User Profiles taking as long as 5 minutes to load! 2

[deik313]

Please, can someone help me? I have a Windows 2000 server with about 50 XP/Pro clients. Everything has been running smoothly for about 8 months, but we recently got hooked up to ISDN (the only thing available in our area). In configuring the internet, I turned off DHCP on the server and turned it on on the ISDN modem. (I could not get the internet to work any other way.) Now, everything is working, the users can log into the server AND get on the internet, but the only problem is that it is now taking anywhere from 2-5 minutes for the user profile to load at login! The profiles that are local take a long time, but the roaming profile load time is unbearable! Does anyone have any idea why this might be happening?
Dei

 

[progeekit]

could possibly be a DNS issue. You say you went from using the 2000 server for DHCP to using the ISDN box for DHCP.. Do you have the DHCP on the ISDN box configured to send your internal DNS server's IP address?? Active Directory is real fussy about this as it depends heavily on DNS. I would check your DNS settings..

 

[deik313]

Thank you so much for your response. I'm sorry to be so clueless, but would you mind telling me how I would configure the ISDN modem to do this? In the configuration of the modem, under ISDN settings, do I just put the IP address of the server for DNS? Also, on my Win 2K server (running DNS), under IP address, I have my ISP as the DNS. Should I change that back to the server IP?

 

[progeekit]

I'm not sure why you were unable to get internet access to work using the server's DHCP and had to switch to the ISDN's DHCP.. My guess is a configuration problem.. Best way would be:

Use the ISDN box as the internet gateway. Use the 2000 server for DNS and DHCP. Make sure the DNS on the server has forwarders to your ISP's DNS (for resolving names outside your domain). Make sure the default gateway in the DHCP scope on your server is set to the IP address of the ISDN box. Also, make sure the server(s) has the default gateway configured correctly in the NIC settings (pointed to ISDN box). Also, make sure that DHCP is pushing the IP address of your 2000 DNS server(s), and not the IP address of your ISP's DNS..

Man... that was a mouthful... hope it made some sense anyways. hehehe. Let me know if it makes sense..

-------------------------------
Matt Salo
IT Consultant/Network Engineer
ProGeek Consulting, Inc.

 

[Seaspray0]

This is an issue with DHCP and DNS. Your DHCP, reguardless of what box is providing it, needs to be handing out options other than just the IP address. It needs to give out all the paramaters you were giving out before... like DNS servers, WINS servers, gateways, etc. You need to be giving your clients the address to YOUR DNS, not the isp's DNS. Your isp's DNS knows nothing about your network, it only resolves internet addresses. Your clients should only know about your DNS. Now as far as resolving internet addresses, you need to tell your DNS to forward any resolution requests it doesn't know to the isp's DNS. This way your DNS can resolve internet addresses for your clients. If you can't create a forward on your DNS, you need to delete the root zone so that your DNS doesn't think it is the almighty DNS for the world.

 

[dholbrook]

Why do I get the feeling that you have the server on a DHCP address? All servers, routers, gateways, etc. in your system must have fixed IP addresses, otherwise you are just begging for DNS problems. Likewise, all users need to point to the internal DNS first, then to external DNS resources.

Adding an ISDN Internet access point should not change your network. Did you get a new range of fixed IP addresses when you changed to the ISDN system? Does you local DNS correctly reflect these new addresses?

I can not understand why you must have the ISDN modem be the DHCP server for your network. Your local DNS/DHCP server should be handing out the ISDN port IP address as the gateway for all the users, as that is all a stand alone ISDN modem should be as far as the network is considered.

What all did you have to change when you made the ISDN modem your DHCP server? I would revert back to the original configuration, add the ISDN as the gateway, and continue to march.

Your system should work without the ISDN active at all, and it sounds like you have made the ISDN modem the single point of failure in your system, instead of just being a gateway to the world. Does the ISDN Modem terminate in its own box with a hub connection, or is it on a card in the server? In the first case, simply attach it to your network, assign a local address for the modem to be the gateway address for the network, have your local DNS/DHCP server hand out the "gateway" address, and you should be off and running.

In the second case, the ISDN card becomes a net card in the server. This net card should then be the only card in the server with a gateway address. All other local users will need to point to the server network side card as a gateway address, and you need to turn the IP relay function on in the server so it will pass the outbound traffic to the ISDN card and route incoming traffic back to the internal network.

The long load time looks like a DNS issue. Make sure all the DNS information being provided in the DHCP give the users the local DNS server address first, then the Internet DNS server address second and third, otherwise everyone will go out to the Internet and get routed back to the local DNS for every lookup. In addition, your local DNS MUST point to itself first in the DNS look up configuration, or it will not know where to go to look itself up!

The profile loading issue says the users are having a hard time finding the Profile server (DNS issue!) OR else the users just have LARGE Profiles! For your roaming profiles I would recommend putting the users home directory on the server so all the doc files, etc., do not get downloaded to whatever system a user logs on to each time they log on. I would suspect the first case if it worked fine before changing the configuration.


HTH
David

 

[TB0NE]

Deik313,

I'm 99% sure your roaming profile load time is not related to your ISDN config.

I too have roaming profiles for a network of about 50 users. We did this to insure that a copy of the users 'My Documents' directory and 'Desktop' resided on the file server. Essentially we made it a no brainer for the user to back up his/her documents. Also, if a HDD crashes, replacing the HDD or PC is easy.

However, there is a price to pay:

1. If the client PC is running FAT32, anyone can log on to another users PC and look in their 'My Documents' directory. This may not be a problem for you but it certainly was for my HR and Accounting dept. NTFS on the client PC will fix this issue.

2. AND THIS IS THE ANSWER YOU'VE BEEN WAITING FOR, Roaming profiles stores each any every users 'My documents' folder and 'desktop' folder on the file server. An identical copy resides on the client PC. At each and every logon and logoff, these folders reconcile with one another (Much like synchronizing a Palm pilot - only much much bigger). So, if a users 'My documents' and 'Desktop' directory exceeds 500mb (I have some users with 1 gig profiles) then logging on could take several minutes to synchronize. It's not that you have 500mb being copied. It's that 500mb of data is being inspected for changes and only the changed files are being reconciled.

Some users have the bright idea of storing their pst files in their 'My Documents' folder. These single files can get very large in a hurry and they are also compressed. PST files within a Roaming profile can really slow things down.

Unfortunately there is no technical workaround to this issue unless you want to do away with roaming profiles entirely. That certainly will solve your problem. The other solution is simple user education. Explain what's happening with the profile synchronization and have them reduce the size of their profile. I have found that a profile under 300mb has a reasonable logon time.

You can check the size of a users profile within the profiles directory on the file server.

Good Luck.

 

[dholbrook]

Tbone and Diek313,

You can solve the biggest issue you have with the My Documents for roaming users. Set up a home directory on the server and configuring the user profile so they use the home directory to store all their documents and even the pst files (need to specify the file location in their application options). The My Document folder is then basically empty!

If you set it up this way, then only the files they are actually have in use by Word, etc, are pulled across to the computer they logged on to, and the modified file is saved back on the server, automatically. By doing this, the profile that is downloaded when a user logs on remains very small, and the log on is quick, and net traffic is minimal. Be sure to put these home folders in an NTFS folder to protect them from unauthorized access! This works wonderfully well for non-roaming users also.

This kills two birds with one stone, fast logon and secure storage with backups! As a side benifit, even for non roaming users, they do not fill their local Hard Drive with all their garbage and then scream when the drive or system crashes. The local system is then simply a ghost image, easily replaced. Try it, you may like it!

HTH

David

 

[TB0NE]

dholbrook,

That's good advice. I will try that for my desktop users. I can't do that however, with my laptop users since they travel so much. Unless you feel that offline folders would be more efficient? What say you?

 

[dholbrook]

The use of offline folders for the laptop users makes a lot of sense, especially since the laptops are such high profile loss items, and users never back up their systems. At least that way you would have something to use for recovery/replacement when the laptop crashes or is stolen.

Laptops also suffer from the same fate as desktops...users fill them up with garbage until they crash, and they usually have much less storage space. I have, howevr, had laptop users who seem to understand that "backup" means you copy the entire HD contents to the server! Except they also do not understand why IT gets so upset when 10 GB of shared storage space suddenly disappears and no users can save anything! Be sure you limit the laptop storage area (logical drives are one way if you do not want to set quotas) and use compressed drive space to help there too. Users do not seem to understand that server drives cost a whole lot more than desktop IDE drives, and there is limited amount of time for backups to run.

HTH

David

 

[arlems]

And then we you are done with what dholbrook said, you can set a quota to the user profiles, so that you don't have to police how much files they drop on their desktop.

 

[deik313]

Thank you all for this great info. You have helped tremendously! I printed this entire thread and went through each suggestion one at a time and made sure I implemented what was recommended. Here's what I think I have done:

I restarted DHCP on my server and have DNS running there also. I disabled DHCP on the ISDN modem. My ISDN modem is connected to a Netgear hub on the network, and not to one individual machine.

I changed the TCP/IP settings for the server NIC to show a static IP address, subnet 255.255.255.0, and default gateway is my ISDN modem. The DNS settings there are server IP first (same as above?) and then my ISP DNS. When we installed the ISDN modem, I changed the server IP address to match the modem's (192.168.1.2), so I had to create a new scope in DHCP for the workstations (3-254).

I went into DHCP scope and set the default gateway to server IP address first, then the ISDN modem. I'm not sure if I have DNS configured on the server to forward to the ISP DNS. How would I check that? In the DNS configuration, where is that setting located? (ie: do I have to create a zone first?)

After setting all the above, my network is running very smoothly. Users can log into the network fine and their profiles load in about 3 seconds! BUT, in doing so, I lost the Internet connection! Can anyone tell me what I might have done incorrectly or forotten?

As for the roaming profiles, I don't like having them, but for our users (students), it works well because they are going back and forth between machines all day. I would like to implement the above suggestions for having them all point to their home directories, as that would definitely be quicker and lighten the server load! After I get the internet working, I think that's my next project!

Thank you all very much,
dei

 

[deik313]

OOps, a few more things...
dholbrook, do you redirect the MyDocuments folder to point to the "home" share on the server, or do you just tell the users to use "H:" (or whatever) instead of "C:"?

arlem, how do you set the quotas? Can you set them on roaming profiles, too?

Thanks!
dei

 

[arlems]

On your 2000 Active Directory, right click on the Organizational Unit you want to restrict > Properties > Group Policy > Edit the Group Policy Object > user configuration> Administrative Templates > System > Logon/Logoff and set the Limit Profile Size policy.

For redirecting the "my document", same Group Policy Object, then > User Configuration > Windows Settings > Folder Redirection > right click on my documents > properties > target > settings: "Basic - Redirected everyone's folder to the same location.

 

[jrmjh]

If you are not required to maintain a root server for the domain, enable your dns server as a caching server only.

In the DNS Server Properties set the "Forwarders" tad to point to your ISPs DNS. Test under the Monitoring tab. Select simple and recursive then click "test now". Both should return successfully.

Configure your local clients and servers to use your internal DNS server(s) only. Its a good idea to have 2 in case one fails.

You may want to or already have a Forward Lookup Zone for your internal domain and to spoof any domains that you would like to limit access or redirect ( always good the keep students from hitting IM sites or webbased email during ther class). Consider allowing Zone transfers only to servers you specify internally and accepting only secure updates.

The Cached lookups will show all domains resolved for clients.

 

[dholbrook]

I am assuming the server is NOT between the ISDN and the intranet users? From your description it appears both the server and the ISDN modem connect to the network hub. From the description "I changed the TCP/IP settings for the server NIC to show a static IP address, subnet 255.255.255.0, and default gateway is my ISDN modem.", the server should be able to see the Internet, but no one else!

If the network has everyone connected together via the hub, then from your statement: "I went into DHCP scope and set the default gateway to server IP address first, then the ISDN modem.", no user will see the ISDN modem. The default gateway for all users has to be the ISDN address in this configuration, not pointed to the Server. No one will see the Internet because no one is pointing to the ISDN address as the gateway to the world, they are pointed to the server instead, which not going torelay to the ISDN modem.

I HIGHLY RECOMMEND you install a firewall between the internal network and the ISDN modem (InterNet). Once you do this, the Intranet (internal network) side of the firewall is the gateway address for all the internal users, and the ISDN address is the gateway address for the firewall. Everyone can then get to the world, while the firewall provides protection to the interior network.

This firewall function can be done by your server, but that requires the server to have two NIC cards, one for inside and one for the world side, and then the server gateway address is the world side NIC, and all user gateway addresses are to the server internal NIC address (you must turn ON the IP forwarding in the server). The server then has to be installed between the internal network and the ISDN Modem, the Modem does NOT connect to the hub.

Does this help?

David

 

[deik313]

Well, I finally decided I needed help and had someone who knows DNS/DHCP issues come and look at my configuration. Just as you (dholbrook) said, I needed to take the server IP out of the DHCP scope and make the default gateway the ISDN modem. Also, he added a forward to my ISP's DNS in the DNS config, which a few people mentioned here. Then, miraculously, everything worked! Everyone had internet access, and profile load time is a few seconds!!! I thought I had followed all the instructions given here, but I guess I misunderstood a few. =)

Anyway, I am going to purchase a firewall tomorrow, and run Windows update on all my workstations, as apparently the worms and viruses out there now are running rampant! I hope my systems make it until tomorrow without being hit!

Well, I think I understand the DNS/DHCP issues much better now...although I'm sure I have a long way to go! Does anyone know anything about TapeWare...mine's not working!?? (LOL!)

Thank you all for your help!
dei