window domain user login very slow

I've recently encounter problems with slow domain user login. It takes almost 30minutes to login.

The weird part is for the machine which is on vlan, the user was able to login as normal.

For the machine on the subnet the user takes around 30 minutes to login.

If the machine was change to subnets it was able to login as normal.

I clear the dns cache on the dns server and run dcdiag to check on both dc controller.

Could it be a network problem?
Who is Participating?
tmoore1962Connect With a Mentor Commented:
is the system static or dynamic, probably a network vlan configuration problem is the server on a trunk port so that it gets all traffic from both networks, and is the servers, dns, dhcp etc properly configured for both networks.
Is the client using a roaming profile?  Try transferring a large file to test the network speed in both configurations and let us know the results.  I've seen 7 boxes with Gigabit NICs only transfer in the Kb range on Gb networks under certain conditions.  I've got a fix if that's what it is.
This is also something to try.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:

Are you using DHCP to assign IP address? How did you configure your DHCP? i.e one on each segment or one dhcp for both VLAN.

Have you use network utility tool to see the network traffic to your authentication server.

Brian PringleSystems Analyst II, SCM, ERPCommented:
Check your DNS settings.  If the user cannot find the domain controller, Windows will sit and wait to find it.  Eventually, it gives up and uses cached credentials.  The Windows domain controller should be the first DNS server entry and the router/switch should be able to find the route to that server.
Ratnesh MishraCommented:
I will suggest you to go with the tools to collect log XPERF .

Even Bootlogging enabled in procmon will also collect the boot logon process from very start.

Both of the above tools log collection can provide you most important data for recgnizing where the latency is .
If you have collected the log, you may upload it so that we can analyse it for you to provide you the solution.

Additional Information :-

One of the best blog for such slow logon activity.
sweehanAuthor Commented:
All the client machine are using dynamic ip assign by dhcp server which is also the dc server.

Some user has roaming profile and some just normal profile. Both login also the same when its in the affected subnet.

I tracert and nslookup from the affected machine. The affected machine dns provided by the dhcp was set to the dc server.
sweehanAuthor Commented:
I telnet port 88 to the DC and found the connection to be slow when connect to the affected vlan.

I did a simulation by creating a new forest in a virtualize environment connect to the affected vlan. I use another VM to join to the new domain and it takes very long time to join.

Which means its not group policy or script problem.

I request the network engineer to bypass the connection from the core switch to the firewall and the login was fast.

To confirm, network engineer took a spare core switch and replace the existing core switch.

The slow login solved
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.