Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, January 17, 2011 6:00 AM
Dear All,
In My Environment I have Two Windows Server 2008 DC. One is PDC and other one is ADC. Both are upgarded from Windows Server 2003 to 2008 longback. My PDC holds all the FSMO Roles. Every day I am facing the login issue on minimum 10 Windows XP & embedded machines in my network. If I re-add the machines to domain, all works fine. Why this issue is occuring. How to troubleshoot this problem. How to find out the root cause. Please provide me the solution for this.
All replies (6)
Monday, January 17, 2011 8:47 AM
Hello,
logon problems often belong to incorrect DNS settings, please post an unedited ipconfig /all from the DCs and a problem client.
Also make sure Fast logon optimization is disabled:
http://technet.microsoft.com/en-us/library/cc780527(WS.10).aspx and http://support.microsoft.com/kb/305293
Are the machines created from an image/clone that is not prepared with sysprep?
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Tuesday, January 18, 2011 4:57 AM
Hi,
Thanks for posting here.
In addiction ,You may also test the name resolution on domain controllers by using dcdiag utility with parameter /test:dns .
Please also check and post back the result here for further investigation.
Dcdiag
http://technet.microsoft.com/en-us/library/cc731968(WS.10).aspx
Thanks.
Tiger Li
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Tuesday, January 18, 2011 8:04 PM
Hello muralihyd,
I agree with Meinolf, long logon times are indicative of using the incorrect DNS entries on the client, such as if you have an ISP's DNS address entered.
Other causes:
- One of the DCs are multihomed
- Single Label Name AD DNS domain name
Without providing specific configuration info, it's difficult to ascertain the exact reason this is occuring. The requested ipconfig /all Meinolf asked for from your DCs, and of a sample workstation will help us evaluate your configuration. The tests Tiger requested, will help us evaluate any issues. Also post any Event log errors.
Thank you,
Ace
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Wednesday, January 19, 2011 8:56 AM
Hi Ace Fekay / Tiger Li,
Please find below the IP Configuration of My DC 1 (PDC)
C:\Users\administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : adsrv01
Primary Dns Suffix . . . . . . . : hastinapur.res
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hastinapur.res
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 00-21-5A-A8-27-32
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.16.1.36(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.16.1.10
DNS Servers . . . . . . . . . . . : 10.16.1.36
10.16.1.37
NetBIOS over Tcpip. . . . . . . . : Enabled
Please find below the IP Configuration of My DC 2 (ADC)
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : adsrv02
Primary Dns Suffix . . . . . . . : hastinapur.res
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hastinapur.res
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . : hastinapur.res
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 00-21-5A-AA-C9-EC
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.16.1.37(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.16.1.10
DNS Servers . . . . . . . . . . . : 10.16.1.37
10.16.1.36
NetBIOS over Tcpip. . . . . . . . : Enabled
Also I am getting a Warning in event viewer, Please find the details below,
Log Name - DNS Server
Source - DNS Server Service
Event ID - 4013
Details :
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
Thanks
Murali
Wednesday, January 19, 2011 11:39 AM
Hello,
the ipconfig look ok for the servers, what about a client ipconfig /all? Did you check the fast logon optimization settings?
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Wednesday, January 19, 2011 2:50 PM
I agree with Meinolf, the configs look good, but we'll need to see one from a workstation that is experiencing the issue, and possibly one from a workstation that is not experiencing the issue.
You can ignore the 4013, since they only appear at startup. If you want to eliminate them, you can point the first address to the partner DC and the second address to itself. But as said, I usually just ignore them.
Ace
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
This posting is provided AS-IS with no warranties or guarantees and confers no rights.