Network takes a long, long time.

[Homerboy]

I recently set up a small LAN at my in-laws office... 1 SBS2003 server, and a handful of user machines running XP Pro.

Everything is working fine at this point however when the users log into the network it takes a LONG time (3+mins in some cases) fro them to actually get logged in after typing user name and password.

Employees have accounts created on the server as Users and 2 Power Users (owners). Once logged in everything runs fine and quickly, its just the initial login that is eternal.

Ideas?

 

[ND40oz]

Make sure your first DNS server on all the PCs is the IP of the Win 2k3 dc. You can either do this manually or go into your router and set it to hand that out as the first DNS Server entry.

 

[Homerboy]

Originally posted by: ND40oz
Make sure your first DNS server on all the PCs is the IP of the Win 2k3 dc. You can either do this manually or go into your router and set it to hand that out as the first DNS Server entry.

and 2nd DNS is the external DNS server from ISP correct?

 

[DaiShan]

Originally posted by: Homerboy

Originally posted by: ND40oz
Make sure your first DNS server on all the PCs is the IP of the Win 2k3 dc. You can either do this manually or go into your router and set it to hand that out as the first DNS Server entry.

and 2nd DNS is the external DNS server from ISP correct?

Yes, your secondary is the primary DNS from your ISP and your tertiary is the secondary DNS from your ISP.

 

[Homerboy]

Originally posted by: DaiShan

Originally posted by: Homerboy

Originally posted by: ND40oz
Make sure your first DNS server on all the PCs is the IP of the Win 2k3 dc. You can either do this manually or go into your router and set it to hand that out as the first DNS Server entry.

and 2nd DNS is the external DNS server from ISP correct?

Yes, your secondary is the primary DNS from your ISP and your tertiary is the secondary DNS from your ISP.

yeap all set
well no spot for tertiary though
1 will have to suffice

 

[DaiShan]

Originally posted by: Homerboy

Originally posted by: DaiShan

Originally posted by: Homerboy

Originally posted by: ND40oz
Make sure your first DNS server on all the PCs is the IP of the Win 2k3 dc. You can either do this manually or go into your router and set it to hand that out as the first DNS Server entry.

and 2nd DNS is the external DNS server from ISP correct?

Yes, your secondary is the primary DNS from your ISP and your tertiary is the secondary DNS from your ISP.

yeap all set
well no spot for tertiary though
1 will have to suffice

In TCP/IP properties click on Advanced then the DNS tab and you can add as many as you like.

 

[Homerboy]

In TCP/IP properties click on Advanced then the DNS tab and you can add as many as you like.

right but clients are all DHCP with only 2 spots on the router for DNS.
no biggy.

 

[stash]

Yes, your secondary is the primary DNS from your ISP and your tertiary is the secondary DNS from your ISP.

Absolutely not.

The only place your ISPs DNS servers should be configured is in the DNS forwarders. This is optional, since the DNS server has root hints. But you should never ever configure the clients to use an external DNS server, even as secondary or tertiary. If the primary DNS server does not respond in a timely fashion to a client, the client will fail over to the secondary DNS server and stay with that server until the client either doesn't get a timely response from the secondary or the client is rebooted. This means that all AD-related DNS queries will fail until the client is rebooted, typically.

If you let SBS install DHCP, it should've configured all of this correctly for you.

 

[DaiShan]

Originally posted by: stash

Yes, your secondary is the primary DNS from your ISP and your tertiary is the secondary DNS from your ISP.

Absolutely not.

The only place your ISPs DNS servers should be configured is in the DNS forwarders. This is optional, since the DNS server has root hints. But you should never ever configure the clients to use an external DNS server, even as secondary or tertiary. If the primary DNS server does not respond in a timely fashion to a client, the client will fail over to the secondary DNS server and stay with that server until the client either doesn't get a timely response from the secondary or the client is rebooted. This means that all AD-related DNS queries will fail until the client is rebooted, typically.

If you let SBS install DHCP, it should've configured all of this correctly for you.

Do me a favor on one of your domain attached computers and run ipconfig /all you will clearly see that the DHCP lease includes as the secondary DNS your primary DNS server from your ISP. I'll look for the KB article on this later.

 

[stash]

Do me a favor on one of your domain attached computers and run ipconfig /all you will clearly see that the DHCP lease includes as the secondary DNS your primary DNS server from your ISP. I'll look for the KB article on this later.

Uh, no I won't.

 

[Homerboy]

If you let SBS install DHCP, it should've configured all of this correctly for you.

Hind-sight is 20/20 I know I know...

 

[stash]

Don't get me wrong, you don't need to use the SBS DHCP server. Your router's DHCP should be fine. Just don't configure any ISP DNS servers in the scope options, and you'll be fine.

Here's a good KB article if you want more info on AD and DNS: http://support.microsoft.com/kb/291382/en-us

Question: Should I point the other Windows 2000-based and Windows Server 2003-based computers on my LAN to my ISP's DNS servers?

Answer: No. If a Windows 2000-based or Windows Server 2003-based server or workstation does not find the domain controller in DNS, you may experience issues joining the domain or logging on to the domain. A Windows 2000-based or Windows Server 2003-based computer's preferred DNS setting should point to the Windows 2000 or Windows Server 2003 domain controller running DNS. If you are using DHCP, make sure that you view scope option #15 for the correct DNS server settings for your LAN.

 

[stash]

Here's another one: http://support.microsoft.com/kb/825036/en-us

On Windows 2000 Server and Windows Server 2003 member servers, Microsoft recommends that you configure the DNS client settings according to these specifications:? Configure the primary and secondary DNS client settings to point to local primary and secondary DNS servers (if local DNS servers are available) that host the DNS zone for the computer's Active Directory domain.
? If there are no local DNS servers available, point to a DNS server for that computer's Active Directory domain that can be reached through a reliable WAN link (Up-time and bandwidth determine reliability.)
? Do not configure the client DNS settings to point to your ISP's DNS servers. If you do so, you may experience issues when you try to join the Windows 2000-based or Windows Server 2003-based server to the domain, or when you try to log on to the domain from that computer. Instead, the internal DNS server should forward to the ISP's DNS servers to resolve external names.

 

[Homerboy]

Originally posted by: stash
Don't get me wrong, you don't need to use the SBS DHCP server. Your router's DHCP should be fine. Just don't configure any ISP DNS servers in the scope options, and you'll be fine.

No I realize that in the long run either method is fine. I realize now that if I would have just let SBS do more of what its supposed to (like DHCP) I'd have less [potential] headaches.

 

[Genx87]

Originally posted by: DaiShan

Originally posted by: stash

Yes, your secondary is the primary DNS from your ISP and your tertiary is the secondary DNS from your ISP.

Absolutely not.

The only place your ISPs DNS servers should be configured is in the DNS forwarders. This is optional, since the DNS server has root hints. But you should never ever configure the clients to use an external DNS server, even as secondary or tertiary. If the primary DNS server does not respond in a timely fashion to a client, the client will fail over to the secondary DNS server and stay with that server until the client either doesn't get a timely response from the secondary or the client is rebooted. This means that all AD-related DNS queries will fail until the client is rebooted, typically.

If you let SBS install DHCP, it should've configured all of this correctly for you.

Do me a favor on one of your domain attached computers and run ipconfig /all you will clearly see that the DHCP lease includes as the secondary DNS your primary DNS server from your ISP. I'll look for the KB article on this later.

It shouldnt, in the scope options of your DHCP you set the primary and secondary DNS servers. You arent required to have a secondary if you dont have one.

I agree, setting an external DNS in the DHCP properties is a recipe for headaches as the clients query the external DNS looking for mydomeserver for authentication.

 

[spyordie007]

Originally posted by: Homerboy

Originally posted by: stash
Don't get me wrong, you don't need to use the SBS DHCP server. Your router's DHCP should be fine. Just don't configure any ISP DNS servers in the scope options, and you'll be fine.

No I realize that in the long run either method is fine. I realize now that if I would have just let SBS do more of what its supposed to (like DHCP) I'd have less [potential] headaches.

There are other good advantages to running DHCP on the Windows server, for example if you have clients that cant self-register in DNS the server can do it for you.

I also agree that setting an external DNS server as a secondary is not a good idea, the clients need to be looking at the internal DNS server(s) first which should be forwarding requests to the outside if they cannot resolve a host.

Erik

 

[Homerboy]

thanks for all the suggestions/help guys... next step is getting this FVCKING VPN client to work
REALLY pissing me off

 

[spikespiegal]

Stash and Spyordi are correct on the DNS issue.

 

[Homerboy]

Originally posted by: spikespiegal
Stash and Spyordi are correct on the DNS issue.

oh I know... I agreed with them from the get go.