Appling computer settings take a long time 2

[Trana]

Hello,

When logging into the Windows 2003 domain from a Windows XP client (all clients are XP) the step Applying Computer Settings takes anything from 2-10 minutes. Logging in with a locally on the client is as fast as normal. After the Applying Computer Settings step is complete, everything works just fine.

At the login screen, if we change the Log On to from the local computer to the domain, the message about refreshing the Active Directory (or something similar) can take a long time too sometimes.

I also noticed I can no longer join computers to "domain", which I used to be able to, now I have to join the computers to "domain.local".

I believe its a DNS issue but I can't find anything wrong there and I am open to any suggestions to where to look and troubleshoot.

Thank you in advanced.

 

[Trana]

The comment about "refreshing the Active Directory", the exact message is "Please wait while the domain list is being built".

 

[Roadki11]

Run dcdiag and netdiag on the DC and report back any errors.


RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[TechyMcSe2k]

It sounds like a possible DNS issue.

Also do several NSlookups to see what it can and cannot resolve. IP/hostname/netbios name/FQDN

________________________________________
Achieving a perception of high intelligence level can only be limited by your manipulation skills of the Google algorithm!

 

[Lemon13]

might also be a profile issue, try user hive cleanup

http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582

 

[Trana]

Crazy day, haven't had time for this, but dcdiag failed with this:

Doing initial required tests

Testing server: Location\mydomaincontroller
Starting test: Connectivity
The host 4580e03d-6c19-4aa1-bbc0-2e02e93a46db._msdcs.SisterDomain.com
could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(4580e03d-6c19-4aa1-bbc0-2e02e93a46db._msdcs.SisterDomain.com)
couldn't be resolved, the server name (mydomaincontroller.mydomain.local)
resolved to the IP address (10.10.10.10) and was pingable. Check that
the IP address is registered correctly with the DNS server.
......................... mydomaincontroller failed test Connectivity

Primary tests went fine.

The IP 10.10.10.10 is from a second NIC configured for use with our backup system. The DNS should not use this NIC and is also configured to only listen on the other NIC with an 192.168. IP address. The DNS was previously configured to listen to both NICs, this cause problems and therefor the DNS was changed to only listen to 192.168.

Netdiag:
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.

DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC cannot be verified right now on DNS
server 192.168.x.x, ERROR_TIMEOUT.
[FATAL] No DNS servers have the DNS records for this DC registered.

Any tips would be helpful, I suppose I should google the above results but I honestly dont have time today.

 

[TechyMcSe2k]

Does your PDC Emulator Role holder server list DNS to itself first and then to a secondary DNS? If it is using the another server for DNS, then your problem lies there. The PDCe is what authenticates users. If the DNS it is looking for is unreachable then the user will experience a long delay. Make sure the PDCe server is pointing to a local DNS copy; if not having the Primary DNS hosted on that box.

________________________________________
Achieving a perception of high intelligence level can only be limited by your manipulation skills of the Google algorithm!

 

[TheLad]

Also make sure that if the PDCe is pointing to itself, it is using the servers proper IP address and not 127.0.0.1

--------------------------------------
"Insert funny comment in here!"
--------------------------------------

 

[Trana]

Thanks, but there is currently no secondary DNS and the DC is pointing to the proper IP-address of itself in preferred DNS on the 192.168.x.x configured NIC. On the NIC configured with 10.10.10.10 there is no DNS specified.

 

[TechyMcSe2k]

Go through your DNS Zone _msdcs.yourdomain.com and see if there are any rogue A records for the 10.10.10.x network. Verify the SOA is your DC. also, right click on your DNS server and Clear Cache.

reboot then run DCDIAG again

________________________________________
Achieving a perception of high intelligence level can only be limited by your manipulation skills of the Google algorithm!

 

[Trana]

I couldn't find any records for the 10.10.10 subnet, the SOA is my DC. I did a clear cache and rebooted.

Another thing I did was to configure the 10.10.10 NIC as the secondary NIC (a bit embarrassed but I didnt actually realize NICs were configurable as primary and secondary).

On my first test just now, it seems to work fine now, I've asked some users to try it and get back to me.