Slow to login to Domain Server from all workstations

Posted on 2011-05-10
Last Modified: 2012-06-27
I am working with a Small Business Server 2003 domain setup.
All workstations are Windows XP SP2.

About 3 months ago, when a workstation logged in, it started taking about 5 minutes to get to the desktop. Suddenly last week, it started taking from 20 minutes to 2 hours to boot a workstation and login.  This happens for all workstations.  As far as I know, nothing on the server has changed. I do not maintain this server but they call me when there are problems.

It is not a one time delay but the whole logon process takes forever.  Even after the desktop comes up, the user can't do anything for 3-4 minutes. Once this whole process is done, every thingn works fine.

All the searching I have done indicates I should be looking at the DNS settings of the clients.  I would think if that was the problem, I would have one long delay and then logon would proceed as normal. Anyway, the DNS settings on the clients has not changed in the last year.

On one workstation, I enabled the UserEnv logging and you can see the delay.
The following 12 lines cover 1 hour of waiting.

USERENV(320.4b8) 11:25:50:078 PingComputer:  First time:  0
USERENV(320.4b8) 11:25:50:078 PingComputer:  Fast link.  Exiting.
USERENV(320.4b8) 11:44:45:218 MyGetUserName:  GetUserNameEx failed with 1727.
USERENV(320.4b8) 11:44:45:218 MyGetUserName:  Retrying call to GetUserNameEx in 1/2 second.
USERENV(320.4b8) 12:03:40:968 MyGetUserName:  GetUserNameEx failed with 1727.
USERENV(320.4b8) 12:03:40:968 MyGetUserName:  Retrying call to GetUserNameEx in 1/2 second.
USERENV(320.4b8) 12:22:36:609 MyGetUserName:  GetUserNameEx failed with 1727.
USERENV(320.4b8) 12:22:36:609 MyGetUserName:  Retrying call to GetUserNameEx in 1/2 second.
USERENV(320.324) 12:25:50:156 IsSyncForegroundPolicyRefresh: Synchronous, Reason: NonCachedCredentials
USERENV(320.4b8) 12:27:04:656 MyGetUserName:  GetUserNameEx failed with 1355.
USERENV(320.4b8) 12:27:04:656 ProcessGPOs: MyGetUserName failed with 1355.
USERENV(320.4b8) 12:27:04:656 ProcessGPOs: No WMI logging done in this policy cycle.

At this point, I disconnected the network cable and the computer desktop came right up. Of course the network shares, etc were not available.

I tried setting "Always wait for the network at computer startup and logon" to disabled. It was 'Not Configured', No difference.

Any advice?
Question by:techmastercomputer
    LVL 70

    Accepted Solution

    With slow logon DNS is usually the chief culprit.

    do an IPCONFIG /all on the client machines and make sure that the one and only DNS server listed is the Windows Server
    LVL 1

    Assisted Solution

    According this log your workstation seems to be unable to reach the logon server, you should check the DNS but also the NETLOGON service on the server and the Group Policy assigned to your computers (you could try disabling any GPO)...

    For long logon time, you should also check the size of your users profiles if they store it on the server (this does not seems to be the problem according your log, but it's better to check) .

    LVL 2

    Expert Comment

    Also verify that your DNS services aren't having problems.  Even though the clients could be pointed to the right place your DNS server could be screwed up.  There are DNS Server Logs in the event viewer, and you should be able to open the DNS console and see that all of the entries are there for the DC (Start of Authority, Name Server should both have Data of the server name) and then a Host (A) record for that server name as well.
    LVL 66

    Expert Comment

    Just in case it isnt DNS....

    Look in Network Connections>Tools>Advanced (at the top), and list what your connection order is. Any bindings that arent in use listed? Check the next tab as well, and list what the providers are ordered in...

    Reason I suggest this, is that maybe you have had an update/application install that might have hosed the order...

    Expert Comment

    Please check with nslookup tool and try to resolve your domain, and don't forget check if you have software for protection like firewall on your workstations.

    Author Comment


    Ok, I set Network Connection TCP/IP DNS to the server with no ALT DNS. I was able to logon relatively fast, <1min. All server related functions were working but the internet connection (IE) would not work.  I set the LAN settings or IE to "Use a proxy server for your LAN..." and entered the address and port. At this point IE was working. Seems a little slow at start up but didn't test it enough to be sure.  At this point I thought I was done.  Then determined that the email on the client did not work. Using OUTLOOK 2003 and all email is on yahoo.  It appears that it can not find the yahoo servers.  I would assume it is a DNS problem but will not be able to look at until tomorrow.

    So I have fixed one problem but caused multiple others.

    I don't understand how their server worked up until this point. For the last 2 1/2 years they have not used the DNS server but used the IP's DNS server. I don't know how they were able to log in to the domain over the last 2 years.  I didn't change it because it was working.

    My original problem I can fix but now I need to fix the others. Maybe this should be closed and a different thread opened for the other problems.

    Author Closing Comment

    Did not solve all my problems.
    LVL 1

    Expert Comment

    On the 2003 server, add the IP of the dns servers of your ISP (your "alt dns" probably) in the DNS Server configuration as "Forwarders".

    *not in the DNS configuration of your network adapter*, but in the configuration of the DNS server itself...

    Administrative Tools / DNS / Properties of your server / Forwarders

    Check also that you do not have a "." zone in the "forward lookup zone"

    The right setup : your workstations use the server as DNS Resolver, the server reply directly for everything related to the local network, and forward every other request to the ISP.

    If you configure the workstation to use directly the ISP server, as this server cannot reply for anything about your local network -> error and timeout/delay

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
    Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now