Slow logins

Discussion in 'DNS Server' started by Rob, Dec 26, 2003.

  1. Rob

    Rob Guest

    I have a small domain running with DNS and Active directory on a single
    server.
    Recently name resolution has become very slow. When a user logs in it takes
    a long time for personnel settings to load.
    If I ping by server name it takes a few seconds (10sec) to resolve the name.
    If I ping by IP its instant.

    Any help would be appreciated.
    Thanks...
    Rob
     
    Rob, Dec 26, 2003
    #1
    1. Advertisements

  2. Check your dns server list on the client. Make sure it only points to the
    local dns server and not your ISP's dns server. If thats not it, we will
    need to check some other things on the server. Also run a dcdiag and
    netdiag on the server and netdiag on the client. See anything that sticks
    out? Check back. Cheers.
    --wjs
     
    William Stacey, Dec 26, 2003
    #2
    1. Advertisements

  3. Rob

    Rob Guest

    Already removed the local ISP DNS.
    But that was a good guess since this started happening just after the DSL
    service went out.
    Not sure why but the systems appears to have been looing to the internet.
    There is Active Directory running on this server also.
    You say to make sure that it points to the local server. That would mean its
    pointing to itself.
    According to Microsoft and the even viewer this is something that should not
    be done?
    Event ID 5781 appears.


    Thanks I will try the diags.
     
    Rob, Dec 26, 2003
    #3
  4. In Rob <> posted a question
    Then Kevin replied below:
    I hope William does not mind if I jump in here.
    : Already removed the local ISP DNS.
    : But that was a good guess since this started happening just after the
    : DSL service went out.
    : Not sure why but the systems appears to have been looing to the
    : internet. There is Active Directory running on this server also.
    : You say to make sure that it points to the local server. That would
    : mean its pointing to itself.

    Yes, this must be done, it must point to the IP of the private NIC.

    : According to Microsoft and the even viewer this is something that
    : should not be done?
    : Event ID 5781 appears.

    Does it only get the 5781 at start up?

    If it continually gets these I'm going to suspect the domain is a single
    label name (domain vs. domain.com) if this started after you installed SP4

    Please post an ipconfig /all and the domain name from ADU&C to verify this
    is a single label domain or a disjointed namespace.
    Either can be fixed but the single label domain name is only a work around
    and the domain will always have some trouble with that. Also, if you have
    any names in the DNS search list other than credentals those name should be
    removed.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your issue.
    To respond directly to me remove the nospam. from my email.
    ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
     
    Kevin D. Goodknecht [MVP], Dec 26, 2003
    #4
  5. The "DNS Server IP" in the TCP/IP tab *should point to itself (assuming we
    are only dealing with one DC), that is how it will register all its AD
    records into DNS so all the clients (and other servers) can resolve the
    required records. You probably are refering to the forwarders and/or
    root-hints. You should *not point a forwarder IP to itself or any
    root-hints IP, as this would be a loop and hence an error. I would check
    your dns server for this condition. If you have configured any forwarders,
    they should point to your ISP or your external dns resolver if you have one.
    hth
     
    William Stacey, Dec 27, 2003
    #5
  6. Rob

    Rob Guest

    Yes, Yes this did start to happen after SP4 was applied!
    More MS service Plaque!

    right now the domain is domain.domain.com
    Yes I did name it domain, I was very lazy. I also named the server,
    server.


    I won't be able to get a ipconfig /all for a few days. This is in an office
    not my home.

    do you have any samples of this.....single label domain name is only a work
    around


    Thanks,
    Robert
     
    Rob, Dec 28, 2003
    #6
  7. Rob

    Rob Guest

    Nope not pointing to any forwarders, actually as soon as the ISP went dead
    that was the first thing I shut down.
    I am confused though, If you remove the DNS it automatically puts in
    127.0.0.1 which we all know is the loopback.
    Yet according to what I have been reading you should not point to your own
    IP?
    So therefore I am confused.
    And no we do not have any external resolvers. Actually I do not want the
    server to access the internet at all.
    Only a few PCs will have access.

    Thanks
    Robert
     
    Rob, Dec 28, 2003
    #7
  8. In
    Actually you want to point to yourself if it's the only DC/DNS internally.
    If you have multiple DC/DNS you can point to the partner machine as the
    first entry, then itself and the same on the other one. There's actually a
    tech article pointing to this, but can't find it at the moment.

    Either way NEVER use the loopback or the ISP's. Use a forwarder, such as
    4.2.2.2, and you can use that one if you like - it works fine. This will
    ensure AD functions correctly and you get efficient Internet resolution, no
    matter who your ISP is.

    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS IS" with no warranties.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory
     
    Ace Fekay [MVP], Dec 28, 2003
    #8
  9. In
    From what you;re describing, it doesn't appear to be a single label name,
    unless the DNS domain name in ADUC shows up as just "DOMAIN" and not
    "domain.com".

    Here's more info on "bandaiding" it, but it's suggested, if you do have a
    single label name, to rename it, and this can be tedious or easy, depending
    on certain factors. If you want to know more about renaming it, if you do
    have a single label name, post back.

    Single Label Names:
    http://support.microsoft.com/?id=300684


    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS IS" with no warranties.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory
     
    Ace Fekay [MVP], Dec 28, 2003
    #9
  10. Rob

    Rob Guest

    Okay I go it, Here is the config all
    Host Name .......................Server
    Primary DNS Suffix.........Domain.local
    IP Routing Enabled...........Yes
    Wins Proxy Enabled .........No
    DNS Suffix Search List....Domain.local

    Ip 192.168.10.10
    Sub 255.255.255.0
    gateway 192.168.10.10
    DNS Server 192.168.10.10

    As you can see this a very basic configuration.
    Win2000 SP4

    Thanks for all the help
    Rob
    "Ace Fekay [MVP]"
     
    Rob, Dec 30, 2003
    #10
  11. In Rob <> posted a question
    Then Kevin replied below:
    : Okay I go it, Here is the config all
    : Host Name .......................Server
    : Primary DNS Suffix.........Domain.local
    : IP Routing Enabled...........Yes
    : Wins Proxy Enabled .........No
    : DNS Suffix Search List....Domain.local
    :
    : Ip 192.168.10.10
    : Sub 255.255.255.0
    : gateway 192.168.10.10
    : DNS Server 192.168.10.10
    :
    : As you can see this a very basic configuration.
    : Win2000 SP4

    I'm not sure what is going on here if you mis-typed it or what but you have
    this interface using its own address for its gateway?
    Could you post the actual config by clicking on the little icon in the upper
    left of the command window then, edit, select all, then hit enter. Then
    right click on your reply and click paste.

    Also what is the name of your domain in ADU&C?

    One of your previous posts said your domain name was domain.domain.com if
    that is true then this would be a disjointed namespace.

    Here is what you should have.
    Primary DNS suffix domain.com
    name in ADU&C domain.com
    and a Forward lookup zone domain.com



    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ============================
    --
    When responding to posts, please "Reply to Group" via your
    newsreader so that others may learn and benefit from your issue.
    To respond directly to me remove the nospam. from my email.
    ==========================================
    http://www.lonestaramerica.com/
    ==========================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ==========================================
    Keep a back up of your OE settings and folders with
    OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ==========================================
     
    Kevin D. Goodknecht [MVP], Dec 30, 2003
    #11
  12. In
    Rob, please run this command below and attach it with your next post please.
    I agree with Kevin that it will reduce the typos and give us an accurate
    output.

    ipconfig /all > c:\ipconfig.txt


    Thanks!


    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS IS" with no warranties.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory
     
    Ace Fekay [MVP], Dec 30, 2003
    #12
  13. Rob

    Rob Guest

    Nope, there are no typo's there.
    What you see is whats really there.
    And no it's not a joke.
    It's been running like that for 3 years. (Hard to believe)? Yes me too.
    At least I've been told it's been like that for the last 3 years.
    I agree the gateway should be dot 1?
    But what about the Suffix? domain.local I've never seen that before.
    Do you think If I change the gateway to dot 1that would fix it?

    "Ace Fekay [MVP]"
     
    Rob, Dec 30, 2003
    #13
  14. Rob

    Rob Guest

    Oh and just a quick P.S. to the group
    The name of the Domain is really Domain, it's not a joke these people like
    things simple. I am not yanking anybodys chain with this info.


    "Ace Fekay [MVP]"
     
    Rob, Dec 30, 2003
    #14
  15. In

    I don't think changing the gate will speed up logons, but FYI, the gateway
    is *usually* the network's (subnet's) router. If this is the router (but
    does not appear to be since it only shows one interface), then it would have
    two NICS with the inside NIC's gate blank and the outer NIC to the next
    router inline towards the ISP. So curious, what IP is the router? Or is
    there no Internet conectivity here?

    Hey, domain.local is fine. Other than the gate, the ipconfig looks fine.

    BUT, I have a big question as to why IP Routing is enabled?? Were there two
    NICs on this box? Was it the router?

    If there is not Internet access, suggest to blank out the gateway.

    Rob, I am going to also assume that you have removed the ISP's DNS address
    from the clients too? Can you confirm that please?

    On the server, run this to see if it helps:
    netdiag /v /fix


    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS IS" with no warranties.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory
     
    Ace Fekay [MVP], Dec 30, 2003
    #15
  16. Rob

    Rob Guest

    Yes there is a router, but thats just for internet. Internet won't be back
    up until Friday or Monday.
    The IP and DNS for the router was removed when the ISP split.
    New ISP coming.
    FYI there is only one Nic on the server.

    The DNS for the ISP was stored only on the router not on the server.
    The server provided the DNS for the router, not the ISP. Everyone was kept
    well behind the NAT.

    Thanks
    Rob




    "Ace Fekay [MVP]"
     
    Rob, Dec 30, 2003
    #16
  17. In

    So from what you're saying, you never used the ISP's DNS on your server or
    workstations (or in the DHCP Options)?

    Then I don't understand why the gateway is set to the server itself? That's
    a basic configuration error, no matter how you look at it. The machine
    itself cannot be configured as a gateway for itself. Blank it out please for
    now until you get the new hardware from your ISP.


    --
    Regards,
    Ace

    Please direct all replies to the newsgroup so all can benefit.
    This posting is provided "AS IS" with no warranties.

    Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
    Microsoft Windows MVP - Active Directory
     
    Ace Fekay [MVP], Dec 30, 2003
    #17
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.