Solved

What happens when a user logs on to a domain?

Posted on 2006-10-24
19
1,058 Views
Last Modified: 2008-02-01
Morning

We're trying to troubleshoot a problem which involves slow logon times for a number of users when logging on to our domain. I have a rough idea of what happens when a user attempts a logon but I am trying to find some sort of Step-by-Step process guide as to what goes on during the log on process so that I can work through this problem logically.

All our clients are XP SP2 and our DCs are 2003. If someone could point me in the right direction of finding such a step by step guide, it would be much appreciated.

Cheers
CreamyG
0
Comment
Question by:CreamyG
  • 4
  • 3
  • 2
  • +5
19 Comments
 
LVL 70

Expert Comment

by:Merete
ID: 17794245
Have a look in control panel administrative tools event viewer applications>errors.
You may see one or more but one in particular that points to this>>
SYMPTOMS
When you log off a computer that is running Microsoft Windows Server 2003, Windows XP, Windows 2000, or Windows NT 4.0, you may experience one or more of the following symptoms: • A user profile does not unload.
• A roaming profile does not reconcile.
• You reach the registry size limit (RSL).
• You take a long time to log off, and you receive the following message:
Saving settings….
• Backups may not start. There are no errors in the Application log from the Backup program. However, if you see event ID 1524, the Backup has not run.
Additionally, you may receive one or more of the following event messages in the application event log, depending on your operating system.

Windows Xp
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1517
Description:
Windows saved user ComputerName\UserName registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1524 Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

To resolve this issue, use the Microsoft User Profile Hive Cleanup Service (UPHClean). UPHClean monitors the computer while Windows is unloading user profiles and forces resources that are open to close. Therefore, the computer can unload and reconcile user profiles.

To download and install UPHClean, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582)
0
 
LVL 38

Accepted Solution

by:
younghv earned 250 total points
ID: 17794767
Hi CreamyG,
Are you running any 'batch' commands when your users logon/logoff?
Our network is set up so that any logon causes certain 'checks' to be run (AV, Windows Update, etc) and the logon and logoff times have dramatically increased since we started doing this.
It actually only takes about 15-30 seconds, but that seems like a lot to most users.

Part of our situation is that we're a huge geographic WAN with over 2,000 hosts and 150 remote WAN sites.

If you can post more specifics (nothing identifiable) about your network, I'll try to give you more info than a 'Google Cut & Paste'.

Post back when you can.


Vic
0
 
LVL 1

Author Comment

by:CreamyG
ID: 17795939
Hiya Vic

Yup, we are running batch jobs, or to be more specific, each user is assigned a kix script to run depending on their department. The kix script maps network drives, and printers. On top of this, we have quite a number of policies assigned to user OUs which restrict wallpaper, set network shares etc, etc. Some users seem to be ok, some user's logons have been timed at up to 4 minutes (!!!) These are wired connections, our wireless certificate encrypted network can take up to 6 minutes to logon sometimes.

Now, we have 4 domain controllers in the UK, and 2 in the US. They have been defined in Sites and services. What often happens, a local UK user will be authenticated by a DC in the states which is when the slow logon is most noticeable. We have about 600 users in the UK and 100 in the US, but I find it strange that 4 local domain controllers can be too busy so as to force the user to be logged on by a US DC.

This is why I've been looking for some form of a step by step guide, so I can determine what order things are processed after Kerberos has done its job, eg; does it run policies first, then scripts...etc etc.

Cheers
G
0
 
LVL 6

Assisted Solution

by:trippleO7
trippleO7 earned 250 total points
ID: 17795951
0
 
LVL 38

Expert Comment

by:younghv
ID: 17796166
tripple07 - nice link.
Good info.
0
 
LVL 4

Expert Comment

by:expexchuser
ID: 17797824
I just glanced over this and right away think of bootvis.  Glancing has been getting me in trouble lately, though.  So don't get mad if I missed something.  I just have other things to do too!

http://msdn.microsoft.com/library/en-us/dnxpesp1/html/xpe3rdparty.asp?frame=true#xpe3rdparty_topic6

http://vbnet.mvps.org/files/tools/bootvis.msi
0
 
LVL 9

Expert Comment

by:gopal_krishna
ID: 17798301
0
 

Expert Comment

by:PFPCDUBIT
ID: 17799595
I would check the policies to see if there is any causing issues, to do this run the resulant set of policies, it will highlight any issues with the policy section of the login.


http://www.microsoft.com/windowsxp/using/setup/expert/rsop.mspx

0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 1

Author Comment

by:CreamyG
ID: 17801916
Thanks for the input so far guys, I am currently rushing around like a madman at work so I will read your posts as soon as hell breaks for tea.

G
0
 
LVL 4

Expert Comment

by:expexchuser
ID: 17804854
I had an issue like this with group policy at one point.  For me it was slow the first time the computer came up, but if I restarted the computer and login it would be quite a bit faster.  Also, if I turned the power on and let it sit there for a few minutes before logging in, it would come up quickly.

If it's a group policy issue, bootvis may not help you.  Otherwise, it's a great tool for troubleshooting slow computer startups.

Can you create a test user/computer with no group policies / scripts and see if it has the delay?  Then apply policies/scripts one at a time and see if a particular one causes substantially longer login time?  VirtualPC is a free download from microsoft and a great way to test on a simulated clean computer (and allows you to quickly revert back from any changes).
0
 
LVL 4

Expert Comment

by:expexchuser
ID: 17804873
PS - I wouldn't wait for tea time.  The devil's a busy man.
0
 
LVL 5

Expert Comment

by:darrenakin
ID: 17815954
There is a good change that the cached credentials have become corrupt, the best way that I have found to take care of this problem is to remove the computer from the Domain, (MAKE SURE THAT YOU HAVE A LOCAL LOGIN FOR THE SYSTEM). Remove the computer, (NOT USER) from AD. Rejoin the computer to the Domain.
0
 
LVL 4

Expert Comment

by:expexchuser
ID: 17816013
darrenakin, I have experienced corrupt cached credentials.  I was getting EventID 14 with a description being "there were password errors using the credential manager.  To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential DOMAIN\User.

I found this blog with instructions and a link to resolve it:
http://weblogs.asp.net/taganov/archive/2005/09/14/425193.aspx
0
 
LVL 38

Expert Comment

by:younghv
ID: 17982736
Still interested - and I want to know if 'Hell broke for tea'.
0
 
LVL 6

Expert Comment

by:trippleO7
ID: 17982800
Also interested.  Would like to see if the problem was resolved, or at least narrowed down.
0
 
LVL 9

Expert Comment

by:gopal_krishna
ID: 17984758
Let me know the solution which has solved the problem.


0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Occasionally Windows/Microsoft Updates will fail to update. We have found a code that will delete all temporary files and re-register all dll's related to Windows/Microsoft Updates! This works 99% of the time to get the updates working again! The…
As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.html) because one time I did this and I essentially had a bricked …
This video discusses moving either the default database or any database to a new volume.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now