Slow D.C.

[anaheim99]

Hello all. I have a situation that I have a server here are specs:
Advance server2k with the latest service pack.
celeron 466
192 mb RAM pc100
20 gig H.D.
I have about 5 computers running WinXP or win2k pro. The problem is that it takes so long for the clients to log in to the computers. For example one of the computers is a:
P3 550 mhz
256 RAM pc133
15 gig H.D.
WinXP pro
Now when I log to the domain it takes about 3-4 min on the screen that says APPLYING COMPUTER SETTINGS, or in the screen saying APPLYING PERSONAL SETTINGS.
Now when I log locally to the computer itself it takes less than a minute to get to my desktop. Is it the SERVER that is just to slow or can I tweak some settings. Any advise would be appreciated. Thanks in advance.

[twwabw]

My guess is DNS. Once you're finally logged in, post some of your settings for us. At a command prompt, type ipconfig /all, and does it show your DC's IP for DNS server?

Any event viewer errors?

[koldchillah]

sounds like DNS to me too.. One way to tell is to boot up and log in with the NIC unplugged. If it logs in fine, then check your DNS settings. Even though you have the NIC unplugged it should still let you login b/c the account will be cached..

Are you running DNS on the server as well or are you using the ISP's DNS servers?

[twwabw]

Originally posted by koldchillah
Are you running DNS on the server as well or are you using the ISP's DNS servers?

Since he said it's a DC, DNS must be set up, but not necessarily correctly. I hope he posts back with some results.

Also just occurred to me if he's using roaming profiles? Those can get obscene.

[anaheim99]

o.k., I did run ipconfig and my DNS show up as the Server and my linksys router.

[anaheim99]

sorry my last reply was wrong. It shows up with 3 DNS. My first two of my ISP wich is a static account and then the 3rd is my actual server. I dont have roaming profiles.

[twwabw]

Your DNS is set up incorrectly on the server. When Ipconfig is run on a client, it should only show the IP of the Internal DNS server (your DC in this case). You have not set up forwarders correctly. The reason your PC's are taking so long is they are trying to register the connection on your ISP's DNS servers.

It should look something like this:

Dhcp Enabled. . . . . . . . . . .. : Yes
Autoconfiguration Enabled . : Yes
IP Address. . . . . . . . . . . ..... : 192.168.10.104
Subnet Mask . . . . . . . . . . ... : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.1
DHCP Server . . . . . . . . . . ... : 192.168.10.10
DNS Servers . . . . . . . . . . ... : 192.168.10.10

[anaheim99]

hum, I thought I set itup right, Is there a link,doc that you think can help me out here on how exactly to set up the DNS forward?

[twwabw]

Actually, the Help section in server is pretty thorough.



Also make sure DNS entries are correctly added to your DHCP scope options.



Then, don't forget to set up your reverse lookup zones.

[anaheim99]

Thanks for the help everyone, I will try this right now and post in a few to let you guys know what happend.

[anaheim99]

A quick question, on the FORWARERS tab, I enable forwarders and what ip address do I add

[twwabw]

You add your ISP's DNS servers

[anaheim99]

wow, thank you for your help, i noticed a big improvement. Thanks to all who took time to respond, especially TWWABW!!!!
I hope I'm not pushing it, but there is no other tweaks i can do right? Thanks againg to all!!!!!!

[koldchillah]

Originally posted by twwabw
roaming profiles? Those can get obscene.

[anaheim99]

I got some bad new. It still did not fix my issue. I had to reboot my pc and still lags the same amount time. I run ipconfig /all and now my DNS points to my server and nothing else but still slow.
I set up my forwards just how the screen shots show but still no luck. I'm lost

[twwabw]

Post back when you come back to the forum: what items are in your server and workstation event viewers? A little tough to envision without being in front of the systems, but I still believe there is a DNS issue. What does pc show during ipconfig /all? Still only showing DC? How about when you run the cmd on the server?

[YeOldeStonecat]

I'm wondering about hardware specs. Adv 2K Server running on a 66 FSB Celery with only 192 megs? Ouch. Also what are your TCP properties on the server itself. Are you running 10Base network?

[twwabw]

I've actually had it running as a DC on a PII350, w/256, and it ran fine. Without a bunch of additional programs, 2K as a DC doesn't consume much. While his machine is no screamer, that doesn't account for a 5 minute logon- something else is up.

This snapshot is one I just took of a client's DC- Win2k; running NAV 8.0; print and file services; and that's about it.

[YeOldeStonecat]

Originally posted by twwabw
I've actually had it running as a DC on a PII350, w/256, and it ran fine. Without a bunch of additional programs, 2K as a DC doesn't consume much. While his machine is no screamer, that doesn't account for a 5 minute logon- something else is up.

Including clients of low power running XP? I'm wondering between the server doing its authentication, and the client applying them....sum of both of them = a rather long time.

On yours, I would gladly take a PII350 over a Celery 466....the 350 runs on a 100 FSB (Celery is 66), and the 350 has 512 cache (Celery 128). I've really disliked an NT based OS on a Celery, sure they worked OK for Win9X on common applications, but seem to really struggle with NT.

Add...with your server...I'm going to guess it's a pretty decent one, in good shape...a real server box. His specs, seeing Celery with an ATA HD....makes me think clone tower, unknown memory, I see ATA HD, etc.

[twwabw]

I understand what you're saying, and no- I've never tried one on a Cel w/IDE drives. I imagine for most operations it's a real slug.

The client PC I posted is an old Proliant 800 (pretty much same as mine) w/PIII 550, 384; raid blah blah blah.

But... BIG but.... 5 minutes to authenticate? There just isn't that much going accross the pipe or for the server to do on a login with roaming profiles.

Could be wrong- it's only happened 132,467 times before

[YeOldeStonecat]

Originally posted by twwabw

But... BIG but.... 5 minutes to authenticate? There just isn't that much going accross the pipe or for the server to do on a login with roaming profiles.

Could be wrong- it's only happened 132,467 times before

Haul your boat yet?

Yeah, 5 I'd agree...he did say 3-4, and we don't know if it's stopwatched...or "he thinks it feels like 3-4"....when in reality is 2-3 minutes or so. Dunno about roaming profiles yet. Is he on a 10 base hub? Health of network wiring?

Don't know what else is running on the server, but I'll wager he's close to hitting his pagefile just moving the mouse on that thing, or clicking his start button. Pagefile on a Celery with an ATA drive = performance on a glacial scale.

DNS misconfigurations will usually show up when you're first joining the domain, or doing something like adding the users domain account to the local admin group. You get halfway through it, and get that error message that it cannot contact the domain. Then again, possibly it could have been setup correctly before, then had some TCP changes so now it's off.

[twwabw]

Actually , no forwarders does this exact same ting. Try it some time. The client still resolve internet because they see ISP and internal DNS, but have a hard time logging on, as their PC tries to authenticate with other DNS.

Haul your boat yet?

Yep... Oct 11th- I hate that!!

[YeOldeStonecat]

Originally posted by twwabw
Actually , no forwarders does this exact same ting. Try it some time. The client still resolve internet because they see ISP and internal DNS, but have a hard time logging on, as their PC tries to authenticate with other DNS.

I've worked on networks where the DC wasn't being handed out as the DNS server for all clients (in other words....the clients were getting their DHCP from the router...which means they were getting the ISP's DNS servers). (setup by someone else obviously) Those networks..the clients have a rough time logging into the domain..when you set them up the first time...just trying to join the domain the very first time. You'll often get some error regarding communicating with the domain. Again, if you manage to join the domain (sometimes you actually can get by that first hiccup), you'll usually get errors down the road, or certainly encounter a problem in AD when you try to add the domain users account to the local admin group. That's usually a show stopper right there, which makes me think it's not his issue. But he may be running without having set all that up.

I agree the setup you illustrate is what one should have....that's what I've been doing with 2 K Server. DNS is key. DNS forwarding needs to be setup as you show, and I prefer to have the DC be the only DNS server handed out to clients, although some people like the redundancy of having the ISP's DNS server ALSO handed out via DHCP...as secondary DNS. I've done that myself in some situations. Long as the DC is the primary DNS server. And in the servers TCP properties, have it's own IP as the one and only DNS server.

[twwabw]

Interesting thought about DHCP.... I wonder if his router is handling DHCP? If it is, then yes- it will hand out ISP's DNS servers. Forgot all about that (a mind is a terrible thing to waste )

So how about it anaheim99 - is your router handling DHCP, or is your server?

[YeOldeStonecat]

Originally posted by twwabw

Yep... Oct 11th- I hate that!!

Yup...a tear was shed when I pulled her out. ///sniff sniff///
Sitting in the backyard now, waiting for me to winterize her this weekend. Naturally we'll have great weather this weekend...one of those indian summer weekends...I'll be temped to dunk her again . Heh.

[twwabw]

waiting for me to winterize her this weekend

I'll trade your winterizing job with ya' . 16 quarts of oil; 2 oil filters; 2 water seperators; 8 gal. of antifreeze; 1.5 hernias from hoisting batteries; but at least I got to "dispose" of the beer in the fridge

[YeOldeStonecat]

Originally posted by twwabw
I'll trade your winterizing job with ya' . 16 quarts of oil; 2 oil filters; 2 water seperators; 8 gal. of antifreeze; 1.5 hernias from hoisting batteries; but at least I got to "dispose" of the beer in the fridge

Reminds me of my twin engined jet boat...what a pain putting the No Burst in those engines and manifolds, and exhaust sytems.

Outboard should be easy this year, although this spring I wish to redo the gelcoat on the top, put on a new rubrail too.

[anaheim99]

Hello all. o.k. when I type ipconfig /all on my server I get
ip address....10.0.1.3
subnet.........255.255.255.0
gateway.......10.0.1.1
DNS................10.0.1.3
DNS.................10.0.1.1
STATIC IP ADDRESS

on the client
ip address........10.0.1.100
subnet..............255.255.255.0
gateway............10.0.1.1
DNS.....................10.0.1.3
DHCP CLIENT

My router is a linksys router BEFSX41 and it does handle the DHCP. my nic card on the server and the client are 10/100 nics set to detect automatic.

[YeOldeStonecat]

Looks like you reconfigured the DHCP service on the router to hand out information properly.

Can you do an "ipconfig /all" on both the server and workstation?

[YeOldeStonecat]

I also see the server has the routers IP as a secondary DNS server. Not really optimal, yes the router will relay DNS to whatever it's handed for DNS servers by your ISP on the WAN side....but I'd still just yank that second entry.

[twwabw]

The ONLY IP address a properly configured 2K DNS server should show is it's own IP- no exception. If it shows anything else, it's wrong.

The only manual DNS entry you should have in your Server's tcp/ip properties is it's own IP address.

Ideally, I would NOT have the router handling DHCP- you have very little control over the properties. You should set up the server for DHCP, and set up the appropriate options.

The fact that you are still showing another DNS server means DNS is incorrect.

this is vital to an AD 2K setup.

[anaheim99]

On my last reply I did post the results of the servers ip address and the clients ip address. I also did take out the second entry on the server of the DNS so now it just has it's own.

[YeOldeStonecat]

Originally posted by anaheim99
On my last reply I did post the results of the servers ip address and the clients ip address. I also did take out the second entry on the server of the DNS so now it just has it's own.

Doing an "ipconfig /all" gives more details though...then the plain "ipconfig" which you posted.

[anaheim99]

o.k. what info should I be looking for when I run ipconfig /all

[twwabw]

I'm confused- the last reply I see from you is this:

ip address....10.0.1.3
subnet.........255.255.255.0
gateway.......10.0.1.1
DNS................10.0.1.3
DNS.................10.0.1.1
STATIC IP ADDRESS


This still shows the router DNS. Maybe I'm missing a post???

Also, you've never answered about event viewer errors. Any on the server? Any on the clients? And, after making DNS changes, I'd either be re-booting all (server and clients- wait for server to finish though!) and flush the DNS cache.

[anaheim99]

yes, I did post after that one, that I did remove the routers ip address from the srvers DNS.

[twwabw]

One last time.......

you've never answered about event viewer errors. Any on the server? Any on the clients?

[anaheim99]

after the DNS changes I rebooted server and clients and still took long to log in, I checked the even viewer for error messages and did not find errors, I also checked cpu usage and meme usage
on both server and client and have less thand half of it in use.

[twwabw]

Well, glad there's no errors. How long (specifically) does it take to log on?

[anaheim99]

2-3 and I actually did look at my clock. Like I said in my first post, could it just be that my server is just too old or not up to par to be a win2k server?