"Applying your personal settings", cannot browse network, "Domain is not accessible"

Hardware: one Windows 2003 RC2 server, ten Win XP Pro sp3 clients, one SonicWALL security/firewall appliance sitting in between the ISP's internet box and our server/LAN.

History: ten computers used to be more or less workgroup based, ie- users would log on to their assigned computer with a locally created user account, shares were setup on the server, drive mapping created on the workstations so users could access data stored/backed up on that server. Server basically acted like a file server.

Now the SMB wants to move away from workgroups and move to domain based environment, to get benefit of a domain: single sign-on pass-through, shared printers, access permissions on accounting data folders, etc.

Actions: First thing I did was verify that the workstations were in fact joined to the domain, joined them if they weren't, and verified domain user accounts were setup in Active Directory Users & Computers ("ADUC"). Done.  Next, I asked all users (not all at once) to log on to their domain computers with their newly created domain accounts.

- when any domain user logs onto any domain computer they get "Applying your personal settings" for ~1-2 mins. This is consistent, ie- happens every time any domain user logs on to any domain workstation, for just about the exact same amount of time every time, 1-2 minutes.
- domain users can "connect to" but NOT browse in Windows Explorer: "My Network Places, Entire Network, Microsoft Windows Network" displays the domain but when I click on it to browse it responds with "Domain is not accessible. You might not have permission to use this network resource"

Server: not configured to use DHCP, WINS, or DNS.

- Client for Windows Networks is enabled
- File and Print Sharing is enabled
- static LAN IP addresses are configured, IP: 10.0.0.x, SM:, GW:; ie- no DHCP leased addresses
- DNS: TCP/IP is configured to point to ISP's DNS (which probably gives users their access to the outside internet world)

- domain users can connect to network resources through net use or \\sever\share (assuming access permissions have been set correctly on the object.
- share permissions are set to Everyone: Read/Change and Folder/File permissions set to Everyone: Modify. Set this way because not all users are using domain accounts to log onto workstations, some still use local user accounts. By setting the permissions this way the users who are still logged on to local user accounts can access those network shares/resources
- domain user accounts have their My Documents folder redirection redirected to Q:\My Documents on \\server (
- Offline Folders for all domain users is now DISABLED (even though they are turned ON by default)

My guess is this is probably an easy fix for some my issues, like setting up DNS, verifying my client TCP/IP settings are correct, etc, but the more I think about it the more I confuse myself. So my typing this all out may be helpful... or not ;)   am not a server/network administrator, ie- I have never setup a Windows 2003 server, implemented DNS, or a domain in AD. I primarily deal with Help Desk support. Thanks in advance!
Who is Participating?
SimonL-UKConnect With a Mentor Commented:
  welcome to the world of servers and networks.
It sounds like quite a simple problem.
If your PCs are using the sonicWall firewall / external DNS providers for DNS resolution, then that will be your reason why the workstations and users are taking so long to startup and login.
Your ISP has no knowledge of your internal network so when you logon and your clients are looking for your server name, the DNS request to your ISPs DNS server is returning a host unknown and then the client is broadcasting on the network to try and resolve the server name.  All this amounts to time...
To fix this:
1. Install and configure DNS on your domain controller.  Follow the instructions located at http://www.petri.co.il/install_and_configure_windows_2003_dns_server.htm or http://support.microsoft.com/kb/814591
2. Configure your DNS server's forwarders to point to your ISPs DNS servers.  This way, request that can't be answered by your server will be sent out for resolution - this is known as a recursive lookup
3. Configure your clients to point to your domain controller / DNS server for DNS

Wholla - name resolution is a lot quicker and users log on quickly!

As an FYI, you will want to configure your anti-virus software to not scan the active directory database as it can cause corruption - http://support.microsoft.com/kb/822158 details how
Darius GhassemConnect With a Mentor Commented:
First issue remove the ISP DNS servers from the TCP\IP settings from all internal machines clients and servers. The clients should be pointing to the internal DNS server which is the DC and the DC should be pointing to itself for DNS. There should be no external DNS servers listed in your internal domain. Once you have done run a ipconfig /flushdns, ipconfig /registerdns, then dcdiag /fix on the server.

You need to setup DNS forwarding up for external DNS resolution.

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

KJS69Author Commented:
OK, I'm embarrassed to say but DNS is running on the server! I must not have verified that because I saw the ISP's DNS info on all of the workstations' TCP/IP Properties. Hmmm. I still think it's a DNS issue though. Maybe DNS is not configured correctly on the server - or- on the workstations, need to remove the ISP's two DNS entries and replace it with ONLY the in-house DNS server's IP of
Darius GhassemConnect With a Mentor Commented:
Correct you need to remove the client's ISP DNS servers and only place the internal DNS servers in their TCP\IP properties. Run a ipconfig /flushdns and ipconfig /registerdns on the clients.
KJS69Author Commented:
FIX: Turns out the slow log on issue had to do with three poorly ordered DNS entries on client's TCP/IP Properties. Our inside DNS server's entry ( was at the bottom of the DNS entries list along with two outside tow when it should have been either the first entry or simply by itself in the DNS entries list. Thank you all for your assistance.
DonNetwork AdministratorCommented:
Ok, I pointed out the DNS with the very first comment and all I get is a 50 point assist???
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.