XP Pro SP3 workstations hang on "applying computer settings"

[practicalb]

I have an old server running Windows Server 2000, and nine workstations
running Windows XP Pro SP3 with the latest security on both. Just recently
all nine ws started taking 15-20 minutes to login. Once logged in they work
fine. I have a 3COM router doing DHCP. If I setup the ws to have a static
IP address and DNS to the server address the unit logs on fast, but then I
can't get to the internet. If I setup the DNS to point to the router then it
takes a long time to login, but can get to the internet. The server was
setup by another tech. DNS is running on the server which in the only server
acting as a domain controller. Can anyone assist me?

 

[Alister]

I have an old server running Windows Server 2000, and nine workstations
running Windows XP Pro SP3 with the latest security on both. Just recently
all nine ws started taking 15-20 minutes to login. Once logged in they work
fine. I have a 3COM router doing DHCP. If I setup the ws to have a static
IP address and DNS to the server address the unit logs on fast, but then I
can't get to the internet. If I setup the DNS to point to the router then it
takes a long time to login, but can get to the internet. The server was
setup by another tech. DNS is running on the server which in the only server
acting as a domain controller. Can anyone assist me?

Set up your workstations with static IP's and set the primary DNS as
the server and the secondary DNS as the router.
set the default gateway as the router IP.

This way you should have fast logon and internet access.

HTH

Alister

 

[practicalb]

Alister, thank you for the reply..."I thought that I had tried that in the
past week but I wasn't sure. So I came in today and set the ws up as you
described. I did get the fast login, but the internet displayed the home
page(msn.com) one time but selecting items from the page all failed. I
restarted the ws and tried again this time no home page at all and no ther
websites. Do you have any other suggestions?

 

[Alister]

Alister, thank you for the reply..."I thought that I had tried that in the
past week but I wasn't sure. So I came in today and set the ws up as you
described. I did get the fast login, but the internet displayed the home
page(msn.com) one time but selecting items from the page all failed. I
restarted the ws and tried again this time no home page at all and no ther
websites. Do you have any other suggestions?

Um, let's start with the basics.

From one of the workstations, try pinging:

1/ it's own IP
2/ the server IP
3/ the gateway (router) IP
4/ www.google.com

Also try pinging the server by name to see if it resolves to the
correct IP

When you try pinging google, does it resolve the IP of the domain
correctly?

Make a note of all the ping results and if they fail tell me which
ones broke.

On your server, is the dns set to forward requests for domains it
doesn't know about?

In the DNS management console, in the left pane select your DNS server
and right click and choose properties
In the property sheet that opens, select the Forwarders tab, and make
sure the check box "Enable Forwarders"
is checked and add in the IP address of your external ISP's DNS server
- it doesn't matter which.

Also, make sure that in the server's TCP/IP settings the dns is set to
the router IP.

Try these and come back to me whilst I try to think up some more

Alister

 

[practicalb]

Alister, should the DNS service be running on the server? If so, is there a
chance that something is incorrect there. The router is showing the correct
ip addresses in the DNS fields. The server has a static address, same
subnet, and the gateway and dns point to the router.

 

[Alister]

Alister, thank you for the reply..."I thought that I had tried that in the
past week but I wasn't sure. So I came in today and set the ws up as you
described. I did get the fast login, but the internet displayed the home
page(msn.com) one time but selecting items from the page all failed. I
restarted the ws and tried again this time no home page at all and no ther
websites. Do you have any other suggestions?

I would also add that a slow domain logon is normally due to a large
or corrupted user profile.
Do your users profiles include the My Documents folder heirarchy? 'cos
that's often a problem
if they have a large number of files in there.

Alister

 

[Alister]

Alister, should the DNS service be running on the server? If so, is there a
chance that something is incorrect there. The router is showing the correct
ip addresses in the DNS fields. The server has a static address, same
subnet, and the gateway and dns point to the router.

Sorry I thought you'd said that you were running DNS on your server
for your domain.

Is this not the case?

Alister

 

[practicalb]

Alister, I have the ws setup as you described earlier.
ws ping to itself, server, gateway - ok
ws ping to www.google.com failed - could not find host
ws ping to the server by name watc01 - ok
DNS console - dns enable forwarders is greyed out - states it is not
available because this is a root server.

Server dns is pointing to the router only.

 

[practicalb]

Alister,
The DNS service is running on the server, but there are entries in the
router also. As far as the documents in the profile goes I don't think that
is the case, nothing has changed on these systems except for updates to
windows. This system has been in place for 3+ years now. The owner has been
updating the ws over time and I just updated the server last week to SP4.
One other thing is the ISP changed from a local provider to Windstream
(bought them out) recently. Could there be conflict between the server and
router dns and/or with the provider?

 

[Alister]

Alister, I have the ws setup as you described earlier.
ws ping to itself, server, gateway - ok
ws ping towww.google.comfailed - could not find host
ws ping to the server by name watc01 - ok
DNS console - dns enable forwarders is greyed out - states it is not
available because this is a root server.

Server dns is pointing to the router only.

Hi,

if you set a workstation back to using DHCP from the router, can it
see t'internet then?

And, whilst it is set like that, can it resolve local host names to IP
addresses (ping server name)?

Seems a bit strange that your local DNS won't allow forwarding - I
have almost exactly the same set up here
(DC is Win2K and has DNS for local domain - WS are XP and Vista) but
our DNS /is/ set to forward queries to external DNS servers.
My external connection is through a PIX firewall to Leased lines so
DHCP is handled by the DC in our case - may be you could try this
as Active Directory DNS host records are automatically updated by DHCP
leases.

Alister

 

[Alister]

Alister,
The DNS service is running on the server, but there are entries in the
router also. As far as the documents in the profile goes I don't think that
is the case, nothing has changed on these systems except for updates to
windows. This system has been in place for 3+ years now. The owner has been
updating the ws over time and I just updated the server last week to SP4.
One other thing is the ISP changed from a local provider to Windstream
(bought them out) recently. Could there be conflict between the server and
router dns and/or with the provider?

It certainly appears to be a dns problem as far as the internet
connection goes, and possibly also the
long logon time if the router sets itself as the dns for the
workstations when offering DHCP - as the
workstations will be looking for the DC on the wrong dns server - but
I wouldn't have thought that
the change of ownership of the ISP would make any difference.

btw I realise I told you wrong - the DC's TCP/IP settings it should
have it's primary DNS server as itself - not the router.
The secondary DNS server should be the router IP.

Alister

 

[practicalb]

DC means desktop computer?

 

[practicalb]

DC = domain controller?
--
Regards, PracticalB

DC means desktop computer?

 

[Alister]

DC = domain controller?

Sorry yes DC = Domain Controller

 

[practicalb]

Alister,
I tried changing the DC to the DNS you specified, itself and then the
router. At that point the server could not access the internet. I changed
it back. Do you have any other suggestions for me to try?

 

[Alister]

Alister,
I tried changing the DC to the DNS you specified, itself and then the
router. At that point the server could not access the internet. I changed
it back. Do you have any other suggestions for me to try?

Hmm, it doesn't look as though your DNS server on the Domain
Controller is actually doing a lot!

You said that the Cisco router has DNS entries in it - are these for
the server and workstations?

My suggestion for the moment is to put the Workstations back to using
DHCP from the router and check everything works
- Internet and local browsing - and then we can see if there is
another reason for the slow logon.

Alister.

 

[practicalb]

The router is a 3COM router and has entries in the main area for primary, and
secondary DNS addresses. Then in the status it shows the same two above
addresses and then two additional addresses. OK if set the ws back to dhcp
from the router the login is slow 15-20 minutes but it does function
correctly including the internet. I have the unit trying to login now.

 

[Alister]

The router is a 3COM router and has entries in the main area for primary, and
secondary DNS addresses. Then in the status it shows the same two above
addresses and then two additional addresses. OK if set the ws back to dhcp
from the router the login is slow 15-20 minutes but it does function
correctly including the internet. I have the unit trying to login now.

In an ideal situation, for the setup you have, you would have the
Domain controller running DHCP, DNS (Active directory integrated) and
WINS,
all on the same server, and your workstations would obtain their IP
addresses from the server's DHCP. This would automatically update the
server's DNS and WINS entries, and you would see quick logon times and
reliable network browsing between workstations and server.
You would set the DHCP options so that the workstation's default
gateway address was set to the router's internal IP, and the server's
own default gateway and dns settings were also pointed at the router's
internal IP. This would give you Internet connectivity.

I have set up numerous networks in this way with both Win2k and Win2k3
servers and (apart from the odd niggle) they have worked
first time with no problems.

The most common reason for slow logon times between client PC's and
servers on a domain is a DNS issue where the client fails
to find the Domain controller and uses locally cached credentials to
log onto the domain after spending some time fruitlessly searching
for
the DC on the network.

If this is the case with your set up, I would expect to see Event ID
5719 in the event viewer on the workstations or something similar.

I don't however know why this would suddenly change - if as you say
there have been no changes to the network recently.

Could you look at a workstation event log and tell me if there are any
errors?

Alister.