Solved

Slow boot-slow logon-other strange stuff

Posted on 2004-04-20
9
2,646 Views
Last Modified: 2010-04-13
I have a home network...
W2K SBS server, DC
1-W2K   P3-500   512 RAM   40g HD
1-XP Pro   AMD 2400   256 RAM   40g HD
DSL w/ Linksys router & Linksys WAP

All 3 computers have all critical MSoft patches applied...as of today...

Norton CE running and fully up to date...all computes run virus scans 3x / week...
Also run housecall about once a month, all machines virus free...

Run Adaware and Spybot 1-2 times a month all computers...

There are 2 problems which are different, but I think inter-related...

Problem #1...
W2000 workstation is VERY slow to boot up and to logon...

From the time I power on to my logon screen averages about 4 minutes...from logon to desktop fully populated and ready to go, averaging about 5 minutes...This started Monday evening...(yesterday)...Last time I was on computer was Saturday, 3 days ago and everything was running normal...power up to logon to desktop averages about 3 minutes normally on this computer

Problem #2...
XP Pro...boots up normal time, power on to desktop about 2 minutes or a little less...so this is different from the W2K machine...

A)  When I open IE it will go to my default page, which since Monday has been hijacked a couple of times and it will go to
mk:@MSITStore:C:\WINDOWS\start.chm::/spplain.html
Normally I have it default to www.experts-exchange.com...I can easily change the default page back to E-E and it will hold for a while, but then gets hijacked again...

B)  IE opens in a normal amount of time, 6-7 seconds to the first web page...but if I type into the URL a different page, say www.cnn.com...it takes an average of 60-90 seconds before the progress bar appears at the bottom of the IE browser window, and starts to show progress...Once the progress bar appears, it's back to normal time...

C)  When I open Windows Explorer, OR double click on My Computer, my drives, both mapped and local, will not show up...the computer stalls out and I have to reboot...
After a reboot,  Explorer will open and show drives normally...This happens from time to time...so far this morning this problem has not happened, but I expect it to return, based on my efforts yesterday...

What did I do???

I have dynamic IP on my DSL...so about 1 month ago I set up a DNS forwarder from
no-ip.com and installed the client on my server...I want to be able to remotely TS into my server and also set up a FTP server so I went into the router and opened port 80...(at least I think that's what I did) and set it to my server IP...This is stuff I am not familiar with and I may have done this incorrectly...It seems a little while after I did this I started having problems...

What I have done to correct problem...
1.  Router...closed port 80, put it back to where it was...
2.  Last night ran full Norton scan and housecall on all 3 computers, no viruses...
3.  Ran Adaware and Spybot on all 3 computers, just the normal junk...cleaned all up...
4.  Ran CWShredder on all computers, nothing found...
5.  Ran Hijack This on all machines, found 3 entrys on my XP machine that did't look good so I eliminated them...made no change to anything whatsoever...other computer found nothing...
6.  Checked HKLM....Run all machines, nothing out of ordinary...
7.  Ran MSCONFIG on all machines, took out unnecessary stuff...

After all this, my W2K is still booting up and logging on very slow, nothing changed...
My XP boots and logs in normally, but IE & Explorer still no change...
My server is running perfect...!!!...nothing has changed there...

Considered a bad NIC card on W2K, but once logged into domain, it is fast to internet, fast to all shared drives, normal time here...

I am stumped...and VERY open to ANY suggestions, ideas...

Thanx
Steve


PS sorry for the length of this post...:)
0
Comment
Question by:qabs
  • 6
  • 3
9 Comments
 
LVL 67

Expert Comment

by:sirbounty
Comment Utility
You might post your HJT log for further review.
I'd start out with
Start->Run->SFC /Scannow
if you haven't already...
0
 

Author Comment

by:qabs
Comment Utility
Just ran sfc on my xp pro machine...

Went out to merign.org to get a new HJT to run and post... and posted on their website is a new variation of CWS Trojan that has the same specs in the IE browser hijack that I have in mine...

I'm going to follow this trail first on all computers and will report back later this afternoon...

So, hold on with suggestions until I finish this...then we'll see where we are at...
Steve
0
 

Author Comment

by:qabs
Comment Utility
OK...
www.merijn.org has a good article, dated today (4/20) on this new CWS Trojan...but there is no fix for it...and at this point it looks like Msoft will have to put out a patch as this little bugger gets in thru an Explorer help file...don't understand how it works...

As far as my XP box is concerned...CWShredder took out one CWS.config file and that took care of my browser hijack issue...

So far today I have been able to get to my drives thru Windows Explorer on my XP machine...and at this point I am going to consider my XP ok, for now...

But my W2K machine with the sloooooow boot and logon is still an issue...

Any thoughts in this area???

Thanx
Steve
0
 

Author Comment

by:qabs
Comment Utility
OK...
On my W2K, I ran SFC then CWShredder...CWShredder didn;t find anything and I put in a new NIC card, sort of as a "last hope"...
It is booting up normally, but the log in is still taking about 2-3 minutes but definatley less time than it was...

I don;t know for certain what fixed it...and maybe it's not completely fixed yet...
But it's probably a combination of things...

I am going to leave this post open for a few days...see how things go and maybe I will have to "ask again" for help...

Steve
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 67

Expert Comment

by:sirbounty
Comment Utility
I'll keep an eye on the post - if the problem reoccurs - just post back..
Good luck!
0
 

Author Comment

by:qabs
Comment Utility
Good Morning...

Well, the fixes of yesterday I though were going to be good...are not...although some stuff is good...
==============
W2K...boot time from power on to logon screen is now normal...time from logon screen to full desktop is better about 4 minutes whereas it was about 8-9 minutes...
Still gotta work on this...
===============
XP...all day yesterday I could see my local and shared HD's whenever I was in Windows Explorer...now that problem is back today...
However, my IE browser is no longer hijacked...and IE opens in a normal amount of time...So partial success...
Gotta work on the "seeing" the HD's...note, this is NOT an issue on the W2K box, only the XP box...

Last night I removed Norton from my XP box and installed a trial version of NOD32...wanted to check it out for a couple of weeks...

This morning I checked the Event Viewer, Application Logs and found these entrys...

     Autoenrollment
     Automatic certificate enrollment for local system failed to contact the active
     directory (0x8007054b).  The specified domain either does not exist or could not
     be contacted.  Enrollment will not be performed.

     Userenv
     Windows cannot obtain the domain controller name for your computer network.
     (The specified domain either does not exist or could not be contacted. ). Group
      Policy processing aborted.

There are a few other errors in the log, but all similiar...

On my server, W2K SBS Domain Controller, in the Event Vewer>System Log I found this entry at about the same time as the 2 entrys above from my XP box...

     NETLOGON
     Dynamic registratin or deregistration of one or more DNS records failed because
     no DNS servers are available...

I suspect these DNS errors are related to my HD issue in the XP box and the long logon time for my W2K box...

On 4/14, about a week ago, I changed the domain on my server...I had been using the domain name of "home" (real creative), but because I had registered the domain name of www.sportpix.net I wanted to set my domain using that name...

I renamed the domain on the server and used the Active Directory Wizard (DCPROMO) to bring it back up as a DC with the new domain name...

The server has a static IP, the workstations are DHCP from the router...

I then set static IP entrys in the DNS...
First           my router IP
Second       my public DNS entry from my DSL provider
Third          my server IP
And I checked the boxes..."Append parent suffixes of the primary DNS suffix"
and..."Register this connection's address in DNS registration"...

At that point, every thing was working, both boxes were logging on in normal time, I had no issue getting to either my local or shared HD's on the XP box...until Saturday...

Since my understanding of DNS is microscopic at best...I am open for what do I need to check...


Thanx
Steve
0
 

Author Comment

by:qabs
Comment Utility
SirBounty...

I do not believe I have DNS installed correctly on my server...

Specs...
W2K Small Bus   server name is "odin"...192.168.1.8...domain name is "sportpix.net"...I have registered this domain name...

When I do a "nslookup" I get the message "Can't find server name for address 192.168.1.8: Non-existent domain.  Default servers not available.  Default server unknown"

2 workstations, my XP Pro is logs into domain very quickly...
My W2K workstation takes about 2-3 minutes to log into domain...

What do I need to do???

Steve
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 500 total points
Comment Utility
A couple of things concern me with what I've read here...
If you're blocking port 80 - are you not needing any internet access, as that's the default http port?

For the workstations that you're having problems with - the first thing to try is dropping them back into a workgroup and then re-joining the domain.  This is a common error - and that's typically the fix...

As for saving resources and hopefully speeding up logon...follow the advice here: (includes service descriptions)

XP: http://www.blackviper.com/WinXP/servicecfg.htm
2K: http://www.blackviper.com/WIN2K/servicecfg.htm
0
 

Author Comment

by:qabs
Comment Utility
SirBounty...

I passed the points to you as I need to close this question...

However, I am still struggling with my problem...

I believe it is a DNS issue and so far have not been able to solve it...

I will continue searching and asking questions and will eventually find the answer...

Steve
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This video discusses moving either the default database or any database to a new volume.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now