Solved

Win7, Remote Site, endless Logon

Posted on 2010-08-19
4
692 Views
Last Modified: 2012-08-14
Hi Experts,

i have a Problem with a Win7 machine. Long story short: The machine has absolute no problem at the Headquarter, but at a remote site it needs endless until the logon screen appears and endless until the users desktop appears.

Short story long :-)
I dont want to affect your opinions, but i think it has something to do with the fact, that there is no DC at the remote site. The problem occurs only as domain member. when we take it out of the domain, it boots fast.
Some facts:
the user has no server profile
the sites are connected via IPsec
the client gets his ip via DHCP and has the SBS2003 at the HQ as prim. DNS
There is another DC at HQ but without DNS
There are other DCS at others sites, but cant be reached, no routing
I checked the AD sites&services, the site is created, the subnet is configured, there is a intersite-connection to HQ with lowest costs
I checked the RegKey  HKLM\system\curr.contr.set\services\netlogon\parameters\dynamicsitename
the value on the client is the site it should be
i checked the entries in DNS _ldap.tcp_.<sitename>._sites.dc._msdcs.domain.local
there are entries from the two dc at HQ
the windows logfile on both DC at HQ have an entry->
5792 Logon : the remote site has no LDAP entries, LDAP-Server from site HQ will govern this site due to replication costs

after endless logon there are entries in windows logfiles
event 6006 logon : GPClient needed 206 sec. to create session
event 6005 logon : GPClient needs some time to logon
event 6006 logon : GPClient needed 252 sec. to logon

the networkdrives from the startscript are connected and accessable

i checked gpupdate /force
it takes about a minute
ive seen gpupdate failed one time, after a (long :-) reboot it worked again

i checked viáriable logonserver, its the sbs2003 at HQ

i checked nblookup, works
i checked nslookup, works
i can ping across the tunnel everthing from everywhere

you can work with the machine after this long boot and logon periode as normal.
access shares and so on

a winXP machine on this site has no problems

can anybody help?
i can prioide drawings of the network, screenshots, anything you need

thanks in advance
0
Comment
Question by:deibel
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:aoakeley
ID: 33473349
If there is no DC at the remote site, then I do not believe there is any reason to have that remote site in AD Sites and Services. Attach the subnet of the remote site to the HQ Site. This will ensure that the computers in the remote site always try the HQ domain controller (which they can route to) first.

Andy
0
 
LVL 5

Author Comment

by:deibel
ID: 33473701
ok, we dont have site dependend rules so i gave it a try
changed the subnet to HQ site, left the remote site in AD but with no subnets
replicated it to other dc

but it didnt help
boot and logon still endless

ich checked the regkey dynamicsitename again. its now HQ site
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33475110
Does the workstation have IIS running on it?
Does it have a printer using the HP CUE DeviceDiscovery Service configured on it?
Is there anything else that could be looking for something on another site? Printer etc?
You say there is no server profile - what about folder redirection?
Anything in this thread look useful ? http://social.technet.microsoft.com/Forums/en-US/itprovistanetworking/thread/56310e15-32df-457a-bc38-4cc2fce0a5e5 
0
 
LVL 5

Accepted Solution

by:
deibel earned 0 total points
ID: 33834174
we finally opened a case at ms support
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question