• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 506
  • Last Modified:

Slow login after migration to new address range

Simply put, we have switched a small office of about 12 PC's, a server, and a couple of printers from one service to Comcast. We have no static IP addresses set up with Comcast and we only have the Comcast cable modem as our router. I know that this is not good but it is where we are right now. We have our own domain. Logins take about 4 minutes now which is way too long. I figure that either I need to buy a router and set up the cable modem to be only a modem or that I need to buy some static IP addresses from Comcast in order to solve the problem. Until then, is there anything I can do right now to improve performance?
  • 2
  • 2
1 Solution
You say you have your own domain..  So I am proceeding with the assumption that you have a Windows network, with say a Windows 2003 server, and some Windows XP workstations.   Is that close?   Do you  have a domain controller outside of your  12 PC LAN that your PCs trying to login to?

If not then the internet connection should _not_ be involved here, if your network is configured right.

4 minutes isn't that long for a login,  especially if roaming profiles are involved; it can take a significant amount of time to download a user's profile from the server, especially if it is >1gb in size.
What message displayed on the screen when login is hanging?

When you say LOGIN.. you mean when a user arrives at their workstation, types username, and password, it takes a long time before they gain access?

If your local server is a domain controller, and  the workstations are attempting to  login to that, it should NOT  be taking a long time,  regardless of the status of the internet connection,  it indicates a misconfiguration or problem with the PCs/server/ or local network.
It is most likely a problem with the DNS settings  on workstations.

A Static IP address with comcast or not should not effect the performance of a domain login to a local DC  (providing you  don't have Windows domain controllers outside your LAN).

Best configuration for PCs on a local domain..  please verify the following:

* The IP addresses of  (non-server) workstation PCs should be given to them by a DHCP server,  they should be able to  "ping"  and access  other IP addresses on the LAN.

  If your  Comcast cable modem is providing your local machines with DHCP  (instead of your Windows server),  the below might be hard to change ---   you  may literally have to assign static  local IPs and DNS servers to all workstations,   OR   turn off DHCP on the cable modem,   statically configure your Windows server,  and   setup the Windows  DHCP service, as normal.

* The "DNS forwarder"  settings on your Windows server's  DNS service  should forward by default to a suitable list of DNS servers, such as your ISP Comcast's DNS servers,  Google's DNS server,  OpenDNS,  or whatever external DNS servers you prefer.

* The primary DNS server  assigned to all those PCs in their TCP settings (preferably with DHCP), should be the IP address of your local Windows server that is acting as a domain controller.

Workstations'  DNS settings should not contain any outside servers,  this is important for domain login to work correctly.

* There should be no secondary DNS server on workstations  (unless you have additional Windows servers on your local network)

* The  "domain suffix"  option provided by the DHCP server  to configure the PCs with should  match the name of your local  Windows  domain.

The  last  two  are the important part:   the  only   DNS servers configured on  Workstations  joined to the domain,  should be   domain controllers that are members of your domain.

And the DNS hostname suffix should match the  name of your domain.

E.g. if your windows domain is  "blah.local",  the DNS suffix should be blah.local   in  the workstations'  network settings.

If it's not the case,  you could try   giving that one workstation a static IP address temporarily,  and assigning  the DNS server manually,  to verify.

In case it is still slow,  please  check  event logs...

dbachman1Author Commented:
Thank you for the wealth of information. I will check all of these issues this evening when I have a go at it again. In the meantime, I will try to address all of your questions. There are 8 WinXP Pro SP3 computers, 1 Windows Server 2003 domain controller, and 2 network printers on the LAN. It takes about 4 minutes to login from the time I press 'Enter' after entering my username and password to the time that I reach the desktop. There is no message displayed on the screen indicating anything including performance issues. I am not entirely familiar with this setup as I was asked by a friend to help with this problem. The DNS records on the server are not updating. They still show the old IP range. I tried manually adding a corrected record for both DNS forwarding and reverse DNS lookup but it made no difference. Based on your recommendations, I need to change the DNS settings on the domain controller. I tried giving one workstation a static IP address. It did not change the login performance. The DNS suffix is listed in the network settings. If I am unable to resolve the issue quickly this evening, I will attach some screen shots of the configuration. The server is configured statically even though the Comcast router is set to DHCP. I logged into the router and set the IP address lease time to forever so I doubt there will be an IP address conflict in the next few days. Still, I want to migrate the workstations to static IP's soon, perhaps this evening. Did I miss any of your questions?
So the LAN IP addresses were changed?
Are they in a private network,  e.g.  192.168.x.x
10.x.x.x.x  or   172.x.x.x.x

Are the workstations in the same subnet as the server?
And is the network mask the same  in the IP address settings?

On a workstation  "ipconfig /all"   should show all info, including netmask and DNS servers.

It is important that there be a reverse DNS zone,  matching your subnet..

But you may wish to check
Administration Tools  > Active Directory Sites and Services

Ensure that the local subnet is listed, and that exists and that it's associated with a site  (probably the  Default Site),  that the local server is a domain controller in.

Verify the existence of a proper reverse zone after that.
In general, it is mosts important that the reverse zone  exists on the AD integrated DNS server.

As for forward DNS names not updating for workstations,  this is not a good indication..    probably what is happening is the Comcast  cable modem is providing your workstations  its own IP address via DHCP.

If you can override the modem's  DHCP settings  to use your server's  IP address as DNS server  (for the workstations),
[or  use static, or shut off DHCP on cable modem and  use the Windows server to provide proper settings]

Then try

ipconfig /renew
ipconfig /registerdns

On a workstation,  and  see if  the dynamic DNS record properly updates.

Make sure the workstations can type  each of these commands:


ping SERVERNAME.windowsdomain.example

Each should ping the IP address of the server, if DNS is working correctly

dbachman1Author Commented:
Thank you! Sorry it took so long!

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now