Slow Workstation Logon - Active Directory

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi!


I am having a longstanding problem with XP Pro clients trying to logon
to windows 2003 domain controller. It is EXTREMELY slow. I watched the
postings here, and all the following is configured:
1. All clients point to and only to the DC as a DNS
2. The DC has DNS pointing to itself and DNS forwarding is to the ISP
3. Forced Kerberos to use TCP

---------------------------------------------
I have tried NSLookup without parameters:


C:\>nslookup
Default Server: crowder.tau.ac.il
Address: 132.66.156.44
----------------------------------------------


Which seems correct (this is the name and IP of the DC)


-----------------------------------------------
I tried NSLookup for the domain ("Goshen" )


C:\>nslookup goshen
Server: crowder.tau.ac.il
Address: 132.66.156.44


Name: goshen.tau.ac.il
Address: 132.66.156.44
----------------------------------------------------


Here I get two responses - might this be the problem?


I get three DNS error messages on every restart of the server (in this
order):


The DNS server has encountered a critical error from the Active
Directory. Check that the Active Directory is functioning properly. The

extended error debug information (which may be empty) is "". The event
data contains the error.


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


51 00 00 00
-----------------------------------------------------------
The DNS server was unable to complete directory service enumeration of
zone .. This DNS server is configured to use information obtained from

Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat

enumeration of the zone. The extended error debug information (which
may be empty) is "". The event data contains the error.


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


0000: 2a 23 00 00 *#..
------------------------------------------------------------­--
The DNS server was unable to complete directory service enumeration of
zone goshen.tau.ac.il. This DNS server is configured to use
information obtained from Active Directory for this zone and is unable
to load the zone without it. Check that the Active Directory is
functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data
contains the error.


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


0000: 2a 23 00 00 *#..
------------------------------------------------------------­-----


Can't figure out what to do. Any ideas?


Thanks a lot!
Amit

Archived from groups: microsoft.public.win2000.active_directory (More info?)

> Here I get two responses - might this be the problem?

No. This is normal. The first lines are the DNS server that you are
querying (running nslookup against). The second lot of data is the actual
query.

Try this:

C:\>nslookup
>set type=srv
>_ldap._tcp.dc._msdc.domain-name.com

Also, try this:

C:\>netdiag /testns


I'm guessing the problems are SRV related.

You can fix this by restarting netlogon after ensuring that the DHCP Client
Service is running on the DCs.

If you have multiple DCs, perform the above on all of them but point them
all at the same DC for DNS first.


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/


"amitos" wrote:

> Hi!
>
>
> I am having a longstanding problem with XP Pro clients trying to logon
> to windows 2003 domain controller. It is EXTREMELY slow. I watched the
> postings here, and all the following is configured:
> 1. All clients point to and only to the DC as a DNS
> 2. The DC has DNS pointing to itself and DNS forwarding is to the ISP
> 3. Forced Kerberos to use TCP
>
> ---------------------------------------------
> I have tried NSLookup without parameters:
>
>
> C:\>nslookup
> Default Server: crowder.tau.ac.il
> Address: 132.66.156.44
> ----------------------------------------------
>
>
> Which seems correct (this is the name and IP of the DC)
>
>
> -----------------------------------------------
> I tried NSLookup for the domain ("Goshen" )
>
>
> C:\>nslookup goshen
> Server: crowder.tau.ac.il
> Address: 132.66.156.44
>
>
> Name: goshen.tau.ac.il
> Address: 132.66.156.44
> ----------------------------------------------------
>
>
> Here I get two responses - might this be the problem?
>
>
> I get three DNS error messages on every restart of the server (in this
> order):
>
>
> The DNS server has encountered a critical error from the Active
> Directory. Check that the Active Directory is functioning properly. The
>
> extended error debug information (which may be empty) is "". The event
> data contains the error.
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
> 51 00 00 00
> -----------------------------------------------------------
> The DNS server was unable to complete directory service enumeration of
> zone .. This DNS server is configured to use information obtained from
>
> Active Directory for this zone and is unable to load the zone without
> it. Check that the Active Directory is functioning properly and repeat
>
> enumeration of the zone. The extended error debug information (which
> may be empty) is "". The event data contains the error.
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
> 0000: 2a 23 00 00 *#..
> ------------------------------------------------------------­--
> The DNS server was unable to complete directory service enumeration of
> zone goshen.tau.ac.il. This DNS server is configured to use
> information obtained from Active Directory for this zone and is unable
> to load the zone without it. Check that the Active Directory is
> functioning properly and repeat enumeration of the zone. The extended
> error debug information (which may be empty) is "". The event data
> contains the error.
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
> 0000: 2a 23 00 00 *#..
> ------------------------------------------------------------­-----
>
>
> Can't figure out what to do. Any ideas?
>
>
> Thanks a lot!
> Amit
>
>