Slow Workstation Logon - Active Directory

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi!


I am having a longstanding problem with XP Pro clients trying to logon
to windows 2003 domain controller. It is EXTREMELY slow. I watched the
postings here, and all the following is configured:
1. All clients point to and only to the DC as a DNS
2. The DC has DNS pointing to itself and DNS forwarding is to the ISP
3. Forced Kerberos to use TCP

---------------------------------------------
I have tried NSLookup without parameters:


C:\>nslookup
Default Server: crowder.tau.ac.il
Address: 132.66.156.44
----------------------------------------------


Which seems correct (this is the name and IP of the DC)


-----------------------------------------------
I tried NSLookup for the domain ("Goshen")


C:\>nslookup goshen
Server: crowder.tau.ac.il
Address: 132.66.156.44


Name: goshen.tau.ac.il
Address: 132.66.156.44
----------------------------------------------------


Here I get two responses - might this be the problem?


I get three DNS error messages on every restart of the server (in this
order):


The DNS server has encountered a critical error from the Active
Directory. Check that the Active Directory is functioning properly. The

extended error debug information (which may be empty) is "". The event
data contains the error.


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


51 00 00 00
-----------------------------------------------------------
The DNS server was unable to complete directory service enumeration of
zone .. This DNS server is configured to use information obtained from

Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat

enumeration of the zone. The extended error debug information (which
may be empty) is "". The event data contains the error.


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


0000: 2a 23 00 00 *#..
------------------------------------------------------------­--
The DNS server was unable to complete directory service enumeration of
zone goshen.tau.ac.il. This DNS server is configured to use
information obtained from Active Directory for this zone and is unable
to load the zone without it. Check that the Active Directory is
functioning properly and repeat enumeration of the zone. The extended
error debug information (which may be empty) is "". The event data
contains the error.


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


0000: 2a 23 00 00 *#..
------------------------------------------------------------­-----


Can't figure out what to do. Any ideas?


Thanks a lot!
Amit
2 answers Last reply
More about slow workstation logon active directory
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    > Here I get two responses - might this be the problem?

    No. This is normal. The first lines are the DNS server that you are
    querying (running nslookup against). The second lot of data is the actual
    query.

    Try this:

    C:\>nslookup
    >set type=srv
    >_ldap._tcp.dc._msdc.domain-name.com

    Also, try this:

    C:\>netdiag /test:dns


    I'm guessing the problems are SRV related.

    You can fix this by restarting netlogon after ensuring that the DHCP Client
    Service is running on the DCs.

    If you have multiple DCs, perform the above on all of them but point them
    all at the same DC for DNS first.


    --

    Paul Williams

    http://www.msresource.net/
    http://forums.msresource.net/


    "amitos" wrote:

    > Hi!
    >
    >
    > I am having a longstanding problem with XP Pro clients trying to logon
    > to windows 2003 domain controller. It is EXTREMELY slow. I watched the
    > postings here, and all the following is configured:
    > 1. All clients point to and only to the DC as a DNS
    > 2. The DC has DNS pointing to itself and DNS forwarding is to the ISP
    > 3. Forced Kerberos to use TCP
    >
    > ---------------------------------------------
    > I have tried NSLookup without parameters:
    >
    >
    > C:\>nslookup
    > Default Server: crowder.tau.ac.il
    > Address: 132.66.156.44
    > ----------------------------------------------
    >
    >
    > Which seems correct (this is the name and IP of the DC)
    >
    >
    > -----------------------------------------------
    > I tried NSLookup for the domain ("Goshen")
    >
    >
    > C:\>nslookup goshen
    > Server: crowder.tau.ac.il
    > Address: 132.66.156.44
    >
    >
    > Name: goshen.tau.ac.il
    > Address: 132.66.156.44
    > ----------------------------------------------------
    >
    >
    > Here I get two responses - might this be the problem?
    >
    >
    > I get three DNS error messages on every restart of the server (in this
    > order):
    >
    >
    > The DNS server has encountered a critical error from the Active
    > Directory. Check that the Active Directory is functioning properly. The
    >
    > extended error debug information (which may be empty) is "". The event
    > data contains the error.
    >
    >
    > For more information, see Help and Support Center at
    > http://go.microsoft.com/fwlink/events.asp.
    >
    >
    > 51 00 00 00
    > -----------------------------------------------------------
    > The DNS server was unable to complete directory service enumeration of
    > zone .. This DNS server is configured to use information obtained from
    >
    > Active Directory for this zone and is unable to load the zone without
    > it. Check that the Active Directory is functioning properly and repeat
    >
    > enumeration of the zone. The extended error debug information (which
    > may be empty) is "". The event data contains the error.
    >
    >
    > For more information, see Help and Support Center at
    > http://go.microsoft.com/fwlink/events.asp.
    >
    >
    > 0000: 2a 23 00 00 *#..
    > ------------------------------------------------------------­--
    > The DNS server was unable to complete directory service enumeration of
    > zone goshen.tau.ac.il. This DNS server is configured to use
    > information obtained from Active Directory for this zone and is unable
    > to load the zone without it. Check that the Active Directory is
    > functioning properly and repeat enumeration of the zone. The extended
    > error debug information (which may be empty) is "". The event data
    > contains the error.
    >
    >
    > For more information, see Help and Support Center at
    > http://go.microsoft.com/fwlink/events.asp.
    >
    >
    > 0000: 2a 23 00 00 *#..
    > ------------------------------------------------------------­-----
    >
    >
    > Can't figure out what to do. Any ideas?
    >
    >
    > Thanks a lot!
    > Amit
    >
    >
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Whats wrong with the replies you got here?

    http://www.mcse.ms/message1411965.html

    http://surl.co.uk/?1216

    Original URL:
    http://groups.google.co.uk/groups?hl=en&lr=&threadm=1108589413.139254.201640%40c13g2000cwb.googlegroups.com&rnum=4&prev=/groups%3Fq%3DThe%2BDNS%2Bserver%2Bwas%2Bunable%2Bto%2Bcomplete%2Bdirectory%2Bservice%2Benumeration%26hl%3Den%26lr%3D%26sa%3DN%26scoring%3Dd

    In any case, see if this helps;

    http://www.xtremepccentral.com/forums/showthread.php?t=9067
    http://forums.binarydreams.us/showthread.php?t=3585

    http://surl.co.uk/?1217

    Original URL:
    http://groups.google.co.uk/groups?hl=en&lr=&threadm=13536E65-37A7-44F0-A4BD-1C7AD975A907%40microsoft.com&rnum=9&prev=/groups%3Fq%3DThe%2BDNS%2Bserver%2Bwas%2Bunable%2Bto%2Bcomplete%2Bdirectory%2Bservice%2Benumeration%26hl%3Den%26lr%3D%26sa%3DN%26scoring%3Dd
    --
    Regards

    Steven Burn
    Ur I.T. Mate Group
    www.it-mate.co.uk

    Keeping it FREE!

    "amitos" <amitstei@gmail.com> wrote in message news:1109246636.198711.58640@l41g2000cwc.googlegroups.com...
    Hi!


    I am having a longstanding problem with XP Pro clients trying to logon
    to windows 2003 domain controller. It is EXTREMELY slow. I watched the
    postings here, and all the following is configured:
    1. All clients point to and only to the DC as a DNS
    2. The DC has DNS pointing to itself and DNS forwarding is to the ISP
    3. Forced Kerberos to use TCP

    ---------------------------------------------
    I have tried NSLookup without parameters:


    C:\>nslookup
    Default Server: crowder.tau.ac.il
    Address: 132.66.156.44
    ----------------------------------------------


    Which seems correct (this is the name and IP of the DC)


    -----------------------------------------------
    I tried NSLookup for the domain ("Goshen")


    C:\>nslookup goshen
    Server: crowder.tau.ac.il
    Address: 132.66.156.44


    Name: goshen.tau.ac.il
    Address: 132.66.156.44
    ----------------------------------------------------


    Here I get two responses - might this be the problem?


    I get three DNS error messages on every restart of the server (in this
    order):


    The DNS server has encountered a critical error from the Active
    Directory. Check that the Active Directory is functioning properly. The

    extended error debug information (which may be empty) is "". The event
    data contains the error.


    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.


    51 00 00 00
    -----------------------------------------------------------
    The DNS server was unable to complete directory service enumeration of
    zone .. This DNS server is configured to use information obtained from

    Active Directory for this zone and is unable to load the zone without
    it. Check that the Active Directory is functioning properly and repeat

    enumeration of the zone. The extended error debug information (which
    may be empty) is "". The event data contains the error.


    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.


    0000: 2a 23 00 00 *#..
    ------------------------------------------------------------­--
    The DNS server was unable to complete directory service enumeration of
    zone goshen.tau.ac.il. This DNS server is configured to use
    information obtained from Active Directory for this zone and is unable
    to load the zone without it. Check that the Active Directory is
    functioning properly and repeat enumeration of the zone. The extended
    error debug information (which may be empty) is "". The event data
    contains the error.


    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.


    0000: 2a 23 00 00 *#..
    ------------------------------------------------------------­-----


    Can't figure out what to do. Any ideas?


    Thanks a lot!
    Amit
Ask a new question

Read More

Windows Server 2003 Workstations Active Directory Windows