Solved

SBS 2008 - Very long logon on clients (Please Wait)

Posted on 2014-02-03
7
777 Views
Last Modified: 2014-02-06
Hi Experts,

On a SBS 2008 Server network, we encounter some long time clients connection with the "Please Wait" message. I found the Winlogon Event IDs 6005 and 6006 :

System
 
Provider
 
[ Name]
Microsoft-Windows-Winlogon
 
[ Guid]
{DBxxxxxx-7xxx-43xx-91xx-AxxxxxxxBxx8}
 
[ EventSourceName]
Wlclntfy
 
-
EventID
6005
 
[ Qualifiers]
32768
 
Version
0
 
Level
3
 
Task
0
 
Opcode
0
 
Keywords
0x80000000000000
 
-
TimeCreated
 
[ SystemTime]
2014-02-03T07:51:12.000000000Z
 
EventRecordID
91971
 
Correlation
 
-
Execution
 
[ ProcessID]
0
 
[ ThreadID]
0
 
Channel
Application
 
Computer
clientcomputer1.domain.local
 
 
Security
 
-
EventData
 
GPClient
 
CreateSession
 
00000000
 
 
 
System
 
-
Provider
 
[ Name]
Microsoft-Windows-Winlogon
 
[ Guid]
{DBxxxxxx-7xxx-43xx-91xx-AxxxxxxxBxx8}
 
[ EventSourceName]
Wlclntfy
 
-
EventID
6006
 
[ Qualifiers]
32768
 
Version
0
 
Level
3
 
Task
0
 
Opcode
0
 
Keywords
0x80000000000000
 
-
TimeCreated
 
[ SystemTime]
2014-02-03T07:51:12.000000000Z
 
EventRecordID
91972
 
Correlation
 
-
Execution
 
[ ProcessID]
0
 
[ ThreadID]
0
 
Channel
Application
 
Computer
clientcomputer1.domain.local
 
 
Security
 
-
EventData
 
GPClient
 
60
 
CreateSession
 
04000000


Event ID 10 occurs with Source : WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 

I found that in the DNS local domain it was a _msdcs Host A and subdomains (_site, _TCP, _UDP, ForestDNSZone, DoaminDNSZone and even a Autodiscover greyed one) while there already exist autodiscover.domain.local and _msdcs.domain.local domains.
Could I delete these inside the domain.local and restart the Netlogon service without any problem ? If not what I have to do in the right order please ?

There is an IPV6 Reverse DNS lookup zone configured in 32 bits with SOA (SBSServer.domain.local, hostmaster.domain.local), NS (SBSServer.domain.local), domain.local and SBSserver.local PTR.

Ping and Nslookup work well in IPV4 and IPV6 for the domail.local name.
Ping works well for the SBSserver.domain.local in IPV4 and IPV6.
Reverse DNS doesn't work in IPV6 for the SBSServer.domain.local.
When I add the SBSServername Host AAAA in domain.local, it disapear after a while.

Finally, a very strange behaviour, I can't acces OWA on the SBS server when I type https://SBSserver/owa or https://SBSserver.domain.local/owa. Only the IP address works to access OWA while these names ping successfully in IPV4 and IPV6...

Thank you in advance for your help, best regards,
0
Comment
Question by:jet-info
  • 3
  • 3
7 Comments
 
LVL 12

Accepted Solution

by:
Gary Coltharp earned 500 total points
ID: 39829452
Have you run the fix my network wizard in the SBS console?
It is highly advised to stay in the console in SBS environments.

After running the fix my network wizard, you may need to rerun the connect to the internet wizard but not necessarily.

As for OWA, an implicit DNS record is created that mirrors your outside address, ie; remote.xyzdomain.com

so you would go to https://remote.xyzdomain.com/owa both inside and out.

HTH

Gary
0
 

Author Comment

by:jet-info
ID: 39829509
I did not dare do it on a  "Working" production server because it is one of SBS first steps wizard.
Is it safe at 110 % ? Does it recreate the autodiscover and the DNS config as well ?

Thank you for your help Gary !

PS : I saw a strange behaviour this morning, When connected to Exchange, Outlook open a small window and try to connect to address@domain.com (instead of address@domain.local). We only can click to cancel on this windows and when we do it, the connection is cutted between the client and the server, so we click on "Need Password" in Outlook and it connect back to the server, but 2 minute after it restart to connect to address@domain.com. If we let it alone Outlook works and the connection to the server remains...
0
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 39829516
It is very safe...there may be a brief interruption in internet services but your server will likely be much the better for it afterwards.

Gary
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:jet-info
ID: 39832594
It changed the server IP address, the SMTP connectors and the DHCP options related to the new IP... Once the previous IP, DHCP settings and SMTP connectors restaured I launched the wizard again and it only mentioned the DNS Forwarders and the router errors.

Not again tested to restart a computer, not had the time today.

I check it ASAP.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39834648
The FIX My Network Wizard should NOT change the IP address of your server

Please post a COMPLETE ipconfig /all from both the server and a workstation.

Jeff
0
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 39835475
I concur...
Perhaps it wasn't configured from the console when it was deployed or migrated? As I understand it, the settings are stored in a database at configuration so that the fix network wizard can put things back.
0
 

Author Closing Comment

by:jet-info
ID: 39839256
Thanks.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SBS 2011 corrupt database 3 64
DNS Name Pointing 6 31
Public DNS 2 31
SBS 2008 DC DIAG Missing AAAA record at DNS server : 5 23
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Resolve DNS query failed errors for Exchange
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now