This definetly looks like a DNS issue to me. Make sure all your computers (server included) are looking at your DC for DNS and nowhere else.
eb
Main Topics
Browse All TopicsSome of our users complain that especially in the morning they have to wait for quite a long time after they input their domain credentials into login window. Some of them wait for several minutes until they see desktop icons appearing, others have to wait to access network-based applications (Outlook configured for exchange server and other applications running from network shares). Others have to wait for a while when "Applying computer settings" windows is displayed.
All computers are Windows XP SP2 and all servers are Windows 2003 SP2
I've checked event log and noticed that most of them have the following events:
--------------------------
Type: Error
Event: 7023
Source: Service Control Manager
Description: The Computer Browser service terminated with the following error: Timeout. Operation failed (literal translation from Italian)
--------------------------
services.msc shows that 'computer browser' service is not running, however i can successfully launch it manually after logging in. I've applied the KB889320 but the issue is not resolved.
--------------------------
Type: Error
Event: 1054
Source: Userenv
Description: Windows cannot obtain the domain controller name for your computer network. (Domain controller does not exist or can not be contacted). Group Policy processing aborted.
--------------------------
This event is immediately followed by Warning (Event 1517, source Userenv)
Netdiag errors common to most of these PCs are as follows:
DC list test . . . . . . . . . . . : Failed
Kerberos test. . . . . . . . . . . : Failed
[FATAL] Cannot get ticket cache from Kerberos.
The error occurred was: (null)
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'server1.domain.local'.
[WARNING] Failed to query SPN registration on DC 'server2.domain.local'.
How can I resolve the problem?
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
One additional point on DNS in Windows:
Although you can specify multiple DNS servers on a network interface, they are not used in combination. If the first does not respond at all, Windows will elect to use the second DNS registration but will not usually revert back to the first until the computer has been restarted. All speciifed DNS servers must return a complete set of results, so don't set one to point to your firewall or ISP. Make sure they both point to your domain DNS servers (whether Active Directory integrated, other Windows servers or third party).
DCDIAG on SERVER1 gives me the following error:
--------------------------
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 03/12/2008 11:53:12
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/12/2008 11:53:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/12/2008 11:53:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/12/2008 11:53:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000037
Time Generated: 03/12/2008 11:53:27
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000037
Time Generated: 03/12/2008 11:53:27
(Event String could not be retrieved)
......................... SERVER1 failed test systemlog
--------------------------
SERVER2 passed all tests though...
Several users still complain about the very long logon time.
Here's the netdiag from one of such computers.
..........................
Computer Name: COMPUTERNAME
DNS Host Name: COMPUTERNAME.DOMAIN.LOCAL
System info : Windows 2000 Professional (Build 2600)
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
List of installed hotfixes :
KB873339
KB885250
KB885835
KB885836
KB886185
KB887472
KB888302
KB889320-v2
KB890046
KB890859
KB891781
KB893756
KB893803v2
KB894391
KB896358
KB896423
KB896428
KB898461
KB899587
KB899591
KB900485
KB900725
KB901017
KB901214
KB902400
KB904706
KB904942
KB905414
KB905749
KB908519
KB908531
KB910437
KB911280
KB911562
KB911564
KB911927
KB913580
KB914388
KB914389
KB914440
KB915865
KB916595
KB916846
KB917159
KB917734_WMP9
KB917953
KB918118
KB918439
KB919007
KB920213
KB920342
KB920670
KB920683
KB920685
KB920872
KB921503
KB921883
KB922582
KB922819
KB923191
KB923414
KB923689
KB923980
KB924191
KB924270
KB924667
KB925398_WMP64
KB925720
KB925876
KB925902
KB926255
KB926436
KB927779
KB927802
KB927891
KB928255
KB928843
KB929123
KB929969
KB930178
KB930916
KB931261
KB931784
KB931836
KB932168
KB933360
KB933566-IE7
KB933729
KB935839
KB935840
KB936021
KB936357
KB936782_WMP9
KB937143-IE7
KB937894
KB938127-IE7
KB938828
KB938829
KB939653-IE7
KB941202
KB941568
KB941569
KB941644
KB942615-IE7
KB942763
KB943055
KB943460
KB943485
KB944533-IE7
KB944653
KB946026
Q147222
Netcard queries test . . . . . . . : Passed
GetStats failed for 'Miniport WAN (PPPOE)'. [ERROR_NOT_SUPPORTED]
Per interface results:
Adapter : Connessione alla rete locale (LAN)
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : COMPUTERNAME.DOMAIN.LOCAL
IP Address . . . . . . . . : 10.10.10.38
Subnet Mask. . . . . . . . : 255.255.0.0
Default Gateway. . . . . . : 10.10.0.1
Primary WINS Server. . . . : 10.10.1.1
Dns Servers. . . . . . . . : 10.10.1.1
10.10.1.2
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{FEA8F6C8-1CAD
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{FEA8F6C8-1CAD
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{FEA8F6C8-1CAD
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
Trust relationship test. . . . . . : Passed
Secure channel for domain 'DOMAIN' is to '\\domaincontroller02.doma
Kerberos test. . . . . . . . . . . : Failed
[FATAL] Cannot get ticket cache from Kerberos.
The error occurred was: (null)
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'domaincontroller02.domain
[WARNING] Failed to query SPN registration on DC 'domaincontroller01.domain
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
Service status is: Started
Service startup is: Automatic
IPSec service is available, but no policy is assigned or active
Note: run "ipseccmd /?" for more detailed information
The command completed successfully
First thing check ADUC and make sure none of the computer accounts have been disabled
I have also seen some references that say this problem can be solved by creating a reverse lookup zone for your domain.
If the above does not help try removing one of the problem computers from the domain and adding it again. Be sure to delete the computer account from ADUC and the listing from DNS BEFORE you add it to the domain aging.
eb
Long log on times are due to DNS issues almost 99% of the time.
All your DC's is their dns pointing to themselves? (Look in TCP IP properties of the LAN connection)
The DNS servers should be to itself or another INTERNAL DNS machine.
SRV records should be created automatically when a machine is joined to the domain as a DC
Business Accounts
Answer for Membership
by: SteveH_UKPosted on 2008-04-17 at 06:59:24ID: 21377097
Start by looking at the following:
1. Run DCDIAG on your domain controllers. DCDIAG is part of the support tools and can be downloaded directly from the MS website. Review and respond to any identified issues.
2. Check the network configuration on a client. Make sure that DHCP, DNS and WINS settings are correct.
3. Compare the time on a client to the time on each of your DCs. These should be within 5 minutes of each other for correct function.
4. Do you connect to the network after you've turned the computer on? The computer logs on to the network as part of the startup process, and this can cause issues if your domain (or network) is persistently unavailable during startup.
Let me know how you get on with these, or if you need further assistance.