slow logon on windows 2000 domain

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.applications,microsoft.public.win2000.dns,microsoft.public.win2000.group_policy,microsoft.public.win2000.networking (More info?)

Hello,

Recently we created a new win2000 server and made it the only domain
controller. The existing clients were on NT4 domain server which had
crashed. So overnite this W2k server was prepared and the clients were
shifted onto the new domain. Since then, the clients take about 4-5 mins to
reach the desktop after logon.
This delay is noticed only on clients with XP Prof. Not on W2K Prof.
The clients which had Adobe Pagemaker 6.5 installed in them, started giving
registry error after being shifted to new 2000 Domain.
The server also has a Cable Internet connection with ISA server installed
and running fine.
The groups created (in the Active Directory Users and Computers) have a
global scope and 'security' as its type.
A group with 'Domain Local' Scope was created and a new user was made its
member. No change. The client still took 4 mins to logon with that new user.

What can be done to speed up the logons?

Will be highly obliged for any help

Devendra
7 answers Last reply
More about slow logon windows 2000 domain
  1. Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.applications,microsoft.public.win2000.dns,microsoft.public.win2000.group_policy,microsoft.public.win2000.networking (More info?)

    Hi Dev,

    Sounds suspiciously like a DNS issue.

    Ensure that all clients are pointing to internal DNS servers only. The only
    boxes that should be pointing to public DNS servers are the ISA and/ or the
    DNS servers (forwarders tab).


    --

    Paul Williams

    http://www.msresource.net/
    http://forums.msresource.net/

    "Devendra Panchal" <devendra@tasaa.com> wrote in message
    news:OJ1V11nFFHA.2156@TK2MSFTNGP09.phx.gbl...
    Hello,

    Recently we created a new win2000 server and made it the only domain
    controller. The existing clients were on NT4 domain server which had
    crashed. So overnite this W2k server was prepared and the clients were
    shifted onto the new domain. Since then, the clients take about 4-5 mins to
    reach the desktop after logon.
    This delay is noticed only on clients with XP Prof. Not on W2K Prof.
    The clients which had Adobe Pagemaker 6.5 installed in them, started giving
    registry error after being shifted to new 2000 Domain.
    The server also has a Cable Internet connection with ISA server installed
    and running fine.
    The groups created (in the Active Directory Users and Computers) have a
    global scope and 'security' as its type.
    A group with 'Domain Local' Scope was created and a new user was made its
    member. No change. The client still took 4 mins to logon with that new user.

    What can be done to speed up the logons?

    Will be highly obliged for any help

    Devendra
  2. Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.applications,microsoft.public.win2000.dns,microsoft.public.win2000.group_policy,microsoft.public.win2000.networking (More info?)

    "ptwilliams" <ptw2001@hotmail.com> said

    > Hi Dev,
    >
    > Sounds suspiciously like a DNS issue.
    >
    > Ensure that all clients are pointing to internal DNS servers only. The
    > only boxes that should be pointing to public DNS servers are the ISA
    > and/ or the DNS servers (forwarders tab).
    >
    >

    Is that correct for the ISA server?
    I've always just pointed them at the AD DNS servers and let the DNS
    forwarding or root hints take over for external domain resolution.

    I was working under the assumption that ISA required access to the internal
    DNS servers to be able to authenticate users against DC's.

    --

    Andy.
  3. Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.applications,microsoft.public.win2000.dns,microsoft.public.win2000.group_policy,microsoft.public.win2000.networking (More info?)

    The setup's can vary. Personally, I've always configured it just like
    you've said -only configure internal DNS on the internal adapter; however,
    I've seen recommendations about make ISA a caching only DNS server (which
    means it points to itself and then either internally or externally depending
    on whether it's a domain member or stand-alone box).

    Some of our ISA boxes are not domain members, they're simply stand-alone
    proxy servers; you can then chain these with internal fringe boxes, etc.

    There's also many people out there who simply configure it wrong... <g>


    --

    Paul Williams

    http://www.msresource.net/
    http://forums.msresource.net/

    "Andrew Mitchell" <amitchell@removecasey.vic.gov.au> wrote in message
    news:Xns96031EFB9D89AA12F32EDB83F@207.46.248.16...
    "ptwilliams" <ptw2001@hotmail.com> said

    > Hi Dev,
    >
    > Sounds suspiciously like a DNS issue.
    >
    > Ensure that all clients are pointing to internal DNS servers only. The
    > only boxes that should be pointing to public DNS servers are the ISA
    > and/ or the DNS servers (forwarders tab).
    >
    >

    Is that correct for the ISA server?
    I've always just pointed them at the AD DNS servers and let the DNS
    forwarding or root hints take over for external domain resolution.

    I was working under the assumption that ISA required access to the internal
    DNS servers to be able to authenticate users against DC's.

    --

    Andy.
  4. Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.applications,microsoft.public.win2000.dns,microsoft.public.win2000.group_policy,microsoft.public.win2000.networking (More info?)

    "ptwilliams" <ptw2001@hotmail.com> said

    > The setup's can vary. Personally, I've always configured it just like
    > you've said -only configure internal DNS on the internal adapter;

    I've mainly done it that way for simplicity of the firewall rules and to
    allow domain based user authentication on the proxy. The only box allowed out
    on ports 80 or 443 is the proxy and the only machines allowed out on port 53
    are the DNS servers. Everthing else either goes through the proxy for web, or
    uses the internal DNS servers which forward requests on their behalf.

    > however, I've seen recommendations about make ISA a caching only DNS
    > server (which means it points to itself and then either internally or
    > externally depending on whether it's a domain member or stand-alone
    > box).
    >
    > Some of our ISA boxes are not domain members, they're simply stand-alone
    > proxy servers;

    I hadn't thought that through properly. It makes absolute sense for reverse
    proxies - eg RPC over HTTP proxy server sitting in the DMZ. You want to keep
    as many ports between the DMZ and internal segments closed as possible so why
    would you want it pointed at an internal DNS.

    > you can then chain these with internal fringe boxes, etc.
    >
    > There's also many people out there who simply configure it wrong... <g>

    There's always that.........


    --

    Andy.
  5. Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.applications,microsoft.public.win2000.dns,microsoft.public.win2000.group_policy,microsoft.public.win2000.networking (More info?)

    "Andrew Mitchell" <amitchell@removecasey.vic.gov.au> wrote in message
    news:Xns9603C5476590AA12F32EDB83F@207.46.248.16...
    > "ptwilliams" <ptw2001@hotmail.com> said
    >
    > > The setup's can vary. Personally, I've always configured it just like
    > > you've said -only configure internal DNS on the internal adapter;

    Right. As pt says you can do it many ways, but
    the most secure and least trouble with the firewall
    (and perhaps the best performance and least WAN
    traffic if you have multiple internal DNS servers)
    is to have the internal DNS servers forward strictly
    at the firewall/gateway/DMZ caching only DNS,
    and allow that firewall DNS to forward strictly
    to the ISP.

    [This is not cool if the ISP is a small and flaky,
    but with big ISPs 95% of all lookups will be in
    the caches due to other customers.]

    This keeps DNS servers (which frequently DCs)
    off the Internet -- and we don't even have to open
    the firewall between them and the firewall.

    Our caching only DNS server only needs to
    activate DNS on the internal NIC (if it is a
    multi-homed machine itself) unless it is trying
    to provide external (Internet/public) resolution
    for our external resources (www, SMTP, etc.)

    And generally for companies without a massive
    Internet presence the should put external/public
    DNS (back) at the Registrar.

    [The registrars have multiple/fault tolerant/24-7/
    crews for caring for DNS and give a web interface
    where one can manage one's own actual records
    which are small in number and seldom change for
    those on the Internet.]

    The thing that many people mess up (to the point
    of it being the answer to many FAQs) is that they
    really must point all internal DNS clients STRICLY
    to internal DNS servers.

    And reminding everyone that DCs, and even DNS
    and other servers are ALSO DNS CLIENTS.

    > > Some of our ISA boxes are not domain members, they're simply stand-alone
    > > proxy servers;
    >

    In that case the ISA might or might not point to
    itself as a DNS client.

    If the ISA is a domain member, then it is also an
    INTERNAL name client and needs to point not
    to itself (even though it is a caching only DNS
    server) but rather to the INTERNAL DNS servers.
  6. Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.applications,microsoft.public.win2000.dns,microsoft.public.win2000.group_policy,microsoft.public.win2000.networking (More info?)

    Dear Mr. Williams

    Let me profoundly thank you for your help.


    Regards
    Devendra Panchal


    "ptwilliams" <ptw2001@hotmail.com> wrote in message
    news:%23S3QlEoFFHA.936@TK2MSFTNGP12.phx.gbl...
    > Hi Dev,
    >
    > Sounds suspiciously like a DNS issue.
    >
    > Ensure that all clients are pointing to internal DNS servers only. The
    > only
    > boxes that should be pointing to public DNS servers are the ISA and/ or
    > the
    > DNS servers (forwarders tab).
    >
    >
    > --
    >
    > Paul Williams
    >
    > http://www.msresource.net/
    > http://forums.msresource.net/
    >
    > "Devendra Panchal" <devendra@tasaa.com> wrote in message
    > news:OJ1V11nFFHA.2156@TK2MSFTNGP09.phx.gbl...
    > Hello,
    >
    > Recently we created a new win2000 server and made it the only domain
    > controller. The existing clients were on NT4 domain server which had
    > crashed. So overnite this W2k server was prepared and the clients were
    > shifted onto the new domain. Since then, the clients take about 4-5 mins
    > to
    > reach the desktop after logon.
    > This delay is noticed only on clients with XP Prof. Not on W2K Prof.
    > The clients which had Adobe Pagemaker 6.5 installed in them, started
    > giving
    > registry error after being shifted to new 2000 Domain.
    > The server also has a Cable Internet connection with ISA server installed
    > and running fine.
    > The groups created (in the Active Directory Users and Computers) have a
    > global scope and 'security' as its type.
    > A group with 'Domain Local' Scope was created and a new user was made its
    > member. No change. The client still took 4 mins to logon with that new
    > user.
    >
    > What can be done to speed up the logons?
    >
    > Will be highly obliged for any help
    >
    > Devendra
    >
    >
    >
  7. Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.applications,microsoft.public.win2000.dns,microsoft.public.win2000.group_policy,microsoft.public.win2000.networking (More info?)

    No problem at all!!!

    Glad to have helped ;-)


    --

    Paul Williams

    http://www.msresource.net/
    http://forums.msresource.net/

    "Devendra Panchal" <devendra@tasaa.com> wrote in message
    news:emBkGtOGFHA.3492@TK2MSFTNGP12.phx.gbl...
    Dear Mr. Williams

    Let me profoundly thank you for your help.


    Regards
    Devendra Panchal


    "ptwilliams" <ptw2001@hotmail.com> wrote in message
    news:%23S3QlEoFFHA.936@TK2MSFTNGP12.phx.gbl...
    > Hi Dev,
    >
    > Sounds suspiciously like a DNS issue.
    >
    > Ensure that all clients are pointing to internal DNS servers only. The
    > only
    > boxes that should be pointing to public DNS servers are the ISA and/ or
    > the
    > DNS servers (forwarders tab).
    >
    >
    > --
    >
    > Paul Williams
    >
    > http://www.msresource.net/
    > http://forums.msresource.net/
    >
    > "Devendra Panchal" <devendra@tasaa.com> wrote in message
    > news:OJ1V11nFFHA.2156@TK2MSFTNGP09.phx.gbl...
    > Hello,
    >
    > Recently we created a new win2000 server and made it the only domain
    > controller. The existing clients were on NT4 domain server which had
    > crashed. So overnite this W2k server was prepared and the clients were
    > shifted onto the new domain. Since then, the clients take about 4-5 mins
    > to
    > reach the desktop after logon.
    > This delay is noticed only on clients with XP Prof. Not on W2K Prof.
    > The clients which had Adobe Pagemaker 6.5 installed in them, started
    > giving
    > registry error after being shifted to new 2000 Domain.
    > The server also has a Cable Internet connection with ISA server installed
    > and running fine.
    > The groups created (in the Active Directory Users and Computers) have a
    > global scope and 'security' as its type.
    > A group with 'Domain Local' Scope was created and a new user was made its
    > member. No change. The client still took 4 mins to logon with that new
    > user.
    >
    > What can be done to speed up the logons?
    >
    > Will be highly obliged for any help
    >
    > Devendra
    >
    >
    >
Ask a new question

Read More

Domain Microsoft Servers Windows