Solved

Slow startup with Domain Account - Trying to resolve WPAD address?

Posted on 2011-03-23
16
2,372 Views
Last Modified: 2012-06-21
Hey Experts, I'm working with a XP pro notebook that has been run as a workgroup machine for a long time and has recently been joined to the company domain. When logging into the user's local account the logon process is nice and fast. When logging into the user's new domain account (member of local admins group) it hangs on Applying Computer Settings for about 2 minutes. However, logging into a domain admin account the login process is fast as expected.

In an attempt to troubleshoot I've used WireShark to watch what's happening and it looks like the problem is coming from repeated requests and eventual time-outs with the following query:

NBNS   Name query NB WPAD.ECCO.LAN, <00>

Where ecco.lan is our domain name. I've discovered that this is the automated proxy system trying to get its hands on a proxy config document, but we do not use a proxy at our site. After discovering this I turned OFF automatic proxy detection in IE, but no change.

I noticed a slight improvement after checking the order of the network interfaces; turned out that the LAN connection was last in line. After re-ordering those things picked up a little and here is where I sit with the 2min delay.

For some reason this search for WDAP.ECCO.LAN only occurs on the users account and not the admin account.

I'd appreciate any assistance in tracking this down!
0
Comment
Question by:jostafew
  • 7
  • 5
  • 4
16 Comments
 
LVL 4

Expert Comment

by:m_walker
Comment Utility
Check the permissions for any profile on the server (if you have roaming profiles).
Check the local "cached" profile on the user computer and ensure the domain\user has premissions.
Check the local computer and esnure the domain\user can create a profile.

You can try adding the user to the local admin group on that computer and double check its the correct domain user.

Check that that computer has joined the domain correcly.  It will be a permissions thing.  The local computer is trying to verify the account can do something, but either cant get the ok from the domain or the acls have the wrong security ID.  When looking at the ntfs permssions on the local PC, if they dont show acutual usernames, this means either it cant get the details from the domain or that SID is no longer valid.

Last time I saw this I just rebuilt the computer and the problem went away.  
I think it has something to do with the local username and the domain username being the same and having data on the computer already with that username.  Same username conflicting Local SID v Domain SID.



0
 
LVL 8

Expert Comment

by:MarkieS
Comment Utility
As m_walker suggests it sounds like user profile clashes.

The WPAD settings are Current user and if you dont use WPAD where did the WPAD setting come from?  If it's OK to remove try deleting the LastDetectURL - (remember to Export/Backup first)

Registry entries are under :

[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]
"LastDetectUrl"="http://wpad.contoso.com/wpad.dat"

0
 
LVL 4

Expert Comment

by:m_walker
Comment Utility
by default IE has auto detect proxy on.  With this setting it will try a few things to get hold of the config file (wpad.dat).  One of them is wpad.<default domain suffix>, it can also get the wpad settings from the DHCP server.  It will try to connet to that "host" and d/l the config file.
If you turn off "auto detect proxy" in the IE config, I would expect that wpad issue will go away.
0
 
LVL 3

Author Comment

by:jostafew
Comment Utility
Hey guys, thank you for the replies, I'll try to work through them in order;

m_walker - I am not using roaming profiles, the domain account was already added to (and continues to be a member of) the local admins account, everything looks OK in terms of permissions on local files (domain names included). I thought you'd hit the nail on the head with the same accounts names (local vs domain) as I have just that situation; local user account was the user's first name as was the domain account. Under documents and settings windows created the username user.ecco to represent the domain account. On your suggestion I created a new domain account which followed our company guidelines (using first initial, last name) and signed in with that. Also made that account a member of the local admins group. Unfortunatly we seem to have the same issue with this new account.

MarkieS - I have no idea where the WPAD settings came from as we don't use it in our network. I followed the path you provided in the registry to look for an Auto Proxy setting but didn't find any entries. I also searched the entire registry for wpad but came back with no results. I had a look at that registry key in another XP machine that is working correctly and it looks the same.

m_walker - thank you for the summary on the wpad process (I have read this as well). One of the first things I tried was to turn off "auto detect proxy" in IE. I would have expected the issue to go away after that as well....

0
 
LVL 3

Author Comment

by:jostafew
Comment Utility
Forgot to add that the issue is only present on system boot, simply signing off then back on does not recreate the problem.
0
 
LVL 8

Expert Comment

by:MarkieS
Comment Utility
So it's just at boot up.  Makes sense if it's sitting there applying computer settings.  No user profile has loaded yet.  But I would expect the problem on any domain login.

May be worth trying some extra boot investigation to pin point the delay.  WPAD sounds like a high candidate but it may be worth a try.

Have you tried Bootvis?
0
 
LVL 4

Expert Comment

by:m_walker
Comment Utility
re: wpad still there, it may be comming from a differnet browser.  My guess is there is something that is trying to call home (eg: check for updates) when you start and is using your internet settings to find they best way to do that.  I would kinda ignore it.

If the issue is on boot, then I would be looking at the computer level and the link between that computer and your domain.  Check in AD that that computer has the some permissions and is in the some groups as other working computers.
0
 
LVL 8

Expert Comment

by:MarkieS
Comment Utility
Burning the midnight oil as well!!
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 3

Author Comment

by:jostafew
Comment Utility
Learned a little more now, just for fun I thought I'd double check another XP machine's boot cycle to make sure it wasn't affected; sure enough it is showing the same symptoms (hang on Applying Computer Settings for a couple mins). This is a CAD workstation that would normally boot in 30ish seconds. I didn't go set up with Wireshark on that machine, but from the outside the symptoms look the same. After this I checked another similar system, but this machine booted fine (tried a couple times).

Trying to think of any changes I've made recently that would affect multiple machines I disabled all the GPO's that I'd been working, ran gpupdate /force on the server and gupupdate on the machine then tried booting again; no change. I then re-enabled my GPO's.

I removed the other two browsers from the original laptop machine, but now that I see the issue appearing on a machine that USED to start fine I'm thinking this is less likely of a cause.

I'm now trying to figure out what makes these two VERY similar systems different, other than belonging to different security groups...

I tried running BootVis on the laptop but the trace would crash in windows before it ever completed so that went nowhere. I suppose I could try it on the other machine, maybe learn something...
0
 
LVL 4

Expert Comment

by:m_walker
Comment Utility
Keep going, Im sure you will track it down.  My money is permissions.
We took over another site and when we got those computers to join our domain we had simular issues at boot up.  Join the domain and logon with a doman user... slow, log on with a local user fast.  Log onto the domain as an admin, fast.  removed from the domain all was fast.

It been too long to remember the exact thing that was the cause, but it was round permissions.  Remember the COMPUTER needs permissions in the domain as well as the user.  Applying computer settings is the computer trying to do something (hence will on boot, not log off log on; our issue was more at a user level).

You could try to remove the computer from the domain (reboot the computer).  Ensre this removal has completed and the computer is not visiable in the domain any more, then re-join it.  It could fix it, but may not.  Keep in mind when you remove a computer from the domain, then any local ACLs that have domain\user values will be lost or "broken", so you could make a bigger mess.

Since we have stock setups here, we would just re-image the pc, join the domain and continue.  If the problem come back then it would be a server side gp (as you have tried).

Like I said, keep looking and you should find it.  check the event logs on the server and client computers.
0
 
LVL 3

Author Comment

by:jostafew
Comment Utility
Still working on this... I used WireShark to capture traffic during the login process for the user account as well as the admin account; user being slow, admin being quick. Interesting what I found was that all the same stuff was happening, the difference being that with the user account it would sit at "Applying Computer Settings" while with the admin account it would whip into Windows right away and continue to do the same work in the background, giving the illusion that it's booting quicker. I stopped both logs at roughly the same point, which turns out to be approximatly the same total boot time. I've attached both logs to this post, with any luck something will stand out as a flag. I've also placed a light blue line across each log indicating 1- when the machine has finished booting to the login screen, and 2- when it is into Windows (still booting though).

Having exhausted my inspection of the boot process I am continuing to look into any permissions problems; to be honest I've never had to deal with computer permissions before. Everything has just worked... I'm trying to find the diff. between these 2 XP machines (possibly more) that boot slowly vs the other XP machine that comes up very quickly. Other than being in different OUs. I've even tried moving these machines to the OU that the other belongs to but seemingly no change.

For event logs, I do see a possible clue; both trouble machines are showing the following warning in their Application Log:

Event System (52) 4356 - The COM+ Event System failed to create an instance of the subscriber partition: {MAC addresses} CoGetObject returned HRESULT 8000401A

I'll continue to keep digging, but in the meantime if anything catches you eye please let me know!
Boot---Admin.JPG
Boot---Brussell.JPG
0
 
LVL 3

Author Comment

by:jostafew
Comment Utility
Ok, cleared up that application event warning:
http://forums.techarena.in/small-business-server/232687.htm
But slow boot remains.... Continuing to dig...
0
 
LVL 3

Accepted Solution

by:
jostafew earned 0 total points
Comment Utility
Solution FINALLY! What it came down to was using the "Connect To" option in the user account Profile tab. I was connecting H: to the user's home share. With this setting in place the machine would sit at "applying computer settings" until it had done the majority of the boot cycle before moving into windows. Clear this setting and it would go straight to windows while it continued it's boot process. Not that it really took any less amount of time to complete the cycle, but at least the user can work with the machine while it's finishing the boot process. So instead of using Connect To for the home share I've moved that task to a login script which is probably the better way to do it anyway (using a variable and applying that script to a group).

Thank you to m_walker and markie_s for your effort, I appreciate it.
0
 
LVL 4

Expert Comment

by:m_walker
Comment Utility
Glad to see you got it working.  As soon as i saw your posts, another thing come to mind about a setting that is "wait for network" prior to login on.  By default its off, but could have been on.  But you found your issue, well done.
0
 
LVL 3

Author Closing Comment

by:jostafew
Comment Utility
Finally solved the issue, see my final post.
0
 
LVL 8

Expert Comment

by:MarkieS
Comment Utility
Nice to get a resolution.

cheers
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
Resolve DNS query failed errors for Exchange
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now