Slow logins after IP change on DC
I just moved my company to a new office. We were on a flat 192.168.16.0 network. We now have multiple vlans. I have modified the IP address of my 2 DC's along with all other servers. I have changed the DNS server settings on each machine to point to the new IPs as well. I am obviously missing something because logging into these servers takes forever.... GPOs do not seem to be running , etc. What am I missing and how can I troubleshoot?
Miguel Angel Perez Muñoz
Try logon on your DC (may requires lot of time to able logons) and as administrator run ipconfig /registerdns.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Just did all that with same result.... What else can I test or modify?
ASKER
Here is the DCDIAG Results:
C:\Users\bmodlin>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = sasmail
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SA
Starting test: Connectivity
......................... SASMAIL passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SA
Starting test: Advertising
......................... SASMAIL passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SASMAIL passed test FrsEvent
Starting test: DFSREvent
......................... SASMAIL passed test DFSREvent
Starting test: SysVolCheck
......................... SASMAIL passed test SysVolCheck
Starting test: KccEvent
......................... SASMAIL passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SASMAIL passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SASMAIL passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Struc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Struc
......................... SASMAIL failed test NCSecDesc
Starting test: NetLogons
......................... SASMAIL passed test NetLogons
Starting test: ObjectsReplicated
......................... SASMAIL passed test ObjectsReplicated
Starting test: Replications
......................... SASMAIL passed test Replications
Starting test: RidManager
......................... SASMAIL passed test RidManager
Starting test: Services
......................... SASMAIL passed test Services
Starting test: SystemLog
An Warning Event occurred. EventID: 0x000727A5
Time Generated: 02/07/2014 10:13:26
Event String:
The WinRM service is not listening for WS-Management requests.
An Warning Event occurred. EventID: 0x00000420
Time Generated: 02/07/2014 10:26:54
Event String:
The DHCP service has detected that it is running on a DC and has no
credentials configured for use with Dynamic DNS registrations initiated by the D
HCP service. This is not a recommended security configuration. Credentials fo
r Dynamic DNS registrations may be configured using the command line "netsh dhcp
server set dnscredentials" or via the DHCP Administrative tool.
An Warning Event occurred. EventID: 0x825A0086
Time Generated: 02/07/2014 10:27:02
Event String:
NtpClient was unable to set a manual peer to use as a time source be
cause of DNS resolution error on '"ntp.myfloridacity.us,0x8
again in 15 minutes and double the reattempt interval thereafter. The error was
: No such host is known. (0x80072AF9)
An Warning Event occurred. EventID: 0x00002724
Time Generated: 02/07/2014 10:27:02
Event String:
This computer has at least one dynamically assigned IPv6 address.For
reliable DHCPv6 server operation, you should use only static IPv6 addresses.
An Warning Event occurred. EventID: 0x825A0086
Time Generated: 02/07/2014 10:27:04
Event String:
NtpClient was unable to set a manual peer to use as a time source be
cause of DNS resolution error on '"ntp.myfloridacity.us,0x8
again in 15 minutes and double the reattempt interval thereafter. The error was
: No such host is known. (0x80072AF9)
An Error Event occurred. EventID: 0xC0001B58
Time Generated: 02/07/2014 10:27:06
Event String:
The Microsoft IPv6 Protocol Driver service failed to start due to th
e following error:
An Error Event occurred. EventID: 0xC0001B70
Time Generated: 02/07/2014 10:27:12
Event String:
The HP Insight Event Notifier service terminated with service-specif
ic error 4 (0x4).
An Error Event occurred. EventID: 0xC0001B72
Time Generated: 02/07/2014 10:27:22
Event String:
The following boot-start or system-start driver(s) failed to load:
An Warning Event occurred. EventID: 0x8000001D
Time Generated: 02/07/2014 10:27:27
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate
to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
or enroll for a new KDC certificate.
An Warning Event occurred. EventID: 0x8435046F
Time Generated: 02/07/2014 10:27:34
Event String:
System Information Agent: Health: A Temperature Sensor Condition has
been set to degraded. The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
An Warning Event occurred. EventID: 0x8435046F
Time Generated: 02/07/2014 10:27:34
Event String:
System Information Agent: Health: A Temperature Sensor Condition has
been set to degraded. The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
An Warning Event occurred. EventID: 0x8435046F
Time Generated: 02/07/2014 10:27:34
Event String:
System Information Agent: Health: A Temperature Sensor Condition has
been set to degraded. The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
An Warning Event occurred. EventID: 0x8435046F
Time Generated: 02/07/2014 10:27:34
Event String:
System Information Agent: Health: A Temperature Sensor Condition has
been set to degraded. The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
An Warning Event occurred. EventID: 0x000727AA
Time Generated: 02/07/2014 10:29:25
Event String:
The WinRM service failed to create the following SPNs: WSMAN/sasmail
.StructuredAssetServices.l
......................... SASMAIL failed test SystemLog
Starting test: VerifyReferences
......................... SASMAIL passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : StructuredAssetServices
Starting test: CheckSDRefDom
......................... StructuredAssetServices passed test
CheckSDRefDom
Starting test: CrossRefValidation
......................... StructuredAssetServices passed test
CrossRefValidation
Running enterprise tests on : StructuredAssetServices.lo
Starting test: LocatorCheck
......................... StructuredAssetServices.lo
LocatorCheck
Starting test: Intersite
......................... StructuredAssetServices.lo
Intersite
C:\Users\bmodlin>
C:\Users\bmodlin>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = sasmail
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SA
Starting test: Connectivity
......................... SASMAIL passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SA
Starting test: Advertising
......................... SASMAIL passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SASMAIL passed test FrsEvent
Starting test: DFSREvent
......................... SASMAIL passed test DFSREvent
Starting test: SysVolCheck
......................... SASMAIL passed test SysVolCheck
Starting test: KccEvent
......................... SASMAIL passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SASMAIL passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SASMAIL passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Struc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Struc
......................... SASMAIL failed test NCSecDesc
Starting test: NetLogons
......................... SASMAIL passed test NetLogons
Starting test: ObjectsReplicated
......................... SASMAIL passed test ObjectsReplicated
Starting test: Replications
......................... SASMAIL passed test Replications
Starting test: RidManager
......................... SASMAIL passed test RidManager
Starting test: Services
......................... SASMAIL passed test Services
Starting test: SystemLog
An Warning Event occurred. EventID: 0x000727A5
Time Generated: 02/07/2014 10:13:26
Event String:
The WinRM service is not listening for WS-Management requests.
An Warning Event occurred. EventID: 0x00000420
Time Generated: 02/07/2014 10:26:54
Event String:
The DHCP service has detected that it is running on a DC and has no
credentials configured for use with Dynamic DNS registrations initiated by the D
HCP service. This is not a recommended security configuration. Credentials fo
r Dynamic DNS registrations may be configured using the command line "netsh dhcp
server set dnscredentials" or via the DHCP Administrative tool.
An Warning Event occurred. EventID: 0x825A0086
Time Generated: 02/07/2014 10:27:02
Event String:
NtpClient was unable to set a manual peer to use as a time source be
cause of DNS resolution error on '"ntp.myfloridacity.us,0x8
again in 15 minutes and double the reattempt interval thereafter. The error was
: No such host is known. (0x80072AF9)
An Warning Event occurred. EventID: 0x00002724
Time Generated: 02/07/2014 10:27:02
Event String:
This computer has at least one dynamically assigned IPv6 address.For
reliable DHCPv6 server operation, you should use only static IPv6 addresses.
An Warning Event occurred. EventID: 0x825A0086
Time Generated: 02/07/2014 10:27:04
Event String:
NtpClient was unable to set a manual peer to use as a time source be
cause of DNS resolution error on '"ntp.myfloridacity.us,0x8
again in 15 minutes and double the reattempt interval thereafter. The error was
: No such host is known. (0x80072AF9)
An Error Event occurred. EventID: 0xC0001B58
Time Generated: 02/07/2014 10:27:06
Event String:
The Microsoft IPv6 Protocol Driver service failed to start due to th
e following error:
An Error Event occurred. EventID: 0xC0001B70
Time Generated: 02/07/2014 10:27:12
Event String:
The HP Insight Event Notifier service terminated with service-specif
ic error 4 (0x4).
An Error Event occurred. EventID: 0xC0001B72
Time Generated: 02/07/2014 10:27:22
Event String:
The following boot-start or system-start driver(s) failed to load:
An Warning Event occurred. EventID: 0x8000001D
Time Generated: 02/07/2014 10:27:27
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate
to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
or enroll for a new KDC certificate.
An Warning Event occurred. EventID: 0x8435046F
Time Generated: 02/07/2014 10:27:34
Event String:
System Information Agent: Health: A Temperature Sensor Condition has
been set to degraded. The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
An Warning Event occurred. EventID: 0x8435046F
Time Generated: 02/07/2014 10:27:34
Event String:
System Information Agent: Health: A Temperature Sensor Condition has
been set to degraded. The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
An Warning Event occurred. EventID: 0x8435046F
Time Generated: 02/07/2014 10:27:34
Event String:
System Information Agent: Health: A Temperature Sensor Condition has
been set to degraded. The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
An Warning Event occurred. EventID: 0x8435046F
Time Generated: 02/07/2014 10:27:34
Event String:
System Information Agent: Health: A Temperature Sensor Condition has
been set to degraded. The system may or may not shutdown depending on the stat
e of the thermal degraded action value '3'.
An Warning Event occurred. EventID: 0x000727AA
Time Generated: 02/07/2014 10:29:25
Event String:
The WinRM service failed to create the following SPNs: WSMAN/sasmail
.StructuredAssetServices.l
......................... SASMAIL failed test SystemLog
Starting test: VerifyReferences
......................... SASMAIL passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : StructuredAssetServices
Starting test: CheckSDRefDom
......................... StructuredAssetServices passed test
CheckSDRefDom
Starting test: CrossRefValidation
......................... StructuredAssetServices passed test
CrossRefValidation
Running enterprise tests on : StructuredAssetServices.lo
Starting test: LocatorCheck
......................... StructuredAssetServices.lo
LocatorCheck
Starting test: Intersite
......................... StructuredAssetServices.lo
Intersite
C:\Users\bmodlin>
Can you cross verify,
All the settings in AD Sites and Servies settings are configured correctly,
If IP address subnet is new, you need to add it to AD sites and services and move the DC to the site that belongs to the new subnet.
Based on Dcdiag logs seems to be there is some issue with AD Replication,
Run below commands and check for error,
ipconfig /all >c:\ipconfig.txt
dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt
dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
All the settings in AD Sites and Servies settings are configured correctly,
If IP address subnet is new, you need to add it to AD sites and services and move the DC to the site that belongs to the new subnet.
Based on Dcdiag logs seems to be there is some issue with AD Replication,
Run below commands and check for error,
ipconfig /all >c:\ipconfig.txt
dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt
dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
Assuming that all setting in sites and services are correct, including the mapping of new subnet to the site where client computers are running. you might want to use a network capture tool to see what is happening during the authentication process.
Also you can check on one of the computer below command to see where authentication requests are going -
set logonserver
Also you can check on one of the computer below command to see where authentication requests are going -
set logonserver