Domain is very slow to login

[Sajith S]

hi,

Last week i updated service pack 3 patch and the latest
update for blaster virus in Windows Advanced Server 2000.
ADS is on in this server. This monday(After 5 days
updating the patches) we got a problem loggin to the
domain.All client PC connecting through Win2k proffesional
have a problem in authenticating to the Domain. Atleast 20
minutes is taAking to logon. For all the other users in
win98 found to be no problem in authenticating to the
server. I tried to do so many steps..didnt worked a single
of them...went in the following link
http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/w2kmsgs/6166.asp ...Given full
access ..but no use.....decided to restart the server.

Surprisingly after restarting the server, everybody was
able to logon fast. But today, same thing happened
again...logon is taking time...almost 20 + minutes..after
Loggin in there is no problem like mapping the domain
drives. accessing sql data from domain.. But try to
relogin, its the same effect. From the event viewer i
found this meessage

"Windows cannot determine the user or computernmae. Return
value (1722)"

After checking in the internet, i found it may the coputer
account...so disjoined the domain.asked administrator to
remove the worktation .After that added my workstation
again and then rejoined domain....Still the same effect...

PLease tell me how to bring the logon time fast...Any
advice on this regard. Thanks in advance for any kind of
help in this regard.


Regards

Sajith S

 

[Kevin D. Goodknecht Sr. [MVP]]

In

hi,

Last week i updated service pack 3 patch and the latest
update for blaster virus in Windows Advanced Server 2000.
ADS is on in this server. This monday(After 5 days
updating the patches) we got a problem loggin to the
domain.All client PC connecting through Win2k proffesional
have a problem in authenticating to the Domain. Atleast 20
minutes is taAking to logon. For all the other users in
win98 found to be no problem in authenticating to the
server. I tried to do so many steps..didnt worked a single
of them...went in the following link
http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/w2kmsgs/6166.asp ...Given full
access ..but no use.....decided to restart the server.

Surprisingly after restarting the server, everybody was
able to logon fast. But today, same thing happened
again...logon is taking time...almost 20 + minutes..after
Loggin in there is no problem like mapping the domain
drives. accessing sql data from domain.. But try to
relogin, its the same effect. From the event viewer i
found this meessage

"Windows cannot determine the user or computernmae. Return
value (1722)"

After checking in the internet, i found it may the coputer
account...so disjoined the domain.asked administrator to
remove the worktation .After that added my workstation
again and then rejoined domain....Still the same effect...

PLease tell me how to bring the logon time fast...Any
advice on this regard. Thanks in advance for any kind of
help in this regard.


Regards

Sajith S

My first guess is that you are using your ISP's DNS in your NIC TCP/IP
setup.
All machines including the server should only use the private IP of the
local AD DNS server that has DNS, file sharing and Client for Microsoft
Networks bound.
You should not use your ISP's DNS anywhere but as a forwarder in the DNS
server properties on the Forwarders tab.

 

[Don Bickowski]

We too are having the same type of problems with PATCHed
versions of W2K. It looks like the DNS resolution order
or algorythym may have changed. If we add a HOSTs file
entry for the specific target machine, the problem is
clears up to that machine. WE DID NOT HAVE THIS PROBLEM
BEFORE THE PATCH. Our Winnt and XP machines run fine. I
hope that Microsoft will FIX this issue on 2K ASAP as it
has made these machines almost unusable.


Don Bickowski
I.T. Director
Color Art Inc.

 

[Ace Fekay [MVP]]

In

In Ace Fekay [MVP]
<PleaseSubstituteMyActualFirstName&[email protected]> posted
their concerns
Then Kevin made his reply below:

Thanks, I'm working on learning how to set up Exchange 2000 in the
old trial and error fashion. Plus, my boys went back to school last
week and with all the to do's getting them back in school I haven't
had much of a chance to sit down here. I have terminal services
running on the Exchange so maybe it will give me more time here.

Cool. Glad to hear you're doing well.

Back to school! Sometimes we say it's the best time of the year!!

If you need any help with Exchange, (advise, remoting in, etc), let me know.
I've used it for years and teach it too!

Ace

 

[Michael Johnston [MSFT]]

DNS is the most likely cause of these delays. Make absolutely certain that all machines including the servers point at the internal AD DNS server ONLY. DO
NOT put any other DNS entries in the IP configuration of any client. Verify that the DNS zone for the AD is set to allow dynamic updates and verify the existance
of the SRV records registered by the DC are in place. If they are not there or your are not sure if they are correct, from the DC open a command prompt. Type
"net stop netlogon" and press enter. Then type "ipconfig /flushdns" and press enter. Navigate to winnt\system32\config and delete the netlogon.dns and
netlogon.dbd files. Then type "ipconfig /register DNS" press entere and type "net start netlogon" and press enter. Have a client test logon. It should be
working now.

If the problem persists, you may try removing the patch to see if the problem goes away. Most likely though it will not. This typically indicates that some other
change was made prior to the reboot that the patch required. After the reboot this other change took effect and caused the failure you are seeing and gives the
impression that the patch caused the behavior. Please be sure to re-apply the patch if you have removed it.

Thank you,
Mike Johnston
Microsoft Network Support

--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.

 

[Kevin D. Goodknecht Sr. [MVP]]

In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
posted their concerns
Then Kevin made his reply below:

In



Cool. Glad to hear you're doing well.

Back to school! Sometimes we say it's the best time of the year!!

If you need any help with Exchange, (advise, remoting in, etc), let
me know. I've used it for years and teach it too!

Ace

Now you tell me, the mail part wasn't all that hard the real kicker came
with the IM server I spent the better part of two weeks trying to get signed
in to it. I finally decided to use one of my support calls and spent about 3
hours on the phone with a tech and finally got signed in. Weird part is I
still don't know what we did, it seemed to be an authentication problem. He
used Webex to remote in, I just watched for the most part and and talked to
him on the phone while he was going through it.
Now that it is working I was able to get my kid's sign in working. I just
hope I can replicate it I'm planning on setting it up on a couple of
business networks here. One of which has their network scattered through
four buildings.

 

[Ace Fekay [MVP]]

In

Now you tell me, the mail part wasn't all that hard the real kicker
came with the IM server I spent the better part of two weeks trying
to get signed in to it. I finally decided to use one of my support
calls and spent about 3 hours on the phone with a tech and finally
got signed in. Weird part is I still don't know what we did, it
seemed to be an authentication problem. He used Webex to remote in, I
just watched for the most part and and talked to him on the phone
while he was going through it.
Now that it is working I was able to get my kid's sign in working. I
just hope I can replicate it I'm planning on setting it up on a
couple of business networks here. One of which has their network
scattered through four buildings.

Hmm, I would have to see your setup. Did you create an _rvp SRV record under
the domain or were you just signing in to the machine's FQDN? .

Chapter 19 - Chat and Instant Messaging Services
http://www.microsoft.com/technet/tr...xchange/exchange2000/reskit/part5/c19chat.asp



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory