Solved

Slow login to Domain (probable cause is DNS)

Posted on 2004-03-29
6
1,238 Views
Last Modified: 2010-04-13
My users take 4-5 minutes to log into the server.  From looking at previous questions, I have an idea of what may be wrong...

I have 2 questions:

1.) How do I make sure that my user's profiles are being stored locally?  I browse to the profile tab of the user properties window, and local path is there, but empty.  Does this just mean it will use the default, or is it still retrieving the profiles from the server?

2.) I have a firewall, and one machine set up as the domain controller.  My firewall's DHCP hands out the DNS IPs that my ISP gave me (T1).  This works fine, but in looking around, I saw that I may need to configure DNS on the domain controller or there will be long login times...

Help!!!

0
Comment
Question by:protemus
6 Comments
 
LVL 84

Assisted Solution

by:oBdA
oBdA earned 50 total points
ID: 10705798
Well, if there is no profile specified in the user's properties, a local profile will be used.
But the profiles aren't the problem, it's your DNS settings. Your clients should *only* point to your internal DNS, and so should the DNS server itself. To provide internet access, delete the root zone (".") in your DNS, and configure forwarders to point to your ISP's DNS.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Windows 2000 DNS and Active Directory Information and Technical Resources
http://support.microsoft.com/?kbid=298448

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows 2000
http://support.microsoft.com/?kbid=316341

HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?kbid=300202

Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/?kbid=237675

Troubleshooting Common Active Directory Setup Issues in Windows 2000
http://support.microsoft.com/?kbid=260371

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515
0
 
LVL 20

Assisted Solution

by:Debsyl99
Debsyl99 earned 350 total points
ID: 10706840
Following on from odba's solution, You'll also need to configure the firewall dhcp to hand out the ip address of your 2000 dns server to the clients and as said, only that one.

:))
0
 

Author Comment

by:protemus
ID: 10708173
ok, I understand, but I know nothing about configuring DNS.

All I know is that when I open DNS I get a tree with my servername with two subfolders:

"Forward Lookup Zones" and "Reverse Lookup Zones"

The only entry that has anything in it is "Forward lookup zones"

That has a folder "MyDomain.com"

and within "MyDomain.com" there are the following entries:
Name | Type | Data
(same as parent) | Start of Authority | [2], machinename.MyDomain.com., admin
(same as parent) | Name Server | machinename.MyDomain.com.
servername | Host | ##.##.##.##

How do I perform those steps.... I know I must sound like a dingbat, but huh?


0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 20

Accepted Solution

by:
Debsyl99 earned 350 total points
ID: 10708579
Hi

And no, not a dingbat!

Ok so it sounds like there's no " . " zone which is good, because you can't use forwarders if it's there. In dns, right click the server listed immediately above the forward lookup zone folder, then click properties. This will bring up a box with numerous tabs. In interfaces, specify it's own IP address, ie that of the dns server you're working on. Click the forwarders tab, check enable forwarders and here enter the dns server ip addresses of your isp.

In the TCP/IP properties on the network connection for the server, again check that in the dns server list only it's own ip address is listed.

Then configure the client pc's to be supplied ONLY with the address of this dns server, not the isp. The forwarders enables the server to check the isp's dns servers for any names it can't resolve - ie it forwards the query. On the clients call up a command prompt -> start, run, cmd enter, and release and renew the ip's ie at the command prompt type ipconfig /release (enter - to reloease the ip) than type ipconfig /renew to pick the ip address up again from the firewall. To check type again at the client at a command prompt ipconfig /all to check the the isp's dns servers are no longer lited as dns servers for the client. Hopefully this should sort you out!

Deb :))

0
 
LVL 3

Assisted Solution

by:feiyau
feiyau earned 100 total points
ID: 10712464
Try enableing the Userenv.log to full details .. you can see the actual login in progress and what is your logon doing at what time or instance. That may point you in the right direction. If you find any network related issue slow, you may have to even use Netmon.

HKLM\SOFTWARE\MICROSOFT\WINDOWS\WindowsNT\CurrentVersion\Winlogon
D_Word
UserEnvDebugLevel = 10002 (Hex)

Login again and you will find a log file in

C:\Winnt\Debug\Usermode\Userenv.log

0
 

Author Comment

by:protemus
ID: 10713338
Hey

Everyone was great!, my clients log on with no problem!

Thanks for all your help.


You know there really should be a HOW-TO for this configuration.  I have to imagine this is the default network setup for most 20-50 employee businesses!

Thanks again!
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question