Solved

Slow logins after IP change on DC

Posted on 2014-02-07
6
531 Views
Last Modified: 2014-02-12
I just moved my company to a new office. We were on a flat 192.168.16.0 network. We now have multiple vlans. I have modified the IP address of my 2 DC's along with all other servers.  I have changed the DNS server settings on each machine to point to the new IPs as well. I am obviously missing something because logging into these servers takes forever.... GPOs do not seem to be running , etc.  What am I missing and how can I troubleshoot?
0
Comment
Question by:BSModlin
6 Comments
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 39841631
Try logon on your DC (may requires lot of time to able logons) and as administrator run ipconfig /registerdns.
0
 
LVL 11

Accepted Solution

by:
Manjunath Sullad earned 500 total points
ID: 39841687
Reboot the Server,

ipconfig /flushdns & ipconfig /registerdns

If IP address subnet is new, you need to add it to AD sites and services and move the DC to the site that belongs to the new subnet.

Once you changed all the settings, Run "dcdiag" and check any errors are found.

If any errors , Run dcdiag /fix to correct the service records,

Refer some of the standards : http://technet.microsoft.com/en-us/library/cc758579(v=ws.10).aspx
0
 

Author Comment

by:BSModlin
ID: 39841856
Just did all that with same result.... What else can I test or modify?
0
Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

 

Author Comment

by:BSModlin
ID: 39842043
Here is the DCDIAG Results:


C:\Users\bmodlin>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = sasmail
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SASMAIL
      Starting test: Connectivity
         ......................... SASMAIL passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SASMAIL
      Starting test: Advertising
         ......................... SASMAIL passed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... SASMAIL passed test FrsEvent
      Starting test: DFSREvent
         ......................... SASMAIL passed test DFSREvent
      Starting test: SysVolCheck
         ......................... SASMAIL passed test SysVolCheck
      Starting test: KccEvent
         ......................... SASMAIL passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... SASMAIL passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... SASMAIL passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=StructuredAssetServices,DC=local
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=StructuredAssetServices,DC=local
         ......................... SASMAIL failed test NCSecDesc
      Starting test: NetLogons
         ......................... SASMAIL passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... SASMAIL passed test ObjectsReplicated
      Starting test: Replications
         ......................... SASMAIL passed test Replications
      Starting test: RidManager
         ......................... SASMAIL passed test RidManager
      Starting test: Services
         ......................... SASMAIL passed test Services
      Starting test: SystemLog
         An Warning Event occurred.  EventID: 0x000727A5
            Time Generated: 02/07/2014   10:13:26
            Event String:
            The WinRM service is not listening for WS-Management requests.
         An Warning Event occurred.  EventID: 0x00000420
            Time Generated: 02/07/2014   10:26:54
            Event String:
            The DHCP service has detected that it is running on a DC and has no
credentials configured for use with Dynamic DNS registrations initiated by the D
HCP service.   This is not a recommended security configuration.  Credentials fo
r Dynamic DNS registrations may be configured using the command line "netsh dhcp
 server set dnscredentials" or via the DHCP Administrative tool.
         An Warning Event occurred.  EventID: 0x825A0086
            Time Generated: 02/07/2014   10:27:02
            Event String:
            NtpClient was unable to set a manual peer to use as a time source be
cause of DNS resolution error on '"ntp.myfloridacity.us,0x8'. NtpClient will try
 again in 15 minutes and double the reattempt interval thereafter. The error was
: No such host is known. (0x80072AF9)
         An Warning Event occurred.  EventID: 0x00002724
            Time Generated: 02/07/2014   10:27:02
            Event String:
            This computer has at least one dynamically assigned IPv6 address.For
 reliable DHCPv6 server operation, you should use only static IPv6 addresses.
         An Warning Event occurred.  EventID: 0x825A0086
            Time Generated: 02/07/2014   10:27:04
            Event String:
            NtpClient was unable to set a manual peer to use as a time source be
cause of DNS resolution error on '"ntp.myfloridacity.us,0x8'. NtpClient will try
 again in 15 minutes and double the reattempt interval thereafter. The error was
: No such host is known. (0x80072AF9)
         An Error Event occurred.  EventID: 0xC0001B58
            Time Generated: 02/07/2014   10:27:06
            Event String:
            The Microsoft IPv6 Protocol Driver service failed to start due to th
e following error:
         An Error Event occurred.  EventID: 0xC0001B70
            Time Generated: 02/07/2014   10:27:12
            Event String:
            The HP Insight Event Notifier service terminated with service-specif
ic error 4 (0x4).
         An Error Event occurred.  EventID: 0xC0001B72
            Time Generated: 02/07/2014   10:27:22
            Event String:
            The following boot-start or system-start driver(s) failed to load:
         An Warning Event occurred.  EventID: 0x8000001D
            Time Generated: 02/07/2014   10:27:27
            Event String:
            The Key Distribution Center (KDC) cannot find a suitable certificate
 to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
 or enroll for a new KDC certificate.
         An Warning Event occurred.  EventID: 0x8435046F
            Time Generated: 02/07/2014   10:27:34
            Event String:
            System Information Agent: Health: A Temperature Sensor Condition has
 been set to degraded.  The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
         An Warning Event occurred.  EventID: 0x8435046F
            Time Generated: 02/07/2014   10:27:34
            Event String:
            System Information Agent: Health: A Temperature Sensor Condition has
 been set to degraded.  The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
         An Warning Event occurred.  EventID: 0x8435046F
            Time Generated: 02/07/2014   10:27:34
            Event String:
            System Information Agent: Health: A Temperature Sensor Condition has
 been set to degraded.  The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
         An Warning Event occurred.  EventID: 0x8435046F
            Time Generated: 02/07/2014   10:27:34
            Event String:
            System Information Agent: Health: A Temperature Sensor Condition has
 been set to degraded.  The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
         An Warning Event occurred.  EventID: 0x000727AA
            Time Generated: 02/07/2014   10:29:25
            Event String:
            The WinRM service failed to create the following SPNs: WSMAN/sasmail
.StructuredAssetServices.local; WSMAN/sasmail.
         ......................... SASMAIL failed test SystemLog
      Starting test: VerifyReferences
         ......................... SASMAIL passed test VerifyReferences


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : StructuredAssetServices
      Starting test: CheckSDRefDom
         ......................... StructuredAssetServices passed test
         CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... StructuredAssetServices passed test
         CrossRefValidation

   Running enterprise tests on : StructuredAssetServices.local
      Starting test: LocatorCheck
         ......................... StructuredAssetServices.local passed test
         LocatorCheck
      Starting test: Intersite
         ......................... StructuredAssetServices.local passed test
         Intersite

C:\Users\bmodlin>
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39842180
Can you cross verify,
All the settings in AD Sites and Servies settings are configured correctly,

If IP address subnet is new, you need to add it to AD sites and services and move the DC to the site that belongs to the new subnet.



Based on Dcdiag logs seems to be there is some issue with AD Replication,

Run below commands and check for error,

ipconfig /all >c:\ipconfig.txt

dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt

repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt  

dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39844005
Assuming that all setting in sites and services are correct, including the mapping of new subnet to the site where client computers are running. you might want to use a network capture tool to see what is happening during the authentication process.
Also you can check on one of the computer below command to see where authentication requests are going -
set logonserver
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now