Login Delay

[kcp]

hello,
i have a win2k server(PDC) and a winnt4(BDC).The exchange server is configured on both the servers within the same site.we have 40 computers in our lan mostly win2000 professional and 2 win98 pcs.earlier it used to take 1 or 2 minutes to login( i upgrade the pdc to 2000 15 days back) but since yesterday its taking 15 minutes to login.after feeding the id and password its says loading personal setting as and takes 15 minutes for the desk top to show up.some times it also pops up the message the account is not there on the pdc or password incorrect ( i give the correct password)

The event viewer shows errors like this on the PDC....


"The Windows Time Service was not able to find a Domain Controller. A time and date update was not possible."


"No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this. "

"The Terminal Services service hung on starting."

&quot;This Machine is a PDC of the domain at the root of the forest. Configure to sync from External time source using the net command, 'net time /setsntp:<server name>'. &quot;

Please help me
Regards,
kcp

 

[TheOtherKiwi]

Technically speaking the win2k server is a PDC emulator if you are still running in mixed-mode that supports the NT4 server as a DC (not BDC). Certainly you can run the sntp commands as suggested in your event log but I do not believe this is your problem.

Can you log in locally to the win2k server OK?
Can you attach to the NT4 machine from the server while logged in locally to win2k without reauthenticating?
Can you login to the NT4 server locally OK?

Do the Outlook clients authenticate to the Exch servers when you are finally logged in?

 

[kcp]

i am able to login to both win2k and nt server with much ease.it just logs in instantly.
i am able to manage the nt4(dc)machine from the active directory with out reauthentication and also some of the winprofessional desktops.
i am able to login to the (nt4)machine locally with ease
only the workstation take longer time.after putting netbuei protocol the login time has come down to 2 minutes but i feel that it should not take so long.
i have no problems in accessing exchange.it works fine.i have stopped exchange(services) on the win2k server.
could u help me with the commands to set the time as am running into errors.
thanks in advance
good day
kcp

 

[TheOtherKiwi]

Run the following on your PDC emulator:

net time /setsntp:server_list

Use the following on the internet if connected as per MS recommendation:

ntp2.usno.navy.mil at 192.5.41.209
tock.usno.navy.mil at 192.5.41.41

On other servers simply use the name of the PDC emulator server in the server_list variable. To set other servers time to that of the PDC emulator use:

net time /set

 

[Guest_imported]

I am having the same errors. Here is what Microsoft says about the one error - seems we need to ignore it.

No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

CAUSE
This event is logged when a server application (for example, Active Directory) attempts to perform a Secure Sockets Layer (SSL) connection, but no server certificate is found. Server certificates are either enrolled for by hand or are automatically generated by the domain's enterprise Certificate Authority (CA). In domains where no enterprise CA exists, this is an expected event and you can safely ignore the message.

 

[Edwardjm]

If you have problems where your clients are taking two minutes to login to your server, you need to check your DNS entries on your local machines. You should be running DNS on the Windows 2000 Domain Controller. You would need to have all local machines in your network point to the dns server internally and then have that DNS server use the forwarder to point to an external DNS for access to the internet. I had this problem a few weeks ago. What is happening is that you might have a DHCP server or a router that gives your local machines their DNS addresses etc. Whenever your clients try to log on to the network it uses the DNS address to try and find the Primary domain controller which is the windows 2000 active directory computer, soit goes out to the internet first check around and then comes back in and finally finds it. If you change all local computers to the dns address of the Windows 2000 active directory computer it will take seconds. Hope this helps

 

[akramy]

I am having the same problem but with more complication. I have a windows 2000 server, active direcotry, DNS, etc... No NT only one server for about 15 computers. All have static IPs and I don't have any DHCP on the network (Except for the mini-DHCP that is part of ICS) Friday when I left the organization it would take about a minute to log in and load my roaming profile. Saturday users try to log in and it take approximatly 20 min. it doesn't end there, it actually keeps on going when the slowest machine on the network logs on in a min and the best machine takes 20.
when I go to the server event log I see an error that goes something like can't find the domain controller. But it authenticates and logs in and load roaming profile. can anybody explain why this is happening and how can I solve this issue?
-akramy

 

[kcp]

Hello,
I could overcome this by changing the order of the DNS servers on the workstations.They should be as follows
1.preferred DNS should be Domain Controller on which u have DNS installed
2.Alternate DNS should be the DNS of your ISP(for browsing the internet)

Regards,
KCP