Slow XP client logon

[Joseph Moran]

Hi.

I've got a newly-installed XP client on an Windows 2000
network (SBS) that is logging on to the domain very, very
slowly.

It's taking from 5-8 minutes, to complete the login
process. The issue is only on one particular machine, and
it occurs irrespective of who logs in, so it certainly
appears to be machine specific.

Aside from this slow logon, the machine appears to be
operating normally.

The server's Event Viewer contains several error messages
referencing the machine in question, and corresponding to
this client's attempt to authenticate to the domain.

They are:

Event ID 15
Source: Autoenrollment
Automatic certificate enrollment for local system failed
to contact the Active Directory. The specified domain
either does not exist or cannot be contacted. Automatic
Enrollment will not be performed.

Event ID 1053
Source: Userenv
Windows cannot determine the user or computer name. The
specified domain either does not exist or cannot be
contacted. Group Policy processing aborted.

Event ID 1054
Source: Userenv
Windows cannot obtain the domain controller name for your
computer network. The specified domain either does not
exist or cannot be contacted. Group Policy processing
aborted.

I can't find anything in KB about any of these entries.
Anyone have any ideas? Thanks in advance.

 

[Marina Roos]

Have a look at www.smallbizserver.net, Workstations. There is a whole
article available about the issues with XP.

Marina

 

[Steve Duff [MVP]]

My experience is that 9 out of 10 of the slow login
problems like this one are related in some way to
incorrect domain-server DNS configuration. The
error messages seem to support that possibility.

I would first verify all the client IP settings, run a netdiag /fix,
and then rejoin the client to the domain.

Steve Duff, MCSE
Ergodic Systems, Inc.

 

[NuT CrAcKeR]

I would agree, however i would also suggest looking at the order in which
DNS servers are being given to the client.

Most often this is a result of an inexperienced administrator specifying
Internet DNS servers before Local DNS servers that work with AD.

make sure that the AD DNS servers are listed first, and possibly remove any
references from the DHCP scope (I assume that this is what is being used) to
the public DNS servers. The local AD DNS server should be able to handle all
the lookups and forward lookups for the LAN.

NuTs

 

[Steve Duff [MVP]]

You CAN NOT list any outside DNS
servers, first, second or otherwise.
That is The Road to Madness.

All DNS servers must be capable of
at least answering queries for your
AD domain. If you need to list
the ISPs DNS, do so as a DNS server
forwarder.

Steve Duff, MCSE
Ergodic Systems, Inc.