newgentechnologies
asked on
Slow logon to Server 2008 Terminal server
While logging onto server 2008 terminal server, it will just set there showing "Please wait for Local Session Manager". It can take up to 5 minutes before finally logging on. Also, when users open a new email in Outlook 2003, they get an error saying "Microsoft Word is set to be your e-mail editor. However, Word is unavailable, not installed, or is not not the same version as Outlook. The Outlook e-mail editor will be used instead. You don't have appropriate permission this operation" If I make the user a domain admin, then these issuses go away. Obviously this is not an option.
Everything was working before the weekend, and then things went haywire. There was an update KB950050 that was installed.
Everything was working before the weekend, and then things went haywire. There was an update KB950050 that was installed.
ASKER
The problem is the same in the User OU, and is only getting the Default Domain Polcy
What did you find out about printers, mapped drives and other network connections?
ASKER
When the user is in the User OU, it is not getting any printers, mapped drives or network connections, and the problem is still happening. The problem being that it slow if the user is domain user, but normal if domain admin.
Aside from the GPO, and there local (networked) printers? Other network connections?
Something else maybe, validate your speed and duplex on the nic, may need to check the switch also to make sure they match.
Something else maybe, validate your speed and duplex on the nic, may need to check the switch also to make sure they match.
ASKER
Don't think it has to with speed because if I make the the same user domain admin it does not wait at the "Please wait for local session manager". I am thinking it has to do with a permission problems.
So what is the user trying to access? Gpresult.exe can give you more detailed output of the applied GPO's, maybe there is something in there. Otherwise, try using filemon to see what is being accessed, you can filter by "denied" messages.
I speak about the network stuff, because I have run into this before, and that has been the culprit, but it wouldn't be the first time I have been wrong.
The reason why is that windows likes to wait for a time out before continuing the boot process, and a bad network printer, share, access (something the domain admin has access to that the user doesn't, or is not trying to use) will have to time out before proceeding.
I speak about the network stuff, because I have run into this before, and that has been the culprit, but it wouldn't be the first time I have been wrong.
The reason why is that windows likes to wait for a time out before continuing the boot process, and a bad network printer, share, access (something the domain admin has access to that the user doesn't, or is not trying to use) will have to time out before proceeding.
ASKER
I did go back to the GPO and just found something interesting. I made a new user and it had problems logging in. Then I denied him default domain policy, and was able to logon normally and was was able to do a GPRESUL /R.
With a user that gets the default domain policy, when I do a GPRESULT /R, I get: ERROR: Logon failure: unknown user name or bad password.
With a user that gets the default domain policy, when I do a GPRESULT /R, I get: ERROR: Logon failure: unknown user name or bad password.
:( a little googling on this says that this may be a corrupted DDP.
ASKER
what is the best way to redo the DDP? Make a brand new policy or delete what was in the old one and rebuild it.
ASKER
I have done the DDP rebuild and still get the problem of old domain users getting the GPRESULT /R, I get: ERROR: Logon failure: unknown user name or bad password. error. If I make the domain user an admin then it works. Also if I make a new user it works.
I have given the user full control of the folder and Edit setting the GPO management console. Not sure if their is a registry or another folder that needs full control. Any ideas?
I have given the user full control of the folder and Edit setting the GPO management console. Not sure if their is a registry or another folder that needs full control. Any ideas?
Have you run filemon or regmon? log on to the system as an admin, and run the exe's, then have the user account log in. this is hte long hard way of doing it, but I am fresh out of ideas.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Next I would check the GPO's using RSOP.msc. The command line function 9which escapes me right now) could return more detail if needed.