Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


slow win2k domain logon on new Dell Dimension XP machines

Posted on 2003-12-03
Medium Priority
Last Modified: 2010-03-19

we have a win2k server defining a small domain (no more than a dozen PCs belong to this domain) on a 10/100 network.

Recently we got new XP Pro preconfigured Dell Dimension desktops. These have a choice of broadcom gigabit or Intel pro/100 cards (there are 2 cards in the PC). Both seem to work but we decided to use the Intel (as we are not on a gigabit network) option and it reports to be working at 10 Mbit mode

access to the net is fine BUT logon from these machines to the win2k domain is SLOOOOOOOW (2 minutes at least).. takes a while to load the settings and then apply them

the user profiles are very large on these machines (80 MB etc.) but the profiles for the same users on other machines are less than 1 MB.   I am not sure if this is the issue.

I tried looking for similar problems on EE and tried tweaking some MMC settings (something about logon) but to no avail. For what it is worth all of the settings in MMC for the older machines (they use 3com cards) are also not configured and there is no systematic difference that I can tell.

Would appreciate any tips to address the slow login and large user profiles problem..    AFAIK both xp and win2k are patched.
So its not clear why these DELL machines have this problem.

I check the network activity on the DELL machines it is very less compared to the older machines (where for some reason there are tons of packets being processed by the 3 com card)
Question by:nsriram
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 44

Expert Comment

ID: 9870768
Slow logon to domain in XP Pro

You may experience extremely long delays (up to 5 minutes) when logging into domains using Windows XP Pro. This is caused by the asyncronous loading of networking during the boot up process. This speeds up the login process in a stand-alone workstation by allowing the user to log in with cached logon credentials before the network is fully ready.

To disable this "feature" and restore your domain logons to their normal speed, open the MMC and add the group policy snap-in. Under Computer Configuration-->Administrative Templates-->System-->Logon, change "Always wait for the network at computer startup and logon" to ENABLED.

This can be fed to clients via a group policy from a Windows 2000 server by upgrading the standard policy template with the XP policy template. Since this is an XP only command, non-XP systems will ignore it in a domain distributed group policy.

Author Comment

ID: 9870835
No... This is not the solution as I tried this before.

What worked is the following:

1. Disable netbios over tcpip.. this enabled fast logins (no DNS specified)

2. Enabled netbios over tcpip and set the win2k server as the first choice on the DNS list

both of these solutions resulted in fast logons.

If anyone can explain why these work (and seem to be equivalent) I can give them points.  else I will close the post.
LVL 13

Expert Comment

ID: 9871009
win2k uses DNS to locate a domain controller.

1. With no DNS specified, it was forced to do a broadcast and hence found the DC
2. With the win2k server as the DNS server, it requests the IP address for the DC and gets it immediately.

for more info on how the DC is located:

From my experience about 75% of problems with Active Directory are DNS problems. Always check your DNS settings !
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

LVL 41

Expert Comment

ID: 9871071
see if this helps
exclude items from the roaming profile


y default, the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from a user's profile. This means that these folders are not stored on the network and do not follow the user from PC to PC.

You can exclude addition folders by ADDing the Default Domain Policy to the MMC and setting Exclude

directories in roaming profile, by navigating through User Configuration\Administrative


There is no way to use this policy to include the folders that are excluded by default.

The results of the GPO are stored in the registry at:

HKEY_CURRENT_UsER\Software\Policies\Microsoft\Windows\System\ExcludeProfileDirs. The

ExcludeProfileDirs value name is a REG_SZ data type, that stores the additional excluded folders in

Folder-name[;Folder-name...] format.

If you subsequently disable the policy, or set it to Not configured, Group Policy deletes the ExcludeProfileDirs

value name.

NOTE: If you add ExcludeProfileDirs, you must also add it at:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy



excluding folders from roaming profiles.

In Windows 2000, the default value of ExcludeProfileDirs at

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon is Local

Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook.

The Exclude directories in roaming profile Group Policy at User Configuration\Administrative

Templates\System\Logon/Logoff lets you add to the list of folders which are excluded from your roaming profile.

The additional folders that you configure are stored in the ExcludeProfileDirs value name, as a string variable

(REG_SZ), at HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System.

NOTE: You could reduce the number of Days to keep pages in history on the General tab of Internet Options,

and check the Empty temporary Internet Files when browser is closed box on the Advanced tab.

3712 » Excluded profile folders are being uploaded to your Windows 2000 profile?

Even though you have excluded some directories from your profile (tips 3868 and 3543), these excluded folders are

uploaded to your profile when you log off?

When Windows 2000 retrieves the ExcludeProfileDirs value, it writes the data to Ntuser.ini. If the data exceeds 260

characters, a buffer overflow occurs and the entire string is considered to be NULL.

To resolve the issue, limit the total length of the exclusion list to 260 characters.



496 » You MUST disable the cache option for Offline Files on a roaming profile share?

If you do not disable the cache option for Offline Files on a user profile share, the profile will become unstable, as

both the Offline Files and roaming profile attempt to synchronize the files in the profile.

The cache option is SMB share based. If you enable the cache option on a share, and roaming profiles are below that

share, Offline Files caches files in the profile.

NOTE: Whenever possible, store roaming profiles and offline-enabled shares on different servers.

To resolve the problem:

Create a separate share for user profiles and disable the cache option on the new share by opening a CMD prompt and


net share \\Server\Sharename /cache:no

You can use Windows Explorer to disable the cache by right-clicking the shared folder and press Properties. On the

Sharing tab, press the Caching button and clear the Allow caching of files in this folder box

LVL 35

Accepted Solution

ShineOn earned 2000 total points
ID: 9873210
Both Win2K Server and WinXP Pro are built to use DNS for name resolution preferred over NetBIOS name resolution.  What happens in the cases in which DNS is used and NetBIOS over IP is disabled, is that there is no confusion over which name resolution method to use, so it goes straight to DNS and finds the login server right away.  

If the name-resolution priority gets confused by having NetBIOS over IP enabled, and WINS is not running (since Win2K and WinXP Pro don't "NEED" WINS, but prefer DNS, I don't know why just having that protocol enabled makes a difference) and you don't specify your Win2K server as a DNS server, it does a browse of the entire stinkin' network looking for a Master Browser instead of using DNS to find its login server.

However, if the login server is first-in-line for DNS, even with NetBIOS over IP enabled, it knows which server to go to anyway, and tries that first instead of browsing the LAN looking for it's Master Browser or DNS server.

Author Comment

ID: 9877694
yes.. this is sensitive to how the settings are applied

even if things are toggled and set back to the original state it works..
so it is probably a settings bug

so after providing a DNS and/or disabling netbios over tcpip it seemed to work

now I have both on the original (no DNS, no disabling netbios) and it still continues to work

clearly this is not a reversible process.. something happens when one toggles these settings. even if one goes back to the old setting the behavior is changed.
LVL 35

Expert Comment

ID: 9878151
Toggling the settings may actually change the name-resolution order to what it should be.  That's the beauty and mystery of how the Registry works... hehe.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question