Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Slow XP pro Logon to Server 2003 domain

Posted on 2006-06-28
31
Medium Priority
?
12,266 Views
Last Modified: 2012-05-05
Hi,

I've followed several threads on slow XP logons in this and other forums.
I got some helpful pointers but have yet to get to the root of the problem.

Problem: Workstation with XP Pro is s......o slow (10 minutes) to long onto Sever 2003
Network. When booted up under Win2KPro it's quick; in the order of seconds.
The accounts on the workstation are both new and created during the “connect to Domain wizard”.

Server setup:
Server 2003 standard
DC & DNS
   Both forward & reverse lookup zones setup in DNS (Thanks Deb)

fixed IP  192.168.15.200
subnet 255.255.255.0
Gateway 192.168.15.1
DNS  192.158.15.200


Workstation Dual boot
Win2K
IP DHCP (supplied by router)
DNS 192.168.15.200

XP Pro
IP DHCP (supplied by router)
DNS 192.168.15.200


Router
DHCP enabled
DNS primary = 192.168.15.200
DNS Secondary =  ISP dns server
I just did that (router DNS) and it made no difference

Network is stripped down to:

(1) Server running 2003
Dc & DNS

(1) Router (Linksys)

(1) Workstation
Dual Boot Win2K Pro /WinXp Pro


Trying not to Kill Bill
Lee

0
Comment
Question by:ccampbell15
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 14
  • 13
  • 3
  • +1
31 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17005528
Hey lee

lets start by getting rid of DHCP on your router and letting the 2003 server handle it

http://computerperformance.co.uk/w2k3/services/DHCP_Configure.htm
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 500 total points
ID: 17005594
Slow logons are OFTEN the sign of bad DNS settings OR of LARGE roaming profiles.
Do you use roaming profiles?
DO NOT use the ISP DNS for ANYTHING on your network - the Server should reference it only as a forwarder in it's DNS server and not in it's network settings.

For more information on DNS reference the links below.


10 DNS Errors That Will Kill Your Network
http://mcpmag.com/features/article.asp?EditorialsID=413

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897

How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861

How to Verify an Active Directory Installation in Windows Server 2003
http://support.microsoft.com/?kbid=816106

[links, in part, originally provided by oBdA]
0
 
LVL 2

Author Comment

by:ccampbell15
ID: 17005748
OK,

Leew: I'll teke a lokk at those links in a minute, Thanks. The profiles are new and hence very small. The onlu place (that I am aware of) that the isp DNS is mentioned is in the forwarder.

Jay, Oh Great Master & Sage, I did the following: (How's life?)

1: Disable DHCP in the router
2: Set workstation to fixed IP. It is now:

ip 192.168.15.110
255.255.255.0
Gate 192.168.15.1
DNS 192.168.15.200

No difference. I waited forever and after it finally logged in I checked the system log on the server. It's below and makes no sense to me at all. I do not get any of this when I boot the workstation under Win2K. Time for a fourX?

Warning event 1
The Security System detected an authentication error for the server ldap/dc.wiz-hq.net.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. (below)

User Action
Use the error code in the message to determine the cause of the problem. For example, a STATUS_NO_LOGON_SERVER error code (0xC000005e) indicates that the domain controller was temporarily unavailable. For information on other error codes, perform a search of the Knowledge Base at Product Support Services.
 

Warning event 2
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source.  It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source.  Otherwise, this machine will  function as the authoritative time source in the domain hierarchy.  If an external  time source is not configured or used for this computer, you may choose to disable  the NtpClient.


R
Lee

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17005818
Ha! XXXX i think not! dirty Queensland beer! now Coopers Pale Ale is the way to go........

take a loot at your services.msc console on the server, sort your services by startup type and make sure everything that is set to auto is running triple check your netlogon service for me.

also take a look at this in regards to your xp time sync, i think your problems are coming from there
http://support.microsoft.com/default.aspx?scid=kb;en-us;307897&sd=tech
0
 
LVL 2

Author Comment

by:ccampbell15
ID: 17006007
Coopers, don't they make tires? OK tyres!

All services that are set to auto are indeed started. I can't seem to stuff an image in here so if you take a look at
http://www.texascomputerwiz.com/tmp/

There is a word file with the screen pics of netlogon status. Look fine to me.


Pulled the page for time sync but I'm a bit perplexed. What difference would/should it make if the workstation thinks its 8:00 and the server thinks its 7:30?
R
Lee
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 17006009
What difference?  Kerberos uses time to help ensure security in the connection.  The time of the workstation and the servers needs to be within a few minutes of each other.  30 is FAR more than what is otherwise acceptable to Windows.  Sync those times (and don't forget the time zones).
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17006016
They also make the best tapped beer in Aus, so so good, when you're over here ill shout you a night out

netlogon is fine but your problem is time for sure, was just about to post but leew got in first, Kerberos will cry...i am surprised you can even log on with that much difference!
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 17006018
More on the kerberos protocol and it's use of timestamps for security:
http://en.wikipedia.org/wiki/Kerberos_%28protocol%29
0
 
LVL 2

Author Comment

by:ccampbell15
ID: 17006040
Actually they both say 7:23 PM at the moment.  I just used 1/2 an hour for example. I guess I'm still confused about why that matters. In doesn't seem to as long as the workstation is running Win2K. Hmm... I would have thought that the issue would be server related and not workstation related. Is there an easy way to do this from the server so 42 clients don't need to make a change?

I guess I'll take a look at Kerberos and see why it should be doing this. Let you know in a few hours.

R
Lee
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17006055
you can set your DC to sync with an external time source with this command

net time /setsntp:[timeserver]

now, as for your clients, its worth adding a line to your Startup script via GPO (if you have one, otherwise we will create one)
net time \\PDC emulator /Set

You shouldn't have to do this though, this should be automated on logon, I just want to narrow out if this is the cause of everything
0
 
LVL 2

Author Comment

by:ccampbell15
ID: 17006997
Still taking forever to logon.
I assume this means the sync is OK?
If the entire network is off from NIST by a few seconds I don't care.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

D:\Documents and Settings\melissa.WIZ-HQ>net time
Current time at \\DC is 6/28/2006 11:51 PM

The command completed successfully

D:\Documents and Settings\melissa.WIZ-HQ>

BTW dcdiag passes
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17007006
yeah that little time doesnt make a diff, it will no dount always manage to be a touch off.......

are you still getting those errors on the machines?
0
 
LVL 2

Author Comment

by:ccampbell15
ID: 17007077
Not sure, it's been twenty minutes since I logged off and back on and the workstation still says Applying your personal settings. This is insane.

R
Lee
0
 
LVL 2

Author Comment

by:ccampbell15
ID: 17007092
Mr. Murphy again!
Right after I sent the message above the damn workstation logged in. The event logs are clear but it's still a twenty minute logon. Oh excuse me, in MicroSpeak that’s a 2X order of magnitude improvement.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17007220
lol, must be dns.......are your dns zones updating properly? can you post an ipconfig of one of the machines up for us? if you scrap roaming profiles does the same problem occur?
0
 
LVL 2

Author Comment

by:ccampbell15
ID: 17007297
Yeah, smells like DNS to me as well. I just can't put my finger on it. I'm thinking about tearing down the whole server and rebuilding but I'm convinced it will be the same. It's most likely a Lee Campbell problem in how I set up DNSDC but DCpromo and the forward & reverse wizards did most of the setup.

Here is Ipconfig /all from both the server and the WS
I'll send along the DNS in the next comment

Server   ipconfig /all

D:\Documents and Settings\Administrator.DC>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : dc
   Primary Dns Suffix  . . . . . . . : wiz-hq.net
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : wiz-hq.net

Ethernet adapter DC:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VIA Rhine II Compatible Fast Ethernet Ada
pter
   Physical Address. . . . . . . . . : 00-11-09-B1-C1-CF
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.15.200
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.15.1
   DNS Servers . . . . . . . . . . . : 192.168.15.200



////////////////////////////////////////////////////////////////////////

Workstation ipconfig /all


:\Documents and Settings\melissa.WIZ-HQ>ipconfig /all

indows IP Configuration

       Host Name . . . . . . . . . . . . : XP-optiplex
       Primary Dns Suffix  . . . . . . . : wiz-hq.net
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : wiz-hq.net

thernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : SMC EtherPower II 10/100 Ethernet Ad
pter
       Physical Address. . . . . . . . . : 00-E0-29-24-B8-E2
       Dhcp Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.15.110
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.15.1
       DNS Servers . . . . . . . . . . . : 192.168.15.200

:\Documents and Settings\melissa.WIZ-HQ>





0
 
LVL 2

Author Comment

by:ccampbell15
ID: 17007435
I was going to send the Ad & DNS but it's an image again. How do I dump that to ascii? You can see them at
http://www.texascomputerwiz.com/tmp/

DNS is interesting: The Workstation is a dual boot. The computer name while under Win2K is Win2Koptiplex. While under XP it is Xp-optiplex. The Win2K name seems to be registered but not the XP name. I don't know why that is or how to prevent it.

Hmm...
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 900 total points
ID: 17007682
lee, where is your dns entry for your xp machines?

try manually creating it first and then we will work on auto reg
0
 
LVL 2

Author Comment

by:ccampbell15
ID: 17007755
I think it went on vacation, perhaps Penang? The Win2K entry was created by the join domain process from the Work station. The process appeared to be the same as when I booted under XP but apparently not. The damn auto image copy backup started so I'm done for awhile. I'll look see in the morning. It is in the AD by the way just not in DNS.

R
Lee
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17007788
aight mate sleep well
0
 
LVL 2

Author Comment

by:ccampbell15
ID: 17016243
OK,
I tore down the server and rebuilt the AD, DNS, and File Server.
Got the server looking good.

Downloaded an atomic clock so now I'm reeeeeeeeeel accurate.
NSlookup Ok
DCdiag OK

Attempt to join domain on Workstation:

1: type in domain name of tcw-hq.biz, it barfs
2: It likes tcw-hq   wtfo?
   got a little further but Still barfed because RPC was unavailable
   Punched a hole in AVG firewall. OK now
Log in time is quick. I have no idea what the root cause was!

Any ideas?

Couple of quick questions:

I don't really understand the difference between a roaming profile and a local one.
I do know the account name of  "lee" was in existence on the workstation, without a
password. When I setup that account in the AD and gave it a password; login was clean
and quick but it appears to be a roaming account since it does not exist on the workstation
and all the settings are different.

If I simply wanted to join that computer to the domain and copy the accounts from the
workstation into the AD, how would I do that? What do I do if an account already exists
has all sorts of settings the user needs, but the account does not have a password? This is
real common in rural medical clinics here in Central Texas.

Points: I think 250 for Jay and 100 for LeeW.  Like the first name btw.
 Does that sound fair to you guys?

R
Lee
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17016294
hey mate, good news i guess :)

1) a local profile is one which is held local on the local machine, eg, a non domain account named lee that was held on the local machine which wasnt a member of a domain, stored in c;\documents and settings\username.

A roaming profile is one that is stored on the server for a domain user. and is loaded onto the machine temporarily when you log on. makes it so that the user LEE, has the same profile everytime at any machine

2) without use of heavy scripting, you cannot import local accounts into AD :-)

make sense?
0
 
LVL 2

Author Comment

by:ccampbell15
ID: 17016316
Yeah,

But I was hoping you would tell me something I didn't already know. I'm (*&^^%$'ed,  with something like 200 workstations at 20 - 30 accounts left over from Workgroups.
How do the points look?

Too bad I can't write scripts in C, life would be much easier.

R
Lee

PS Lee was talking about NOT using roaming accounts. How would I do that? I can't log onto a domain without it being in the AD?

I'll close this after I hear about the points from you two.

Thanks again and have a great day!

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17016352
points are fine mate, no qualms with whatever

roaming profiles have to be specified under the user account. if you havent specified them then you arent using them :)

have a check of this link for folder redirection which is very cool

http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17016514
Thanks Lee

bit off topic, did ya get the last email i sent ya with the pics?
0
 
LVL 2

Author Comment

by:ccampbell15
ID: 17016543
No,

Can you resend?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17016578
shall do, sent after i got your last one
0
 

Expert Comment

by:jason1983
ID: 21656597
Just wondering what actually was the solution to the problem here?

The Accepted Solution was
lee, where is your dns entry for your xp machines?

try manually creating it first and then we will work on auto reg


But i see a dns entry for the Win2kOptiplex as 192.169.15.101, so where was Jay_Jay70 refering to?

Also if you guys could have  a look at my issue that would be great! It's similar

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_23434183.html

Cheers,

Jason
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21656674
hmmm this was so long ago i cant remember - i know Lee personally off the site which is why it probably ceased a little in the question.....let me look at your link for you

James
0
 
LVL 2

Author Comment

by:ccampbell15
ID: 21657380
Hey Jay Jay!

That was a Lee Campbell problem I'm sure but it was standard not SBS.  Every slow login issue I have had always had to do with third party firewalls. How's life?  The youngest daughter graduates high school this Friday and is moving. Wow, I get to live alone!  Yes!

-Lee
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21657447
unreal dude - house to your self - now i can come bunk for a few months :)
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question