qabs
asked on
Slow boot-slow logon-other strange stuff
I have a home network...
W2K SBS server, DC
1-W2K P3-500 512 RAM 40g HD
1-XP Pro AMD 2400 256 RAM 40g HD
DSL w/ Linksys router & Linksys WAP
All 3 computers have all critical MSoft patches applied...as of today...
Norton CE running and fully up to date...all computes run virus scans 3x / week...
Also run housecall about once a month, all machines virus free...
Run Adaware and Spybot 1-2 times a month all computers...
There are 2 problems which are different, but I think inter-related...
Problem #1...
W2000 workstation is VERY slow to boot up and to logon...
From the time I power on to my logon screen averages about 4 minutes...from logon to desktop fully populated and ready to go, averaging about 5 minutes...This started Monday evening...(yesterday)...La
Problem #2...
XP Pro...boots up normal time, power on to desktop about 2 minutes or a little less...so this is different from the W2K machine...
A) When I open IE it will go to my default page, which since Monday has been hijacked a couple of times and it will go to
mk:@MSITStore:C:\WINDOWS\s
Normally I have it default to www.experts-exchange.com...I can easily change the default page back to E-E and it will hold for a while, but then gets hijacked again...
B) IE opens in a normal amount of time, 6-7 seconds to the first web page...but if I type into the URL a different page, say www.cnn.com...it takes an average of 60-90 seconds before the progress bar appears at the bottom of the IE browser window, and starts to show progress...Once the progress bar appears, it's back to normal time...
C) When I open Windows Explorer, OR double click on My Computer, my drives, both mapped and local, will not show up...the computer stalls out and I have to reboot...
After a reboot, Explorer will open and show drives normally...This happens from time to time...so far this morning this problem has not happened, but I expect it to return, based on my efforts yesterday...
What did I do???
I have dynamic IP on my DSL...so about 1 month ago I set up a DNS forwarder from
no-ip.com and installed the client on my server...I want to be able to remotely TS into my server and also set up a FTP server so I went into the router and opened port 80...(at least I think that's what I did) and set it to my server IP...This is stuff I am not familiar with and I may have done this incorrectly...It seems a little while after I did this I started having problems...
What I have done to correct problem...
1. Router...closed port 80, put it back to where it was...
2. Last night ran full Norton scan and housecall on all 3 computers, no viruses...
3. Ran Adaware and Spybot on all 3 computers, just the normal junk...cleaned all up...
4. Ran CWShredder on all computers, nothing found...
5. Ran Hijack This on all machines, found 3 entrys on my XP machine that did't look good so I eliminated them...made no change to anything whatsoever...other computer found nothing...
6. Checked HKLM....Run all machines, nothing out of ordinary...
7. Ran MSCONFIG on all machines, took out unnecessary stuff...
After all this, my W2K is still booting up and logging on very slow, nothing changed...
My XP boots and logs in normally, but IE & Explorer still no change...
My server is running perfect...!!!...nothing has changed there...
Considered a bad NIC card on W2K, but once logged into domain, it is fast to internet, fast to all shared drives, normal time here...
I am stumped...and VERY open to ANY suggestions, ideas...
Thanx
Steve
PS sorry for the length of this post...:)
W2K SBS server, DC
1-W2K P3-500 512 RAM 40g HD
1-XP Pro AMD 2400 256 RAM 40g HD
DSL w/ Linksys router & Linksys WAP
All 3 computers have all critical MSoft patches applied...as of today...
Norton CE running and fully up to date...all computes run virus scans 3x / week...
Also run housecall about once a month, all machines virus free...
Run Adaware and Spybot 1-2 times a month all computers...
There are 2 problems which are different, but I think inter-related...
Problem #1...
W2000 workstation is VERY slow to boot up and to logon...
From the time I power on to my logon screen averages about 4 minutes...from logon to desktop fully populated and ready to go, averaging about 5 minutes...This started Monday evening...(yesterday)...La
Problem #2...
XP Pro...boots up normal time, power on to desktop about 2 minutes or a little less...so this is different from the W2K machine...
A) When I open IE it will go to my default page, which since Monday has been hijacked a couple of times and it will go to
mk:@MSITStore:C:\WINDOWS\s
Normally I have it default to www.experts-exchange.com...I can easily change the default page back to E-E and it will hold for a while, but then gets hijacked again...
B) IE opens in a normal amount of time, 6-7 seconds to the first web page...but if I type into the URL a different page, say www.cnn.com...it takes an average of 60-90 seconds before the progress bar appears at the bottom of the IE browser window, and starts to show progress...Once the progress bar appears, it's back to normal time...
C) When I open Windows Explorer, OR double click on My Computer, my drives, both mapped and local, will not show up...the computer stalls out and I have to reboot...
After a reboot, Explorer will open and show drives normally...This happens from time to time...so far this morning this problem has not happened, but I expect it to return, based on my efforts yesterday...
What did I do???
I have dynamic IP on my DSL...so about 1 month ago I set up a DNS forwarder from
no-ip.com and installed the client on my server...I want to be able to remotely TS into my server and also set up a FTP server so I went into the router and opened port 80...(at least I think that's what I did) and set it to my server IP...This is stuff I am not familiar with and I may have done this incorrectly...It seems a little while after I did this I started having problems...
What I have done to correct problem...
1. Router...closed port 80, put it back to where it was...
2. Last night ran full Norton scan and housecall on all 3 computers, no viruses...
3. Ran Adaware and Spybot on all 3 computers, just the normal junk...cleaned all up...
4. Ran CWShredder on all computers, nothing found...
5. Ran Hijack This on all machines, found 3 entrys on my XP machine that did't look good so I eliminated them...made no change to anything whatsoever...other computer found nothing...
6. Checked HKLM....Run all machines, nothing out of ordinary...
7. Ran MSCONFIG on all machines, took out unnecessary stuff...
After all this, my W2K is still booting up and logging on very slow, nothing changed...
My XP boots and logs in normally, but IE & Explorer still no change...
My server is running perfect...!!!...nothing has changed there...
Considered a bad NIC card on W2K, but once logged into domain, it is fast to internet, fast to all shared drives, normal time here...
I am stumped...and VERY open to ANY suggestions, ideas...
Thanx
Steve
PS sorry for the length of this post...:)
ASKER
Just ran sfc on my xp pro machine...
Went out to merign.org to get a new HJT to run and post... and posted on their website is a new variation of CWS Trojan that has the same specs in the IE browser hijack that I have in mine...
I'm going to follow this trail first on all computers and will report back later this afternoon...
So, hold on with suggestions until I finish this...then we'll see where we are at...
Steve
Went out to merign.org to get a new HJT to run and post... and posted on their website is a new variation of CWS Trojan that has the same specs in the IE browser hijack that I have in mine...
I'm going to follow this trail first on all computers and will report back later this afternoon...
So, hold on with suggestions until I finish this...then we'll see where we are at...
Steve
ASKER
OK...
www.merijn.org has a good article, dated today (4/20) on this new CWS Trojan...but there is no fix for it...and at this point it looks like Msoft will have to put out a patch as this little bugger gets in thru an Explorer help file...don't understand how it works...
As far as my XP box is concerned...CWShredder took out one CWS.config file and that took care of my browser hijack issue...
So far today I have been able to get to my drives thru Windows Explorer on my XP machine...and at this point I am going to consider my XP ok, for now...
But my W2K machine with the sloooooow boot and logon is still an issue...
Any thoughts in this area???
Thanx
Steve
www.merijn.org has a good article, dated today (4/20) on this new CWS Trojan...but there is no fix for it...and at this point it looks like Msoft will have to put out a patch as this little bugger gets in thru an Explorer help file...don't understand how it works...
As far as my XP box is concerned...CWShredder took out one CWS.config file and that took care of my browser hijack issue...
So far today I have been able to get to my drives thru Windows Explorer on my XP machine...and at this point I am going to consider my XP ok, for now...
But my W2K machine with the sloooooow boot and logon is still an issue...
Any thoughts in this area???
Thanx
Steve
ASKER
OK...
On my W2K, I ran SFC then CWShredder...CWShredder didn;t find anything and I put in a new NIC card, sort of as a "last hope"...
It is booting up normally, but the log in is still taking about 2-3 minutes but definatley less time than it was...
I don;t know for certain what fixed it...and maybe it's not completely fixed yet...
But it's probably a combination of things...
I am going to leave this post open for a few days...see how things go and maybe I will have to "ask again" for help...
Steve
On my W2K, I ran SFC then CWShredder...CWShredder didn;t find anything and I put in a new NIC card, sort of as a "last hope"...
It is booting up normally, but the log in is still taking about 2-3 minutes but definatley less time than it was...
I don;t know for certain what fixed it...and maybe it's not completely fixed yet...
But it's probably a combination of things...
I am going to leave this post open for a few days...see how things go and maybe I will have to "ask again" for help...
Steve
I'll keep an eye on the post - if the problem reoccurs - just post back..
Good luck!
Good luck!
ASKER
Good Morning...
Well, the fixes of yesterday I though were going to be good...are not...although some stuff is good...
==============
W2K...boot time from power on to logon screen is now normal...time from logon screen to full desktop is better about 4 minutes whereas it was about 8-9 minutes...
Still gotta work on this...
===============
XP...all day yesterday I could see my local and shared HD's whenever I was in Windows Explorer...now that problem is back today...
However, my IE browser is no longer hijacked...and IE opens in a normal amount of time...So partial success...
Gotta work on the "seeing" the HD's...note, this is NOT an issue on the W2K box, only the XP box...
Last night I removed Norton from my XP box and installed a trial version of NOD32...wanted to check it out for a couple of weeks...
This morning I checked the Event Viewer, Application Logs and found these entrys...
Autoenrollment
Automatic certificate enrollment for local system failed to contact the active
directory (0x8007054b). The specified domain either does not exist or could not
be contacted. Enrollment will not be performed.
Userenv
Windows cannot obtain the domain controller name for your computer network.
(The specified domain either does not exist or could not be contacted. ). Group
Policy processing aborted.
There are a few other errors in the log, but all similiar...
On my server, W2K SBS Domain Controller, in the Event Vewer>System Log I found this entry at about the same time as the 2 entrys above from my XP box...
NETLOGON
Dynamic registratin or deregistration of one or more DNS records failed because
no DNS servers are available...
I suspect these DNS errors are related to my HD issue in the XP box and the long logon time for my W2K box...
On 4/14, about a week ago, I changed the domain on my server...I had been using the domain name of "home" (real creative), but because I had registered the domain name of www.sportpix.net I wanted to set my domain using that name...
I renamed the domain on the server and used the Active Directory Wizard (DCPROMO) to bring it back up as a DC with the new domain name...
The server has a static IP, the workstations are DHCP from the router...
I then set static IP entrys in the DNS...
First my router IP
Second my public DNS entry from my DSL provider
Third my server IP
And I checked the boxes..."Append parent suffixes of the primary DNS suffix"
and..."Register this connection's address in DNS registration"...
At that point, every thing was working, both boxes were logging on in normal time, I had no issue getting to either my local or shared HD's on the XP box...until Saturday...
Since my understanding of DNS is microscopic at best...I am open for what do I need to check...
Thanx
Steve
Well, the fixes of yesterday I though were going to be good...are not...although some stuff is good...
==============
W2K...boot time from power on to logon screen is now normal...time from logon screen to full desktop is better about 4 minutes whereas it was about 8-9 minutes...
Still gotta work on this...
===============
XP...all day yesterday I could see my local and shared HD's whenever I was in Windows Explorer...now that problem is back today...
However, my IE browser is no longer hijacked...and IE opens in a normal amount of time...So partial success...
Gotta work on the "seeing" the HD's...note, this is NOT an issue on the W2K box, only the XP box...
Last night I removed Norton from my XP box and installed a trial version of NOD32...wanted to check it out for a couple of weeks...
This morning I checked the Event Viewer, Application Logs and found these entrys...
Autoenrollment
Automatic certificate enrollment for local system failed to contact the active
directory (0x8007054b). The specified domain either does not exist or could not
be contacted. Enrollment will not be performed.
Userenv
Windows cannot obtain the domain controller name for your computer network.
(The specified domain either does not exist or could not be contacted. ). Group
Policy processing aborted.
There are a few other errors in the log, but all similiar...
On my server, W2K SBS Domain Controller, in the Event Vewer>System Log I found this entry at about the same time as the 2 entrys above from my XP box...
NETLOGON
Dynamic registratin or deregistration of one or more DNS records failed because
no DNS servers are available...
I suspect these DNS errors are related to my HD issue in the XP box and the long logon time for my W2K box...
On 4/14, about a week ago, I changed the domain on my server...I had been using the domain name of "home" (real creative), but because I had registered the domain name of www.sportpix.net I wanted to set my domain using that name...
I renamed the domain on the server and used the Active Directory Wizard (DCPROMO) to bring it back up as a DC with the new domain name...
The server has a static IP, the workstations are DHCP from the router...
I then set static IP entrys in the DNS...
First my router IP
Second my public DNS entry from my DSL provider
Third my server IP
And I checked the boxes..."Append parent suffixes of the primary DNS suffix"
and..."Register this connection's address in DNS registration"...
At that point, every thing was working, both boxes were logging on in normal time, I had no issue getting to either my local or shared HD's on the XP box...until Saturday...
Since my understanding of DNS is microscopic at best...I am open for what do I need to check...
Thanx
Steve
ASKER
SirBounty...
I do not believe I have DNS installed correctly on my server...
Specs...
W2K Small Bus server name is "odin"...192.168.1.8...dom
When I do a "nslookup" I get the message "Can't find server name for address 192.168.1.8: Non-existent domain. Default servers not available. Default server unknown"
2 workstations, my XP Pro is logs into domain very quickly...
My W2K workstation takes about 2-3 minutes to log into domain...
What do I need to do???
Steve
I do not believe I have DNS installed correctly on my server...
Specs...
W2K Small Bus server name is "odin"...192.168.1.8...dom
When I do a "nslookup" I get the message "Can't find server name for address 192.168.1.8: Non-existent domain. Default servers not available. Default server unknown"
2 workstations, my XP Pro is logs into domain very quickly...
My W2K workstation takes about 2-3 minutes to log into domain...
What do I need to do???
Steve
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
SirBounty...
I passed the points to you as I need to close this question...
However, I am still struggling with my problem...
I believe it is a DNS issue and so far have not been able to solve it...
I will continue searching and asking questions and will eventually find the answer...
Steve
I passed the points to you as I need to close this question...
However, I am still struggling with my problem...
I believe it is a DNS issue and so far have not been able to solve it...
I will continue searching and asking questions and will eventually find the answer...
Steve
I'd start out with
Start->Run->SFC /Scannow
if you haven't already...