"Applying your personal settings", cannot browse network, "Domain is not accessible"

Posted on 2009-04-23
Last Modified: 2012-06-22
Hardware: one Windows 2003 RC2 server, ten Win XP Pro sp3 clients, one SonicWALL security/firewall appliance sitting in between the ISP's internet box and our server/LAN.

History: ten computers used to be more or less workgroup based, ie- users would log on to their assigned computer with a locally created user account, shares were setup on the server, drive mapping created on the workstations so users could access data stored/backed up on that server. Server basically acted like a file server.

Now the SMB wants to move away from workgroups and move to domain based environment, to get benefit of a domain: single sign-on pass-through, shared printers, access permissions on accounting data folders, etc.

Actions: First thing I did was verify that the workstations were in fact joined to the domain, joined them if they weren't, and verified domain user accounts were setup in Active Directory Users & Computers ("ADUC"). Done.  Next, I asked all users (not all at once) to log on to their domain computers with their newly created domain accounts.

- when any domain user logs onto any domain computer they get "Applying your personal settings" for ~1-2 mins. This is consistent, ie- happens every time any domain user logs on to any domain workstation, for just about the exact same amount of time every time, 1-2 minutes.
- domain users can "connect to" but NOT browse in Windows Explorer: "My Network Places, Entire Network, Microsoft Windows Network" displays the domain but when I click on it to browse it responds with "Domain is not accessible. You might not have permission to use this network resource"

Server: not configured to use DHCP, WINS, or DNS.

- Client for Windows Networks is enabled
- File and Print Sharing is enabled
- static LAN IP addresses are configured, IP: 10.0.0.x, SM:, GW:; ie- no DHCP leased addresses
- DNS: TCP/IP is configured to point to ISP's DNS (which probably gives users their access to the outside internet world)

- domain users can connect to network resources through net use or \\sever\share (assuming access permissions have been set correctly on the object.
- share permissions are set to Everyone: Read/Change and Folder/File permissions set to Everyone: Modify. Set this way because not all users are using domain accounts to log onto workstations, some still use local user accounts. By setting the permissions this way the users who are still logged on to local user accounts can access those network shares/resources
- domain user accounts have their My Documents folder redirection redirected to Q:\My Documents on \\server (
- Offline Folders for all domain users is now DISABLED (even though they are turned ON by default)

My guess is this is probably an easy fix for some my issues, like setting up DNS, verifying my client TCP/IP settings are correct, etc, but the more I think about it the more I confuse myself. So my typing this all out may be helpful... or not ;)   am not a server/network administrator, ie- I have never setup a Windows 2003 server, implemented DNS, or a domain in AD. I primarily deal with Help Desk support. Thanks in advance!
Question by:KJS69
    LVL 47

    Assisted Solution

    LVL 3

    Accepted Solution

      welcome to the world of servers and networks.
    It sounds like quite a simple problem.
    If your PCs are using the sonicWall firewall / external DNS providers for DNS resolution, then that will be your reason why the workstations and users are taking so long to startup and login.
    Your ISP has no knowledge of your internal network so when you logon and your clients are looking for your server name, the DNS request to your ISPs DNS server is returning a host unknown and then the client is broadcasting on the network to try and resolve the server name.  All this amounts to time...
    To fix this:
    1. Install and configure DNS on your domain controller.  Follow the instructions located at or
    2. Configure your DNS server's forwarders to point to your ISPs DNS servers.  This way, request that can't be answered by your server will be sent out for resolution - this is known as a recursive lookup
    3. Configure your clients to point to your domain controller / DNS server for DNS

    Wholla - name resolution is a lot quicker and users log on quickly!

    As an FYI, you will want to configure your anti-virus software to not scan the active directory database as it can cause corruption - details how
    LVL 59

    Assisted Solution

    by:Darius Ghassem
    First issue remove the ISP DNS servers from the TCP\IP settings from all internal machines clients and servers. The clients should be pointing to the internal DNS server which is the DC and the DC should be pointing to itself for DNS. There should be no external DNS servers listed in your internal domain. Once you have done run a ipconfig /flushdns, ipconfig /registerdns, then dcdiag /fix on the server.

    You need to setup DNS forwarding up for external DNS resolution.

    Author Comment

    OK, I'm embarrassed to say but DNS is running on the server! I must not have verified that because I saw the ISP's DNS info on all of the workstations' TCP/IP Properties. Hmmm. I still think it's a DNS issue though. Maybe DNS is not configured correctly on the server - or- on the workstations, need to remove the ISP's two DNS entries and replace it with ONLY the in-house DNS server's IP of
    LVL 59

    Assisted Solution

    by:Darius Ghassem
    Correct you need to remove the client's ISP DNS servers and only place the internal DNS servers in their TCP\IP properties. Run a ipconfig /flushdns and ipconfig /registerdns on the clients.

    Author Comment

    FIX: Turns out the slow log on issue had to do with three poorly ordered DNS entries on client's TCP/IP Properties. Our inside DNS server's entry ( was at the bottom of the DNS entries list along with two outside tow when it should have been either the first entry or simply by itself in the DNS entries list. Thank you all for your assistance.
    LVL 47

    Expert Comment

    Ok, I pointed out the DNS with the very first comment and all I get is a 50 point assist???

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
    Synchronize a new Active Directory domain with an existing Office 365 tenant
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now