HELP! 2000 Server LAN clients slow login/connect

[Dan]

Server is 2000 (domain controller). It has a number of
LAN clients, mainly XP some 98.

Logging onto the server takes a long time (similarly to
the issue with having the servers IP in the XP clients
DNS). BUT also of note once logged in, My Computer for
example can take a while to open, and then same again
when opening a shared resource on the server. Once this
resource has been opened after many mins of waiting one
can then browse the files in that and at normal speed,
until going to another share for the same slow torture.

I have noticed the following msg appearing in event
viewer, source is "Netlogon"
"Registration of the DNS
record '_kpasswd._udp.HEADOFFICE.QCCS.COM.AU. 600 IN SRV
0 100 464 server.HEADOFFICE.QCCS.COM.AU.' failed with the
following error:
DNS operation refused."

I have remove any "custom" DNS settings (ie forward
lookup etc) on the server, turned of DHCP (letting router
do it). No effect.

I am totaly lost at what it could be as it happen with NO
changes occuring to the system/config at all.

Any ideas would be greatly appreciated

 

[Marina Roos]

Do you have WINS installed on the server? W98 still needs that.
How many nics in the server? Does DNS on the servernic(s) point to your
server-IP *only*?
Have you setup DHCP-server, Scope options with 003, 006, 015, 044 and 046
(0x8)?
Have you setup DNS-server, General tabs on Forward and Reverse Lookup Zone
to 'allow dynamic updates'?

Marina

 

[Dan]

Marina, the reply, my answsers as best i know below

Do you have WINS installed on the server? W98 still

needs that.

Yes Wins is installled, no "additional" configuration bar
default but.

How many nics in the server? Does DNS on the servernic

(s) point to your >server-IP *only*?

Only 1 NIC. The DNS config in the local Server nic has
127.0.0.1 (should this maybe be LAN ip 192.168.0.1) and
2ndary points to ISP DNS). I've changed to 192.168.0.1
ONLY to see if helps

Have you setup DHCP-server, Scope options with 003, 006, 015, 044 and 046
(0x8)?

DID have DHCP enabled with 003 pointing to router and 006
to ISP DNS, I have since DISABLED DHCP and configured the
router to do it (which no effect)

Have you setup DNS-server, General tabs on Forward and Reverse Lookup Zone
to 'allow dynamic updates'?

I DID have DNS setup with 1 forward lookup zone point to
ISP but have since removed (with no change either)


MORE INFO: Terminal Server user of the server is 100%
normal (only for admin). I've noticed that when first
opening the share it takes minutes, but ones in it
browses share fine. This occurs for all shares. I have
also noticed HEAPS of the "Netlogon" "errors" occuring in
event viewer (as below) but they do vary but all are
error 5774. Another EG

"Registration of the DNS record '_kerberos._tcp.Default-
First-Site._sites.dc._msdcs.HEADOFFICE.QCCS.COM.AU. 600
IN SRV 0 100 88 server.HEADOFFICE.QCCS.COM.AU.' failed
with the following error:
DNS operation refused. "

Any more ideas would be great. System has worked fine
for a year, now grrrrrrrrrrrrrrrrrr

 

[Marina Roos]

Hi Dan,

See inline:

Marina, the reply, my answsers as best i know below

needs that.

Yes Wins is installled, no "additional" configuration bar
default but.

(s) point to your >server-IP *only*?

Only 1 NIC. The DNS config in the local Server nic has
127.0.0.1 (should this maybe be LAN ip 192.168.0.1) and
2ndary points to ISP DNS). I've changed to 192.168.0.1
ONLY to see if helps

Good, just the server-IP.

DID have DHCP enabled with 003 pointing to router and 006
to ISP DNS, I have since DISABLED DHCP and configured the
router to do it (which no effect)

006 should point to your server-IP only. 015 should point to your AD-domain
(company.local for example).

I DID have DNS setup with 1 forward lookup zone point to
ISP but have since removed (with no change either)

The tab Forwarders of DNS-server should have the ISP-DNS-numbers.
The Forward lookup zone should show your serverIP and name.

DNS settings

1.) Open up the DNS console.
2.) Once opened, right click on the server in the right hand pane and select
Properties.
3.) On the Interfaces tab, set the server to listen only on its internal IP
Address.
4.) On the "Forwarders" tab, check the "Enable forwarders" selection at the
top.
5.) Add the ISP-DNS-numbers and click Apply. (note- In the TCP/IP settings,
we selected the choice for DNS to point to itself. If name resolution
cannot be resolved then a request is made to the forwarders. If resolution
cannot be made via the internal DNS and there are no forwarders listed, then
resolution will be made via the root hints.)
6.) On the Monitoring tab, select simple and recursive test types and click
the Test now button. Both types should pass. Uncheck test types, click
Apply, then click OK.
7.) Expand the containers beneath the servers name and click on the Reverse
lookup zone subnet. It should correspond to the network ID of the LAN with
an "x" in the last octet. If one is not present, create a Reverse lookup
zone, type Active Directory Integrated.
8.) Verify that the server has a pointer record listed for its own IP.
9.) Bring up the properties of the Reverse Lookup Zone subnet.
10.) Click on the Name Servers tab. Verify that the nameserver is the
servers FQDN with only the internal IP address listed.
11.) Click on the WINS-R tab. Enable WINS reverse lookup and enter the
domainname.
12.) Click on the General tab and set "Allow dynamic updates?" to yes.
13.) Click Apply, clik OK.
14.) Click on the "Forward Lookup Zone" beneath the container Forward Lookup
Zones.
15.) Delete any record which is not on the local internal subnet. If there
is a folder with a dot "." listed then delete it. (note- This indicates to
the server that it is the root server, which means do not go beyond this
server for name resolution.)
16.) Bring up the properties of the Forward Lookup Zone.
17.) Click on the Name Servers tab. Verify that the nameserver is the
servers FQDN with only the internal IP address listed.
18.) Click on the WINS-R tab. Enable WINS forward lookup and enter the
servers internal IP address and click the Add button.
19.) Click on the General tab and set "Allow dynamic updates?" to yes.
20.) Click Apply, clik OK.
21.) Restart DNS-server.

Open up a command prompt and type the following:

1.) At the prompt type "ipconfig /flushdns" and wait for the services to
flush.
2.) "ipconfig /registerdns" and wait for the services to register.
3.) net stop netlogon
4.) net start netlogon

Once all of this is done, open the DNS console again. Expand the Forward
lookup zones, then expand the domain folder. You should see the underscore
folders below:

_msdcs
_sites
_tcp
_udp

Marina

 

[Dan]

Marina,

Thats for those step by step instructions, AWSOME !!!

I have implemented all you have stated and will see how
it goes.

Will let you know

Thanks HEAPS once again

Danny

 

[Guest]

Marina,

Worked a treat. Seems "error" messge 5774 in the event
view re DNS and Netlogon have stop occuring, network
logon/browsing is normal. Thanks once again.

I wonder what cause it to go all crazy, strange. I guess
it was never 100% right anyway, but went fine for 1yr
still weird

 

[Marina Roos]

Hi Dan,

Great. Glad you've got it solved and thanks for reporting back.

Marina

 

[Lisa Decker]

Thank you to all that have experienced this problem and
have found the solution. I walked through all the steps
listed below and found some inconsistencies with my setup
related to WINS. We have been pulling our hair out for 4
days now!!!

Thank You Again
Lisa