Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Slow logon to AD-Domain (not DNS)

Status
Not open for further replies.
Stin0

Stin0

IS-IT--Management
Nov 8, 2006
21
BE
Hello,

We are a school maintaining up to 150 computers in each campus.
Setup:
1 DC: W2K3 fully patched, DNS, IIS (for WSUS), DHCP, AD
1 Fileserver W2K3 containing our DFS shares.

We all log in using roming profiles. With W2K-clients we have no issues. It takes 8 sec's to login with profile of +/-10MB. The XP-clients take a loooong time...

We have to upgrade to WinXP and thers we've got some issues.
We have 2 GPO's for teachers and students. 1 is the same for both of them and the other is for the redirection of the desktop and startmenu...

The teachers log in fine on XP, the student's take about 3 to 4 min. to log in.

The GPO for the redirection is almost the same excepts it redirects to a different folder.

It doesn't affect "some" computers, but all...
Everywhere i try it's teachers fast, students slow.

Does anybody have an idea?

Thanx in advance


Stijn
 
Sort by date Sort by votes
are you familar with userenv and winlogon logging?

I'd be curious to see the both of them :)

-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+
Manager - Global AD Operations
ACS, Inc.
 
Upvote 0 Downvote
Hello,

Thanks for the reply.
I have to dissappoint you.
I've heard about userenv but do not know what to do with it, or how to use it.
For the winlogon the same...

I'll start googling for those.
Maybe you have an idea what to test or...?

Kindest regards,


Stijn
 
Upvote 0 Downvote
you say you have redirection of desktop/start menu, i think you will find you will need to a bit more redirection the area you need to look at is my documents..

the teachers have they got there own machines, and the students can jump on any machine in the school..???

because you are using roaming profiles the whole of the account is being sent to the machine that a student has not logged on before maybe.. as the teacher maybe using the same machine it checks to see if a local account is on the machine and if so does not take as long..

i have in my 4 schools redirected my documents and also knocked out in the set up pictures music & films, there i have set up a folder for sharing called MPF for general use and told all not to save above in the my docs area. also i have stopped caching of roaming profiles as it causes corruption in profiles

hope this might help you

[cannon] [worm]
"Practice makes Perfect"
("la pratique rend parfait")
CPO rt'd RN

 
Upvote 0 Downvote
Upvote 0 Downvote
Thanx for the replies...!

@ADGod
I'll check that within 2 weeks. We've got hollidays at the moment. So I won't be in schoool for about 2 weeks...
I'll keep you posted when I've found something.

@Schtek
Everything is redirected (my docs, start menu and desktop). Teachers also can use any computer. There is no caching, no sync... The My Documents folder is linked to a network drive that is specified in a logon script. If they open the folder on the desktop, they access a network share...
Also, We have a special admin account that logs in every 2 hours or so. This account deletes every profile except the admin, default and all users profile. This to prevent the corruption of profiles.
This all works like a sharm in Win2000. No problems...

I'm suspecting I'll find some things with the userenv and winlogon logging...

Thanx for the efforts, I'll get back to this in a couple of weeks. I can not work remote at this moment.
(Maybe next step ;-))

Kindest regards,


Stijn
 
Upvote 0 Downvote
Wow...

Sorry for the delay. due to a powersurge our domaincontroller was smoked. Had to rebuild it first.

Anyway,
I enabled the verbose userenv logging and this came out...
You can see the attached file.

I've noticed a MEGA-output, but don't know where to start.
You'll also notice the time that passes until the actual logon itself.

I'll try to figure it out myself but any help is welcome.

Kindest regards,


Stijn
 
 http://babylie.digitalezooi.eu/tektips/userenv.log
Upvote 0 Downvote
Little update,

We noticed that there is a big timegap somewhere regarding a rundll32...
it takes about 2 to 3 minutes to pass it.
It says:

Libmain: procesname: c:\winnt\system32\rundll32.exe
Finished waiting for :c:\winnt\system32\rundll32.exe c:\winnt\system32\shell32.dll, control_rundll input.dll,, /u.

This is where the slowness comes from I guess...

Thing is, when I put a testuser in the OU-studentgroup but make him a member of the teachers it's ok. We get a fast logon.
When I put the testuser in the OU-studentgroup and make him member of the students group, it's slow...
the groups are in AD in the respectively same OU's...

Teachers and students have same GPO's except for the folder redirection...

We checked the logfile for the redirection... but it's fast and doesn't give any errors...

Maybe it's the share itself?

Stijn
 
Upvote 0 Downvote
Are you by chance setting the policy setting for always wait for the network at computer startup and logon?

-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+
Manager - Global AD Operations
ACS, Inc.
 
Upvote 0 Downvote
@ADGod:
No, I disabled this setting.

But I've managed to fix it!
Very stupid... procedure of creating a profile.
I finally copied the profile of the students over to a new location.
Meaning that I logged in as a student (waited for about 5 min. to login...
Checked if everything worked...
Logged off and logged back in as Admin...
Copied the student profile over to our profilefolder on the server...
Gave the students rights to use...

Kazaam ... it worked.
At least for the studentaccounts I tested.

I still do not know why teachers could log in fast and students slow...
But now they all can log in fast :)

Thanx for all the help I got!

Kindest Regards,


Stijn
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
307
suncit
suncit
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
135
ADB100
ADB100
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
229
microsGuy16
microsGuy16
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
368
goombawaho
goombawaho
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
197
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top