Slow logon

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We have several workstations that are very slow while logging into the domain for the first time of a day. DNS is setup correctly and it is not everybody. Just people that have been put into a SUS OU. The computer seems to be hanging on processing computer settings. Can anybody give me some advice on how to handle this?
 
Hmmm, sounds like it's the GPO that's slowing things down. On one of the
dodgy machines, enable verbose GPO logging and have a look at the log to see
what's happening.

How do enable Group Policy debug logging on a Windows 2000 Server?
-- http://www.jsiinc.com/SUBG/TIP3100/rh3100.htm

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


We have several workstations that are very slow while logging into the
domain for the first time of a day. DNS is setup correctly and it is not
everybody. Just people that have been put into a SUS OU. The computer
seems to be hanging on processing computer settings. Can anybody give me
some advice on how to handle this?
 
I have encountered the same problem. I joined a laptop to the domain and it
seems that when I log in for the first time after the machine has been off
or restarted it takes a few minutes. Once in I can log on and off at will.

The only problem I did come across was not in joining the laptop to the
domain but when I logged in locally as admin and tried to add a user for
that domain it told me that the trust between the cldomain and the client
failed even though the computer was already joined to the domain.

I am trying the log suggestion but if any one knows a solution I would
appreciate it as well.

Tim said:
We have several workstations that are very slow while logging into the
Click to expand...
domain for the first time of a day. DNS is setup correctly and it is not
everybody. Just people that have been put into a SUS OU. The computer
seems to be hanging on processing computer settings. Can anybody give me
some advice on how to handle this?
 
Is your DNS configured to point to the internal DNS server or a public one,
e.g. your ISPs?

It *has* to point at an internal DNS server.


--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


I have encountered the same problem. I joined a laptop to the domain and it
seems that when I log in for the first time after the machine has been off
or restarted it takes a few minutes. Once in I can log on and off at will.

The only problem I did come across was not in joining the laptop to the
domain but when I logged in locally as admin and tried to add a user for
that domain it told me that the trust between the cldomain and the client
failed even though the computer was already joined to the domain.

I am trying the log suggestion but if any one knows a solution I would
appreciate it as well.

Tim said:
We have several workstations that are very slow while logging into the
Click to expand...
domain for the first time of a day. DNS is setup correctly and it is not
everybody. Just people that have been put into a SUS OU. The computer
seems to be hanging on processing computer settings. Can anybody give me
some advice on how to handle this?
 
It is setup on DHCP and it obtains it's address from our gateway and those
are public DNS settings on the gateway. The problem is that this occurs
whether I am connected to the network or not. It does not happen to local
accounts but when I log into that account on the domain, it hangs for a
couple minutes.

Thanks for helping I have been searching all day!!
 
You can't point your domain members to public DNS servers. AD uses DNS for
all name resolution, I.e. how to find the appropriate DC for logon, etc.
You *have* to use the internal DNS server for internal clients. The reason
it takes a long time for domain accounts and not local is because it first
looks to DNS for how to locate a DC and GC, that will timeout and fail so
it'll go through the name resolution list until it finally broadcasts and
gets the info.

Point all internal clients to the internal DNS server and either use the
root hints, a forwarder or a combination of both for external name
resolution. Basically if the DC, or DNS server if separate, can access the
web it can resolve external names for the clients (firewall permitting of
course).

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


It is setup on DHCP and it obtains it's address from our gateway and those
are public DNS settings on the gateway. The problem is that this occurs
whether I am connected to the network or not. It does not happen to local
accounts but when I log into that account on the domain, it hangs for a
couple minutes.

Thanks for helping I have been searching all day!!
 
Once policy is applied, it is not applied again until you logon, perform a
sync, or the GPO changes.

You would need a lot of GPOs making lots of changes to slow things down.

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


Well my clients are going to a internal DNS server so I don't think that
will help me with that problem. Is it possible that group policy could be
slowing the PC down that much on logon? One more quick question. Once it
loads the new Policy it shouldn't have to load it again until something
changes correct? It continues to load over and over and over and I can't
figure out why. I am pulling my hair out here so anything you can suggest
will be great.
 
Is there anything that would cause the policy to be applied over and over? There isn't a lot of GPO making a lot of changes, however I still get the five minute login time problem. I am sure it is something small but I am having no luck.
 
Ok I have a new twist to my problem. If I place the user into the local admin group then the logon resumes at normal speed. This makes me assume that the slow Group Policy is a rights issue. Can anybody suggest where I might take a look. I verifed that the users have access to C:\windows\system32\group policy. Anywhere else?
 
Not that I can put my finger on...

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


Is there anything that would cause the policy to be applied over and over?
There isn't a lot of GPO making a lot of changes, however I still get the
five minute login time problem. I am sure it is something small but I am
having no luck.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Slow Logon 3
Create workstation account in OU 2
OU vs Domain 5
WinXp tooooooo slow logon into win2000 server 1
HELP - specifying ability to add a workstation to a domain. 1
Problem with restricted groups 3
Default Domain Policy 2003 7
Windows XP Logon script location 3

Back
Top