mystery of how the Registry works... hehe.
http://www.windowsxpatoz.com/cgi-bin/performance/index.cgi?answer=1036283899&id=1036282433
You may experience extremely long delays (up to 5 minutes) when logging into domains using Windows XP Pro. This is caused by the asyncronous loading of networking during the boot up process. This speeds up the login process in a stand-alone workstation by allowing the user to log in with cached logon credentials before the network is fully ready.
To disable this "feature" and restore your domain logons to their normal speed, open the MMC and add the group policy snap-in. Under Computer Configuration-->Administra
This can be fed to clients via a group policy from a Windows 2000 server by upgrading the standard policy template with the XP policy template. Since this is an XP only command, non-XP systems will ignore it in a domain distributed group policy.