XP *REALLY* slow to login to Win2K domain

[Rexxx]

Here's the issue:

All of my XP machines on my Win2k network, around 4pm today, decided to
dramatically slow down. A reboot allowed the user to enter their login
information, and it got as far as 'applying computer settings'.. and sits
there. Literally, an hour or more later, the desktop will finally come up,
but you still can't do anything as the system process is at 99%. I let one
machine sit for 3 hours, and was never able to use it.

These XP machines have had SP2 ever since they came through the door. Some
are brand new, others are many months old already, and have been working
flawlessly until about 4pm today.

I checked DNS and it appears to be working properly, and the windows boxes
indeed point to the correct internal DNS server (I can boot them up in safe
mode with networking support, and they boot right up fine).

On ONE of the machines, I disabled the firewall and the problem went away.
On another machine, that did NOT solve the problem. So, on that machine, I
removed service pack 2 and it took care of the problem. I left the rest of
them with the problem because I'd rather solve it than remove SP2 from
everything, even though they have had it forever.

So.. any ideas as to what is happening here? It's driving me absolutely
insane.

Chris

 

[Rexxx]

I should probably also mention that all of my Win2k boxes on the network are
working perfectly.

 

[Kerry Brown]

Here's the issue:

All of my XP machines on my Win2k network, around 4pm today, decided to
dramatically slow down. A reboot allowed the user to enter their login
information, and it got as far as 'applying computer settings'.. and sits
there. Literally, an hour or more later, the desktop will finally come
up, but you still can't do anything as the system process is at 99%. I
let one machine sit for 3 hours, and was never able to use it.

These XP machines have had SP2 ever since they came through the door.
Some are brand new, others are many months old already, and have been
working flawlessly until about 4pm today.

I checked DNS and it appears to be working properly, and the windows boxes
indeed point to the correct internal DNS server (I can boot them up in
safe mode with networking support, and they boot right up fine).

On ONE of the machines, I disabled the firewall and the problem went away.
On another machine, that did NOT solve the problem. So, on that machine,
I removed service pack 2 and it took care of the problem. I left the rest
of them with the problem because I'd rather solve it than remove SP2 from
everything, even though they have had it forever.

So.. any ideas as to what is happening here? It's driving me absolutely
insane.

Chris

Are you getting any errors in the event logs on the domain controllers? Also
check the event logs on one of the slow machines after it finally logs in.
Are the slow machines in a different OU than the ones that work. It may be a
group policy problem.

Kerry

 

[Rexxx]

Well, Here's what I found...

After booting into safe mode on the machines, and checking the logs, it
appears that they were unable to find the domain controller. NO idea why
that is. And, as you know, this could point to a billion different reasons,
most of which I have already checked. When I boot into safe mode with
networking support, they find it beautifully.

Spyware and virus checks revealed nothing out of the ordinary on any of the
machines.

On some machines, removing SP2, and then doing a Windows update seemed to do
the trick. On some machines, however, I had to simply turn off the machine
firewall. Not at all sure what the deal is here, but I need to investigate
it further. For now, though, it is working. I'll be sniffing it on Monday
to see if I get any clues that way...

 

[Kerry Brown]

Well, Here's what I found...

After booting into safe mode on the machines, and checking the logs, it
appears that they were unable to find the domain controller. NO idea why
that is. And, as you know, this could point to a billion different
reasons, most of which I have already checked. When I boot into safe mode
with networking support, they find it beautifully.

Spyware and virus checks revealed nothing out of the ordinary on any of
the machines.

On some machines, removing SP2, and then doing a Windows update seemed to
do the trick. On some machines, however, I had to simply turn off the
machine firewall. Not at all sure what the deal is here, but I need to
investigate it further. For now, though, it is working. I'll be sniffing
it on Monday to see if I get any clues that way...

On one that still has the problem try pinging (by name & IP) the first name
server listed in ipconfig /all. Also try specifically setting the DNS in the
TCP/IP properties. It may be a DHCP problem. It could also be a routing
problem. Is the DC in the same subnet?

Kerry

 

[Rexxx]

On one that still has the problem try pinging (by name & IP) the first
name
server listed in ipconfig /all. Also try specifically setting the DNS in
the TCP/IP properties. It may be a DHCP problem. It could also be a
routing problem. Is the DC in the same subnet?

Kerry

I did set up the machine statically, and the problem persisted, which rules
out a DHCP problem. It isn't a routing problem as every machine is on the
same subnet. Not a very large company. Monitoring the switch doesn't show
any erratic activity, and, every win2k desktop works perfectly (and there
are many on each switch segment). I also disconnected the machine from the
network, and it exhibited the same behavior logging in locally, even to the
machine as opposed to the domain. So, now, I have a hard time thinking that
it is the network that is messing it up. I am more apt to think an update
is causing a problem. Found no viruses or spyware (Well.. some spyware, but
nothing common among them all)... and even had one XP box that exhibited no
problems at all.

I'm HOPING that sniffing will tell me SOMETHING...

Chris

 

[Kerry Brown]

I did set up the machine statically, and the problem persisted, which
rules out a DHCP problem. It isn't a routing problem as every machine is
on the same subnet. Not a very large company. Monitoring the switch
doesn't show any erratic activity, and, every win2k desktop works
perfectly (and there are many on each switch segment). I also
disconnected the machine from the network, and it exhibited the same
behavior logging in locally, even to the machine as opposed to the domain.
So, now, I have a hard time thinking that it is the network that is
messing it up. I am more apt to think an update is causing a problem.
Found no viruses or spyware (Well.. some spyware, but nothing common among
them all)... and even had one XP box that exhibited no problems at all.

I'm HOPING that sniffing will tell me SOMETHING...

Chris

Any weird entries in the host file?

Kerry

 

[Rexxx]

Any weird entries in the host file?

Kerry

Nope. But I think I just found what it was somewhere else. Trend Micro
released an update yesterday that is bad for XP and SP2... I'll have to
manually update again (They have released another update since then) to get
it back. At least that is what I am hearing currently....

Chris

 

[Kerry Brown]

Nope. But I think I just found what it was somewhere else. Trend Micro
released an update yesterday that is bad for XP and SP2... I'll have to
manually update again (They have released another update since then) to
get it back. At least that is what I am hearing currently....

Chris

Let us know. I some clients using Trend Micro.

Kerry

 

[Kerry Brown]

Let us know. I some clients using Trend Micro.

Kerry

Oops, some clients

Kerry

 

[chas.scott]

Chris,

Reading your post was like reliving my Friday night last week. I have
exactly the same problem, and it just happened to me again today. I am
leaning towards the Trend Micro issue as well, as I had been running
BitDefender after Friday night, as it found some viruses on my system
that Trend did not. After totally reloading the OS on my machine,
everything was running fine. I decided to install Trend Micro again
just so I had an additional virus protection in place, and I am locked
up again. Did you find anything out from Trend? I am going to give
them a call right now, and will let you know what I find out.

 

[Rexxx]

Sorry Chuck!! Yes, it is the trend micro problem..

There's a link in this thread to the official statement and fix for it..

Basically, manually update the sig file, and all should be well.