Slow logon to Server 2008 Terminal server

While logging onto server 2008 terminal server, it will just set there showing "Please wait for Local Session Manager".  It can take up to 5 minutes before finally logging on. Also, when users open a new email in Outlook 2003, they get an error saying "Microsoft Word is set to be your e-mail editor. However, Word is unavailable, not installed, or is not not the same version as Outlook.  The Outlook e-mail editor will be used instead.  You don't have appropriate permission this operation"  If I make the user a domain admin, then these issuses go away.  Obviously this is not an option.
Everything was working before the weekend, and then things went haywire.  There was an update KB950050 that was installed.  
newgentechnologiesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

loftywormCommented:
I would look first at network connections, is there something loading that is not responding?  Printers? mapped drives?

Next I would check the GPO's using RSOP.msc.  The command line function 9which escapes me right now) could return more detail if needed.
0
newgentechnologiesAuthor Commented:
The problem is the same in the User OU, and is only getting the Default Domain Polcy
0
loftywormCommented:
What did you find out about printers, mapped drives and other network connections?

0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

newgentechnologiesAuthor Commented:
When the user is in the User OU, it is not getting any printers, mapped drives or network connections, and the problem is still happening.   The problem being that it slow if the user is domain user, but normal if domain admin.
0
loftywormCommented:
Aside from the GPO, and there local (networked) printers? Other network connections?

Something else maybe, validate your speed and duplex on the nic, may need to check the switch also to make sure they match.
0
newgentechnologiesAuthor Commented:
Don't think it has to with speed because if I make the the same user domain admin it does not wait at the "Please wait for local session manager".  I am thinking it has to do with a permission problems.
0
loftywormCommented:
So what is the user trying to access?  Gpresult.exe can give you more detailed output of the applied GPO's, maybe there is something in there.  Otherwise, try using filemon to see what is being accessed, you can filter by "denied" messages.

I speak about the network stuff, because I have run into this before, and that has been the culprit, but it wouldn't be the first time I have been wrong.  

The reason why is that windows likes to wait for a time out before continuing the boot process, and a bad network printer, share, access (something the domain admin has access to that the user doesn't, or is not trying to use) will have to time out before proceeding.
0
newgentechnologiesAuthor Commented:
I did go back to the GPO and just found something interesting.  I made a new user and it had problems logging in. Then I denied him default domain policy, and was able to logon normally and was was able to do a GPRESUL /R.  

With a user that gets the default domain policy, when I do a GPRESULT /R, I get: ERROR: Logon failure: unknown user name or bad password.
0
loftywormCommented:
:(  a little googling on this says that this may be a corrupted DDP.
0
newgentechnologiesAuthor Commented:
what is the best way to redo the DDP?  Make a brand new policy or delete what was in the old one and rebuild it.
0
loftywormCommented:
0
newgentechnologiesAuthor Commented:
I have done the DDP rebuild and still get the problem of old domain users getting the GPRESULT /R, I get: ERROR: Logon failure: unknown user name or bad password. error.  If I make the domain user an admin then it works.  Also if I make a new user it works.

I have given the user full control of the folder and Edit setting the GPO management console.  Not sure if their is a registry or another folder that needs full control.  Any ideas?
0
loftywormCommented:
Have you run filemon or regmon?  log on to the system as an admin, and run the exe's, then have the user account log in.  this is hte long hard way of doing it, but I am fresh out of ideas.
0
newgentechnologiesAuthor Commented:
Ended up having to spend the money with Microsoft.  The problem ended up being that I had did a 2003 to 2008 migration of the server.  When I did the users move, had the user logon, then move the files into the folder, replacing the 2008 folder structure.  This had been working for about a year, but a update changed some the permissions.
The only fix it to rename the application data and appdata folders.  Then the user can logon normally.  This a slightly better option, then making new users, that I thought I was going to have to do.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.