Solved

All client machines very slow to login to dc

Posted on 2008-10-06
10
405 Views
Last Modified: 2012-05-05
This is a school network.  

We have a Poweredge server with 2003 Server R2 and close to 65 users.  All computers are connected into a 10/100 switch with a 1000 connection to the server.  We also have several Linksys Access Points off of the switch.

It seems as if every client we have in our school takes forever when logging in.  The only time it does not take long is when your logging into a local user account on the PC.

Does anyone have any ideas on what is causing this?? Thanks!!

0
Comment
Question by:Kyle_B21
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 22652411
1)  Any roaming profiles - That can be a killer if time is essential.

You may need to disallow certain stuff in the roaming profile if that is your case.

Anything in the local or server event logs ?


DCDIAG and NETDIAG show anything ?

I hope this helps !
0
 
LVL 7

Expert Comment

by:youngrmy
ID: 22652428
Check the DNS Setting on the server. If this was limited to one or two PC's it may be that the problem is with the local PC. where this is happeningto all. it is most likely with an setting on the server. DNS Make the most sense to check first.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 22652446

The most common situation in this case is when the DNS Server on the client workstations (or perhaps the server) is not the IP of the Domain Controller server itself. On any Active Directory network DNS is the most critical point to tie everything together; if the DNS Server list on a workstation or the server includes DNS Servers from the ISP, the router or anything else which is not the IP of the server, you will experience login issues.

-tigermatt
0
 
LVL 10

Expert Comment

by:kukno
ID: 22652539
Do you have "roaming profiles"? If so, is there a lot of data on the "Desktop"? The files on the Desktop are part of the profile. In case of roaming profiles, they must be copied from the server every time you log in.

If this is not the case, here are some other possible problems.

1.) General network problems, e.g. bad interface card at the DC, bad cable at the DC, bad switch port, etc.
2.) DNS is not configured properly on the clients first and only DNS server should be your DC) or on the DC.


Regards
Kurt
0
 

Author Comment

by:Kyle_B21
ID: 22652822
Everyone does have "roaming profiles".  However I created a test account in AD with all the same scripts and GPOs running.  It takes just as long with a brand new accounts, sometimes 2 minutes to be exact stuck on the applying personal settings.  I really do not have many GPOs setup either, more next to nothing then something.

How would I check DNS Settings
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 10

Expert Comment

by:kukno
ID: 22652853
check the client settings. ipconfig /all. What's the DNS server? Is it your DC?
0
 
LVL 10

Expert Comment

by:kukno
ID: 22652864
maybe your DHCP server distributes two DNS servers. First is an external one. Second is the DC.
0
 
LVL 4

Expert Comment

by:placebo69a
ID: 22655618
First of all, create a user with no roaming profile and see how long it takes for that user to log in from a client computer. If it takes as long as your other users this is most likely a DNS issue. If it doesn't take long at all you should reconsider using roaming profiles.
Run the IPCONFIG.EXE /ALL from the command prompt on both your domain controller and a client machine. The ip address on the line that says DNS Servers should be your domain controllers ip address.
If it isn't go to Network Connections, right click Local Area Connection and click Properties. Double-click the Internet Protocol ( TCP/IP ) and change the setting on the bottom to "Use the following DNS server addresses" and type in your domain controller ip address as the "Preffered DNS server". Click OK twice and then try logging in again, see if the time improves.
Note that the DNS setting must point to your domain controller on both the server and client machines to avoid lengthy login times.
Let me know if this helps. :)
0
 

Author Comment

by:Kyle_B21
ID: 22663006
I appreciate all the answers!! I will try the DNS Configuration tomorrow when I go on-site.

Just a question, but if it is a DNS Issue, is there a way to set the "Preferred DNS Server" on all the clients from the server such as a GP Push or something like that? Maybe even a script?

We are in the process of setting up Symantec Ghost and getting all the PCs licensed for it, so if this is the case and I can't do it from the server I will wait to change it on all PCs until we get ghost up and running.

Thanks!
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 350 total points
ID: 22664069

DNS Servers are generally set using DHCP. There is a Group Policy to set DNS Servers which some people often suggest, but that policy is rather pointless in my opinion; if DNS settings are incorrect, Active Directory Domain Controllers cannot be located by workstations (due to incorrect / no DNS server settings), and thus Group Policy cannot be applied to get those DNS Server settings.

Run DHCP on one of your Server 2003 servers, and turn it off on any routers / firewalls. Using Server 2003 DHCP gives best flexibility, and allows for you to set options such as DNS, DNS Domain Name etc.

-tigermatt
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now