Several of the client computers I support have a logon problem - it takes them about 6 minutes to boot when using a domain logon. Logging in to the computer itself takes about 1.5 minutes. They are also a little slow to get the network shares - about 20 sec instead of nearly instant. Once the share is up, data transfer is nominal for the network.

The other problem is any new accounts I create on the domain controller can't be logged into. All the old accounts are no problem, but any new account and the domain "is not available"

Here's the real puzzler: all the fast computers have TCP/IP pointing at the domain controller for DNS. When I try this for the slow computers, the domain is unavailable. When they can find DNS automatically, everything works, just slow.

Any suggestions where I should start researching this problem? Simple searches on the problem description haven't helped. I'm reduced to working my way through the "Windows server 2000 training kit for MCSA/MCSE" but it's hard going.
Thanks.

Here are a few suggestions you can try.


Did you set the primary domain suffix for the machines?
Check in Advanced TCP/IP Configuration (I hope that's what it's called in English, I only have a German Windows here.) under DNS. Is "Register Address of this connection in DNS" checked? And "Use DNS-Suffix of this Connection in DNS-Registration" too?


HTH

When the advanced TCP/IP settings and DNS etc. are all set to exactly the same as the working machines, I get the error message. The problem systems only work at all when DNS is set to automatic. And then they are very, very slow to access local resources. It takes about 5 minutes for them to work through a 6 line "net use etc." logon script, even though the internet is blazing fast.

The really bad news it one of the problem computers is the one that the boss is using.

Could all the ones having trouble be connected a switch that is having issues? Long shot but worth a look.

Could all the ones having trouble be connected a switch that is having issues? Long shot but worth a look.


Yup. Sounds like a routing problem. Try either swapping the patch cables at the switch (or, better) physically swap the machines and see what happens. Physically switching the machines is better because you completely eliminate the chance of any mid-cable weirdness (e.g. some dumb-dumb bringing in a WAP from home and plugging it in....)

Windows 2000, sounds like the system clocks are out of wack. Would explain why new users can not log in. Make sure all the servers and user computers are showing the same time and if not set up a time server.

Do you have a WINS server? Win2000 can only sorta handle TCP/IP without NetBIOS, that might be the reason why the net use stuff is so slow.
Do all machines register properly in DNS? I think the problem machines aren't able to register in DNS unless DHCP helps them along.
What client OS are you using?

Windows 2000, sounds like the system clocks are out of wack. Would explain why new users can not log in. Make sure all the servers and user computers are showing the same time and if not set up a time server.
Oooh.... Server clocks being out of sync can be a really nasty headache.

^-.-^

Thanks for all the great ideas. Implementing these should be enough to keep my hands full for a while. Thank you!

Oooh.... Server clocks being out of sync can be a really nasty headache.

^-.-^

Yes they can, even on XP machines it can be a big hassle. Caused us major headaches after the company I am with rolled out new systems accross the state I am in. But mostly that ended up being they didn't properly demote/remove the old time server which was also a domain controller (got new ones with the new system).

Yes they can, even on XP machines it can be a big hassle. Caused us major headaches after the company I am with rolled out new systems accross the state I am in. But mostly that ended up being they didn't properly demote/remove the old time server which was also a domain controller (got new ones with the new system).

NTP for the win. All Windows Server versions come with an NTP service, and all versions of Windows have a client for that service. Get this configured and you'll never have clock problems again.

Of course, I've never actually used the Windows stuff. Closest I've gotten is configuring an XP client to talk to OpenNTPD running on Gentoo.

Windows servers should automatically sync to the server with the PDC Emulator role. But windows 2000 servers will look at the right server using w32time when it is added to the domain. It wont change automatically if the role is moved to another server.

I have ran into this problem before, its a real headache because it can take months for the clocks to get far enough out of whack so it is impossible to track down the cause right away.

NTP for the win. All Windows Server versions come with an NTP service, and all versions of Windows have a client for that service. Get this configured and you'll never have clock problems again.

Of course, I've never actually used the Windows stuff. Closest I've gotten is configuring an XP client to talk to OpenNTPD running on Gentoo.

The issue we ran into happened when we rolled out new equipment. The servers remained, but all workstations were changed. I believe there were Windows 2000 and 2003 servers, and now we have 2003 and 2008. Instead of keying to the 2008 domain controllers for time, the new systems went to the older domain controller that was supposed to have been demoted. Caused a lot of operational problems. They didn't allow us field techs access to the servers to look into it. It was only found through eventviewer when I pasted it to the admins and they were immediately able to fix it.

I actually discovered the time problem at my company because I *gasp* read the error messages when I couldn't access any secured websites. The rest of my coworkers are really clueless when it comes to computers.

We've only got dedicated IT in-house twice a week, so the rest of the time we need to either not have a problem, or hope we don't have to call him in.

^-.-^