Solved

Extremely Slow Client Logons and Share Access on Windows 2000 Server

Posted on 2003-11-29
14
4,128 Views
Last Modified: 2008-02-01
I have created a new Windows 2000 Domain for 27 clients and I am having slow logons and share response.

I established network access and internet access for all user by doing the following:

I have installed 2 network cards.

Server is 192.168.0.1 (NIC - Internal Network)
Subnet is 255.255.255.0
Gateway is 192.168.0.1
DNS is 127.0.0.1

External is 192.168.0.99 (NIC - External Network)
Subnet is 255.255.255.0
Gateway is 192.168.0.1
DNS is 192.168.0.1

DHCP on the server is pushing:
Option 3 - 192.168.0.1
Option 6 - 192.168.0.1
Option 15 - server.name.com

DNS:
No "." zone
DNS Server: 192.168.0.1
Forwards: ISP's DNS Server IP's
No Recursion

Stopped RRAS and Restarted with NAT on the External NIC.

Installed WINS for older clients - IP: 192.168.0.1

I can now browse the network and access the internet from the clients. The main problems now are:

1. Though the DHCP is pushing the Server's NIC for the gateway, some of the clients are pulling the NIC from the external NIC as the gateway!

2. Logons are extremely slow (up to 10 minutes) and access to the mapped drives and or shares on the server are also extremely slow (up to 2 minutes).

3. I am getting some master browser errors on the server and I am wondering wether these are contributing to the slow logons and share problems.

I have followed most of the suggestions for the slow logons (Disable SMB signing on the server, GP edit for Always wait for the network..., NIC settings etc.) but to no avail. Would the Master Browser errors be responsible and should the server be the only Master Browser listed when I do a browstat status? I also would like a bit more information on WINS as I am not sure if I have set this up correctly.
0
Comment
Question by:BHHanley
  • 3
  • 2
  • 2
  • +5
14 Comments
 
LVL 14

Expert Comment

by:huji
ID: 9843313
Upgrade your Windows 2000 for its service packs!
 
Huji
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 9843504
http://www.tweakxp.com/TweakXP/display.asp?id=1557

Create a text file on the server put this into it:



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]

"SizReqBuf"=dword:0000ffff



Save the file as WHATEVER.REG not WHATEVER.TXT

Then double click on the file to apply the setting (once again on the SERVER not the pc).

What this does is it sets the DIR commad's buffer from 14000 to 65000. This fix works on NT/2000/XP.


0
 
LVL 2

Expert Comment

by:Yavor_01126
ID: 9843533
yes the best is to be an upgrade not only for the OS :-)
for the system can't do wrong but ...

Try changing the 2 NICs with a gateway (PC / router )
In my opinion it is the best for LAN techs .

Then you can fade away the DHCP ... I think it responds slower when users just logon and on they configure their options eachtime with DHCP on some OS I think .
Then try to answer yourself these questions :
-----------------

1.   Is the NIC 100 or 10 Mb ? (is the reason in the NICs)
2.   Are there HUB/Repeter/Switch or any other devices which make the signal become stronger ? (aren't they to far)
3.  Are you using a UTP , FTP , STP  or the cables aren't twisted and become some outside "resistance" ? (is the reason in the cables)

-----------------

not shure for some words :-)
Sorry !

Regards !
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9844333
Hmmm, is this slow issue on EVERY PC? Or just some of them?
Your slow browse issue is related to WINS. You 2K machines are performing (Correctly)  but your Downlevel clients may not be. WINS isn't that complicated. If WINS is working at all, you pretty much have it configured correctly.
Are the Downlevel clients configured correctly? Run the ip config routine on the clients, and verify they are getting the correct information. A static entry trumps DHCP assignments everytime.
StevenLewis also provided an excellent piece of advise (Not that anyone posting here HASN'T!)
As Yavor stated (Paraphrsing, if you don't mind... ) Step by step, eliminating each piece of the puzzle.
As Sherlock stated, once you have eliminated the impossible, whatever remains, no matter how improbable, must be the truth.
0
 
LVL 13

Accepted Solution

by:
Gnart earned 500 total points
ID: 9844427
Your problem is in dual-home server.  It's a known problem - what's happening is the master browser election taking place and causing the network resources to disappear to clients are not able to access the resources.

Here is my previous answer:

http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20747880.html

Here is the MS knowledge base article and how to deal with it:

http://support.microsoft.com/default.aspx?scid=kb;en-us;135404&Product=win2000

cheers
0
 
LVL 13

Expert Comment

by:Gnart
ID: 9844429
If you are using the dual-home machine as a server to the Internet using broadband such as DSL or cable modem, you may want to consider getting a small LinkSys broadband router with a build-in switch for around $50-$80 to solve your problem.

cheers
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9844448
Hey, thanks for the info!
Answers some questions that were a mystery to me a couple of years back... 8-)
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 10

Expert Comment

by:anupnellip
ID: 9844873
hii ,
  Why do u have 2 network card in the same subnet ?? how do u connect to the internet ? is it through a router ? are both your network cards connected to the same switch/hub ? can u explain more clearly regarding your n/w configuration . I think your dual network card on the same subnet could be the cause of the problem as both may be processing the logon request .
 Hope i will be able to help if u could provide more info .

Regards
Anup
0
 
LVL 3

Expert Comment

by:izwiz
ID: 9844883
If you look at the settings for your external NIC it is actually pointing back to the internal NIC as its gateway. I am very surprised that you can access the net at all!

Why not try putting the external NIC into a completely different subnet?
0
 
LVL 6

Expert Comment

by:dorkestra
ID: 9845323
you say that the logon process takes several minutes.  do you mean that it takes several minutes to authenticate after you enter your user name and password or it takes several minutes to reach the login prompt ie "preparing network connections"?
0
 
LVL 2

Expert Comment

by:Yavor_01126
ID: 9845349
Hey !

I think the man has this old dilemma with Windows OSs which is in the very crashy way just didn't displaying the computers in a network or the man has just a NETWORK DESIGN problem .

I posted allready but nobody seem to be at my side !

What it can be in the software ?

It can be at least in the netconfig .
May be the routers are wrong configured and take much time to get the table and push the IP trough .
Then I don't see any SW side conflicts !
So what I mean is that there can't be an answer in SW . But it can be in the HW !


Regards !
0
 
LVL 13

Expert Comment

by:Gnart
ID: 9845445
There is nothing wrong with having two NICs in the same subnet so long as you use the computer as a router and have static route between the NICs.  It depends on what he's trying to do.  My original post is based on his configuration [network design].  It seems to me that he's using it as a router, firewall or DMZ bastion host for hosting for mail, web, ftp server.  So for less than $100 he would be better off and more secure.

[WAN/Internet]<==>ComputerA/NIC1<=route=>ComputerA/NIC2<==>Internal Network

The problem with this setup is that ComputerA needs to be defended.  If it's hacked - he's done.  The setup should be:

[WAN/Internet]<==>Router/SwitchPort1==>Firewall or Bastion Host
                               Router/SwitchPort2==>Inside hub/switch/server
                               Router/SwitchPort3==>Inside hub/switch/server
                               Router/SwitchPort4==>Inside hub/switch/server

cheers
 
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 9845686
Are you using roaming profiles?
If so, they may get to be very large (read slow load)
exclude items from the roaming profile

----------------

y default, the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from a user's profile. This means that these folders are not stored on the network and do not follow the user from PC to PC.

You can exclude addition folders by ADDing the Default Domain Policy to the MMC and setting Exclude

directories in roaming profile, by navigating through User Configuration\Administrative

Templates\System\Logon/Logoff.

There is no way to use this policy to include the folders that are excluded by default.

The results of the GPO are stored in the registry at:

HKEY_CURRENT_UsER\Software\Policies\Microsoft\Windows\System\ExcludeProfileDirs. The

ExcludeProfileDirs value name is a REG_SZ data type, that stores the additional excluded folders in

Folder-name[;Folder-name...] format.

If you subsequently disable the policy, or set it to Not configured, Group Policy deletes the ExcludeProfileDirs

value name.

NOTE: If you add ExcludeProfileDirs, you must also add it at:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy

Objects\LocalUser\Software\Policies\Microsoft\Windows\System

---------------------

excluding folders from roaming profiles.

In Windows 2000, the default value of ExcludeProfileDirs at

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon is Local

Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook.

The Exclude directories in roaming profile Group Policy at User Configuration\Administrative

Templates\System\Logon/Logoff lets you add to the list of folders which are excluded from your roaming profile.

The additional folders that you configure are stored in the ExcludeProfileDirs value name, as a string variable

(REG_SZ), at HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System.

NOTE: You could reduce the number of Days to keep pages in history on the General tab of Internet Options,

and check the Empty temporary Internet Files when browser is closed box on the Advanced tab.

3712 » Excluded profile folders are being uploaded to your Windows 2000 profile?

Even though you have excluded some directories from your profile (tips 3868 and 3543), these excluded folders are

uploaded to your profile when you log off?

When Windows 2000 retrieves the ExcludeProfileDirs value, it writes the data to Ntuser.ini. If the data exceeds 260

characters, a buffer overflow occurs and the entire string is considered to be NULL.

To resolve the issue, limit the total length of the exclusion list to 260 characters.

--------------------------------

http://www.jsiinc.com/subg/tip3400/rh3496.htm

496 » You MUST disable the cache option for Offline Files on a roaming profile share?

If you do not disable the cache option for Offline Files on a user profile share, the profile will become unstable, as

both the Offline Files and roaming profile attempt to synchronize the files in the profile.

The cache option is SMB share based. If you enable the cache option on a share, and roaming profiles are below that

share, Offline Files caches files in the profile.

NOTE: Whenever possible, store roaming profiles and offline-enabled shares on different servers.

To resolve the problem:

Create a separate share for user profiles and disable the cache option on the new share by opening a CMD prompt and

typing:

net share \\Server\Sharename /cache:no

You can use Windows Explorer to disable the cache by right-clicking the shared folder and press Properties. On the

Sharing tab, press the Caching button and clear the Allow caching of files in this folder box


0
 
LVL 14

Expert Comment

by:huji
ID: 9845988
If possible for you, change profiles from roaming to local. That's something that Windows 2000 normally does itself as far as I have seen!
Huji
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now