slow win2k domain logon on new Dell Dimension XP machines

we have a win2k server defining a small domain (no more than a dozen PCs belong to this domain) on a 10/100 network.

Recently we got new XP Pro preconfigured Dell Dimension desktops. These have a choice of broadcom gigabit or Intel pro/100 cards (there are 2 cards in the PC). Both seem to work but we decided to use the Intel (as we are not on a gigabit network) option and it reports to be working at 10 Mbit mode

access to the net is fine BUT logon from these machines to the win2k domain is SLOOOOOOOW (2 minutes at least).. takes a while to load the settings and then apply them

the user profiles are very large on these machines (80 MB etc.) but the profiles for the same users on other machines are less than 1 MB.   I am not sure if this is the issue.

I tried looking for similar problems on EE and tried tweaking some MMC settings (something about logon) but to no avail. For what it is worth all of the settings in MMC for the older machines (they use 3com cards) are also not configured and there is no systematic difference that I can tell.

Would appreciate any tips to address the slow login and large user profiles problem..    AFAIK both xp and win2k are patched.
So its not clear why these DELL machines have this problem.

I check the network activity on the DELL machines it is very less compared to the older machines (where for some reason there are tons of packets being processed by the 3 com card)
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Slow logon to domain in XP Pro

You may experience extremely long delays (up to 5 minutes) when logging into domains using Windows XP Pro. This is caused by the asyncronous loading of networking during the boot up process. This speeds up the login process in a stand-alone workstation by allowing the user to log in with cached logon credentials before the network is fully ready.

To disable this "feature" and restore your domain logons to their normal speed, open the MMC and add the group policy snap-in. Under Computer Configuration-->Administrative Templates-->System-->Logon, change "Always wait for the network at computer startup and logon" to ENABLED.

This can be fed to clients via a group policy from a Windows 2000 server by upgrading the standard policy template with the XP policy template. Since this is an XP only command, non-XP systems will ignore it in a domain distributed group policy.
nsriramAuthor Commented:
No... This is not the solution as I tried this before.

What worked is the following:

1. Disable netbios over tcpip.. this enabled fast logins (no DNS specified)

2. Enabled netbios over tcpip and set the win2k server as the first choice on the DNS list

both of these solutions resulted in fast logons.

If anyone can explain why these work (and seem to be equivalent) I can give them points.  else I will close the post.
win2k uses DNS to locate a domain controller.

1. With no DNS specified, it was forced to do a broadcast and hence found the DC
2. With the win2k server as the DNS server, it requests the IP address for the DC and gets it immediately.

for more info on how the DC is located:;en-us;247811&Product=win2000

From my experience about 75% of problems with Active Directory are DNS problems. Always check your DNS settings !
Put Your Flow Data to Work

SolarWinds® Flow Tool Bundle combines three easy-to-download, easy-to-use flow analysis tools that can help you quickly distribute, test, and configure your flow traffic.

see if this helps
exclude items from the roaming profile


y default, the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from a user's profile. This means that these folders are not stored on the network and do not follow the user from PC to PC.

You can exclude addition folders by ADDing the Default Domain Policy to the MMC and setting Exclude

directories in roaming profile, by navigating through User Configuration\Administrative


There is no way to use this policy to include the folders that are excluded by default.

The results of the GPO are stored in the registry at:

HKEY_CURRENT_UsER\Software\Policies\Microsoft\Windows\System\ExcludeProfileDirs. The

ExcludeProfileDirs value name is a REG_SZ data type, that stores the additional excluded folders in

Folder-name[;Folder-name...] format.

If you subsequently disable the policy, or set it to Not configured, Group Policy deletes the ExcludeProfileDirs

value name.

NOTE: If you add ExcludeProfileDirs, you must also add it at:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy



excluding folders from roaming profiles.

In Windows 2000, the default value of ExcludeProfileDirs at

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon is Local

Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook.

The Exclude directories in roaming profile Group Policy at User Configuration\Administrative

Templates\System\Logon/Logoff lets you add to the list of folders which are excluded from your roaming profile.

The additional folders that you configure are stored in the ExcludeProfileDirs value name, as a string variable

(REG_SZ), at HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System.

NOTE: You could reduce the number of Days to keep pages in history on the General tab of Internet Options,

and check the Empty temporary Internet Files when browser is closed box on the Advanced tab.

3712 » Excluded profile folders are being uploaded to your Windows 2000 profile?

Even though you have excluded some directories from your profile (tips 3868 and 3543), these excluded folders are

uploaded to your profile when you log off?

When Windows 2000 retrieves the ExcludeProfileDirs value, it writes the data to Ntuser.ini. If the data exceeds 260

characters, a buffer overflow occurs and the entire string is considered to be NULL.

To resolve the issue, limit the total length of the exclusion list to 260 characters.


496 » You MUST disable the cache option for Offline Files on a roaming profile share?

If you do not disable the cache option for Offline Files on a user profile share, the profile will become unstable, as

both the Offline Files and roaming profile attempt to synchronize the files in the profile.

The cache option is SMB share based. If you enable the cache option on a share, and roaming profiles are below that

share, Offline Files caches files in the profile.

NOTE: Whenever possible, store roaming profiles and offline-enabled shares on different servers.

To resolve the problem:

Create a separate share for user profiles and disable the cache option on the new share by opening a CMD prompt and


net share \\Server\Sharename /cache:no

You can use Windows Explorer to disable the cache by right-clicking the shared folder and press Properties. On the

Sharing tab, press the Caching button and clear the Allow caching of files in this folder box

Both Win2K Server and WinXP Pro are built to use DNS for name resolution preferred over NetBIOS name resolution.  What happens in the cases in which DNS is used and NetBIOS over IP is disabled, is that there is no confusion over which name resolution method to use, so it goes straight to DNS and finds the login server right away.  

If the name-resolution priority gets confused by having NetBIOS over IP enabled, and WINS is not running (since Win2K and WinXP Pro don't "NEED" WINS, but prefer DNS, I don't know why just having that protocol enabled makes a difference) and you don't specify your Win2K server as a DNS server, it does a browse of the entire stinkin' network looking for a Master Browser instead of using DNS to find its login server.

However, if the login server is first-in-line for DNS, even with NetBIOS over IP enabled, it knows which server to go to anyway, and tries that first instead of browsing the LAN looking for it's Master Browser or DNS server.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nsriramAuthor Commented:
yes.. this is sensitive to how the settings are applied

even if things are toggled and set back to the original state it works..
so it is probably a settings bug

so after providing a DNS and/or disabling netbios over tcpip it seemed to work

now I have both on the original (no DNS, no disabling netbios) and it still continues to work

clearly this is not a reversible process.. something happens when one toggles these settings. even if one goes back to the old setting the behavior is changed.
Toggling the settings may actually change the name-resolution order to what it should be.  That's the beauty and mystery of how the Registry works... hehe.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.