• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1073
  • Last Modified:

What happens when a user logs on to a domain?

Morning

We're trying to troubleshoot a problem which involves slow logon times for a number of users when logging on to our domain. I have a rough idea of what happens when a user attempts a logon but I am trying to find some sort of Step-by-Step process guide as to what goes on during the log on process so that I can work through this problem logically.

All our clients are XP SP2 and our DCs are 2003. If someone could point me in the right direction of finding such a step by step guide, it would be much appreciated.

Cheers
CreamyG
0
CreamyG
Asked:
CreamyG
  • 4
  • 3
  • 2
  • +5
2 Solutions
 
MereteCommented:
Have a look in control panel administrative tools event viewer applications>errors.
You may see one or more but one in particular that points to this>>
SYMPTOMS
When you log off a computer that is running Microsoft Windows Server 2003, Windows XP, Windows 2000, or Windows NT 4.0, you may experience one or more of the following symptoms: • A user profile does not unload.
• A roaming profile does not reconcile.
• You reach the registry size limit (RSL).
• You take a long time to log off, and you receive the following message:
Saving settings….
• Backups may not start. There are no errors in the Application log from the Backup program. However, if you see event ID 1524, the Backup has not run.
Additionally, you may receive one or more of the following event messages in the application event log, depending on your operating system.

Windows Xp
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1517
Description:
Windows saved user ComputerName\UserName registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1524 Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

To resolve this issue, use the Microsoft User Profile Hive Cleanup Service (UPHClean). UPHClean monitors the computer while Windows is unloading user profiles and forces resources that are open to close. Therefore, the computer can unload and reconcile user profiles.

To download and install UPHClean, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582 (http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582)
0
 
younghvCommented:
Hi CreamyG,
Are you running any 'batch' commands when your users logon/logoff?
Our network is set up so that any logon causes certain 'checks' to be run (AV, Windows Update, etc) and the logon and logoff times have dramatically increased since we started doing this.
It actually only takes about 15-30 seconds, but that seems like a lot to most users.

Part of our situation is that we're a huge geographic WAN with over 2,000 hosts and 150 remote WAN sites.

If you can post more specifics (nothing identifiable) about your network, I'll try to give you more info than a 'Google Cut & Paste'.

Post back when you can.


Vic
0
 
CreamyGAuthor Commented:
Hiya Vic

Yup, we are running batch jobs, or to be more specific, each user is assigned a kix script to run depending on their department. The kix script maps network drives, and printers. On top of this, we have quite a number of policies assigned to user OUs which restrict wallpaper, set network shares etc, etc. Some users seem to be ok, some user's logons have been timed at up to 4 minutes (!!!) These are wired connections, our wireless certificate encrypted network can take up to 6 minutes to logon sometimes.

Now, we have 4 domain controllers in the UK, and 2 in the US. They have been defined in Sites and services. What often happens, a local UK user will be authenticated by a DC in the states which is when the slow logon is most noticeable. We have about 600 users in the UK and 100 in the US, but I find it strange that 4 local domain controllers can be too busy so as to force the user to be logged on by a US DC.

This is why I've been looking for some form of a step by step guide, so I can determine what order things are processed after Kerberos has done its job, eg; does it run policies first, then scripts...etc etc.

Cheers
G
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
younghvCommented:
tripple07 - nice link.
Good info.
0
 
expexchuserCommented:
I just glanced over this and right away think of bootvis.  Glancing has been getting me in trouble lately, though.  So don't get mad if I missed something.  I just have other things to do too!

http://msdn.microsoft.com/library/en-us/dnxpesp1/html/xpe3rdparty.asp?frame=true#xpe3rdparty_topic6

http://vbnet.mvps.org/files/tools/bootvis.msi
0
 
PFPCDUBITCommented:
I would check the policies to see if there is any causing issues, to do this run the resulant set of policies, it will highlight any issues with the policy section of the login.


http://www.microsoft.com/windowsxp/using/setup/expert/rsop.mspx

0
 
CreamyGAuthor Commented:
Thanks for the input so far guys, I am currently rushing around like a madman at work so I will read your posts as soon as hell breaks for tea.

G
0
 
expexchuserCommented:
I had an issue like this with group policy at one point.  For me it was slow the first time the computer came up, but if I restarted the computer and login it would be quite a bit faster.  Also, if I turned the power on and let it sit there for a few minutes before logging in, it would come up quickly.

If it's a group policy issue, bootvis may not help you.  Otherwise, it's a great tool for troubleshooting slow computer startups.

Can you create a test user/computer with no group policies / scripts and see if it has the delay?  Then apply policies/scripts one at a time and see if a particular one causes substantially longer login time?  VirtualPC is a free download from microsoft and a great way to test on a simulated clean computer (and allows you to quickly revert back from any changes).
0
 
expexchuserCommented:
PS - I wouldn't wait for tea time.  The devil's a busy man.
0
 
darrenakinCommented:
There is a good change that the cached credentials have become corrupt, the best way that I have found to take care of this problem is to remove the computer from the Domain, (MAKE SURE THAT YOU HAVE A LOCAL LOGIN FOR THE SYSTEM). Remove the computer, (NOT USER) from AD. Rejoin the computer to the Domain.
0
 
expexchuserCommented:
darrenakin, I have experienced corrupt cached credentials.  I was getting EventID 14 with a description being "there were password errors using the credential manager.  To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential DOMAIN\User.

I found this blog with instructions and a link to resolve it:
http://weblogs.asp.net/taganov/archive/2005/09/14/425193.aspx
0
 
younghvCommented:
Still interested - and I want to know if 'Hell broke for tea'.
0
 
trippleO7Commented:
Also interested.  Would like to see if the problem was resolved, or at least narrowed down.
0
 
gopal_krishnaCommented:
Let me know the solution which has solved the problem.


0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 3
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now