Question

Long wait on User Auth. via Domain

Asked by: ITKnightMare

Hi All:

I have a AD set-up via 2 DCs with Win2K Server as their OSs. I have about 150 PCs with Win XP on them that log-on through verification of the domain.

For some reason, it takes FOREVER for some accounts (so far I have seen no pattern as to why a few log-on IMMEDIATELY... they have no addtl. privileges and are governed by the same policies as the others) to log on. It literally hangs at "Applying Computer Settings" for 10 minutes... It finally does log on however when it does...

Any reason and possible solution as to WHY this is happening?

Thanks!

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2004-09-13 at 14:33:13ID21129561
Tags

computer

,

hang

,

domain

Topic

Windows Network Security

Participating Experts
6
Points
500
Comments
21

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. courier ldap auth problem
    trying to get courier to work with with ldap auth. (openexchange installation) I have two machines, server1 running courier-imap with Maildir in /home/user/Maildir. and the server2, now running openldap and "openexchange". now, while I was using auth_pam everythi...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: PeteLongPosted on 2004-09-13 at 14:36:37ID: 12049086

logon scripts?
XP clients set to syncronise at login?
roaming profiles?
client DNS settings incorrect?

 

by: Debsyl99Posted on 2004-09-13 at 17:50:55ID: 12050250

Hi

As Pete had stated there could be a number of reasons - For troubleshooting purposes I'd maybe start with dns - First make sure that your client pc's have the IP address of your main dc dns server as their preferred dns server only int tcp/ip settings - don't have any isp nameservers in there at all as preferred or alternate. Also make sure that your dc's dns zone for the domain is ad integrated and set to accept dynamic updates. How are the pc's recieving ip's? static or dhcp? Maybe post the results of an ipconfig /all from the server and a client pc with the slow login,

Deb :))

 

by: taveirnePosted on 2004-09-14 at 08:28:46ID: 12055642

do they have very large profiles?

 

by: ITKnightMarePosted on 2004-09-14 at 21:16:46ID: 12061358

@debyl99: They clients are recieving their IPs via DHCP. And how would I make sure that your dc's dns zone for the domain is ad integrated and set to accept dynamic updates?

@taveirne: Nope... Some don't have anything at all.

@PeteLong: It doesn't matter... The hang-up is totally at random stages! Sometime it hangs right after the pass is entered... Sometimes it hangs while "Applying Computer Settings" sometimes while "Applying Personal Settings" and so on.

Russ,

 

by: tirandaganPosted on 2004-09-18 at 05:24:26ID: 12091344

Hi there Mr. nightMare!

I have seen this hangup occur even on much smaller network, usually this happens when the DC is a windows 2000 and the clients are XP.

Try setting the DNS manually on the XP workstations: click on the network connection -> tcp/ip properties -> advanced -> dns, and add the DC to the top of the list of DNS servers. If one of your DCs is a DNS server then it should resolve lookups for the clients as welll.

If your DHCP server is a separate server from the DC or is a gateway to another network, you might have some conflicts with your DCs.

Here are a few microsoft KB's that might also help you out (in decending order of relevance to your situation, in my opinion):

http://support.microsoft.com/default.aspx?scid=kb;en-us;832161
http://support.microsoft.com/default.aspx?kbid=829909
http://support.microsoft.com/default.aspx?kbid=812924
http://support.microsoft.com/default.aspx?kbid=171386


Hope this helps you out!

Tiran Dagan,
<advertizing removed by CetusMOD per http:help.jsp#hi106>

 

by: ITKnightMarePosted on 2004-09-19 at 23:20:53ID: 12099619

Mr Dagan,

>> If your DHCP server is a separate server from the DC or is a gateway to another network, you might have some conflicts with your DCs.

this is EXACTLY the case!!! My DHCP Server is a Apple Macintosh G3 that is running DHCPD via Webmin.

So what is it that I need to adjust or re-do? I mean, if I am going to have to enter the DNS info on all of my PCs then what's the friggin point of having a DHCPD?

PLEASE HELP ME!! WHOEVER IT IS! Mr. Dagan seems to be the closest!

 

by: tirandaganPosted on 2004-09-20 at 06:36:02ID: 12101935

I agree - it doesn't make sense. But there is a problem with Windows XP on a mixed network, caused by the fact you are hooking it up to a win2K DC. Don't forget that your first line of defense is manuallyg entering the DNS, not assigning the IP. If you want a more seamless operation with separate DHCP server, you might want to consider upgrading your DC to XP or 2003.

I strongly suggest you check the DC's event log, after a "long" login from a client station. That may reveal the issue as well.

I would go about it selectively - only on the stations where you are seeing slow performance - go for the tweaks listed above.

Here's another thread that may help you:
http://www.tek-tips.com/viewthread.cfm?qid=912421

Tiran/6footmedia

 

by: Debsyl99Posted on 2004-09-20 at 07:01:04ID: 12102156

Hi
I think that maybe this is the problem - "My DHCP Server is a Apple Macintosh G3 that is running DHCPD via Webmin". Windows 2000 server networks generally function better when using the domain controller as the DHCP server. That way the server can keep track of the allocated leases and update it's databases accordingly. It shouldn't really be necessary to use static IP's. Is there any reason why you're using a MAC as a dhcp server? There are major compatibility problems on mixed networks of this kind. Windows XP should work absolutely fine on a 2000 server based network (ours do and so do many, many others) so long as you don't go near XP SP2 just yet until MS have fixed it. There should be no reason to upgrade your dc to 2003 server just to rectify this, and it's not possible to upgrade your DC to Windows XP so I'm not sure why Tiran suggested that - there is no server version of XP - XP is purely a client based OS - XP Home for home networks, XP Pro for server based networks where you need the client to be a member of a domain. Your solution here would be to discontinue using DHCP on a mac, and instead use DHCP from one of the 2k servers. You'll also need to ensure that DNS on the network is AD integrated and set to accept dynamic up dates (if it can't update the client ip's then it's going to end with duplications on the network which could well cause your problems).

To check on DNS, logon to the DNS server and open up DNS from Administrative Tools in the Control Panel, or from the Start _ Admin Tools menu. Expand dns, and you should see your server object in there. Expand the zones under this and right click on the foward look-up zone called "yourdomain.com" where that is the name of your domain. Select properties and you can check in this panel that it's ad-integrated and allows dynamic updates.

It would also be useful to check and post any errors in the event logs of a client that is taking a long time to logon(Control Panel - Administrative  Tools - Event Viewer) and on the server, and to run this from a command prompt on the same client - ipconfig /all - Note the allocated IP address and check for any duplicates or name mismatches listed on the DNS server host records - again listed under the forward lookup zone,

Deb :))




 

by: ITKnightMarePosted on 2004-09-20 at 07:42:34ID: 12102539

@tirandagan:
Interesting...

@Debsyl99:
The onyl reason I AM using a Mac for DHCP server, is... well... b/c that's the only one I KNEW how to set-up :/ I don't know how to set-up the Win2K DC for DHCP server. If you can offer a few links or "go here, click this" kind of tutorials, I WOULD BE MOST GRATEFUL!

In the meantime, right now... For test purposes I'm going to enter EACH PC manually. UGH! But hey, if it works it works!

I'll let you all know of the results.

 

by: Debsyl99Posted on 2004-09-20 at 07:45:26ID: 12102566

Honestly - setting up a dhcp server on windows 2000 is easier and will be much quicker than manually entering ip's on 150 workstations! I'll hunt for some step-by-steps for you now...........

Deb :))

 

by: Debsyl99Posted on 2004-09-20 at 08:00:31ID: 12102729

Ok here's some -
Configure IT Quick: Setting up and managing a DHCP server in Windows 2000
http://techrepublic.com.com/5100-6268-1041798.html
And this is a nice simple example
Windows 2000 Server:Install DHCP server
http://www.lpt.com/windowsnetworking/regusers/w2kdhcpi.htm

Some key points are:
1) Work out what IP range you need and make sure you exclude any fixed ip addresses -ie your server's static ip's and any network printers, routers etc
2) Don't get too overwhelmed by the scope options - your main one's are the address of the dns server, wins server if used and router etc. It's ok to leave other scope options not configured.
3) Don't forget to disable your mac dhcp server first before enabling this one - or you'll get duplicate ip's everywhere - DHCP servers aren't bright enough to talk to each other about who's dished out which IP.
4)Don't forget to activate the scope - and authorise the server or it won't work,
5) Take the steps I posted to make sure your dns server is set as ad-integrated and accepts dynamic updates,
6) Don't use XP SP2 yet, and make sure that the Internet Connection Firewall is disabled in XP,

Deb :))

 

by: ITKnightMarePosted on 2004-09-20 at 10:23:09ID: 12104258

@All:

OK This is what I did:

1) I entered all PCs TCP/IP settings MANUALLY!
2) On the DCs I saw that the TCP/IP's ADv tab, had "Dynamic DNS update" checked so I unchecked that ( my search on the 1M engine said that some1 solved their problem that way.
3) I TOOK DOWN MY DHCP SERVER! Entered all that were on it MANUALLY!

Result: ZILCH! NADDA! ZIP! NO CHANGE! Still hangs on "Loading Personal Settings" for approx. 3 to 4 min.

Weird thing: Those that are hanging CANNOT CREATE LOCAL PROFILES! Yet, the few that AREN'T HANGING, have created profiles?!?

Weird Thing #2: I found out that the "PCs" that are "logging on quicker" are all Win2K. It's my new Win XP SP1s that are doing this.

Weird Thing #3: Every1 keeps telling me that the Event Viewer of the DC should have DNS errors. THERE ARE NONE! None relating to this issue at least.

@Deb: Thanks for your AWESOME help! I will get to that ONCE I solve this issue!

P.S. Just raised this question to 500 points! Making it more and more appetizing!

 

by: Debsyl99Posted on 2004-09-20 at 11:03:04ID: 12104750

Ok - What ARE your ip adresses on the clients? (In my experience dynamic dns is ALWAYS a good thing) particularly the preffered dns server?

Could you post the results of an ipconfig /all from both the dns server and from an xpclient?
Fist win2k server needs a static address (which I expect it does have), and should also point to itself for name resolution ie

Server TCP/IP
ie  IP - 192.168.0.1
Subnet Mask - 255.255.255.0
Default Gateway - your router ip address if you have one
Preferred DNS Server : 192.168.0.1 ( <- note it's the same ip address of the dns server)

Client TCP/IP
ie  IP - 192.168.0.x (where x is not the same as any other assigned ip)
Subnet Mask - 255.255.255.0
Default Gateway - your router ip address if you have one
Preferred DNS Server : 192.168.0.1 ( <- note it's the also same ip address of the dns server)

Make sure your dns server is AD-integrated and will accept dynamic updates (I keep bleating about this but I still don't know if you've done it) - If a machine receives a different ip address, the server needs to be able to update the address in the dns zone.

Don't put any ips's nameserver ip addresses anywhere in tcp/ip - they should be configured as forwarders in dns, which is possible in Windows 2000 after deletion of "." zone in dns on the server.

From a client can you ping the server? ie command prompt, type ping serveripaddress (where server ip address is the actual static ip address of the server ie 192.168.0.1 or whatever it is)

Can you also ping the server by name ie from a command prompt type ping servername - where server name is the name of your dns server,

Please follow these suggestions through carefully and let us know what you have and haven't done - it's impossible to troubleshoot this otherwise,

Deb :))



 

by: pkwatsonPosted on 2004-09-23 at 03:56:47ID: 12131862

Going back to basics, I know, but have you looked at where the stored profiles are (if any)?
We have the same trouble occasionally and it's down to the time (and load) on the servers when a number of people log in, trying to retrieve their stored profile (as opposed to locally stored). This is especially true if someone has been out of the office on a laptop and then reconnects after some days.

Paul.

 

by: ShattucPosted on 2004-09-25 at 04:40:55ID: 12150032

ok, I've been scanning this, I have some questions...
your computer(s) are ceasing their connections to your network at random times, at least once per day?
has anything else gone missing, for example, CD-ROM drives. dissapearing from the hardware profiles while being accessed.?
are you running a firewall, and has it been acting strange?

 

by: ShattucPosted on 2004-09-25 at 04:43:39ID: 12150043

the hanging up, theyjust freeze? but eventually find thier way to operating mode?

 

by: ITKnightMarePosted on 2004-10-24 at 16:34:10ID: 12396133

Alright... I guess there is no solution to this question. Debsyl99 you have done a terrific job in tryign to help me. I only wish your efforts weren't in vain. I would truly appreciate it if you could contact me via knightmare@mse.vt.edu (admin Im aware we shouldnt post emails but I need to contact her directly if u don't mind)

Other than that Shattuc... it has indeed to do with the local stored profiles.

 

by: Debsyl99Posted on 2004-10-25 at 02:20:48ID: 12398455

Sorry we didn't help, most frustrating! Any idea what it is, and what have you ruled out?

Deb :))

 

by: Debsyl99Posted on 2004-10-25 at 08:43:13ID: 12401309

Hi just spotted this rather important point- (and I'll bet this can be solved - just needs a step by step approach)

"Those that are hanging CANNOT CREATE LOCAL PROFILES!"

1) Are you certain that these pc's are properly joined to the domain? - check and post the event logs (ie errors) on the server and the problem pc's.. seriously I have no problem with xp sp1 clients logging on.....

 

by: ShattucPosted on 2004-10-25 at 09:52:14ID: 12402061

I have a suggestion... Try cleaning the systems of spyware. look specifically for an attempt on an LSP chain, a lop infection, or A:B infection.

 

by: ITKnightMarePosted on 2005-03-24 at 12:20:37ID: 13625313

Hey All!

Although this question has already been PAQ'd I wanted to inform you that I indeed solved it :)

It turns out that Windows 2000 members of the domain never cared about the reverse lookup of the DNS servers... That's why they always logged on (cached even for that matter! If the member is taken offline, the password would still log on?!?! O_o)

Anyways... XP systems as domain members won't allow that by default! So, it depended on reverse lookup to get to the server! And guess what? My reverse lookup table was pointing wrong all over the place! So once I corrected those, and provided a backup DNS server as "forwarding" WALLA!

Now all is back to normal!

Sincerely,

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...