?
Solved

Win7, Remote Site, endless Logon

Posted on 2010-08-19
4
Medium Priority
?
697 Views
Last Modified: 2012-08-14
Hi Experts,

i have a Problem with a Win7 machine. Long story short: The machine has absolute no problem at the Headquarter, but at a remote site it needs endless until the logon screen appears and endless until the users desktop appears.

Short story long :-)
I dont want to affect your opinions, but i think it has something to do with the fact, that there is no DC at the remote site. The problem occurs only as domain member. when we take it out of the domain, it boots fast.
Some facts:
the user has no server profile
the sites are connected via IPsec
the client gets his ip via DHCP and has the SBS2003 at the HQ as prim. DNS
There is another DC at HQ but without DNS
There are other DCS at others sites, but cant be reached, no routing
I checked the AD sites&services, the site is created, the subnet is configured, there is a intersite-connection to HQ with lowest costs
I checked the RegKey  HKLM\system\curr.contr.set\services\netlogon\parameters\dynamicsitename
the value on the client is the site it should be
i checked the entries in DNS _ldap.tcp_.<sitename>._sites.dc._msdcs.domain.local
there are entries from the two dc at HQ
the windows logfile on both DC at HQ have an entry->
5792 Logon : the remote site has no LDAP entries, LDAP-Server from site HQ will govern this site due to replication costs

after endless logon there are entries in windows logfiles
event 6006 logon : GPClient needed 206 sec. to create session
event 6005 logon : GPClient needs some time to logon
event 6006 logon : GPClient needed 252 sec. to logon

the networkdrives from the startscript are connected and accessable

i checked gpupdate /force
it takes about a minute
ive seen gpupdate failed one time, after a (long :-) reboot it worked again

i checked viáriable logonserver, its the sbs2003 at HQ

i checked nblookup, works
i checked nslookup, works
i can ping across the tunnel everthing from everywhere

you can work with the machine after this long boot and logon periode as normal.
access shares and so on

a winXP machine on this site has no problems

can anybody help?
i can prioide drawings of the network, screenshots, anything you need

thanks in advance
0
Comment
Question by:deibel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:aoakeley
ID: 33473349
If there is no DC at the remote site, then I do not believe there is any reason to have that remote site in AD Sites and Services. Attach the subnet of the remote site to the HQ Site. This will ensure that the computers in the remote site always try the HQ domain controller (which they can route to) first.

Andy
0
 
LVL 5

Author Comment

by:deibel
ID: 33473701
ok, we dont have site dependend rules so i gave it a try
changed the subnet to HQ site, left the remote site in AD but with no subnets
replicated it to other dc

but it didnt help
boot and logon still endless

ich checked the regkey dynamicsitename again. its now HQ site
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33475110
Does the workstation have IIS running on it?
Does it have a printer using the HP CUE DeviceDiscovery Service configured on it?
Is there anything else that could be looking for something on another site? Printer etc?
You say there is no server profile - what about folder redirection?
Anything in this thread look useful ? http://social.technet.microsoft.com/Forums/en-US/itprovistanetworking/thread/56310e15-32df-457a-bc38-4cc2fce0a5e5 
0
 
LVL 5

Accepted Solution

by:
deibel earned 0 total points
ID: 33834174
we finally opened a case at ms support
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Here's a look at newsworthy articles and community happenings during the last month.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses
Course of the Month15 days, 14 hours left to enroll

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question