XP pro and windows 2003 SBS server slowness

1.  What are the DNS settings?
2.  Are roaming profiles used?

Incorrect DNS can cause slow logon times (post the settings of both the server and at least one workstation - copy and paste the results of IPCONFIG /ALL for each).

If roaming profiles are used and users have LARGE files OR MANY files in the profile, the overall logon time can be significant.  

No roaming profiles.

Are you asking for DNS settings on local machines or server.

All local machines point to server IP address for DNS

I suspect as leew suggested that the DNS configuration is incorrect. Have a look at the check list below see if you have it configured correctly.
Another possible cause is a lot of group policy items being applied, however there would have to be an awful lot to cause an 8 minute delay.

Assuming you have completed the server installation, installed Active Directory, and joined the workstations to the Domain, make sure DNS is configured as follows, assuming a single network adapter:
-The server's NIC should be configured with a static IP, the Internet router as the gateway, and only the server itself as the DNS server. Do not use an ISP DNS server here
-Each workstation should be configured using DHCP (obtain and IP address and DNS automatically) or if configured with static addresses; a static IP in the same subnet as the server, same subnet mask as the server, the gateway pointing to your Internet router, and the DNS server pointing ONLY to the server/domain controller. Again do not put an ISP's DNS server here
-In the DNS management console under Administrative tools, right click on the server name and choose properties. On the Forwarders tab add your ISP's DNS servers
-If the workstations are using DHCP, open the DHCP management console on the server under Administrative tools and click on the server name to expand it, click on the scope to expand it, right click on scope options and choose configure options. On the general tab add the Internet router's IP in #003 router, the server's IP in #006 DNS Servers, and the domain name and suffix under #015 such as mydomain.local
-If  DHCP is enabled on the router, rather than the server, it should really be disabled on the router and configured on the server. Enabling DHCP on the server allows for dynamic updates to DNS
-The DHCP client service should be running on servers and workstations even where you are not using DHCP assignments. The DHCP client service controls the dynamic DNS updates

If you have been having DNS problems, on the workstations that have been having problems you should clear the DNS cache by entering at a command line  
  ipconfig  /flushdns
and then
  ipconfig  /registerdns

This should help with the slow logons. If you have the ISP's DNS's anywhere in the NIC's, the workstations will often go to the Internet to try to resolve names and cause them to "hang".

Anything in your event logs - on the workstation or the server?

Yes, I'm asking you to post your DNS settings - you may be absolutely correct about where your DNS points - but DNS is a sensitive topic and if you want to be CERTAIN this is not the cause, post the settings.

Dhcp Enabled.......... no
IP Adress ............... 192.168.0.3
Subnet Mask ........... 255.255.255.0
Default Gateway ...... 192.168.0.1
DNS servers ............ 192.168.0.10

Server does have two NICs one setup for local and the other for VPN. I am just getting this box and it was configured by someone not around anymore. I am also not completely solid with DNS setup on the server. There was an issue with the VPN access from outside the network and our DSL modem died. At that point the IP scheme got reset and changed on all workstations and server.

I would love any help with clarifying if DNS is setup properly on the server.

And thanks to you both for helping so quickly.

Checkin event logs now.

this is from a workstation and I see this on the other workstation in this office:


Event Type:        Warning
Event Source:        Userenv
Event Category:        None
Event ID:        1517
Date:                6/17/2006
Time:                12:48:46 PM
User:                NT AUTHORITY\SYSTEM
Computer:        OTHER
Description:
Windows saved user mccune\Gloria registry while an application or service
was still using the registry during log off. The memory used by the user's
registry has not been freed. The registry will be unloaded when it is no
longer in use.

 This is often caused by services running as a user account, try
configuring the services to run in either the LocalService or
NetworkService account.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Not sure if this will help with any thoughts but if I boot in Safe mode with networking the computer is very very fast in accessing the network and exchange server?

I've been seeing a lot of questions concerning network performance pop up lately.  They often seen to be unrelated as they are described, for example, just migrated to a domain, etc.  But there really have been a lot of them lately.

It may really just be unique issues and coincidences... but I can't help but wonder if it's related to a new Microsoft Patch.

If you wouldn't mind, on each domain controller you have, please run this command in a command prompt:
dir /ah /od %windir%\ntun*
and copy and paste the entries between April 1, 2006 and today.

I'm not sure I'll be able to figure anything out with this - and maybe there is nothing to figure out... but who knows...

10 DNS Errors That Will Kill Your Network
http://mcpmag.com/features/article.asp?EditorialsID=413

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

How to Verify an Active Directory Installation in Windows Server 2003
http://support.microsoft.com/?kbid=816106

[links, in part, originally provided by oBdA]

This is from the server:


Event Type:        Error
Event Source:        Userenv
Event Category:        None
Event ID:        1058
Date:                6/17/2006
Time:                12:22:44 PM
User:                NT AUTHORITY\SYSTEM
Computer:        SERVER
Description:
Windows cannot access the file gpt.ini for GPO
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=mccune,DC=local.
The file must be present at the location
<\\mccune.local\sysvol\mccune.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(Configuration information could not be read from the domain controller,
either because the machine is unavailable, or access has been denied. ).
Group Policy processing aborted.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I also have an error relating to group policy:

 
 
 
Event Type:        Error
Event Source:        Userenv
Event Category:        None
Event ID:        1030
Date:                6/17/2006
Time:                1:12:52 PM
User:                NT AUTHORITY\SYSTEM
Computer:        SERVER
Description:
Windows cannot query for the list of Group Policy objects. Check the event
log for possible messages previously logged by the policy engine that
describes the reason for this.


 
 

leew i get this message:

Volume in drive C has no label
Volume Serial Number is 641d-134b

Directory of C:\windows

File not found

I'm an idiot (I knew I should have cut and paste instead of retyping).

Try this:
dir /ah /od %windir%\$ntun*

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix.:
Description.............................: HPNC7761 Gigabit Server Adapter
DHCP Enabled....................... .: No
Ip Address..............................: 192.168.0.10
Subnet Mask...........................: 255.255.255.0
Default Gateway......................: 192.168.0.1
DNS Servers...........................: 192.168.0.10
Primary WINS Server..............: 192.168.0.10

Ethernet adapter Network Connection:

Connection-specific DNS Suffix.:
Description.............................: HPNC7761 Gigabit Server Adapter
DHCP Enabled....................... .: No
Ip Address..............................: 192.168.0.55
Subnet Mask...........................: 255.255.255.0
Default Gateway......................: 192.168.0.1
DNS Servers...........................: 192.168.0.10
Primary WINS Server..............: 192.168.0.10

please remind me how to copy out of command prompt my brain is officially dead!

ok, server and workstation IPs look ok - Check out the links I posted before.

As for copy out of command prompt, Click the little icon at the top left of the command prompt window, then select Edit and Mark and then block out the text to copy.  Finally, with the text highlighted, press enter - that copies it to the clipboard.

Ugh thanks I remember now!! Here is what I got:


C:\Documents and Settings\Administrator>dir /ah /od %windir%\$nt
 Volume in drive C has no label.
 Volume Serial Number is 641D-134B

 Directory of C:\WINDOWS

10/16/2005  03:00 AM    <DIR>          $NtUninstallKB890046$
10/16/2005  03:00 AM    <DIR>          $NtUninstallKB899589$
10/16/2005  03:00 AM    <DIR>          $NtUninstallKB896688$
10/16/2005  03:01 AM    <DIR>          $NtUninstallKB898715$
10/16/2005  03:01 AM    <DIR>          $NtUninstallKB902400$
10/16/2005  03:01 AM    <DIR>          $NtUninstallKB899591$
10/16/2005  03:02 AM    <DIR>          $NtUninstallKB899588$
10/16/2005  03:02 AM    <DIR>          $NtUninstallKB896428$
10/16/2005  03:02 AM    <DIR>          $NtUninstallKB896358$
10/16/2005  03:02 AM    <DIR>          $NtUninstallKB896422$
10/16/2005  03:03 AM    <DIR>          $NtUninstallKB901214$
10/16/2005  03:03 AM    <DIR>          $NtUninstallKB899587$
10/16/2005  03:03 AM    <DIR>          $NtUninstallKB901017$
10/16/2005  03:03 AM    <DIR>          $NtUninstallKB893756$
10/16/2005  03:04 AM    <DIR>          $NtUninstallKB900725$
10/16/2005  03:04 AM    <DIR>          $NtUninstallKB904706$
10/16/2005  03:04 AM    <DIR>          $NtUninstallKB905414$
11/09/2005  04:00 AM    <DIR>          $NtUninstallKB896424$
12/15/2005  04:00 AM    <DIR>          $NtUninstallKB910437$
12/15/2005  04:00 AM    <DIR>          $NtUninstallKB905915$
12/20/2005  04:00 AM    <DIR>          $NtUninstallKB909988$
01/06/2006  04:00 AM    <DIR>          $NtUninstallKB912919$
01/11/2006  04:00 AM    <DIR>          $NtUninstallKB908519$
02/15/2006  04:00 AM    <DIR>          $NtUninstallKB913446$
02/15/2006  04:00 AM    <DIR>          $NtUninstallKB911927$
04/16/2006  03:00 AM    <DIR>          $NtUninstallKB911562$
04/16/2006  03:00 AM    <DIR>          $NtUninstallKB908981$
04/16/2006  03:01 AM    <DIR>          $NtUninstallKB912812$
04/16/2006  03:02 AM    <DIR>          $NtUninstallKB908531$
04/16/2006  03:02 AM    <DIR>          $NtUninstallKB911567$
06/17/2006  03:00 AM    <DIR>          $NtUninstallKB917734$
06/17/2006  03:01 AM    <DIR>          $NtUninstallKB917344$
06/17/2006  03:01 AM    <DIR>          $NtUninstallKB911280$
06/17/2006  03:02 AM    <DIR>          $NtUninstallKB914389$
06/17/2006  03:02 AM    <DIR>          $NtUninstallKB917953$
06/17/2006  03:02 AM    <DIR>          $NtUninstallKB916281$
06/17/2006  03:03 AM    <DIR>          $NtUninstallKB918439$
               0 File(s)              0 bytes
              37 Dir(s)  192,408,518,656 bytes free

leew having trouble with the microsoft links

Thanks for posting the info - like I said, I don't even know if there's anything to this, but I appreciate your willingness to humor me.

As for the links, what kind of trouble - I just clicked the two to microsoft and got right to them.

could be my end will try again. I was just getting page can not be displayed! Thanks for your willingness to offer help. I am at my end and running out of time. The network is so slow my users have trouble getting work done!!

FYI all the links are good must have been on my end!!

Ok looks like I have some reading to do! Thanks and feel free to post if you get any brainstorm as to a solution. I am off to read and hopefully succeed!!

06/17/2006  03:01 AM    <DIR>          $NtUninstallKB911280$ - RAS*
06/17/2006  03:02 AM    <DIR>          $NtUninstallKB914389$ - SMB*
06/17/2006  03:02 AM    <DIR>          $NtUninstallKB917953$ - TCP/IP*

Based on my experience and understanding of Windows Technology, these 3 updates - IF THERE IS IN FACT A PROBLEM CAUSED BY AN UPDATE - are the most likely to have caused this problem recently - for more information on them, search google for KB911280 , KB914389 , and KB917953.  Since these were only installed this morning, if the problem existed before today, then it is VERY VERY VERY UNLIKELY that these updates caused any problems.  But these are the ones most related to networking and authentication.

This has been going on for a couple weeks now. Seems to be getting worse.

As I understood it the two nics were in use one for the Lan and one WAN and such. This may be a dumb question but can I use one nic for both LAN and WAN. This server acts as DNS, DHCP, Exchange (only internal email and calendars) and VPN?

Another question: This issue was there but not as bad until the IP scope was changed from 192.168.0.* to 10.0.2.* would it help to remove and rejoin computers from domain? I am only dealing with a few workstations??? I am going to be back at it at 8:30 in the morning and praying for a solution as my staff is back in action on Monday.

Thanks to you both for all your help.

>>"This may be a dumb question but can I use one nic for both LAN and WAN. "
No problem at all. Some folks set it up with 2 so that they can use the server to control access, or isolate the LAN from an other network, but not necessary at all. There can be some issues too, when doing so and having them both on the same subnet.Most often if you are going to use 2 NIC's they would be on a different subnet to isolate "things", such as 192.168.0.x and 192.168.100.x

No need to rejoin computers because of an IP change but you need to check DNS to see if there are any old entries that have to be manually removed and each workstation should be rebooted or run:
ipconfig  /flushdns
ipconfig  /registerdns

HOWEVER, what do you mean changed from 192.168.0.to 10.0.2.  ??? Your IPconfigs do not show any 10.0.2.0 results ????

Went back to the 192.168.0 as a test to see if there was a hang up somewhere with old IP info or DNS info on the server..... shooting in the dark

after the initial IP change on the server and DNS the workstations slowed down a ton in the applying computer settings and then after login with the applying personal settings. I have run the ipconfig /flushdns
ipconfig /registerdns

my slowness is still there? Any thoughts

Sorry this one is a little long but I am thinking it will be helpful. Hoping either one of you can actually help me to know what it means. This is the netdiag. I have a DNS issue I think. How do I reslove?


Computer Name: SERVER
    DNS Host Name: SERVER.mccune.local
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
    List of installed hotfixes :
        KB890046
        KB893756
        KB896358
        KB896422
        KB896424
        KB896428
        KB896688
        KB898715
        KB899587
        KB899588
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB904706
        KB905414
        KB905915
        KB908519
        KB908531
        KB908981
        KB910437
        KB911280
        KB911562
        KB911567
        KB911927
        KB912812
        KB912919
        KB913446
        KB914389
        KB916281
        KB917344
        KB917734
        KB917953
        KB918439
        Q147222

Netcard queries test . . . . . . . : Passed

Per interface results:

    Adapter : Server Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : SERVER
        IP Address . . . . . . . . : 192.168.0.10
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.1
        Primary WINS Server. . . . : 192.168.0.10
        Dns Servers. . . . . . . . : 192.168.0.10

        AutoConfiguration results. . . . . . : Passed
        Default gateway test . . . : Passed
        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
            No remote names have been found.
        WINS service test. . . . . : Passed
    Adapter : Network Connection
        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : SERVER
        IP Address . . . . . . . . : 192.168.0.55
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.1
        Primary WINS Server. . . . : 192.168.0.10
        Dns Servers. . . . . . . . : 192.168.0.10

        AutoConfiguration results. . . . . . : Passed
        Default gateway test . . . : Passed
        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
        WINS service test. . . . . : Passed


Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{61D427F7-932D-49A6-813D-334D62BA3675}
        NetBT_Tcpip_{9D0E981E-10A4-406C-86BF-620C81555B0E}
    2 NetBt transports currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
              [FATAL]: The DNS registration for 'SERVER.mccune.local' is incorrect on all DNS servers.
    PASS - All the DNS entries for DC are registered on DNS server '192.168.0.10'.
Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{61D427F7-932D-49A6-813D-334D62BA3675}
        NetBT_Tcpip_{9D0E981E-10A4-406C-86BF-620C81555B0E}
    The redir is bound to 2 NetBt transports.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{61D427F7-932D-49A6-813D-334D62BA3675}
        NetBT_Tcpip_{9D0E981E-10A4-406C-86BF-620C81555B0E}
    The browser is bound to 2 NetBt transports.

DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
    No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
    Service status  is: Started
    Service startup is: Automatic
    IPSec service is available, but no policy is assigned or active
    Note: run "ipseccmd /?" for more detailed information
The command completed successfully

>>DNS test . . . . . . . . . . . . . : Failed
    [FATAL]: The DNS registration for 'SERVER.mccune.local' is incorrect on all DNS servers.
     PASS - All the DNS entries for DC are registered on DNS server '192.168.0.10'"
Odd that you would get both unless it is saying all records are correctly listed under the 192.168.0.0 subnet but 'SERVER.mccune.local still has a record under the old subnet.
-open the DNS management console and locate the host record (in forward look up zones)for 'SERVER.mccune.local' make sure it is correct for the current IP configuration. If not delete and replace. As well, make sure there are no duplicate entries. Also check the reverse look up zones to see that the PTR record is correct. In the Reverse lookup zone the 10.0.2.0 zone should be deleted if it still exists.
Any error here could definitely cause your slow downs
-check the event log for related errors, especially the DNS log. If any that seem relevant please post the Event ID and source name
-once above done, try running   netdiage.exe  /fix    then run netdiag.exe again to see if anything has been repaired.

Sorry for the mis info I am currenty and again using the 10.0.2.0 range. I changed all needed IPs on the server and delted and recreated (using the wizard) my DNS info. I have to be getting closer at this point as all but 2 of the computers seem very happy. The login isn't as quick as I want but it isn't 8 minutes. Still two problem machines which are the two that I started having the trouble with initially. I don't know what else to do with DNS settings as I just followed the wizard. It seems to be mostly working but not all the way just yet?? I am feeling close but still not there

Manually check the DNS management console as suggested to see that all records are correct and then I would log on to one of the problematic PC' and run netdiag to see if any obvious errors.
also make sure you run
ipconfig /flushdns
and
ipconfig /registerdns
on the PC, or reboot

Will check the pc now. I did check the config of DNS on server and don't see any refrence to bad Ips or any such thing.....

I think now DNS is working as it should be. I am almost ready to actually close this but will test again in the morning first. Here is what I have done.

Working through diagnostics with LeeW and RobWill ended up as per LeeW rerunning the wizard for DNS. Reset IPs to 10.0.2.0 range on all workstations and server. Ran netdiag as per RobWill. Corrected bad WINS entry on server. All workstations back in normal range of login time except 2. Check msconfig and removed qttask at login. (quick time task) both computers now boot faster than any on the network..... Log into exchange on first try everytime?!?! Who knows. For now I am going to back to my other posted question about VPN issues. Thanks both of you so much. Points will be yours tomorrow after testing in the morning. You both have been so helpful.

>>"removed qttask at login"
Quicktime automatically checks for updates. I wonder if during logon it was trying to access the Internet but unable to. Do you have your ISP's DNS set up as forwarders in the DNS management console? Once logged on do any of the machines have any delays connecting to the Internet?

FYI, for all y'all... I thought I'd offer a bit of advice to help resolve these type issues a bit quicker in the future.

Had a complete IPCONFIG been provided at the start it would have easy to see what the problem was (even though leew asked for it, it wasn't posted until much later).  Also, providing the recommended Two NIC configuration from http://sbsurl.com/twonics could also have helped straighten it out more easily.  

Jeff
TechSoEasy

Thanks jrsnork.
--Rob