"Applying user settings" for 10 minutes logging in to Windows Remote Destkop Server

Hello Folks,

A client of ours has suddenly developed a pretty irritating/serious problem.
They have a Windows 2008 R2 SBS DC and a Server 2008 setup as a terminal server for users to connect to from a branch office.

This setup had been working perfectly up until the 21st of August, then when a user (any user) logs in, it sits at "Applying User Settings" for around 10 minutes, then finally logs in.
Once logged in the sessions seem to behave fine.

There are no errors in the DC event logs, but there are a couple of group policy errors in the TS event logs, as below, one for username and one for computer name unable to be resolved.

EventID 1053
domain\administrator

The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

There have been no changes made to either the DC or TS, this seems to have come out of the blue.
I would appreciate any help
Steve
t2sAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pramod UbheCommented:
One of the reasons could be incorrect vlan mapping in AD - Make sure that the vlan of affected computer is in AD sites and services + it is mapped to correct domain controllers.
Additionally you can see which domain controller is processing authentication request by the command - Set logonserver. Also this could be due to replication issues on domain controller.
0
t2sAuthor Commented:
Below is what DCdiag returned


C:\>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = HW2008TS
   The GUID based DNS Name resolved to several IPs (::1, 192.168.8.8), but not
   all were pingable. Replication and other operations may fail if a
   non-pingable IP is chosen. The first pingable IP is 192.168.8.8.
   [HW2008TS] Directory Binding Error 1722:
   Win32 Error 1722
   This may limit some of the tests that can be performed.
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\HW2008TS
      Starting test: Connectivity
         [HW2008TS] DsBindWithSpnEx() failed with error 1722,
         Win32 Error 1722.
         ......................... HW2008TS failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\HW2008TS
      Skipping all tests, because server HW2008TS is not responding to
      directory service requests.


   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : hwlincs
      Starting test: CheckSDRefDom
         ......................... hwlincs passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... hwlincs passed test CrossRefValidation

   Running enterprise tests on : hwlincs.local
      Starting test: LocatorCheck
         ......................... hwlincs.local passed test LocatorCheck
      Starting test: Intersite
         ......................... hwlincs.local passed test Intersite

C:\>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = HW2008TS
   [HW2008TS] Directory Binding Error 1722:
   Win32 Error 1722
   This may limit some of the tests that can be performed.
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\HW2008TS
      Starting test: Connectivity
         [HW2008TS] DsBindWithSpnEx() failed with error 1722,
         Win32 Error 1722.
         ......................... HW2008TS failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\HW2008TS
      Skipping all tests, because server HW2008TS is not responding to
      directory service requests.


   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : hwlincs
      Starting test: CheckSDRefDom
         ......................... hwlincs passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... hwlincs passed test CrossRefValidation

   Running enterprise tests on : hwlincs.local
      Starting test: LocatorCheck
         ......................... hwlincs.local passed test LocatorCheck
      Starting test: Intersite
         ......................... hwlincs.local passed test Intersite

C:\>
0
t2sAuthor Commented:
The logon server is HW2008TS, which is the terminal server
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

t2sAuthor Commented:
Tried forcing the Replication between the DC and TS, got an error RPC server error from the TS, error is attached.

"The following error occured while trying to contact the Domain Controller HW2008TS.
The RPC server is unavailable"
0
t2sAuthor Commented:
Traced to an unresolved DNS forwarder on the DC
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
t2sAuthor Commented:
Managed to trace to an unresolved DNS forwarder
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.