window domain user login very slow

I've recently encounter problems with slow domain user login. It takes almost 30minutes to login.

The weird part is for the machine which is on vlan 172.16.0.0, the user was able to login as normal.

For the machine on the 10.80.1.0 subnet the user takes around 30 minutes to login.

If the machine was change to 172.16.0.0 subnets it was able to login as normal.

I clear the dns cache on the dns server and run dcdiag to check on both dc controller.

Could it be a network problem?
sweehanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tmoore1962Commented:
is the system static or dynamic, probably a network vlan configuration problem is the server on a trunk port so that it gets all traffic from both networks, and is the servers, dns, dhcp etc properly configured for both networks.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
joelsplaceCommented:
Is the client using a roaming profile?  Try transferring a large file to test the network speed in both configurations and let us know the results.  I've seen 7 boxes with Gigabit NICs only transfer in the Kb range on Gb networks under certain conditions.  I've got a fix if that's what it is.
0
joelsplaceCommented:
http://support.microsoft.com/kb/2775511
This is also something to try.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:
Hi,

Are you using DHCP to assign IP address? How did you configure your DHCP? i.e one on each segment or one dhcp for both VLAN.

Have you use network utility tool to see the network traffic to your authentication server.

Regards
0
Brian PringleSystems Analyst II, SCM, ERPCommented:
Check your DNS settings.  If the user cannot find the domain controller, Windows will sit and wait to find it.  Eventually, it gives up and uses cached credentials.  The Windows domain controller should be the first DNS server entry and the router/switch should be able to find the route to that server.
0
Ratnesh MishraCommented:
I will suggest you to go with the tools to collect log XPERF .  

http://blogs.technet.com/b/askpfeplat/archive/2012/06/09/slow-boot-slow-logon-sbsl-a-tool-called-xperf-and-links-you-need-to-read.aspx

Even Bootlogging enabled in procmon will also collect the boot logon process from very start.

Both of the above tools log collection can provide you most important data for recgnizing where the latency is .
If you have collected the log, you may upload it so that we can analyse it for you to provide you the solution.


Additional Information :-


One of the best blog for such slow logon activity. http://blogs.technet.com/b/instan/archive/2008/04/17/troubleshooting-the-intermittent-slow-logon-or-slow-startup.aspx
0
sweehanAuthor Commented:
All the client machine are using dynamic ip assign by dhcp server which is also the dc server.

Some user has roaming profile and some just normal profile. Both login also the same when its in the affected subnet.

I tracert and nslookup from the affected machine. The affected machine dns provided by the dhcp was set to the dc server.
0
sweehanAuthor Commented:
I telnet port 88 to the DC and found the connection to be slow when connect to the affected vlan.

I did a simulation by creating a new forest in a virtualize environment connect to the affected vlan. I use another VM to join to the new domain and it takes very long time to join.

Which means its not group policy or script problem.

I request the network engineer to bypass the connection from the core switch to the firewall and the login was fast.

To confirm, network engineer took a spare core switch and replace the existing core switch.

The slow login solved
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.