Link to home
Start Free TrialLog in
Avatar of ccampbell15
ccampbell15

asked on

Slow XP pro Logon to Server 2003 domain

Hi,

I've followed several threads on slow XP logons in this and other forums.
I got some helpful pointers but have yet to get to the root of the problem.

Problem: Workstation with XP Pro is s......o slow (10 minutes) to long onto Sever 2003
Network. When booted up under Win2KPro it's quick; in the order of seconds.
The accounts on the workstation are both new and created during the “connect to Domain wizard”.

Server setup:
Server 2003 standard
DC & DNS
   Both forward & reverse lookup zones setup in DNS (Thanks Deb)

fixed IP  192.168.15.200
subnet 255.255.255.0
Gateway 192.168.15.1
DNS  192.158.15.200


Workstation Dual boot
Win2K
IP DHCP (supplied by router)
DNS 192.168.15.200

XP Pro
IP DHCP (supplied by router)
DNS 192.168.15.200


Router
DHCP enabled
DNS primary = 192.168.15.200
DNS Secondary =  ISP dns server
I just did that (router DNS) and it made no difference

Network is stripped down to:

(1) Server running 2003
Dc & DNS

(1) Router (Linksys)

(1) Workstation
Dual Boot Win2K Pro /WinXp Pro


Trying not to Kill Bill
Lee

Avatar of Jay_Jay70
Jay_Jay70
Flag of Australia image

Hey lee

lets start by getting rid of DHCP on your router and letting the 2003 server handle it

http://computerperformance.co.uk/w2k3/services/DHCP_Configure.htm
SOLUTION
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ccampbell15
ccampbell15

ASKER

OK,

Leew: I'll teke a lokk at those links in a minute, Thanks. The profiles are new and hence very small. The onlu place (that I am aware of) that the isp DNS is mentioned is in the forwarder.

Jay, Oh Great Master & Sage, I did the following: (How's life?)

1: Disable DHCP in the router
2: Set workstation to fixed IP. It is now:

ip 192.168.15.110
255.255.255.0
Gate 192.168.15.1
DNS 192.168.15.200

No difference. I waited forever and after it finally logged in I checked the system log on the server. It's below and makes no sense to me at all. I do not get any of this when I boot the workstation under Win2K. Time for a fourX?

Warning event 1
The Security System detected an authentication error for the server ldap/dc.wiz-hq.net.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. (below)

User Action
Use the error code in the message to determine the cause of the problem. For example, a STATUS_NO_LOGON_SERVER error code (0xC000005e) indicates that the domain controller was temporarily unavailable. For information on other error codes, perform a search of the Knowledge Base at Product Support Services.
 

Warning event 2
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source.  It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source.  Otherwise, this machine will  function as the authoritative time source in the domain hierarchy.  If an external  time source is not configured or used for this computer, you may choose to disable  the NtpClient.


R
Lee

Ha! XXXX i think not! dirty Queensland beer! now Coopers Pale Ale is the way to go........

take a loot at your services.msc console on the server, sort your services by startup type and make sure everything that is set to auto is running triple check your netlogon service for me.

also take a look at this in regards to your xp time sync, i think your problems are coming from there
http://support.microsoft.com/default.aspx?scid=kb;en-us;307897&sd=tech
Coopers, don't they make tires? OK tyres!

All services that are set to auto are indeed started. I can't seem to stuff an image in here so if you take a look at
http://www.texascomputerwiz.com/tmp/

There is a word file with the screen pics of netlogon status. Look fine to me.


Pulled the page for time sync but I'm a bit perplexed. What difference would/should it make if the workstation thinks its 8:00 and the server thinks its 7:30?
R
Lee
What difference?  Kerberos uses time to help ensure security in the connection.  The time of the workstation and the servers needs to be within a few minutes of each other.  30 is FAR more than what is otherwise acceptable to Windows.  Sync those times (and don't forget the time zones).
They also make the best tapped beer in Aus, so so good, when you're over here ill shout you a night out

netlogon is fine but your problem is time for sure, was just about to post but leew got in first, Kerberos will cry...i am surprised you can even log on with that much difference!
More on the kerberos protocol and it's use of timestamps for security:
http://en.wikipedia.org/wiki/Kerberos_%28protocol%29
Actually they both say 7:23 PM at the moment.  I just used 1/2 an hour for example. I guess I'm still confused about why that matters. In doesn't seem to as long as the workstation is running Win2K. Hmm... I would have thought that the issue would be server related and not workstation related. Is there an easy way to do this from the server so 42 clients don't need to make a change?

I guess I'll take a look at Kerberos and see why it should be doing this. Let you know in a few hours.

R
Lee
you can set your DC to sync with an external time source with this command

net time /setsntp:[timeserver]

now, as for your clients, its worth adding a line to your Startup script via GPO (if you have one, otherwise we will create one)
net time \\PDC emulator /Set

You shouldn't have to do this though, this should be automated on logon, I just want to narrow out if this is the cause of everything
Still taking forever to logon.
I assume this means the sync is OK?
If the entire network is off from NIST by a few seconds I don't care.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

D:\Documents and Settings\melissa.WIZ-HQ>net time
Current time at \\DC is 6/28/2006 11:51 PM

The command completed successfully

D:\Documents and Settings\melissa.WIZ-HQ>

BTW dcdiag passes
yeah that little time doesnt make a diff, it will no dount always manage to be a touch off.......

are you still getting those errors on the machines?
Not sure, it's been twenty minutes since I logged off and back on and the workstation still says Applying your personal settings. This is insane.

R
Lee
Mr. Murphy again!
Right after I sent the message above the damn workstation logged in. The event logs are clear but it's still a twenty minute logon. Oh excuse me, in MicroSpeak that’s a 2X order of magnitude improvement.
lol, must be dns.......are your dns zones updating properly? can you post an ipconfig of one of the machines up for us? if you scrap roaming profiles does the same problem occur?
Yeah, smells like DNS to me as well. I just can't put my finger on it. I'm thinking about tearing down the whole server and rebuilding but I'm convinced it will be the same. It's most likely a Lee Campbell problem in how I set up DNSDC but DCpromo and the forward & reverse wizards did most of the setup.

Here is Ipconfig /all from both the server and the WS
I'll send along the DNS in the next comment

Server   ipconfig /all

D:\Documents and Settings\Administrator.DC>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : dc
   Primary Dns Suffix  . . . . . . . : wiz-hq.net
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : wiz-hq.net

Ethernet adapter DC:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VIA Rhine II Compatible Fast Ethernet Ada
pter
   Physical Address. . . . . . . . . : 00-11-09-B1-C1-CF
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.15.200
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.15.1
   DNS Servers . . . . . . . . . . . : 192.168.15.200



////////////////////////////////////////////////////////////////////////

Workstation ipconfig /all


:\Documents and Settings\melissa.WIZ-HQ>ipconfig /all

indows IP Configuration

       Host Name . . . . . . . . . . . . : XP-optiplex
       Primary Dns Suffix  . . . . . . . : wiz-hq.net
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : wiz-hq.net

thernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : SMC EtherPower II 10/100 Ethernet Ad
pter
       Physical Address. . . . . . . . . : 00-E0-29-24-B8-E2
       Dhcp Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.15.110
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.15.1
       DNS Servers . . . . . . . . . . . : 192.168.15.200

:\Documents and Settings\melissa.WIZ-HQ>





I was going to send the Ad & DNS but it's an image again. How do I dump that to ascii? You can see them at
http://www.texascomputerwiz.com/tmp/

DNS is interesting: The Workstation is a dual boot. The computer name while under Win2K is Win2Koptiplex. While under XP it is Xp-optiplex. The Win2K name seems to be registered but not the XP name. I don't know why that is or how to prevent it.

Hmm...
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I think it went on vacation, perhaps Penang? The Win2K entry was created by the join domain process from the Work station. The process appeared to be the same as when I booted under XP but apparently not. The damn auto image copy backup started so I'm done for awhile. I'll look see in the morning. It is in the AD by the way just not in DNS.

R
Lee
aight mate sleep well
OK,
I tore down the server and rebuilt the AD, DNS, and File Server.
Got the server looking good.

Downloaded an atomic clock so now I'm reeeeeeeeeel accurate.
NSlookup Ok
DCdiag OK

Attempt to join domain on Workstation:

1: type in domain name of tcw-hq.biz, it barfs
2: It likes tcw-hq   wtfo?
   got a little further but Still barfed because RPC was unavailable
   Punched a hole in AVG firewall. OK now
Log in time is quick. I have no idea what the root cause was!

Any ideas?

Couple of quick questions:

I don't really understand the difference between a roaming profile and a local one.
I do know the account name of  "lee" was in existence on the workstation, without a
password. When I setup that account in the AD and gave it a password; login was clean
and quick but it appears to be a roaming account since it does not exist on the workstation
and all the settings are different.

If I simply wanted to join that computer to the domain and copy the accounts from the
workstation into the AD, how would I do that? What do I do if an account already exists
has all sorts of settings the user needs, but the account does not have a password? This is
real common in rural medical clinics here in Central Texas.

Points: I think 250 for Jay and 100 for LeeW.  Like the first name btw.
 Does that sound fair to you guys?

R
Lee
hey mate, good news i guess :)

1) a local profile is one which is held local on the local machine, eg, a non domain account named lee that was held on the local machine which wasnt a member of a domain, stored in c;\documents and settings\username.

A roaming profile is one that is stored on the server for a domain user. and is loaded onto the machine temporarily when you log on. makes it so that the user LEE, has the same profile everytime at any machine

2) without use of heavy scripting, you cannot import local accounts into AD :-)

make sense?
Yeah,

But I was hoping you would tell me something I didn't already know. I'm (*&^^%$'ed,  with something like 200 workstations at 20 - 30 accounts left over from Workgroups.
How do the points look?

Too bad I can't write scripts in C, life would be much easier.

R
Lee

PS Lee was talking about NOT using roaming accounts. How would I do that? I can't log onto a domain without it being in the AD?

I'll close this after I hear about the points from you two.

Thanks again and have a great day!

points are fine mate, no qualms with whatever

roaming profiles have to be specified under the user account. if you havent specified them then you arent using them :)

have a check of this link for folder redirection which is very cool

http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html
Thanks Lee

bit off topic, did ya get the last email i sent ya with the pics?
No,

Can you resend?
shall do, sent after i got your last one
Just wondering what actually was the solution to the problem here?

The Accepted Solution was
lee, where is your dns entry for your xp machines?

try manually creating it first and then we will work on auto reg


But i see a dns entry for the Win2kOptiplex as 192.169.15.101, so where was Jay_Jay70 refering to?

Also if you guys could have  a look at my issue that would be great! It's similar

https://www.experts-exchange.com/questions/23434183/SBS-Server-2003-Slow-Login-3-10-mins.html

Cheers,

Jason
hmmm this was so long ago i cant remember - i know Lee personally off the site which is why it probably ceased a little in the question.....let me look at your link for you

James
Hey Jay Jay!

That was a Lee Campbell problem I'm sure but it was standard not SBS.  Every slow login issue I have had always had to do with third party firewalls. How's life?  The youngest daughter graduates high school this Friday and is moving. Wow, I get to live alone!  Yes!

-Lee
unreal dude - house to your self - now i can come bunk for a few months :)