Desperate: Windows XP SP2 intermittent slow logins to Windows 2K AD Domain

Discussion in 'Windows Networking' started by Summer Breeze, Mar 18, 2005.

  1. Summer Breeze

    Don Wilwol Guest

    Which brings up back to checking the DNS and AD
    Open the DNS console
    You should have a forward look up zone
    You should have a forward look up zone

    I have attached a screen shot at

    You will be able to drill down under the sub folders.
    Under DC in
    make sure you have _kerberos and _ldap and make sure the records under there
    point to your DC.
    Same thing under domains, browse down until you hit the _ldap record, make
    sure it points to the DC.

    Under the zone, make sure the sub zones are there.

    If you only have one DC, all srv records should point to it.

    If these records are not intact, AD will not function properly, and clients
    will have problems authenticating. This can cause slow logons, or no login
    at all, you will have problems adding servers, additional domain controllers
    and Exchange servers. It can cause cluster and other services to fail.

    If these records are there, then the clients are usually misconfigured or
    there is a network issue.
    If the DHCP scope has recently been changed, run "ipconfig /release"
    then "ipconfig /renew".
    Run ipconfig /registerdns
    Run ipconfig and make sure the clients are getting the right address.
    Its always possible DHCP has been misconfigured or there are more than one
    DHCP servers on the network. Even if one of them got put there accidentally.

    If these records are missing, here are some troubleshooting procedures to
    Make sure the DC points to the DNS server. If the DC is a DNS server(as
    in this case) it HAS to point to itself.
    Run netdiag /fix on the DC
    Run dcdiag / fix on the DC.
    Rebooting or stopping and starting the netlogon service "should" also

    Make sure if any of the servers have multiple NICs attached to the network,
    that they are all configured properly. It is best practice to disable any
    NIC not being used.

    I had one instance where the only way I could solve the issue was completely
    remove DNS, and reinstall it. To do this you should change the zone to
    standard primary, (so it doesn't get replicated automatically) add another
    DNS server, point everything to it, then remove DNS on the original. If this
    fixes the problem, you can move the DNS server back to the original by
    simply re-installing DNS. An Active directory integrated zone replicates

    Hope it helps...........


    Don Wilwol
    Blog -
    Web -
    Don Wilwol, Mar 20, 2005
    1. Advertisements

  2. In
    Most off this above is not relevant, this is a Win2k domain.

    He should just have the four AD subfolders and the SRV records they contain.

    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    Keep a back up of your OE settings and folders
    with OEBackup:
    Kevin D. Goodknecht Sr. [MVP], Mar 20, 2005
    1. Advertisements

  3. Summer Breeze

    Don Wilwol Guest

    Ahh, I didn't think of the 2k thing, you are right there, but DNS still
    needs the appropriate records for AD to function. If the srv records are not
    there, it will not work properly.

    Then the client needs to be points to the appropriate DNS server. I've found
    many of these instances where the clients still point to the outside (isp)
    DNS so they have problems finding the domain.

    The way netdiag is failing certainly points to the AD controller not being
    registered in DNS, but its hard to really tell when you can't just look at

    It seems fairly certain its a DNS issue, we just need to distinguish whether
    its on the client side or server side. My guess at this point is still at
    the server side. This is a fairly prevalent issue.

    Hope it helps...........


    Don Wilwol
    Blog -
    Web -
    Don Wilwol, Mar 20, 2005
  4. All of the records are correct. However there was an extra entry under with the name of the server which I removed. I ran netdiag /fix
    and it came back with no errors. I'll check the logins tomorrow morning.
    Thanks guys.
    Summer Breeze, Mar 20, 2005
  5. Well after all that it turned out to be 2 things. An invalid entry in the
    DNS under and an error in GPO that was pointing to IUSR and
    IWAM accounts from an old DC that was removed. Thanks Kevin and Don for all
    of your help in this matter. You are both truly MVP's for taking your time
    to help others out.
    Summer Breeze, Mar 21, 2005
  6. Summer Breeze

    Don Wilwol Guest

    Don Wilwol, Mar 21, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.