G
Guest
We just migrated our domain from NT4 to W2K. The new domain controllers are also to be used for DNS and WINS. Users are able to login fine...until we change the clients to point to the new servers for their DNS and WINS settings. Clients all use static IP. Once the settings are changed, users randomly have problems logging in. Their login then seems to take, but the computer locks up for 10+ minutes. Once the time passes, they get their desktop and everything works fine, but the login script didn't seem to run. I would think it is a DNS problem, but it only happens to particular users on each machine, but that same user can login just fine on another client configured identically to the other...and I do mean identically since they were built from the same Norton ghost image. When trying pings to the new DNS/WINS servers, they come back 100% with <10ms responses. I can resolve the domain using NSLOOKUPS. The clients still pointed to the old DNS/WINS servers don't have any problems. If the user having the slow login problem intentionally types in a wrong password for their domain accout, he is immediately notified that the password is wrong, which means they are communicating with the domain controllers. Users with the same group permissions and login script as the problematic user have no problem logging in onto the same machine. Each computer having the problem seems to have the same error in their application event log:
USERENV Event ID: 1000 Windows cannot obtain the domain controller name for your computer network. Return value (59).
I have run a few tests to single out the problem, which seemed to add to the confusion. Here's a list of what works (user logs in quickly) and doesn't work (slow login).
Doesn't work:
Remove user's local profile.
Removing computer from domain and adding back.
Rebuilding computer from scratch.
Creating a blank login script in each DC's NETLOGON directory (e.g. blank.bat) and linked to the user's account. A blank script should run without any problems, but the login is still slow (10+ minutes) for the user.
Granting user both local machine admin and domain admin rights.
Does work:
Delete user's domain account and rebuild from scratch...placing them back in all of the same groups with the same login script.
Remove login script from user account. Note: User can then manually map the same drives that the login script normally handles.
________________________
To me, the problem does seem to point to either DNS or WINS though, since the problem doesn't begin until the client IP settings point to the new DCs running DNS and WINS. Any thoughts?
Thank you,
Clueless in Cleveland
USERENV Event ID: 1000 Windows cannot obtain the domain controller name for your computer network. Return value (59).
I have run a few tests to single out the problem, which seemed to add to the confusion. Here's a list of what works (user logs in quickly) and doesn't work (slow login).
Doesn't work:
Remove user's local profile.
Removing computer from domain and adding back.
Rebuilding computer from scratch.
Creating a blank login script in each DC's NETLOGON directory (e.g. blank.bat) and linked to the user's account. A blank script should run without any problems, but the login is still slow (10+ minutes) for the user.
Granting user both local machine admin and domain admin rights.
Does work:
Delete user's domain account and rebuild from scratch...placing them back in all of the same groups with the same login script.
Remove login script from user account. Note: User can then manually map the same drives that the login script normally handles.
________________________
To me, the problem does seem to point to either DNS or WINS though, since the problem doesn't begin until the client IP settings point to the new DCs running DNS and WINS. Any thoughts?
Thank you,
Clueless in Cleveland