domain logins take a long time

[AMD_Gamer]

when i use a client computer to log into my windows server 2003 domain using a username/password i have setup in active directory it gets authenticated ok but after that it will stay on the "applying user settings" screen for a good 2 minutes, i have this problem on 2 different computers, i know nthe first time you login to the domain the client computer has to create the users folders and all that but even after the second time logging it it still does it, is this normal or something wrong with the way i have things setup?

 

[XOR != OR]

1) You have several user policies that are assigned to this user. It takes a while to process them all.

2) DNS issue. Don't ask, just check to make sure dns settings are ok. Win2k+ still has issues with DNS. Check both the client and server, because...

3) One of the policies being applied to the user is causing a delay. This could be due to anything, but the most likely suspect is DNS problems...either on the client or server, depending on the script.

Check the event logs, see if those have anything useful in them.

 

[AMD[H]unter]

DNS issue. I see this problem all the time at work.

Me: Hello
Them: my computer takes forever to logon.
Me: are you on a domain?
them: yes
me: is your DNS set to XXX.XXX.XXX.XXX? if not, make it that.
them: wow, thanks, you are god.

So, in other words; check the DNS settings and make sure it is pointing to the PDC.

 

[AMD_Gamer]

ok it logins into the domain fine but just stalls at the "applying user settings"

also i have not gotten to learn dns yet so how would i check this?

 

[AMD[H]unter]

ok it logins into the domain fine but just stalls at the "applying user settings"

also i have not gotten to learn dns yet so how would i check this?

Go to Network Connections, and double click on you LAN Connection, then go to "Properties", then in the scroll box, find "Internet Protocol (TCP/IP)" and double click it.

See where it says "Use the following DNS server address"? in the preferred DNS Server, put in the IP of your DC.

 

[AMD[H]unter]

ok it logins into the domain fine but just stalls at the "applying user settings"

Yes, the machine will find the DC, but it takes forever. Actually, I am not sure if it actually looks for the DC, but never finds it, and just uses a cached DC in the end. XOR, wanna shed some light on that little thought?

 

[dbwillis]

what is giving out your ip addresses?
dhcp on the router or server?

What ever is giving out IP's should be giving out the AD server (the domain controller thats running DNS) out as the IP for DNS

 

[AMD_Gamer]

i thought the dns server that windows server installs is just for computer names on the network, how would client computers use it for all the other dns stuff like web pages and all that.

and yes i have my dhcp from my ipcop box

 

[dbwillis]

Computers point to the AD server, which points to forwarders on the Internet.

Since the IPCOP is doing DHCP, you should have it dish out the IP for your AD server for DNS.

Active Directory relies heavily on DNS, so having DNS on the domain controller, and all the computers referencing/using it, works best.

 

[YeOldeStonecat]

also i have not gotten to learn dns yet so how would i check this?

Here's a quick little guide....I agree it sounds like DNS...esp if you have your router running DHCP. IMO..shut off DHCP on the router..your DC should be running DHCP....
http://www.speedguide.net/read_articles.php?id=1660

 

[swatbat]

1) You have several user policies that are assigned to this user. It takes a while to process them all.

2) DNS issue. Don't ask, just check to make sure dns settings are ok. Win2k+ still has issues with DNS. Check both the client and server, because...

3) One of the policies being applied to the user is causing a delay. This could be due to anything, but the most likely suspect is DNS problems...either on the client or server, depending on the script.

Check the event logs, see if those have anything useful in them.

Another thing to do is see if you turned on roaming profiles. This can slow it down. I'm with them on DNS though

 

[ne0-reloaded]

seems like itll be roaming profile, adsi, or a fugly login script. check dns tho, that should be the quickest to double chick.

http://www.windowsnetworking.com/articles_tutorials/Understanding-DNS-Protocol-Part1.html
http://www.windowsnetworking.com/articles_tutorials/Quickly-Test-DNS-Resolution.html

some links. windows networking's a good site, a lot of useful stuff on there.

 

[AMD_Gamer]

thanks guys i will check this stuff out, im not even sure my dns is installed the right way, i just chose to install it when i setup the domain controller, you have to install it when you setup a DC

 

[AMD[H]unter]

You are correct, if your machine is going to be a DC, you have to install the DNS service. If you just let its install rutine go, it is fine, and your problem is on the PC end. Do your other machines have the same problem?

 

[AMD_Gamer]

ok i selected properties on my dns management tab, what should i be looking for? under the tab "FORWARDERS" it points to my ipcop box and under interfaces it is the ip of the DC, is all that right

also i know what roaming profiles are i learned that and none of the accounts i use have them enabled, you have to specify a network share path for roaming profiles to be enabled under the user options of the user you want to have a roaming profile correct?

 

[AMD_Gamer]

You are correct, if your machine is going to be a DC, you have to install the DNS service. If you just let its install rutine go, it is fine, and your problem is on the PC end. Do your other machines have the same problem?

yeah i have 2 client computers im using to learn with and both of them do it, in fact sometimes on one of them it takes so long i think it just froze but i can ctrl-alt-del to try again or whatever

 

[AMD[H]unter]

ok i selected properties on my dns management tab, what should i be looking for? under the tab "FORWARDERS" it points to my ipcop box and under interfaces it is the ip of the DC, is all that right

Under forwarders I use my work's public DNS, my ISP DNS, and Deltacom's DNS. I dont have my router doing any DNS duties. I don't think that your DNS on the server is the issue here, though. In fact I am positive that it's not. Change the DNS in the one machine and see if that fixes it.

also i know what roaming profiles are i learned that and none of the accounts i use have them enabled, you have to specify a network share path for roaming profiles to be enabled under the user options of the user you want to have a roaming profile correct?

Yes, roaming profiles have to have a share, and they are more trouble than they are worth.

 

[AMD[H]unter]

yeah i have 2 client computers im using to learn with and both of them do it, in fact sometimes on one of them it takes so long i think it just froze but i can ctrl-alt-del to try again or whatever

Are you logging into the same user on both?

I am willing to bet that DNS is set incorrectly. If you change the DNS settings like I explained earlier, your problem will go away.

 

[AMD_Gamer]

Are you logging into the same user on both?

I am willing to bet that DNS is set incorrectly. If you change the DNS settings like I explained earlier, your problem will go away.

ok i will try that, and yes i have 2 user accounts setup in active directory for testing and log into both machines with each one, whatever i feel like using at the time, how could that cause problems

 

[AMD[H]unter]

ok i will try that, and yes i have 2 user accounts setup in active directory for testing and log into both machines with each one, whatever i feel like using at the time, how could that cause problems

It couldn't, but if one user logs in fine, and one is slow as shit, the user profile is messed up on the server. If you are using the same user on both machines, it is POSSIBLE that the profile on the server, but do try the DNS stuff first.

 

[YeOldeStonecat]

ok i selected properties on my dns management tab, what should i be looking for? under the tab "FORWARDERS" it points to my ipcop box and under interfaces it is the ip of the DC, is all that right

Did you take a look at the article I linked above? It has screenshots..and explains it..so there's no doubt or questions.

 

[AMD[H]unter]

Did you take a look at the article I linked above? It has screenshots..and explains it..so there's no doubt or questions.

There's no need for him to do this, though. This is a problem with the local machine, not the DNS on the server.

 

[YeOldeStonecat]

There's no need for him to do this, though. This is a problem with the local machine, not the DNS on the server.

Unless you're doing PM sessions in the background here....based on rereading this thread...we do not know that his DC is setup correctly. A DC needs to be setup correctly before even beginning to look at the workstations. For all we know, based on the info of this thread..his DC could be setup to "Obtain IP automatically"...and be pulling IP's from the IPCop box.

A stand alone DC MUST look at itself as it's one and only DNS server. There's no sense in looking onto further steps before this is verified. On top of that..event view logs relating to DNS..to make sure DNS is functioning correctly. The DNS on the server may be hosed and not functioning correctly. Thus....you can guess in 88 thousand different directions, but IMO...it's prudent to verify each step..staring with the most important..the DC itself. Once step 1 is verified setup correctly..move into step 2.

I've gone in and fixed many a botched Server install that some wanna-be consultant screwed up...it's a common mistake, so it shouldn't be overlooked. DNS is vital to active directory functioning correctly.

And the article covers both server and workstation end..so it covers both ends of the scale.

 

[AMD[H]unter]

Unless you're doing PM sessions in the background here....based on rereading this thread...we do not know that his DC is setup correctly. A DC needs to be setup correctly before even beginning to look at the workstations. For all we know, based on the info of this thread..his DC could be setup to "Obtain IP automatically"...and be pulling IP's from the IPCop box.

A stand alone DC MUST look at itself as it's one and only DNS server. There's no sense in looking onto further steps before this is verified. On top of that..event view logs relating to DNS..to make sure DNS is functioning correctly. The DNS on the server may be hosed and not functioning correctly. Thus....you can guess in 88 thousand different directions, but IMO...it's prudent to verify each step..staring with the most important..the DC itself. Once step 1 is verified setup correctly..move into step 2.

I've gone in and fixed many a botched Server install that some wanna-be consultant screwed up...it's a common mistake, so it shouldn't be overlooked. DNS is vital to active directory functioning correctly.

And the article covers both server and workstation end..so it covers both ends of the scale.

You are completely correct. I forgot that the DC has to have itself as its DNS as well. I stand corrected.

 

[AMD_Gamer]

lok guys thansk alot, i changed my clients so the preffered DNS is the ip of my domain controller, now it works great

i still dont see what role dns has for windows server but i also have not learned about it yet, im following sams teach yourself windows server 2003 in 24 hours lol

 

[AMD[H]unter]

lok guys thansk alot, i changed my clients so the preffered DNS is the ip of my domain controller, now it works great

i still dont see what role dns has for windows server but i also have not learned about it yet, im following sams teach yourself windows server 2003 in 24 hours lol

<cocky> Uh huh! I knew I was right! </cocky>

Windows server is a great thing to learn, keep up the studies, man!

 

[AMD_Gamer]

<cocky> Uh huh! I knew I was right! </cocky>

Windows server is a great thing to learn, keep up the studies, man!

so far i understand all of it seems like a very easy system to use, but then again this is just the same teach yourself in 24 hours, how should o continue my studies after this, i was thinking about moving to a heftier book like MASTER WINDOWS SERVER 2003 , also there is alot of stuff i wont be able to learn since i just have 1 server and a bunch of clients.

 

[AMD[H]unter]

so far i understand all of it seems like a very easy system to use, but then again this is just the same teach yourself in 24 hours, how should o continue my studies after this, i was thinking about moving to a heftier book like MASTER WINDOWS SERVER 2003 , also there is alot of stuff i wont be able to learn since i just have 1 server and a bunch of clients.

Hell, I jsut kinda winged it, and If I had a problem, I would just google it and find a tutorial. After that came the [H]!

EDIT: A nice thick book is a good thing too, just see if you can get one from the local library.