Computers Take long at log on

I have a few computers on my network, about 60 out of 1000 desktops. These computers have started randomly taking about 40 minutes to present the user with the "press ctrl +alt + delete" section. PCs display a message about applying a GPO that does not exist. The GPO refers to applying disk quotas, after troubleshooting i can confirm that there is no GPO applying that or GPO by the name that is being displayed.

If i remove this PC from the network, (Unplug Network Cable) the same issues persists.

Any Pointers are welcome.
LVL 3
Helao MwapangashaData Centre: Server EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Miguel Angel Perez MuñozCommented:
How do you determine GPO is causes of slow logon? If you disconnect your ethernet cable from affected computer, logon not process any GPO, may the problem are other.
Have you tried installing XPERF and do some investigation?: http://social.technet.microsoft.com/wiki/contents/articles/10128.tools-for-troubleshooting-slow-boots-and-slow-logons-sbsl.aspx
0
TunerMLSystems EngineerCommented:
May not make a difference but first thing I would do is gpupdate /force from the command line, in the case (which I suspect) that doesn't work, if you have the ability you can try removing and rejoining domain.
0
Gabriel CliftonNet AdminCommented:
You can also remove any old group policy history by deleting all contents of C:\ProgramData\Application Data\microsoft\Group Policy\History\, perform gpupdate and reboot. It could also be that these computers did not get a group policy reversal, reversing the disk quota instead of just deleting the policy.
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Joseph NyaemaIT ConsultantCommented:
In my experience, the issue is caused by the user adding the ISP's DNS or some incorrect DNS.
The TCP settings should only use the internal DNS servers.  Removing the extra DNS servers sorts out the issue most if not all the time.
0
WORKS2011Austin Tech CompanyCommented:
What happens when you log on as a local user?

I would remove the computers from the domain, delete the accounts from Active Directory, host A records in DNS, and info in DHCP. To be safe rename them something different before adding back to the domain.

The above will isolate profiles being corrupt and computer names in Active Directory.
0
Joseph NyaemaIT ConsultantCommented:
@Works2011 You remove computers from the domain, would automatically remove the computer accounts from AD database.  Also really don't follow how removing accounts from AD, DNS, DHCP affect user profiles that are stored on local profiles.  When computers are rejoined even with different names, or IPs, users still use existing profiles if any. He has got 60 PCs to do this on.

Please try-out my earlier suggetion.  Member Computers should only use internal active directory dns servers for all name resolution both internal and external.  Adding external DNS servers only confuses things even if the external server is the last.  Please test and revert.
0
WORKS2011Austin Tech CompanyCommented:
@Nyaema
Also really don't follow how removing accounts from AD, DNS, DHCP affect user profiles that are stored on local profiles.  When computers are rejoined even with different names, or IPs, users still use existing profiles if any. He has got 60 PCs to do this on.
Couple things, one you're flat out wrong domain profiles create .000, .001, etc all the time and especially when added back to a new domain. Often the new profile is not copied and data is manually moved over. However I'm not worried about data so much at this point it can be copied over later, then to resolve log on issues. Removing accounts from AD, I've seen SIDS cause issue, if you need me to explain what a SID is feel free to ask. Regarding local profile I just asked him to log in locally and nothing else, again troubleshooting profiles. Lastly, I would never recommend trying all troubleshooting techniques on all 60 computers, this is insane and interesting you even have this thought. Try troubleshooting on one if the problem is found repeat on the other 59.
0
WORKS2011Austin Tech CompanyCommented:
run dcdiag /Test:DNS on the server and post the results.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Joseph NyaemaIT ConsultantCommented:
Sorry Works2011, don't understand... please explain  what a SID is... and what are those numbers .000, .001.
Why would you want to run DCDiag on 59 machines?
0
WORKS2011Austin Tech CompanyCommented:
SID is a security identifier which communicates kerbos and other information in sysvol between the workstation and server, if it becomes corrupt or the server is not communicating with the workstation correctly, for example via GP's there can be issues.

Numbers .000 and .0001 come after a profile when the workstation finds a reason to recreate, this can be done for numerous reasons.

run dcdiag /Test:DNS on the server and post the results.
0
Joseph NyaemaIT ConsultantCommented:
Replacement profiles are created when one becomes corrupt or inaccessible... not because you removed disjoined and rejoined a machine to the domain. User SID remains unchanged, so need to create new profile if User SID matches Profile SID.  Don't take my word for it, try it.... disjoin from domain... join domain.

I believe we owe to the community to question expert contributions that don't make sense and save an asker the run around otherwise we would be doing everyone a disservice including ourselves.  Nothing personal, lest wait for the author's response.
0
hecgomrecCommented:
When a Computer attached to a domain takes long to show the log in screen is usually because the machine is not able to find any Domain Controller and/or DNS server using current settings.

Make sure the IP settings for the NIC are correct based in your current LAN.  Also, make sure they are looking for the right server in your organization, if you have move DNS server or DHCP servers or if there is any conflict from removing or updating any of these within the organization then this is why your computers are randomly having issues to find those servers.
0
Helao MwapangashaData Centre: Server EngineerAuthor Commented:
Tech Folks,

After long nights and all kinds troubleshooting i found the issue. I ran DCDiag /test:DNS on the DC and discovered a rouge name server entry. I deleted the _mcds entry of the serverx and this resolved the issue once the PC restarted.

All the DNS entries and communication pointers Helped.

You guys are awesome.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.