?
Solved

"Applying your personal settings", cannot browse network, "Domain is not accessible"

Posted on 2009-04-23
7
Medium Priority
?
643 Views
Last Modified: 2012-06-22
Hardware: one Windows 2003 RC2 server, ten Win XP Pro sp3 clients, one SonicWALL security/firewall appliance sitting in between the ISP's internet box and our server/LAN.

History: ten computers used to be more or less workgroup based, ie- users would log on to their assigned computer with a locally created user account, shares were setup on the server, drive mapping created on the workstations so users could access data stored/backed up on that server. Server basically acted like a file server.

Now the SMB wants to move away from workgroups and move to domain based environment, to get benefit of a domain: single sign-on pass-through, shared printers, access permissions on accounting data folders, etc.

Actions: First thing I did was verify that the workstations were in fact joined to the domain, joined them if they weren't, and verified domain user accounts were setup in Active Directory Users & Computers ("ADUC"). Done.  Next, I asked all users (not all at once) to log on to their domain computers with their newly created domain accounts.

Issues:
- when any domain user logs onto any domain computer they get "Applying your personal settings" for ~1-2 mins. This is consistent, ie- happens every time any domain user logs on to any domain workstation, for just about the exact same amount of time every time, 1-2 minutes.
- domain users can "connect to" but NOT browse in Windows Explorer: "My Network Places, Entire Network, Microsoft Windows Network" displays the domain but when I click on it to browse it responds with "Domain is not accessible. You might not have permission to use this network resource"

Server: not configured to use DHCP, WINS, or DNS.

Workstations:
- Client for Windows Networks is enabled
- File and Print Sharing is enabled
- static LAN IP addresses are configured, IP: 10.0.0.x, SM: 255.255.255.0, GW: 10.0.0.1(?); ie- no DHCP leased addresses
- DNS: TCP/IP is configured to point to ISP's DNS (which probably gives users their access to the outside internet world)

Notes:
- domain users can connect to network resources through net use or \\sever\share (assuming access permissions have been set correctly on the object.
- share permissions are set to Everyone: Read/Change and Folder/File permissions set to Everyone: Modify. Set this way because not all users are using domain accounts to log onto workstations, some still use local user accounts. By setting the permissions this way the users who are still logged on to local user accounts can access those network shares/resources
- domain user accounts have their My Documents folder redirection redirected to Q:\My Documents on \\server (10.0.0.23)
- Offline Folders for all domain users is now DISABLED (even though they are turned ON by default)

My guess is this is probably an easy fix for some my issues, like setting up DNS, verifying my client TCP/IP settings are correct, etc, but the more I think about it the more I confuse myself. So my typing this all out may be helpful... or not ;)   am not a server/network administrator, ie- I have never setup a Windows 2003 server, implemented DNS, or a domain in AD. I primarily deal with Help Desk support. Thanks in advance!
0
Comment
Question by:KJS69
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 200 total points
ID: 24219817
0
 
LVL 3

Accepted Solution

by:
SimonL-UK earned 900 total points
ID: 24219861
Hi,
  welcome to the world of servers and networks.
It sounds like quite a simple problem.
If your PCs are using the sonicWall firewall / external DNS providers for DNS resolution, then that will be your reason why the workstations and users are taking so long to startup and login.
Your ISP has no knowledge of your internal network so when you logon and your clients are looking for your server name, the DNS request to your ISPs DNS server is returning a host unknown and then the client is broadcasting on the network to try and resolve the server name.  All this amounts to time...
To fix this:
1. Install and configure DNS on your domain controller.  Follow the instructions located at http://www.petri.co.il/install_and_configure_windows_2003_dns_server.htm or http://support.microsoft.com/kb/814591
2. Configure your DNS server's forwarders to point to your ISPs DNS servers.  This way, request that can't be answered by your server will be sent out for resolution - this is known as a recursive lookup
3. Configure your clients to point to your domain controller / DNS server for DNS

Wholla - name resolution is a lot quicker and users log on quickly!

As an FYI, you will want to configure your anti-virus software to not scan the active directory database as it can cause corruption - http://support.microsoft.com/kb/822158 details how
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 900 total points
ID: 24219864
First issue remove the ISP DNS servers from the TCP\IP settings from all internal machines clients and servers. The clients should be pointing to the internal DNS server which is the DC and the DC should be pointing to itself for DNS. There should be no external DNS servers listed in your internal domain. Once you have done run a ipconfig /flushdns, ipconfig /registerdns, then dcdiag /fix on the server.

You need to setup DNS forwarding up for external DNS resolution.

http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:KJS69
ID: 24244166
OK, I'm embarrassed to say but DNS is running on the server! I must not have verified that because I saw the ISP's DNS info on all of the workstations' TCP/IP Properties. Hmmm. I still think it's a DNS issue though. Maybe DNS is not configured correctly on the server - or- on the workstations, need to remove the ISP's two DNS entries and replace it with ONLY the in-house DNS server's IP of 10.0.0.23.
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 900 total points
ID: 24245262
Correct you need to remove the client's ISP DNS servers and only place the internal DNS servers in their TCP\IP properties. Run a ipconfig /flushdns and ipconfig /registerdns on the clients.
0
 

Author Comment

by:KJS69
ID: 24686738
FIX: Turns out the slow log on issue had to do with three poorly ordered DNS entries on client's TCP/IP Properties. Our inside DNS server's entry (10.0.0.1) was at the bottom of the DNS entries list along with two outside tow when it should have been either the first entry or simply by itself in the DNS entries list. Thank you all for your assistance.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24686792
Ok, I pointed out the DNS with the very first comment and all I get is a 50 point assist???
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question