Workstations are suddenly taking almost 5-7 minutes to start on SBS network and business domain

Unique issue for me. I have a 50 system business network on a SBS 2003 server. For 6 months everything was great, systems booted and started up very quickly. I keep a strict set of user rules in place for this company and can insure that users have not installed any new programs or altered the workstations in any way. I recently came back from a 2 week vacation to find my systems are taking about 5 minutes to start up, it stays on the screen "applying system settings" for the duration of the start-up. This is a little problematic and probably points to a larger issue at hand. Any ideas?

Server logs check out ok and dont point to anything conclusive.

All systems are 100% windows updated
All systems are 100% for AV updates and clean from any "known" infections
Who is Participating?
Rob WilliamsConnect With a Mentor Commented:
It is very important with Windows Active Director domains that DNS be configured properly. If not you can run into all sorts of issues, many of which seem totally unrelated. One of the most obvious problems is slow logons and name resolution issues

Below is a check list for Windows 2003 servers, however if you are running Windows Small Business Server, though the rules still apply, the method for configuring is slightly different. The server NIC/s must point only to the server itself for DNS. If you have additional internal DCs/DNS servers, you can add those. Any others such as the ISPs must be removed from all NICs. Then run the CEICW (Configure E-mail and Internet Connection Wizard) which is located by going to Server Management | Internet and E-mail | Connect to the Internet. Within the wizard you will be prompted for the ISPs DNS servers which will automatically be added to the forwarders list. This also verifies DNS is properly configured, and assists with the configuration of your network related services. The wizard can be run as often as you like. If running it through a remote desktop session you may be disconnected for 5 to 30 seconds as it completes.

Clients MUST also point ONLY to your internal DNS servers. (likely just the SBS). Make sure whether assigned static addressing or DHCP addressing (preferred) they do not receive the ISPs DNS, even as an alternate.

As mentioned below, and especially with SBS, the server should be the DHCP server. If it is not have a look at the following document explaining how to move the DHCP service from the router to the SBS.
Set up DHCP on existing SBS
See "Configuring Settings for an Existing DHCP Server Service on Your Network" 1/2 way down the page.

The following link explains in detail configuring networking with an SBS:
How to configure Internet access in Windows Small Business Server 2003

Assuming you have completed the server installation, installed Active Directory, and joined the workstations to the Domain, make sure DNS is configured as follows, assuming a single network adapter:
-The server's NIC should be configured with a static IP, the Internet router as the gateway, and only the server itself as the DNS server. Do not use an ISP DNS server here
-Each workstation should be configured using DHCP (obtain and IP address and DNS automatically) or if configured with static addresses; a static IP in the same subnet as the server, same subnet mask as the server, the gateway pointing to your Internet router, and the DNS server pointing ONLY to the server/domain controller. Again do not put an ISP's DNS server here
-In the DNS management console under Administrative tools, right click on the server name and choose properties. On the Forwarders tab add your ISP's DNS servers
-If the workstations are using DHCP, open the DHCP management console on the server under Administrative tools and click on the server name to expand it, click on the scope to expand it, right click on scope options and choose configure options. On the general tab add the Internet router's IP in #003 router, the server's IP in #006 DNS Servers, and the domain name and suffix under #015 such as mydomain.local
-If  DHCP is enabled on the router, rather than the server, it should really be disabled on the router and configured on the server. Enabling DHCP on the server assists with dynamic updates to DNS for older clients, allows for central management, and far more scope options.
-The DHCP client service should be running on servers and workstations even where you are not using DHCP assignments. The DHCP client service controls the dynamic DNS updates
If you have been having DNS problems, on the workstations that have been having problems you should clear the DNS cache by entering at a command line  
  ipconfig  /flushdns
and then
  ipconfig  /registerdns
There might be so many reasons for this.
The main Reason above all
Might be you have mappend any drive & that drive is having some issue (Like that drive is no longer in your network or that drive is having any virus, or that drive is full, etc), causing your Pc to take long to boot, coz mapped drives get mapped at the time of booting.
If so just unmap the drive and check again.
kenmerryConnect With a Mentor Commented:
Have youi tried using the Wizard to re-apply your IP ddresses on the server network cards? I have found that if the DNS gets upset because you change an IP address on a network card other than through the wizard the DNS does not work properly, rules are not applied and the login takes a long time.
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

Do you have a warning event with ID 4356 in the application log during boot on the computers that have this issue?
PerkdaddyAuthor Commented:
Ok awesome. I will check all 3 above and get back in a couple min.
PerkdaddyAuthor Commented:
Ok I think I found it. Out of a random selection of 10 workstations I found 6 are problematic with the boot. On closer inspection I found 5 of those have a mapped network drive. In the application event log I find the following errors on boot.

Event id 1053 USERENV (user or computer name cannot be identified, domain cannot be contacted)
Event id 15 AutoEnrollment (domain cannot be contacted)
Event id 1053 USERENV

Funny thing is the network is fine after I log on, Mapped drive works great and so does ISA

Note: map drive is a vmware drive on a win2003 server OS
2. The boot process experiences the following delays: 2-3 min on initial startup (applying computer settings) and 2-3 minutes during log-in (applying personal settings)

So it seems some kind of network error, where the workstations are not being authorized during login. Any ideas?
Try to login using different user name (different profile) and see what the result comes. Might be Profile having some issue.
and also you can check your DNS also.
PerkdaddyAuthor Commented:
I checked the other profiles same thing., It wont authenticate until AFTER fully loading... Very strange. I think it point to a serious bottleneck somewhere... Or I need to purge the DNS by running the SBS netwrok wizard
PerkdaddyAuthor Commented:
but how would DNS cause login issues
PerkdaddyAuthor Commented:
How can I check the DNS for problem related to login? this is during start-up, the workstations shouldnt even be contacting the DNS? right or wrong?
PerkdaddyAuthor Commented:
I will have a look at this on my SBS box, but surely I know the DHCP is running on this box and on no other device or router. I will purge the DNS after I run the wizard and see if that solves the problem. Thanks for your detailed reply.
Rob WilliamsCommented:
The main issue is the client machines may have the ISP as one of their DNS servers. I must be ONLY the SBS.
PerkdaddyAuthor Commented:
no no no. All client have their ips, gateways, dns defined by the server. I have made sure of this and where the few machines that do have their ip and dns manually entered I used the server IP in the DNS box.

I have completed your checklist above to no avail. This is all SBS wizard things. I'm going to try something else, I will move a system closer to the server (my work bench :) ) and see what happens. If the boot is fine then its a network problem and I will forward this back to those clowns... I will except your answer for point as it is the most in depth and detailed answer I have ever received. lets continue to hash this out. Is there something I can 'run' or analyze to better understand where authentication is failing?
PerkdaddyAuthor Commented:
Ok I got it... Hardware/device driver error.

2 weeks ago we had an DHCP error becuase of a reset wireless AP. My Asst. Decided to apply static IP's to all computers without first checking what the problem was. All problematic systems had no DNS applied becuase my Asst, thought they didnt need it whilst he was trying to find the DHCP culprit. He found the AP, re-installed and put all systems back on automatic settings, BUT, windows showed the settings empty but the Ethernet card was keeping the settings (so i believe). I uninstalled and re-installed with updated drivers and viola. 1 minute startup times. Thanks for the help

Bad DNS BAD! Go lay down...
PerkdaddyAuthor Commented:
Split points. Kenmerry was on the right path but Robwill was more in depth an solved the issue. Just trying to be fair...
Rob WilliamsCommented:
Glad to hear you were able to resolve.
Thanks Perkdaddy.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.