Question

slow domain logon issue

Asked by: mbeatty20

We have many users having slow domain logon issues and I can't seem to pinpoint the problem.  The issue is hit or miss.  One day they'll logon normal/fast, and then another day it'll take anywhere from 1-5 minutes for their icons to come up.  I set user verbose logging on and pulled this log (attached).  I'm having trouble interpretting where it could be slowing down.

Network Info.
Windows Server 2003 SP2 Domain Controller providing DNS and DHCP as well.
Stations having the issue are Windows XP SP2 computers.  
We also have some laptops with Windows Vista and none of them have problems.

Possible Solutions Tried:
Disabling/Uninstalling certain startup programs.
Adjusting startup scripts and GPOs
Making sure wait for nework was enabled in AD.  Turned on Asyncronous load of scripts in AD
Forced Kerberos to use TCP instead of UDP in Windows (http://support.microsoft.com/kb/244474)
Gave local administrative rights to the user.
I can't remember what else at the moment
.
If you need anymore information just ask.
Please help.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-09-01 at 12:30:26ID24699194
Tags

slow logon

,

windows xp

Topics

Windows XP Operating System

,

Domain Name Service (DNS)

,

Active Directory

Participating Experts
6
Points
500
Comments
20

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Kerberos server errors
    I'm having some problems browsing my Windows 2000 AD domain. When I try to browse I get an error stating that the domain cannot be found. I see no errors in the event logs of either the client or domain controllers. When I sniff my network connection I see an error in the ...
  2. Configure Cisco VPN Concentrator 3000 to use TCP for …
    After a great deal of troubleshooting and a phone call to Microsoft we figured out that users with a large number of goupr memberships or with SID histories were not able to authenticate / logon to the VPN because the Kerberos reponse was too large for a UDP packet. MS Windo...
  3. Kerberos
    I running a 2003 server with CRM and Sharepoint on it this is the server that getting this error in the vent viewer I keep getting these errors in my event viewer under system. Source Kerberos Event ID 3 Should I be concerned everything run fine no problems what ever ex...
  4. Kerberos error in Exchange Cluster
    Windows Server 2k3Sp2 Exchange 2k3Sp2 Clutered njmail01=active node NJMAIL=virtual cluster name I am recieving a Kerberos error which doesn't seem to be affecting the server, but none the less I would rather not have it grow and cripple my network. Here is the event log Eve...
  5. Difference between NTLM and kerberos
    Difference between NTLM and kerberos
  6. GPO error message Kerberos
    I've made a bunch of different policys a few weeks back. They were working fine for a while, however I saw something on a user's PC today that would indicate they've stopped working. I've checked on the event view on my Terminal Server (where the policies are applied). I f...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: VCBoothPosted on 2009-09-01 at 12:34:22ID: 25235109

This is caused by the asyncronous loading of networking during the boot up process.  This speeds up the login process in a stand-alone workstation by allowing the user to log in with cached logon credentials before the network is fully ready.

To disable this "feature" and restore your domain logons to their normal speed, open the MMC and add the group policy snap-in.  Under Computer Configuration-->Administrative Templates-->System-->Logon, change "Always wait for the network at computer startup and logon" to ENABLED.

This can be fed to clients via a group policy from a Windows 2000 server by upgrading the standard policy template with the XP policy template.  Since this is an XP only command, non-XP systems will ignore it in a domain distributed group policy.

 

by: mbeatty20Posted on 2009-09-01 at 12:54:40ID: 25235272

Already enabled.  I already posted that in my original post. I should have been more detailed in describing what i already tried.  Sorry

Any other ideas?

 

by: dfkePosted on 2009-09-01 at 13:04:02ID: 25235379

The 'Default Domain Policy' needs to have 'Domain Computers' added to the Security Filtering under the Scope.

 

by: mbeatty20Posted on 2009-09-01 at 13:09:14ID: 25235448

I'll try and let you know.  Thanks!

 

by: cracksalsaPosted on 2009-09-01 at 13:42:29ID: 25235802

Have you checked DNS. If the DNS is not straight there can be delays in logging in. Do the workstations ONLY have internal DNS servers or is there an external address in there as well?

 

by: mbeatty20Posted on 2009-09-01 at 13:45:24ID: 25235829

We only have internal DNS servers.  No external.  I double-checked DNS to the bets of my ability and everything looks good as far as I can tell.  Any specific settings I should be checking?

 

by: cracksalsaPosted on 2009-09-01 at 13:55:56ID: 25235956

On your DNS server, it should have its NIC settings static IP with the first DNS pointing to itself and second to your next internal. THen in your DHCP settings, the server config should have internal servers set for DNS. That way it will had out the internal servers.

Also, I know your running xp sp2, but have you reviewed the following EE solution. There is alot of good info in there.
http://www.experts-exchange.com/Networking/Windows_Networking/NT/Q_21093961.html

 

by: mbeatty20Posted on 2009-09-01 at 14:00:25ID: 25236048

Ok.. I"ll check those network settings.  One question, what static IP DNS settings should i set for the second dns server?  Should it point to itself , or to first DNS server.

 

by: cracksalsaPosted on 2009-09-01 at 14:10:37ID: 25236204

Anytime a server is a DNS server, It should point to itself as the primary and another internal as the secondary. If you dont' have additional internals, leave it empty. As long as your not putting the DNS servers that your ISP provided, you will be fine.

 

by: mbeatty20Posted on 2009-09-01 at 21:21:27ID: 25238056

cracksalsa,
I checked all of the DNS settings as you suggested and they were all correct.  Even the DHCP settings.  Also, I looked into that other EE solution you mentioned.  Most of the links in there were broken, but managed to find more information about some from google.  Going to see if I can find that bootvis.exe tool.  One other thing suggested in that EE solution is to disable BITS, but I'm a little concerned this will break our WSUS updating.

dfke,
I checked what you suggested, about adding domain computers to the default domain GPO and sure enough it wasn't there (only authenticated users was there).  I added it but it's going to take a little time to determine if that fixes anything.  Not sure who setup the Group Policy's before I was hired but it looks like i'll be checking all off the GPOs to make sure the security rights are correct.

I'll let you know how everything turns out, if you have any more suggestions in the mean time, please post them.

Thanks!

 

by: ScumPuppyPosted on 2009-09-01 at 23:24:45ID: 25238364

You are checking all the right things from a network point of view, just thought I would throw some opinions in there from the desktop point of view.

Its not always easy to upgrade to SP3 in a corporate environemt, I know.. but its worth trying on one system to see the speed of login differences (you can always change it back afterwards). I have found SP3 to handle login speeds on a domain far better than SP2, something to try and see the differences :)

Also, i have tested on some systems removing the iconcache.db file from local settings > application data on a users profile. This too seems to improve the log in time believe it or not ;)

good luck :)

 

by: maze-ukPosted on 2009-09-02 at 00:51:21ID: 25238765

use Netlogon debug (http://support.microsoft.com/kb/109626) to help you troubleshoot.

 

by: VCBoothPosted on 2009-09-02 at 01:36:46ID: 25238987

http://support.microsoft.com/default.aspx?scid=kb;en-us;318266 <-- I have just found this, hope it helps.

 

by: mbeatty20Posted on 2009-09-02 at 07:36:34ID: 25241485

After a murphy's law type of IT morning, I got to checking usrenv logs and it seems more people are having the slowness issue this morning.  I pulled open that usrenv log on several machines and noticed a lot of this entry that i havent seen much of:

GetGPOInfo:  Local GPO's gpt.ini is not accessible, assuming default state.

dfke,
It seems these computers are hanging longer at the applying comptuer settings now.  It sounds like adding domain computers to our Group Policy Objects is affecting this somehow.  Not sure though. Any ideas?

maze-uk,
I went to turn the netlogon debug on but it seems that the registry key that microsoft says to delete isn't even there in the registry.  In fact the DBFlag path doesnt even exist (the Parameters path does, just no DBFlag folder underneath).  Any ideas?

VCBooth,
I looked into that microsoft link.  Unless you know of someone that turned that setting to disabled and it fixed a slow logon, I don't think i want to change it.  It's in a not configured state right now and I havent seen anything on our end that points to the symptoms that microsoft describes for it.

Thanks!

 

by: VCBoothPosted on 2009-09-02 at 07:40:30ID: 25241538

Have you tried adding the domain controllers NetBIOS name and IP address in the HOSTS and LMHOSTS located in C:\windows\system32\drivers\etc ?

Possibly worth a shot

 

by: dstewartjrPosted on 2009-09-02 at 11:11:34ID: 25243858

 

by: dstewartjrPosted on 2009-09-02 at 11:17:21ID: 25243914

This should also be of some help

http://www.smart-x.com/?CategoryID=171&ArticleID=208

 

by: mbeatty20Posted on 2009-09-02 at 19:33:09ID: 25247431

I'll definitely be looking more closely into those links dstewartjr.  Thanks for the posts.  This definitely feels like a game of whack-a-mole.

 

by: mbeatty20Posted on 2009-09-08 at 07:49:41ID: 25282438

Installed Windows XP SP3 on a few on the machine and haven't heard anything about a slow logon yet.  Will let it go for awhile longer before saying that's a solution.

 

by: mbeatty20Posted on 2009-09-16 at 05:34:59ID: 31623224

WIndows XP SP3 seemed to do the trick, but I think some DNS and other issues may have affected it as well.  But as far as I can tell, SP3 made it go away completely.  

Thanks Everyone!

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...