Solved

slow win2k domain logon on new Dell Dimension XP machines

Posted on 2003-12-03
7
12,066 Views
Last Modified: 2010-03-19

we have a win2k server defining a small domain (no more than a dozen PCs belong to this domain) on a 10/100 network.

Recently we got new XP Pro preconfigured Dell Dimension desktops. These have a choice of broadcom gigabit or Intel pro/100 cards (there are 2 cards in the PC). Both seem to work but we decided to use the Intel (as we are not on a gigabit network) option and it reports to be working at 10 Mbit mode

access to the net is fine BUT logon from these machines to the win2k domain is SLOOOOOOOW (2 minutes at least).. takes a while to load the settings and then apply them

the user profiles are very large on these machines (80 MB etc.) but the profiles for the same users on other machines are less than 1 MB.   I am not sure if this is the issue.

I tried looking for similar problems on EE and tried tweaking some MMC settings (something about logon) but to no avail. For what it is worth all of the settings in MMC for the older machines (they use 3com cards) are also not configured and there is no systematic difference that I can tell.

Would appreciate any tips to address the slow login and large user profiles problem..    AFAIK both xp and win2k are patched.
So its not clear why these DELL machines have this problem.

I check the network activity on the DELL machines it is very less compared to the older machines (where for some reason there are tons of packets being processed by the 3 com card)
 
0
Comment
Question by:nsriram
7 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9870768
Slow logon to domain in XP Pro
http://www.windowsxpatoz.com/cgi-bin/performance/index.cgi?answer=1036283899&id=1036282433

You may experience extremely long delays (up to 5 minutes) when logging into domains using Windows XP Pro. This is caused by the asyncronous loading of networking during the boot up process. This speeds up the login process in a stand-alone workstation by allowing the user to log in with cached logon credentials before the network is fully ready.

To disable this "feature" and restore your domain logons to their normal speed, open the MMC and add the group policy snap-in. Under Computer Configuration-->Administrative Templates-->System-->Logon, change "Always wait for the network at computer startup and logon" to ENABLED.

This can be fed to clients via a group policy from a Windows 2000 server by upgrading the standard policy template with the XP policy template. Since this is an XP only command, non-XP systems will ignore it in a domain distributed group policy.
0
 

Author Comment

by:nsriram
ID: 9870835
No... This is not the solution as I tried this before.

What worked is the following:

1. Disable netbios over tcpip.. this enabled fast logins (no DNS specified)

2. Enabled netbios over tcpip and set the win2k server as the first choice on the DNS list

both of these solutions resulted in fast logons.

If anyone can explain why these work (and seem to be equivalent) I can give them points.  else I will close the post.
0
 
LVL 13

Expert Comment

by:td_miles
ID: 9871009
win2k uses DNS to locate a domain controller.

1. With no DNS specified, it was forced to do a broadcast and hence found the DC
2. With the win2k server as the DNS server, it requests the IP address for the DC and gets it immediately.

for more info on how the DC is located:
http://support.microsoft.com/default.aspx?scid=kb;en-us;247811&Product=win2000

From my experience about 75% of problems with Active Directory are DNS problems. Always check your DNS settings !
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 41

Expert Comment

by:stevenlewis
ID: 9871071
see if this helps
exclude items from the roaming profile

----------------

y default, the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from a user's profile. This means that these folders are not stored on the network and do not follow the user from PC to PC.

You can exclude addition folders by ADDing the Default Domain Policy to the MMC and setting Exclude

directories in roaming profile, by navigating through User Configuration\Administrative

Templates\System\Logon/Logoff.

There is no way to use this policy to include the folders that are excluded by default.

The results of the GPO are stored in the registry at:

HKEY_CURRENT_UsER\Software\Policies\Microsoft\Windows\System\ExcludeProfileDirs. The

ExcludeProfileDirs value name is a REG_SZ data type, that stores the additional excluded folders in

Folder-name[;Folder-name...] format.

If you subsequently disable the policy, or set it to Not configured, Group Policy deletes the ExcludeProfileDirs

value name.

NOTE: If you add ExcludeProfileDirs, you must also add it at:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy

Objects\LocalUser\Software\Policies\Microsoft\Windows\System

---------------------

excluding folders from roaming profiles.

In Windows 2000, the default value of ExcludeProfileDirs at

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon is Local

Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook.

The Exclude directories in roaming profile Group Policy at User Configuration\Administrative

Templates\System\Logon/Logoff lets you add to the list of folders which are excluded from your roaming profile.

The additional folders that you configure are stored in the ExcludeProfileDirs value name, as a string variable

(REG_SZ), at HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System.

NOTE: You could reduce the number of Days to keep pages in history on the General tab of Internet Options,

and check the Empty temporary Internet Files when browser is closed box on the Advanced tab.

3712 » Excluded profile folders are being uploaded to your Windows 2000 profile?

Even though you have excluded some directories from your profile (tips 3868 and 3543), these excluded folders are

uploaded to your profile when you log off?

When Windows 2000 retrieves the ExcludeProfileDirs value, it writes the data to Ntuser.ini. If the data exceeds 260

characters, a buffer overflow occurs and the entire string is considered to be NULL.

To resolve the issue, limit the total length of the exclusion list to 260 characters.

--------------------------------

http://www.jsiinc.com/subg/tip3400/rh3496.htm

496 » You MUST disable the cache option for Offline Files on a roaming profile share?

If you do not disable the cache option for Offline Files on a user profile share, the profile will become unstable, as

both the Offline Files and roaming profile attempt to synchronize the files in the profile.

The cache option is SMB share based. If you enable the cache option on a share, and roaming profiles are below that

share, Offline Files caches files in the profile.

NOTE: Whenever possible, store roaming profiles and offline-enabled shares on different servers.

To resolve the problem:

Create a separate share for user profiles and disable the cache option on the new share by opening a CMD prompt and

typing:

net share \\Server\Sharename /cache:no

You can use Windows Explorer to disable the cache by right-clicking the shared folder and press Properties. On the

Sharing tab, press the Caching button and clear the Allow caching of files in this folder box


0
 
LVL 35

Accepted Solution

by:
ShineOn earned 500 total points
ID: 9873210
Both Win2K Server and WinXP Pro are built to use DNS for name resolution preferred over NetBIOS name resolution.  What happens in the cases in which DNS is used and NetBIOS over IP is disabled, is that there is no confusion over which name resolution method to use, so it goes straight to DNS and finds the login server right away.  

If the name-resolution priority gets confused by having NetBIOS over IP enabled, and WINS is not running (since Win2K and WinXP Pro don't "NEED" WINS, but prefer DNS, I don't know why just having that protocol enabled makes a difference) and you don't specify your Win2K server as a DNS server, it does a browse of the entire stinkin' network looking for a Master Browser instead of using DNS to find its login server.

However, if the login server is first-in-line for DNS, even with NetBIOS over IP enabled, it knows which server to go to anyway, and tries that first instead of browsing the LAN looking for it's Master Browser or DNS server.
0
 

Author Comment

by:nsriram
ID: 9877694
yes.. this is sensitive to how the settings are applied

even if things are toggled and set back to the original state it works..
so it is probably a settings bug

so after providing a DNS and/or disabling netbios over tcpip it seemed to work

now I have both on the original (no DNS, no disabling netbios) and it still continues to work

clearly this is not a reversible process.. something happens when one toggles these settings. even if one goes back to the old setting the behavior is changed.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9878151
Toggling the settings may actually change the name-resolution order to what it should be.  That's the beauty and mystery of how the Registry works... hehe.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Active directory upgrade to DFSR 4 28
network timeout on mapped drive 3 28
MX Backup 4 39
Secondary DC 3 17
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now