Logging into domain takes several minutes

[derek23188]

I am hoping someone can help. I have a Windows 2000
Server with 5 client machines. The server was promoted
to a DC however during the dcpromo process I used a
different NETBIOS name then the Domain Name. I assigned
them as follows:

Netbios:
mydomain

Domain
mydomain.com

Everything appears to be working fine, however when I log
a client into the domain, it takes several minutes for
the login to occur. I am not using a roaming profile.

In researching this online, there is a KB article:
"822402 : Domain Controller Takes a Long Time to Respond
to a Logon Request"

This article details that this problem may occur if the
Netbios name is different then the DNS name.

What I would like to do is change the Netbios name to
match, but I cannot figure out how to do this without
running dcpromo again. Can anyone help?

 

[Herb Martin]

I am hoping someone can help. I have a Windows 2000

Server with 5 client machines. The server was promoted
to a DC however during the dcpromo process I used a
different NETBIOS name then the Domain Name. I assigned
them as follows:

Netbios:
mydomain
Domain
mydomain.com

Most people would consider that to be the same name -- although
technically it is different, and merely the EQUIVALENT name.

NetBIOS doesn't support structured, hierarchical names like DNS so
DCPromo would have DEFAULTED to your choice above and nearly
all of us do exactly what you did.

Everything appears to be working fine, however when I log
a client into the domain, it takes several minutes for
the login to occur. I am not using a roaming profile.

This is not due to that NAME above but it is likely due to NAME
RESOLUTION issues.

This article details that this problem may occur if the
Netbios name is different then the DNS name.

The NetBIOS name is (pratically) always different from the DNS
name (in the sense in which YOU used different.)

What I would like to do is change the Netbios name to
match, but I cannot figure out how to do this without
running dcpromo again. Can anyone help?

No, leave it that way and let's check the DNS server.

DNS server must be DYNAMIC.
Clients, including the DC and DNS server must be configure to ONLY
the INTERNAL (Dynamic) DNS server (set.)
Do not also configure the clients (or DC) to use an external DNS server
(use forwarding if you need -- as most do -- Internet resolution)
IF you change either the DNS or the DC pointing to it, restart NetLogon
Service

If the above does not fix it trivially then run DCDiag (from CDROM Support
Tools),
save the output to a file, and search for FAIL, WARN, or ERROR

Post the output here if you cannot fix it from that.

 

[Ace Fekay [MVP]]

In

Most people would consider that to be the same name -- although
technically it is different, and merely the EQUIVALENT name.

NetBIOS doesn't support structured, hierarchical names like DNS so
DCPromo would have DEFAULTED to your choice above and nearly
all of us do exactly what you did.


This is not due to that NAME above but it is likely due to NAME
RESOLUTION issues.


The NetBIOS name is (pratically) always different from the DNS
name (in the sense in which YOU used different.)


No, leave it that way and let's check the DNS server.

DNS server must be DYNAMIC.
Clients, including the DC and DNS server must be configure to ONLY
the INTERNAL (Dynamic) DNS server (set.)
Do not also configure the clients (or DC) to use an external DNS
server (use forwarding if you need -- as most do -- Internet
resolution) IF you change either the DNS or the DC pointing to
it, restart NetLogon Service

If the above does not fix it trivially then run DCDiag (from CDROM
Support Tools),
save the output to a file, and search for FAIL, WARN, or ERROR

Post the output here if you cannot fix it from that.

You're right Herb. This is indicative of the ISP's DNS addresses being used.

Note to (e-mail address removed): This can also cause numerous other problems.
Suggest to remove the ISP addresses immediately (from clients and DCs) and
also suggest (recommended) to configure a forwarder for efficient Internet
resolution.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Guest]

Herb, Ace,

Thank you both for the very valuable information!

I did indeed have the clients pointing to my ISP's DNS.
Using this information, I fully configured DNS on the DC
and enabled DNS forwarding. The clients now point to the
DC for resolution.

Running DCDiag results in all passes now and my logins on
each client now only take in the area of ~5-8 seconds.
This is great!!

Thank you both very much. I now feel far more educated in
DNS!

Derek

 

[Ace Fekay [MVP]]

In

Herb, Ace,

Thank you both for the very valuable information!

I did indeed have the clients pointing to my ISP's DNS.
Using this information, I fully configured DNS on the DC
and enabled DNS forwarding. The clients now point to the
DC for resolution.

Running DCDiag results in all passes now and my logins on
each client now only take in the area of ~5-8 seconds.
This is great!!

Thank you both very much. I now feel far more educated in
DNS!

Derek

No prob Derek.

Keep in mind, there;s more to DNS, but as for AD & DNS, you got the major
stuff licked so far!



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory