XP client and 2k domain logon DNS problem

Posted on 2004-11-03
Last Modified: 2013-12-23

I have a Win2k domain, with a mix of XP and 2k workstations. A few XP Pro PC's take forever (2-5 mins) to logon to the network. They hang on "applying computer settings" for most of that time.

The good news is that I know what's causing it: for security reasons I'm not using a DNS server, instead relying on local hosts files to do the work. It appears however that some XP clients use DNS to resolve the PDC server name (dont ask me why only some do so and have the problem though!..)

Okay, so here's the mystery.. some of the slow log-on workstations could be fixed by adding the PDC to the lmhosts file. Others werent. I've checked the group policy, notably the admin templates>system>logon>Always wait for the network at computer startup. This is enabled, so isn't the problem.

Sooo... any ideas on what else could be going on? It's almost as if these remaining XP clients aren't reading there lmhosts file, however the only reference I can find to forcing them to do so is under the tcp/ip properties>advanced, where it is enabled to do so.

It appears to be a subset of a subset of XP Pro machines with the issue. Any thoughts appreciated.
Question by:dxve
    LVL 10

    Accepted Solution

    Hi dxve,
    ew.  Yes, as soon as I read the problem I immediatley knew it was DNS. I would solve this by using secure DNS. You will save yourself headaches in the long run and it is more secure than what you are relying on currently.

    LVL 82

    Assisted Solution

    Sorry, but you will never, ever, get a W2k domain running without problems if you don't have DNS; AD relies too heavily on DNS.
    Here's something to start with:

    Setting Up the Domain Name System for Active Directory

    HOW TO: Install Network Services Such as WINS and DNS in Windows 2000

    Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS

    Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003

    How to Verify the Creation of SRV Records for a Domain Controller

    How Domain Controllers Are Located in Windows

    How Domain Controllers Are Located in Windows XP

    SRV Resource Records May Not Be Created on Domain Controller

    HOW TO: Configure DNS for Internet Access in Windows Server 2003

    HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows Server 2003
    LVL 1

    Author Comment


    Thanks for the input! It will take me a while to sift through that lot.

    I'm still fairly convinced the root of the problem is that some permutation of XP Pro & variable x causes XP to disregard its lmshosts file, as some of the workstations were fixed this route. If there is a trick to force XP to use its lmhosts i'm 75% sure it would fix assorted 2k "AD has too much reliance on DNS" issues. I'll keep researching, and appreciate the leads
    LVL 1

    Author Comment


    Feel free to allocate the points as you see fit. I'm happy to do a 50/50 split or whatever. Neither response seems to answer the question directly, but both deserve something for the input. Perhaps there is no correct answer other than "AD needs DNS to work, for reasons which are a complete mystery"

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
    Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now