Win 2K Server Active Directory / DNS Problem

P

PrkChpXprss

Gawd
Joined
Nov 7, 2003
Messages
837
I'm having problems with slow client logons on my new Win 2K Server network. Clients take about 5-10 minutes to log on. I've done HOURS of research on the Internet and all I can see is that I may have Active Directory and/or DNS set up improperly. Ok. That's fine and all, but I need help identifying *what* I did wrong. I followed several turorials before doing this, so I'm baffled as to what is causing the slowdown.

For simplicity sake, let's just say my Active Directory domain is called mydomain.net.

Some background:
The server is the only domain controller, running AD, DHCP, and DNS.
The server CAN see the internet.
The clients get the proper DHCP settings from the server.
The clients CAN see the internet (once they get past the mind-numbing wait for "applying computer settings" dialog)
Clients are set up for DHCP
Server is set up for DNS and Active Directory
Clients CAN see the server and vice-versa.

I have also registered 'mydomain.net' with my ISP. It points to a hosted web site. Will that cause problems since my Active Directory domain is named 'mydomain.net' ?

Ugh. Please help. :confused:
 
Are you using roaming profiles?

I assume you did check the event logger and checked into any errors in there. When I first setup AD, I had a few DNS issues, but it didn't affect the speed of the logins.

Does the server have plenty of RAM and Processing speed?

Does everyone have a quick uncongested network connection to the server?
 
I check the event viewer, and it has a few errors related to DNS:

Registration of the DNS record '_kpasswd._udp.mydomain.net. 600 IN SRV 0 100 464 server-hou.mydomain.net.' failed with the following error:
DNS operation refused.

Registration of the DNS record '_kerberos._udp.mydomain.net. 600 IN SRV 0 100 88 server-hou.mydomain.net.' failed with the following error:
DNS operation refused.

Registration of the DNS record '_gc._tcp.mydomain.net. 600 IN SRV 0 100 3268 server-hou.mydomain.net.' failed with the following error:
DNS operation refused.

Also, the W2K server is a RAID 1 setup, with 768MB Ram running on a AMD Athlon 1GHz cpu. I only have 4 clients on the network, connected via a single Netgear 1Gb switch. The Netgear is then connected to our router. (Yes, a firewall is to be connected as soon as I fix this AD/DNS problem) I dont' suspect a problem with the switch because we use the DC as a file server as well -- without issue.
 
PrkChpXprss said:
...I'm baffled as to what is causing the slowdown.

Some background:
The server is the only domain controller, running AD, DHCP, and DNS.
The server CAN see the internet.
The clients get the proper DHCP settings from the server.
The clients CAN see the internet (once they get past the mind-numbing wait for "applying computer settings" dialog)
Clients are set up for DHCP
Server is set up for DNS and Active Directory
Clients CAN see the server and vice-versa.
Click to expand...


A few questions for clarification.

1) what OS are clients? 2000? XP?
2) What are you thinking are Proper DHCP settings?
3) Why not disable auto proxy detection on clients?
 
I'd check out http://www.eventid.net/ first and resolve the DNS issues. That might take care of the issue if they are long DNS timeouts.

How much RAM is being used on the server in task manager? I have an AD domain for ~50 machines, so I'm not sure how much ram a 4 machine domain woudl take, but I would guess 768MB would get by.
 
PrkChpXprss said:
I have also registered 'mydomain.net' with my ISP. It points to a hosted web site. Will that cause problems since my Active Directory domain is named 'mydomain.net' ?
Click to expand...

PrkChpXprss said:
I check the event viewer, and it has a few errors related to DNS:

Registration of the DNS record '_kpasswd._udp.mydomain.net. 600 IN SRV 0 100 464 server-hou.mydomain.net.' failed with the following error:
DNS operation refused.

Registration of the DNS record '_kerberos._udp.mydomain.net. 600 IN SRV 0 100 88 server-hou.mydomain.net.' failed with the following error:
DNS operation refused.

Registration of the DNS record '_gc._tcp.mydomain.net. 600 IN SRV 0 100 3268 server-hou.mydomain.net.' failed with the following error:
DNS operation refused.
Click to expand...

These two issues point to an improper setup in regards to your external and internal DNS which in turn is most likely the cause of your slow client logons.

Now what we need to figure out the problem is the following:

1. IPConfig /all of *all* network adaptors on the server
2. IPConfig /all of at least one workstation
3. Are any DNS forwarders configured on the server?
4. How are clients accessing the internet through the server? NAT? ICS? etc.
 
SJConsultant said:
These two issues point to an improper setup in regards to your external and internal DNS which in turn is most likely the cause of your slow client logons.

Now what we need to figure out the problem is the following:

1. IPConfig /all of *all* network adaptors on the server
2. IPConfig /all of at least one workstation
3. Are any DNS forwarders configured on the server?
4. How are clients accessing the internet through the server? NAT? ICS? etc.
Click to expand...

Ok, I think I fixed a few problems. I pointed the server to itself for DNS (I had it previously pointed to my ISP's DNS servers). I looked at the MS knowledge base article for that on.

Also, your suggestion for IPConfig made me think again. I *had* done an IPConfig this morning on one of the workstations, but I think I was looking at this for too long -- I completely missed that the DHCP server was wrong!

I checked a few things and found out that I had DHCP server set to 'on' on my DSL Router.
I turned off the DHCP server option on the router, saved settings, and rebooted it.

The I cold booted the clients (all WinXP Pro) and low-and-behold they logged into the network in about 15-20 seconds (versus the 5-10 minutes from before). IPConfiged 'em and they show the DC as the DHCP server.

I'll keep my fingers crossed and hope it stays 'fixed'. I'm going through my other errors / warnings in the event log to get a handle on other issues.

Thanks everyone for your help and suggestions!

:D
 
Glad to see you've resolved the problems. Feel free to make another thread on other non related issues if you need help. ;)
 
Thats why its never a good idea to name your internal AD domain the same as any external domain name. always use mydomain.local or something that can't be used an a publicly registered domain name.
 
You must log in or register to reply here.
Back
Top