DNS and router table issues with reconfig of DNS servers?

hey gurus

scenario:

we have been having slow logons with XP pro only
none of our 2k pro machines sit at Applying Computer Settings
for 3-5 minutes. They are random times, users, and PCs.

we have been also having network issues with cracking of our phone lines and slow network movement; users tell me
that their applications are running slow( the applications using the network).

no event erros leading to believe it is DNS? ***! guys!

had to reboot all 3 network(site) routers the other day to
refresh the network again and it worked. all three routers
were stalling..*** is going on with the routers all stalling.
not responding and all. what causes this?
do you think DNS plays a role or maybe when we change the DNS configuration on our DNS servers the routers didnt get the updated DNS information and maybe routing tables in the routers are jacked???? what you guysthink

thanks


i have sqeezed performance out of GPO and each PC with all the tricks but nothing! and nothing in event logs on clients and DCs????

DNS and routers/tables is what I think help!
thanks

 

On a Win2k domain slow logon and DNS error problems are almost always a combination of:

1. Autosensing failure between switch and workstation NIC; you can use this matrix for some hints as to how to force the workstation nic settings:

Code:

[FONT= "Courier New"]Workstation      Switch          Result

Forced Half      Forced Half     Works
Forced Full      Forced Full     Works
Auto             Auto            Maybe
Forced Full      Auto            NO
Auto             Forced Full     NO
Forced Half      Forced Full     NO
Forced Full      Forced Half     NO[/FONT]

2. DNS resolution issues.

Slow logons from XP to a win2000 domain usually indicate a DNS misconfiguration issue. While the following is not a fix-all for all AD-domain problems, it is an absolute requirement that DNS is set up correctly before it will work properly. If your DNS is not set up like this, then you will experience slow logon and other DNS problems. XP differs from previous versions of windows in that it uses DNS as it's primary name resolution method for finding domain controllers:
How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;314861

If DNS is misconfigured, XP will spend a lot of time waiting for it to timeout before it tries using legacy NT4 sytle NetBIOS. (Which may or may not work.)

1. Ensure that the XP clients are all configured to point to the local DNS server which hosts the AD domain. That will probably be the Win2k server itself. They should NOT be pointing to an ISP's DNS server. An 'ipconfig /all' on the XP box should reveal ONLY the domain's DNS server. You should use the DHCP server to push out the local DNS server address.

2. Ensure DNS server on win2k is configured to permit dynamic updates. Ensure the win2k server points to itself as a DNS server using 127.0.0.1 as the DNS address.

3. For external (internet) name resolution, specify your ISP's DNS server not on the clients, but in the forwarders tab of the local Win2k DNS server. On the DNS server, if you cannot access the 'Forwarders' and 'Root Hints' tabs because they are greyed out, that is because there is a root zone ( ". ") present on the DNS server. You MUST delete this root zone to permit the server to forward unresolved queries to yout ISP or the root servers. Accept any nags etc, and let it delete any corresponding reverse lookup zones if it asks.

The following articles may assist you in setting up DNS correctly:
Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/default.aspx?scid=kb;en-us;237675

HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202

3. Asynchronous processing of logon commands.

You may experience extremely long delays (up to 5 minutes) when logging into domains using Windows XP Pro. This is caused by the asyncronous loading of networking during the boot up process. This speeds up the login process in a stand-alone workstation by allowing the user to log in with cached logon credentials before the network is fully ready.

To disable this "feature" and restore your domain logons to their normal speed, open the MMC and add the group policy snap-in. Under Computer Configuration-->Administrative Templates-->System-->Logon, change "Always wait for the network at computer startup and logon " to ENABLED.

This can be fed to clients via a group policy from a Windows 2000 server by upgrading the standard policy template with the XP policy template. Since this is an XP only command, non-XP systems will ignore it in a domain distributed group policy.

 

wow! i will try all that you said thanks
the command setting on #1 are on cisco switches right?

and the Async setting; i dont get it the quote above.
i thought it would make the network logons faster if you dont wait for network? i dont get it?

itdaddy

 

islanding DNS servers

we use to have all DNS server point to themselves and things were fine
but recently a contracted Network Engineer, reconfig our DNS controllers
to all point to one Primary (i know in AD-integrated no primary just my words)
but all DNS servers Primary DNS is the PDC emulator (dns server).


i was reading on this; he has it right i think but once certain SRV records
or somthing like that are established on all DNS servers; it is an option to reset them back to point to themselves. I think we should do that;
it all kind of started to have issues when he did that; but i like all your suggestions. cant wait to be a CCNA then i could understand your switch
comments on workstation NIC relationships...

confused on the ENABLE GPO on wait for network startup ...thought
that it would help if I disabled this so it would cache credentials and
logon faster; totally confused on this?

 

You are discussing what the XP designers hoped would be the case -- that both Domain and non-Domain logon screens would appear more quickly than they had in Win2k. And they do. But between the time the logon username and password and the user can use the computer can become extensively delayed.

Moreoever, changes in Group policy, folder redirection, logon script changes, and other aspects of Domain management can take up to three logons before they occur -- and then only because XP has been forced out of asynchronous logon processing mode for its second and third logons. By short, by default XP does not wait for the network stack to become active before presenting the user with the logon dialog. This allows for a faster appearance of the logon screen. The thing here is that User and Computer policy can't process until the network stack comes up and a DC is contacted. By enabling the setting we've been discussing, the OS waits for the network stack before presenting the logon dialog. As soon as the network stack is available, a logon is made available and Computer policy begins processing. As soon as a logon event occurs, User policy can be processed. Thus ensuring that policy is processed at logon.

For Windows 2000, and take note here, for Windows 2003 and Vista the GPO's are processed synchronously, which means when the system boots up the Computer GPO is processed, and when the logon box comes up the Computer GPO has been completed. Then a user logs on and when the desktop is displayed all the User GPO's have been processed.

However in Windows XP, the GPO's are processed Asynchronously, due to the default Fast Logon setting for Windows XP desktops. Which means as the computer is booting up and processing it is trying to get to the Logon screen as fast as it can (while some Computer GPO's may not get applied). The same thing applies to the User GPO's. What that means is that it may require an additional reboot or logoff to get the GPO's applied. One way to circumvent asynchronous processing (so an XP machine boots more like 2000 and 2003 machines) is to set the "Always wait for the network at computer Startup and logon" policy setting to enabled.

You could write your way out of this GPO situation by adjusting the properties on all the CSE (Client Side Extensions) through Group Policy. This is rather tedious, but possible. See: http://www.gpoguy.com/FAQs/Foreground-Background.htm

Even if you do not make the suggested Group Policy change to Fast Logon Optomization for XP clients, it is not always turned on. In the following cases the Group Policy edit I suggested above will effectively be done for you:

. If a user has never logged in at that workstation before;
. If a user with a roaming profile, home directory, or user object logon script logs on to a computer, Windows XP always waits for the network to be initialized before logging the user on.

Finally, consider the psychological impact: The user enters their username and password and then waits, and waits, for the desktop to appear. Or, the user enters their username and password and the desktop appears quickly. Fast Optomization gives you the former; setting the Group Policy as I suggested way above gives you the latter result.

 

Excellent stuff. I've added a link to this thread to the Network Forum FAQ.

 

thanks bill

thanks bill for all your great help; dude you are a rocket scientist
thanks so much. will let you know how it turns out.
might be this friday; we have a network engineer coming in to look at our network and will mention to him what you said after he cant find the right answer such as yours; get it man! thanks
somuch you rock!