Slow logon

  • Thread starter Thread starter Tom
  • Start date Start date
T

Tom

I have an account that has an existing AD network. When I first came on
site I noticed that DNS had no forward lookup zone and had the '.'
I thought that I'd come back and 'correct' that at some later date.

I had to replace the owners computer. A few days later he complained that
it would take minutes to access the network resources. I thought NOW is the
time to fix the DNS so I went to the account and removed the dot and created
a forward lookup zone with a forwarder to the on site LinkSys router (which
should push traffic to the ISP, right?). Everything worked fine.

I got a call saying the problem remains for the boss's PC and, this morning,
the ISP went down and ALL the units took 15 minutes to log in.

I've verified that DHCP is providing the DNS / AD server as the DNS server.
Even with the ISP down, logging in should only be local, right?
What did I do wrong or what can the problem be?

Thanks,
Tom
 
Tom said:
I have an account that has an existing AD network. When I first came
on site I noticed that DNS had no forward lookup zone and had the '.'
I thought that I'd come back and 'correct' that at some later date.
Click to expand...

If there was no forward lookup zone at all, sounds like there were larger
problems than with the lack of forwarders for Internet name resolution.....
was that a typo?
I had to replace the owners computer. A few days later he complained
that it would take minutes to access the network resources. I
thought NOW is the time to fix the DNS so I went to the account and
removed the dot and created a forward lookup zone with a forwarder to
the on site LinkSys router (which should push traffic to the ISP,
right?). Everything worked fine.
Click to expand...

Not necessarily - I'd use your ISP's DNS servers.
I got a call saying the problem remains for the boss's PC and, this
morning, the ISP went down and ALL the units took 15 minutes to log
in.
Click to expand...

All servers and workstations should specify *only* the internal
AD-integrated DNS server's IP address in their network settings. The
AD-integrated DNS server should be set up with forwarders to your ISP's DNS
servers for external resolution.
I've verified that DHCP is providing the DNS / AD server as the DNS
server. Even with the ISP down, logging in should only be local,
right? What did I do wrong or what can the problem be?
Click to expand...

Likely the last paragraph I typed above....
 
In
Tom said:
I have an account that has an existing AD network. When
I first came on site I noticed that DNS had no forward
lookup zone and had the '.'
I thought that I'd come back and 'correct' that at some
later date.

I had to replace the owners computer. A few days later
he complained that it would take minutes to access the
network resources. I thought NOW is the time to fix the
DNS so I went to the account and removed the dot and
created a forward lookup zone with a forwarder to the on
site LinkSys router (which should push traffic to the
ISP, right?). Everything worked fine.

I got a call saying the problem remains for the boss's PC
and, this morning, the ISP went down and ALL the units
took 15 minutes to log in.

I've verified that DHCP is providing the DNS / AD server
as the DNS server. Even with the ISP down, logging in
should only be local, right?
What did I do wrong or what can the problem be?
Click to expand...

Create a forward lookup zone with the name of the AD Domain in AD users and
computers, set it to allow dynamic updates. Delete the " . " forward lookup
zone if they want internet access.

Make sure all machines use only the local DNS address for DNS, never the
ISP's DNS in any position on the NIC. The ISP's DNS can be used only as a
forwarder.
 
Thanks guys.

I thought I did all that but I'll find out in the morning when I'm back out
at the client.
Other than the client PC cache, are there any other DNS entries I should be
concerned with?

Thanks again,
Tom
 
In
Tom said:
Thanks guys.

I thought I did all that but I'll find out in the morning
when I'm back out at the client.
Other than the client PC cache, are there any other DNS
entries I should be concerned with?
Click to expand...

Long logons tend to almost 100% of the time be related to using your ISPs'
DNS in TCP/IP properties.
If that doesn't help post the ipconfig /all from the DC and a client.
 
Okay...I went out and simply deleted the existing lookup zones and recreated
them insuring AD integration and proper ISP forwarders.

Worked like a charm!

Thanks all.
 
In
Tom said:
Okay...I went out and simply deleted the existing lookup
zones and recreated them insuring AD integration and
proper ISP forwarders.

Worked like a charm!
Click to expand...

Step back ten and punt is sometimes all you need to do.
 
Back
Top