Active Directory: Incredibly slow login times from client comps

[Wyck]

I've got a demo copy of W2K Server and I can get Active Directory setup just fine - I can even join computers to the domain w/o issue - but when they actually log in as a user, it takes about 4-5 minutes before they load the desktop! This is a 1ghz server w/ 1.4+ghz workstations. The two work stations I've tried (mine and my roommates) were both using Windows XP. I just can't imagine that being the problem. It's like something is timing out... Anybody had similar problems and found a solution? Thanks

 

[mattbta]

On my network at home, I notice it takes quite a while for the OS to load to desktop when connecting to the domain. It has to apply all the user settings, etc. I'm not so sure why it's so slow. Mine doesn't take 4-5 mins though, maybe a min tops.

I also know that XP uses tcp/ip to do network communications as 9X/2k uses netbeui for transfers. This shouldn't be the cause of your delays tho.

All this rambling to say this- It does take noticeably longer to load when logging in to the domain, versus locally, but it shouldn't take THAT long.


What kind of speeds are you seeing in network file transfers? Maybe your NIC/hub/switch is bad?

 

[bsobel]

Are you running any personal firewall software on the desktop machines?

 

[watts3000]

Check the name of the domain. One of my coworkers set a clients network up for him. He did not follow the proper domain naming procedure. He used a www. prefix so whenever clents attemped to log in it would take forever. Also when the domain controller was booted it would take it as long as 15 minutes to come up keep in mind that this was a brand new compact server. The server was actually going out to the internet and trying to resolve the domain name that had been given to it which contained the www. prefix.

 

[Saltin]

Sounds like DNS problems to me too. How is your DNS set-up? Has the DC registered its SRV records in the proper places (automatic upon proper configuration)?
Under your forward lookup zone, you should see four folders named _msdcs, _sites, _tcp, _udp. This is where the DC registers its LDAP and Kerberos records. Kerberos, of course, handles client authentication. Any client machine is going to query DNS for these records pronto upon a user logon. If they arent there...well....I've seen things "work" w/o them, but not well, and not forever.

If those arent there you havent got a proper DNS set-up.

Common reasons that they arent registered automatically include...
1) Different AD and DNS forward lookup zone FQDN's. (They can be different in certain situations, but not any you are going to get involved in anytime soon)
2) DC is not a client of a DNS in it's own domain
3) Dynamic updates not enabled on the zone
4) DC is not configured to "register this connections address in DNS" under Advanced TCP/IP properties