Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows 7 Pro Login Issues on Server 2003

Status
Not open for further replies.
prewebit

prewebit

IS-IT--Management
Dec 13, 2009
17
GB
I am running a Windows Server 2003 in a school with 15 PCs running Win7 Pro and 1 PC still running XP Pro (changing to 7 soon!) and despite a few teething problems, the system has been running fine for several months. I am now starting to see issues with login times on the PCs, if I login as domain Administrator, it flies through the login process, but using any of other logins from AD, login time is drastically increased, in one instance to over an hour, but mostly 15-20 minutes! There are no complicated login scripts, fairly simple setup.

I have seen various other posts about DNS settings need changing etc. but don't know how to push this out (the server has no reverse lookup zones, only forward) and when manually changing the DNS server settings (following a ipconfig /flushdns) on the network adapter on one of the PCs, it struggled to logon, and 2 hours later, I still don't think it has logged in.

Is anyone able to shed any light on this, am more than happy to give more information if needed, I just thought I would give the simplest explanation first.

Thanks in advance
Pete (prewebit)
 
Sort by date Sort by votes
Three questions:

1) You say logging in with Admin works, do you mean local Admin or AD Admin?
2) What does the XP machine do? Does it log in fine?
3) Are the Users in any special Group or just the defualt Users Group?

"Silence is golden, duct tape is silver...
 
Upvote 0 Downvote
Thanks for the prompt response.

1) AD Administrator ( DOMAIN\Administrator)
2) XP machine has always taken longer to login since Windows 7 PCs were introduced to the domain
3) Default users - no special groups set up at all

It is worth mentioning that I inherited this from another provider so in terms of how Profiles are set up, this may not be the norm to say how you or I would configure it. There is also a GPO configured, but it is nothing out of the ordinary.

Hope that helps.
 
Upvote 0 Downvote
Have you noticed, did it seem to happen all at once when the slow logging occurred or was did they gradually slow over time? Try creating a User in a new group, log in with their credentials and see if it also takes a while.
Have you tried disabling the GPOs and see if the issue is resolved?

*Copied from
You can enable/disable any GPO in the GPMC. By default the GPO's enabled, right click the GPO and uncheck the option "Link Enabled".

I believe in a single site GP replicates between the DC's every 5 minutes. Running "gpupdate" on the ISA server will pull down the new settings immediately. Depending on the settings in the GPO, you may need the server to reboot (gpupdate /force /boot).


"Silence is golden, duct tape is silver...
 
Upvote 0 Downvote
Thanks for that. It has happened only recently, that is within the last week they have been reporting major login duration problems. Today has been the largest instance of several PCs tested, all appearing to have the same problem.

I created all new user logins for the new PCs as there was a time where we had 6 Windows 7 PCs and 4 XP PCs, as I couldn't use the logins for both - the system didn't like it and it created profiles with the .V2 extension. I have now disabled the old logins with AD but copied over the desktop configs etc.

Do you think the GPO might have something to do with it then? I have read elsewhere that the 2003 GPOs can cause problems with Windows 7 PCs. I will try that when I am on-site tomorrow and report back.
 
Upvote 0 Downvote
I have been into site this morning and machines appear to be logging in as normal, but this could be done to no-one being logged on! The maximum logon time for any user was about 12 seconds, DOMAIN\Administrator logged in quickly with no apparent problems.

I created a new user in AD as suggested and after 'Preparing my desktop' for about 15 seconds, it went straight to the desktop with no quibbles.

I have disabled the custom Group Policy for 24 hours and have asked staff to monitor any problems. I have heard of issues with Server 2003 GPOs (created several years ago for XP workstations) causing problems with new Windows 7 clients, so this might be worth a try. What is the best course of action to follow with this?

Also, as all students use the same login details, when they all login at the same time, could this be an issue? In AD, their user profile path points to \\server\profile\username and they have mapped drives (Z: \\server\users\username)

It is leaving me baffled a bit...
 
Upvote 0 Downvote
Little update on the situation, they were reporting the same problem again yesterday lunchtime. One of the office PCs was taking in excess of 45 minutes to login, I suggested turning off, that is, shutting down all of the 12 PCs in the computer room and restarting the office PC. It then logged in immediately.

I have suggested in the interim that they login to the office PCs in the morning first, before using any of the PCs in the computer room to ensure that the office get priority. This is obviously not ideal and I would appreciate any further input anyone is able to give on this. Given that computer lessons last normally around 30 minutes, this is obviously not a situation I want to be in for too long!

Thanks for the help received thus far, it is really appreciated.
 
Upvote 0 Downvote
Why not have the Office PC's log in with a different user name? Pretty easy to set up 1 more user name.

Are all the Windows 7 PC's named the same thing? If so, that's a big problem and could be leading an issue(highly doubt that's it though).

"Silence is golden, duct tape is silver...
 
Upvote 0 Downvote
Office PCs have their own logins specific to the staff members so don't think that is an issue.

Windows 7 PCs are named ITSUITE1 through 12 so not machine name conflict...
 
Upvote 0 Downvote
Ive never heard of an issue with multiple loggins for one AD user and cant find much supporting evidence for that claim. Since you only have 12 PCs and they are the ones causing issues, to see if it is Windows 7 related or Server side, why not create 12 new users in AD and try them on each PC just to see if they log in normally or still have the issue. If they are currently logging into Lab w/ PW 123, just create a Lab1 - Lab12 with the same PW and leave a sticky note saying which PC to log into with which user.

Prolly a better way to test this theory, but for only 12 PC's this shouldn't be daunting.

"Silence is golden, duct tape is silver...
 
Upvote 0 Downvote
Thanks for the advice, but I think I might be confusing the multiple login issue.

The AD login names are specific to the year that is in the room:

L12a (for school leavers in 2012)
L13a (for school leavers in 2013)

and so on to L18a.

Staff members then have their own login as their name. It's only the kids using the 'L' logins.

Hope that clears things up a little.
 
Upvote 0 Downvote
So lets focus on the logins, does it happen accross the board for the "L" loggers or is it a specific user, "L12a"?

Just curious, what was the reason for naming users this way? Any benefit versus each PC having its own user? Do you have a monitoring software set up? Whens the last time you refreshed your services like DHCP/DNS? The staff also has the loggin slow issue? Even with the GPOs turned off?

"Silence is golden, duct tape is silver...
 
Upvote 0 Downvote
It was a system I inherited from their previous support provider so when it came to upgrading the system from XP to 7, it seemed logical to continue uniformity in the naming conventions. There are normally 2 children per PC anyway, so not sure it would make sense to have individual child logins - although if this is what will sort it, then we might have to!

It's happened to different users over the last few days, not a specific 'L" login. No monitoring software is installed on the system currently (although we are about to install a content and monitoring system in October through a UK-based company - this will be locally hosted on the server, not hosted off-site).

It was one of the staff members who reported the slow login for her username in the first place. Her login took over an hour, when she logged in at a lunchtime (having had a class in the room in the morning, but them logging off at the end). The GPO is still switched off and they are still reporting the problem. There is the default domain login policy still active, but I haven't touched it since I started so assuming it's a default template with standard permissions.

I don't think I have refreshed DHCP/DNS, assumed it does it itself? Is this something that needs to be a regular occurrence, and if so, is there a quick and easy way to do it?

Thanks for the help, it has now got to the point at the school where the Head has stopped everyone using the room because of the slow logins (which personally I think is ridiculous) but it's up to her and I need to get this sorted asap.
 
Upvote 0 Downvote
Well if it is multiple random USERS in AD having the issue, prolly a communication issue. Possibly a DNS issue and an easy way to see if your PCs are confusing the DNS server, set the primary DNS to the DNS servers IP to force them to go that route. Heard this fix work before. Or, not sure if we covered this, but are they running DHCP or Static, odds are DHCP, I would switch a half the PCs to static and make sure the DNS is pointing correctly. If the static half dont mess up, looks like the comm issue was the deal.

These two tests will eliminate or point to a DNS/DHCP problem as the main issue. If not, at least we got them out of the possibilities list.

"Silence is golden, duct tape is silver...
 
Upvote 0 Downvote
When you say <quote>set the primary DNS to the DNS servers IP</quote>, do you mean in the individual machines TCP/IP settings? Or is this something I need to push out from the server?
 
Upvote 0 Downvote
Forgot to say, all DHCP from the server...

As an aside, I have noticed errors 4004/4015 coming up in DNS event viewer pointing at an AD failure, but wasn't sure how to deal with as no-one seems to be able to give a definitive solution...
 
Upvote 0 Downvote
Check this:


Read through that and a few of the comments.

Whens the last time you restarted the server completely? Yes I mean at the workstations, sorry for not clarifying.

In services.msc you can see your AD, DHCP, DNS services to see if they are set to automatic and started.

Take a peak in Server Manager under Roles>DNS>....DomainDNSZones and ForestDNSZones to make sure they are pointing to your correct DNS server

"Silence is golden, duct tape is silver...
 
Upvote 0 Downvote
There is nothing in Reverse Lookup Zones, but plenty in Forward.

DomainDNSZones is showing _sites, _tcp as well as a text file showing the server's IP address on the network.

ForestDNSZones is also showing the server's IP address (along with the _sites and _tcp folders)

Have restarted DHCP and DNS Servers/Clients but there is no AD service listed - is it a group of different services to restart?
 
Upvote 0 Downvote
You have no AD service listed in Services.msc? Under Server Manager, is the AD service even running?

"Silence is golden, duct tape is silver...
 
Upvote 0 Downvote
No AD DS service listed, but this is Server 2003, was it not only in Server 2008? When you say is the AD service running, if I go to Manage your Server, it lists:

- File Server
- Print Server
- Application Server
- Domain Controller (Active Directory)

This drops down to select Manage users and computers, Manage domains and trusts, Manage Sites and Services and then lastly, Review the next steps for this role.

So as far as I can tell, AD is running normally...(but clearly not if we're experiencing these issues?!)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
266
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
314
suncit
suncit
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
216
MaioMaio
MaioMaio
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
225
antonio_dsanchez
antonio_dsanchez
DTGMI
  • Locked
  • Question
WIN 10 Pro PC &amp; Adding back to our Network
Replies
0
Views
204
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top