Logging into domain takes ages!

[chunky28]

Hi

My domain and network setup has been working fine for months now.

However....All of a sudden it is taking ages to login to the domain.

I have a server machine with Windows 2000 server advanced SP3 installed as the DC and this is also the DNS server.
- I have assigned forwarders to external ISP DNS servers to resolve other URL's.

Each client has Windows 2000 Pro SP2 loaded and the DNS settings point to my internal DNS on the DC.

When I login to the domain it stays on the 'Loading Personal Settings Screen....' for around about 30-40 mins.

- I have tried pinging without any problem from the client machines and the server machine.

- I have Norton Firewall installed on each PC (client and servers) but these are currently disabled.

I have attempted to delete the forward lookup zone and recreate it in the same way:

Type: Primary
Allow Dynamic Updates: Yes

I then ran ipconfig/registerdns from the client machines and the server machines. No new errors appeared in the event viewer.

I am still having problems!

#######################

There are various error messages in my DC Event Viewer. Not sure if any are relevant but here they are just in case.

1.
Event Type: Error
Event Source: NTDS Inter-site Messaging
Event Category: Internal Processing
Event ID: 1168
Date: 27/08/2003
Time: 15:07:14
User: N/A
Computer: MAILGATE
Description:
Error 0(0) has occurred (Internal ID 11020e29). Please contact Microsoft Product Support Services for assistance.


2.
Event Type: Error
Event Source: NtFrs
Event Category: None
Event ID: 13568
Date: 27/08/2003
Time: 09:02:40
User: N/A
Computer: MAILGATE
Description:
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.

3.
Event Type: Warning
Event Source: Schannel
Event Category: None
Event ID: 36872
Date: 27/08/2003
Time: 14:14:55
User: N/A
Computer: MAILGATE
Description:
No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.


4.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 27/08/2003
Time: 15:07:23
User: NT AUTHORITY\SYSTEM
Computer: MAILGATE
Description:
Windows cannot obtain the domain controller name for your computer network. Return value (59).

##########################

I hope someone can help...it had been working fine for months!

Cheers

Charlie

 

[Claudek]

Just curious, have you rebooted your server since the problems occured?

Claudius (What certifications??)

http://www.iteq.com.au

 

[chunky28]

Hi

Thanks for the input Claudek

As we are only developing at present our network is shut down completely each night.

I know this is not normal!

The problem has now been resolved though.

It was Norton Firewall. Despite being disabled at startup it still causes MANY problems!!!!

It seems Norton is only a Toy Firewall anyway. We are looking to purchase a decent Software Firewall suitable for a small-medium sixed network (we currently have 15 PC's but this is growing all the time)

Can anyone suggest a decent Software Firewall?

Thanks

Charlie

 

[Claudek]

I've had a similar issue with the norton firewall with a client recently.As you originally mentioned you had it disabled (we actually uninstalled it) discounted it. Also, just inc ase you get similar errors as you did before when you ave more than 1 DC, i have found rebooting the one with errors helps (usually due to time synch going off and AD replication has issues and gives some similar errors to the ones you gave above).

As for software firewall, ISA is not bad. Get the advantage of using it as a web proxy as well. Most of my clients use ISA or linux based firewalls. Perhaps others can give some good ideas - esp regarding price/performance.


Claudius (What certifications??)

http://www.iteq.com.au

 

[fdf]

Zone Alarm Pro.

 

[LoJACK]

If you are going to run Linux then you might want to look into CheckPoint. The price for CheckPoint is on the high side tho.

 

[chunky28]

Thanks for all your input/advice!!

Charlie

 

[chunky28]

I forgot to mention that we deal with Oracle and apparently there are not that many firewals around that support SQL*NET traffic.

I've been told Check Points Firewall-1 does and Oracle are working closely with other vendors, including:
- TIS
- Raptor Systems
- Milkyway
- Global Internet

Does anyone know anything about these?

Thanks again

Charlie

 

[cnesgoda]

I am having the same problem with my 2000 Server. But it is with the server its self. It took me 4 hours the other day befor the Loading Your Personal Settings finnaly went away. I read that Norton Firewall was causing the problem. Just curious, could it be the Zone Alarm Pro on the server? And if so, how can I disable it from being started up? And dose anyone know what msconfig dose not work on 2000 Server?

 

[scotamb]

Hi there,

I had the same problem without the length log in time but this was due to an incorrect DNS setting within my adapter settings. I didn't have any type of firewall installed. Try booting server in safe mode and removing/changing the DNS setting. Might help, might not. Did for me though.

Cheers.

 

[cnesgoda]

Thankyou scotamb! I will try that. How would I correct the DNS settings. Would I need to get into the router and cange most of the DNS Settings, or is it in my computer?