Slow/No Logins after Domain Migration

Posted on 2004-08-05
Last Modified: 2008-01-09
Greetings folks - first, please note: this question has been posted to a newsgroup as well.  Will be happy to award the points here if someone here answers correctly first.

We have an existing SBS 4.5 install (lets call it NYC domain) that I'm trying to migrate to an SBS 2K3 system on a new server (lets call the new one NYCCORP domain) .

All 14 clients are running either Windows XP SP1 or Win2K SP4.

As members of the SBS 4.5 (NYC) domain, all users can log in to the clients quickly reach a desktop with start menu.

(Please note: my efforts below focused on one XP machine in particular, but identical problems (for as long as I allowed the system to keep trying) were seen on the other XP clients).

Upon creating new user accounts in the NYCCORP domain and removing the computers from NYC domain, placing them into NYCCORP, no users (even the domain admins of NYCCORP) are able to fully log in to the XP clients.  Basically, the login window appears, the username and password is entered, a message that settings are being applied comes up.  After a few seconds the only thing on the screen is a mouse pointer and nice desktop wallpaper.  After a few minutes like this, I press CTRL-ALT-DEL.  I am able to bring up task manager and view processes and resource utilization.  Task manager reports System Idle process using ~98/99% of the CPU.  So basically, the CPU isn't
pegged.  I review the process list - Explorer is running but set to High priority and using ~6MB of physical memory?  No start menu appears.  Then suddenly, the system process jumps to attention and pegs the CPU for ~2 minutes.  Then stops.  This repeats about 6-9 minutes later.  After 20+ minutes of waiting, I rebooted the client and began putting them back in the NYC (SBS 4.5)
domain.  Everything resumes running normally.

On the system focused on, the following were recorded in the userenv.log file during the tries to log in as a user in the NYCCORP domain:

USERENV(1c8.740) 08:22:41:543 GetGPOInfo:  Local GPO's gpt.ini is not accessible, assuming default state.
USERENV(1c8.370) 09:13:08:406 GetGPOInfo:  Local GPO's gpt.ini is not accessible, assuming default state.
USERENV( 09:26:07:676 GetGPOInfo:  Local GPO's gpt.ini is not accessible, assuming default state.
USERENV(1c8.470) 09:26:10:821 PolicyChangedThread: UpdateUser failed with 1008.
USERENV(1c8.1cc) 09:29:00:377 CUserProfile::CleanupUserProfile: Ref Count is not 0USERENV(1c8.1cc) 09:29:00:387 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(1c8.1cc) 09:29:00:387 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(1c8.510) 09:29:09:390 GetGPOInfo:  Local GPO's gpt.ini is not accessible, assuming default state.
USERENV(1c8.744) 09:29:29:118 GetGPOInfo:  Local GPO's gpt.ini is not accessible, assuming default state.
USERENV(1c8.754) 09:29:30:520 PolicyChangedThread: UpdateUser failed with 6.
USERENV(1cc.1d0) 09:58:22:256 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(1cc.1d0) 09:58:22:256 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(1cc.1d0) 09:58:22:256 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(1cc.528) 09:58:30:669 GetGPOInfo:  Local GPO's gpt.ini is not accessible, assuming default state.
USERENV(1cc.758) 09:58:45:199 GetGPOInfo:  Local GPO's gpt.ini is not accessible, assuming default state.
USERENV(1c8.1cc) 10:00:33:357 CUserProfile::CleanupUserProfile: Ref Count is not 0

The Windows 2000 machines seem to eventually log in but take ~5 minutes.  Maybe longer.  There are no unusual messages in the event log.  


(sorry - didn't mean to yell, just wanted to emphasize the ultimate problem and what I need working).

Thanks for your time folks
Question by:Lee W, MVP
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 11728607
Did you use the SBS Migrate Computer setup feature that exists? On the existing computer, you should be able to open up Internet Explore and go to http://<sbsservername>/connectcomputer. Only do that after you have created the accounts using the SBS Add User wizard - this allows you to configure a computer name, etc., for the user. When you connect to the web connectcomputer site, it will prompt you for the username and allow you to migrate the profile. It should help address your problem.

I know that wizards are scary - I don't usually use them, either, but on SBS 2k3, it works well and is the safest way to migrate a computer. Obviously, the user that you are logged in as on the existing computer has to be a local admin to make all the changes.
LVL 96

Author Comment

by:Lee W, MVP
ID: 11728736
Thanks for the suggestion - so far no newsgroup suggestions have been offered, so if this should work, the points are yours.

That aside, some comments regarding your suggestion:
All computers were removed from the old domain through the system control panel and then manually configured to join the new domain.  MOST have likewise been moved back to the old domain to allow the users to work again.  But I still have a couple machines I can test with.
LVL 85

Expert Comment

ID: 11728794
My guess is that the DNS settings on the clients (and maybe on the server itself) are incorrect.
On your DC/DNS, and on all of your domain members, make sure the DC's address *only* is listed in the TCP/IP properties (be that via DHCP or static; do NOT use on the DC/DNS itself!). That makes sure your internal lookups work correctly.
For internet access, delete the root zone (if present; it's the single dot: ".") on your DNS in your forward lookup zones. Then open the properties page of your DNS server and configure forwarders to point to your ISP's DNS. The forwarders section is the *only* entry in your network where non-AD-DNS server should be listed.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003

How Domain Controllers Are Located in Windows

How Domain Controllers Are Located in Windows XP

HOW TO: Configure DNS for Internet Access in Windows Server 2003

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows Server 2003
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

LVL 96

Author Comment

by:Lee W, MVP
ID: 12036826
Turns out the problem was that I renamed the default Active Directory groups - not DNS related.  The ones starting with and contained in "MyBusiness".  A call to Microsoft revealed this (though they had no documentation concerning it).  Upon renaming them back, everything worked correctly.

Thanks for the efforts folks, but I'll be requesting this be PAQed.

Of course, please speak up if there are any objections.
LVL 96

Author Comment

by:Lee W, MVP
ID: 12576478
Sure, close it and refund.

I'd also like to point out this:

I recently had another experience virtually identical to this one and I discovered a few things:

userinit.exe never completes - that's probably what holds up the login.  I had disabled offline files using the account in question.  When I reenabled them, things worked as before.  Similarly, in the above question, I had disabled offline files, but doing so through AD GPO seemed to work.  It may have been a coincidence timing thing, but just for people to keep in mind, Offline Files might be a reason for this as well.

Accepted Solution

modulo earned 0 total points
ID: 12612569
PAQed with points refunded (400)

Community Support Moderator

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL ( and MongoDB (…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question