Solved

Windows XP computers incredibly slow to loging; userenv and auto enrollment errors

Posted on 2004-08-04
10
1,750 Views
Last Modified: 2008-01-09
Having some problems with two Windows XP computers on a Windows 2003 SBS domain.  They do not seem to be authenticating with the domain controller properly.  It take about 3 - 5 minutes for them to log in.  Once they do, everything works fine, even software that is hosted on our server.  DNS settings and such are the same as our 2000 boxes which are not having problems.  I tried removing computer account from domain to workgroup, deleteing the computer account from the server, rebooting it, and rejoining the computer account and the problem is persisting.  I turned off auto enrollment and those errors have stopped.  This is the userenv error:

Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

0
Comment
Question by:Mach70803
10 Comments
 
LVL 5

Expert Comment

by:dgroscost
ID: 11716553
Are you using Internet Connection Firewall on XP?  

It sounds like a DNS issue to me... do you have any special GPOs assigned to these XP computers that you can temporarily disable?
0
 

Author Comment

by:Mach70803
ID: 11716570
I would like to add that I cannot view any of the shared items on the network.  Also, the certificate services manager on the server gives the following error when opened:

Cannot manage Certificate Services.

The specified service does not exist as an installed service, 0x424 (WIN32: 1060)
0
 

Author Comment

by:Mach70803
ID: 11716623
Only GPO is one that sets Windows Updates for all computers on the network.  Nothing else.  
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Mach70803
ID: 11716692
Only one firewall which is on cable modem from ISP.  I have the primary DNS set to the modem and the secondary set to the router.

Preferred: 192.168.1.1
Alternate: 192.168.2.1

Server IP: 192.168.2.100
0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 11719565
That's your problem:
Preferred: 192.168.1.1
Alternate: 192.168.2.1
Server IP: 192.168.2.100

On your DC/DNS, and on all of your domain members, make sure the DC's address *only* is listed in the TCP/IP properties (be that via DHCP or static; do NOT use 127.0.0.1 on the DC/DNS itself!). That makes sure your internal lookups work correctly.
For internet access, delete the root zone (if present; it's the single dot: ".") on your DNS in your forward lookup zones. Then open the properties page of your DNS server and configure forwarders to point to your ISP's DNS (or the cable modem/router; whatever gives you the quickest internet addresses). The forwarders section is the *only* entry in your network where non-AD-DNS server should be listed.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

How Domain Controllers Are Located in Windows
http://support.microsoft.com/?kbid=247811

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/?kbid=323380

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows Server 2003
http://support.microsoft.com/?kbid=816567
0
 
LVL 2

Expert Comment

by:tztrh
ID: 11725405
just put server's IP to be your alternative DNS on XP boxes. that should speed up things
0
 

Author Comment

by:Mach70803
ID: 11725456
oBDa,

I will give your advise a whirl.  I did change the order of the DNS servers and now the computers are logging in fine, but about 50% of website are loading very slowly.  I am going to award you the points, but I might need a bit more assistance.
0
 
LVL 83

Expert Comment

by:oBdA
ID: 11726008
Don't just only change the order. Follow the described settings in the KB articles. It is imperative that *only* your internal AD DNS server are listed in the TCP/IP properties of your clients. The AD DNS server will then forward requests for internet domains for the clients.
The same is valid for the AD DNS server itself: The *only* DNS server listed in the TCP/IP properties is the own address; no other address!
0
 

Author Comment

by:Mach70803
ID: 11747577
I went ahead and setup DHCP on the DC and configured the forwarders and zones.   The clients are logging in fine now, but they cannot reach any webpags.  If I ping a website (google, yahoo, others) the address is resolved, but times out.  Same with tracert.  Doesn't get past the first hop.  Everything is working fine on the server. I opened up ports 53 and 135 on the cable modem as suggested by Microsoft.

Forwarders:
IP's DNS 1
IP's DNS 2
Cable Modem 192.168.1.1
Router 192.168.2.1

Any ideas?
0
 

Author Comment

by:Mach70803
ID: 11747595
Nevermind, I figured it out.  I had the scope options router set to the wrong IP address.  Thanks again for all your help!
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server 2003 x64 upgrade question 10 47
How to virtualize old server? (2003) 7 101
Forcibly removing a 2003 server from the Domain 4 46
SBS 2003 RWW Login 3 36
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question