Sign in with
Sign up | Sign in
Your question

Slow logon from Win XP to 2003 domain - DNS problem?

Last response: in Windows 2000/NT
Share
Anonymous
February 9, 2005 7:36:03 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi!


I am having a longstanding problem with XP Pro clients trying to logon
to windows 2003 domain controller. It is EXTREMELY slow. I watched the
postings here, and all the following is configured:
1. All clients point to and only to the DC as a DNS
2. The DC has DNS pointing to itself and DNS forwarding is to the ISP


I'm desperate about this problem - can anyone suggest some resolution
to this problem. BTW, in the application log of the server, the client
workstation spend 4 minutes at event 538 when logging on (which is
successsful) and then event 566 ('Directory Service Access') is
displayed.

---------------------------------------------
I have tried NSLookup without parameters:

C:\>nslookup
Default Server: crowder.tau.ac.il
Address: 132.66.156.44
----------------------------------------------

Which seems correct (this is the name and IP of the DC)

-----------------------------------------------
I tried NSLookup for the domain ("Goshen")

C:\>nslookup goshen
Server: crowder.tau.ac.il
Address: 132.66.156.44

Name: goshen.tau.ac.il
Address: 132.66.156.44
----------------------------------------------------

Here I get two responses - might this be the problem?

Thanks for your help!
Amit
February 10, 2005 12:10:38 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

amitos wrote:
> Hi!
>
>
> I am having a longstanding problem with XP Pro clients trying to logon
> to windows 2003 domain controller. It is EXTREMELY slow. I watched the
> postings here, and all the following is configured:
> 1. All clients point to and only to the DC as a DNS
> 2. The DC has DNS pointing to itself and DNS forwarding is to the ISP
>
>
> I'm desperate about this problem - can anyone suggest some resolution
> to this problem. BTW, in the application log of the server, the client
> workstation spend 4 minutes at event 538 when logging on (which is
> successsful) and then event 566 ('Directory Service Access') is
> displayed.
>
> ---------------------------------------------
> I have tried NSLookup without parameters:
>
> C:\>nslookup
> Default Server: crowder.tau.ac.il
> Address: 132.66.156.44
> ----------------------------------------------
>
> Which seems correct (this is the name and IP of the DC)
>
> -----------------------------------------------
> I tried NSLookup for the domain ("Goshen")
>
> C:\>nslookup goshen
> Server: crowder.tau.ac.il
> Address: 132.66.156.44
>
> Name: goshen.tau.ac.il
> Address: 132.66.156.44
> ----------------------------------------------------
>
> Here I get two responses - might this be the problem?
>
> Thanks for your help!
> Amit
>


try this:
<http://support.microsoft.com/default.aspx?scid=kb;en-us;244474>

forcse kerberos to use tcp not udp
Anonymous
February 16, 2005 3:54:44 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

amitos wrote:
> Hi!
>
>
> I am having a longstanding problem with XP Pro clients trying to logon
> to windows 2003 domain controller. It is EXTREMELY slow. I watched the
> postings here, and all the following is configured:
> 1. All clients point to and only to the DC as a DNS
> 2. The DC has DNS pointing to itself and DNS forwarding is to the ISP
>
>
> I'm desperate about this problem - can anyone suggest some resolution
> to this problem. BTW, in the application log of the server, the client
> workstation spend 4 minutes at event 538 when logging on (which is
> successsful) and then event 566 ('Directory Service Access') is
> displayed.
>
> ---------------------------------------------
> I have tried NSLookup without parameters:
>
> C:\>nslookup
> Default Server: crowder.tau.ac.il
> Address: 132.66.156.44
> ----------------------------------------------
>
> Which seems correct (this is the name and IP of the DC)
>
> -----------------------------------------------
> I tried NSLookup for the domain ("Goshen")
>
> C:\>nslookup goshen
> Server: crowder.tau.ac.il
> Address: 132.66.156.44
>
> Name: goshen.tau.ac.il
> Address: 132.66.156.44
> ----------------------------------------------------
>
> Here I get two responses - might this be the problem?
>
> Thanks for your help!
> Amit
> What does it say the event viewer?
Do you have any userenv errors relating to domain cannot be found or others?
-Altria
Related resources
Anonymous
February 16, 2005 4:23:52 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks, I'll try that!

barry wrote:
> amitos wrote:
> > Hi!
> >
> >
> > I am having a longstanding problem with XP Pro clients trying to
logon
> > to windows 2003 domain controller. It is EXTREMELY slow. I watched
the
> > postings here, and all the following is configured:
> > 1. All clients point to and only to the DC as a DNS
> > 2. The DC has DNS pointing to itself and DNS forwarding is to the
ISP
> >
> >
> > I'm desperate about this problem - can anyone suggest some
resolution
> > to this problem. BTW, in the application log of the server, the
client
> > workstation spend 4 minutes at event 538 when logging on (which is
> > successsful) and then event 566 ('Directory Service Access') is
> > displayed.
> >
> > ---------------------------------------------
> > I have tried NSLookup without parameters:
> >
> > C:\>nslookup
> > Default Server: crowder.tau.ac.il
> > Address: 132.66.156.44
> > ----------------------------------------------
> >
> > Which seems correct (this is the name and IP of the DC)
> >
> > -----------------------------------------------
> > I tried NSLookup for the domain ("Goshen")
> >
> > C:\>nslookup goshen
> > Server: crowder.tau.ac.il
> > Address: 132.66.156.44
> >
> > Name: goshen.tau.ac.il
> > Address: 132.66.156.44
> > ----------------------------------------------------
> >
> > Here I get two responses - might this be the problem?
> >
> > Thanks for your help!
> > Amit
> >
>
>
> try this:
> <http://support.microsoft.com/default.aspx?scid=kb;en-us;244474>
>
> forcse kerberos to use tcp not udp
Anonymous
February 16, 2005 4:30:13 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Well, I opened all the ICMP options and things seem to work faster.
Yet, I get three DNS error messages on every restart (in this order):

The DNS server has encountered a critical error from the Active
Directory. Check that the Active Directory is functioning properly. The
extended error debug information (which may be empty) is "". The event
data contains the error.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

51 00 00 00
-----------------------------------------------------------
The DNS server was unable to complete directory service enumeration of
zone .. This DNS server is configured to use information obtained from
Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat
enumeration of the zone. The extended error debug information (which
may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

0000: 2a 23 00 00 *#..
--------------------------------------------------------------
The DNS server was unable to complete directory service enumeration of
zone goshen.tau.ac.il. This DNS server is configured to use
information obtained from Active Directory for this zone and is unable
to load the zone without it. Check that the Active Directory is
functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data
contains the error.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

0000: 2a 23 00 00 *#..
-----------------------------------------------------------------

Can't figure out what to do. Any ideas?

Thanks a lot!
Amit
!