Long log in times

dweber

New Member
Hello all~
I have several Vista business 32bit laptops,of various makes and models, but all have the same problem. They are joined to a w2k3r2 domain, and whenever the users take them home and are not connected to the domain, they are unable to login. They can get to the welcome screen and put in their domain username and password but it will sit forever at the welcome screen with the circle spinning. I have clocked it up to an hour before shutting it down. As soon as they come in the next day and are plugged into our network they have no problems. However I have found that if I log in as the local administrator, let everything come up, I can log off and log back in with my cached domain user account. i did check to see if the user profiles were actually created ahead of time and they are. I am stumped and it is to the point where I am ready to downgrade to xp on these machines as work is being lost. Help!
 

My Computer

Does it happen if the domain users try to log on in safe mode?

How about [safe mode + net]? Different behaviour?

Is anything at all being logged to the event logs during this logon delay period?

This problem is going to be "environmental" in the sense that you've got something on that SOE image or in those user profiles which is interfering with the logon.
 

My Computer

Logging in under safemode + Networking worked first try. I checked the error logs, but I don't see anything that sticks out of the ordinary. I do use group policy heavily on our domain, but nothing goofy. Although I do deploy our printers using group policy...
 

My Computer

Also just rebooted in normal mode, while still not connected to the domain and everything came up normal. The only thing that comes to mind is that it is searching for the domain to verify the credentials, before it loads the cached profile, but does not time out? does that sound right?
 

My Computer

Also just rebooted in normal mode, while still not connected to the domain and everything came up normal. The only thing that comes to mind is that it is searching for the domain to verify the credentials, before it loads the cached profile, but does not time out? does that sound right?


Have you installed any network monitoring software, Remote control softwares like dameware, goverlan etc. or firewall client in the clients?
 

My Computer

System One

  • Manufacturer/Model
    Wipro
    Motherboard
    Intel dq35j0
    Memory
    8 Gb
    Graphics card(s)
    inter express chipset
    Sound Card
    Realtek
    Monitor(s) Displays
    Wipro
    Screen Resolution
    1024*768
    Hard Drives
    500 gb
    Mouse
    Dell
    Keyboard
    DELL
    Internet Speed
    100 mbps(office lan)
Also just rebooted in normal mode, while still not connected to the domain and everything came up normal. The only thing that comes to mind is that it is searching for the domain to verify the credentials, before it loads the cached profile, but does not time out? does that sound right?

Not sure what you mean. How is this "not connected to the domain" different to your first post when logon doesn't work?

Authentication attempts do time out. It's certainly searching for something, but it's not as simple as a never-ending attempt to find a DC. Those routines soon give up, unless they're being hampered in some way.
 

My Computer

Also just rebooted in normal mode, while still not connected to the domain and everything came up normal. The only thing that comes to mind is that it is searching for the domain to verify the credentials, before it loads the cached profile, but does not time out? does that sound right?


Have you installed any network monitoring software, Remote control softwares like dameware, goverlan etc. or firewall client in the clients?
No nothing like that.
 

My Computer

Also just rebooted in normal mode, while still not connected to the domain and everything came up normal. The only thing that comes to mind is that it is searching for the domain to verify the credentials, before it loads the cached profile, but does not time out? does that sound right?

Not sure what you mean. How is this "not connected to the domain" different to your first post when logon doesn't work?

Authentication attempts do time out. It's certainly searching for something, but it's not as simple as a never-ending attempt to find a DC. Those routines soon give up, unless they're being hampered in some way.

I meant that after I successfully logged in with my domain user account in safemode(while not connected to the domain), I rebooted and started the laptop up normally and logged in fine with my domain user account,
 

My Computer

Also just rebooted in normal mode, while still not connected to the domain and everything came up normal. The only thing that comes to mind is that it is searching for the domain to verify the credentials, before it loads the cached profile, but does not time out? does that sound right?

Not sure what you mean. How is this "not connected to the domain" different to your first post when logon doesn't work?

Authentication attempts do time out. It's certainly searching for something, but it's not as simple as a never-ending attempt to find a DC. Those routines soon give up, unless they're being hampered in some way.

I meant that after I successfully logged in with my domain user account in safemode(while not connected to the domain), I rebooted and started the laptop up normally and logged in fine with my domain user account, while still not connected to the domain.
 

My Computer

I meant that after I successfully logged in with my domain user account in safemode(while not connected to the domain), I rebooted and started the laptop up normally and logged in fine with my domain user account,

Ah. So some need was met (and recorded) and now it's straight to cached credentials once the search for a DC fails.

This is not normal behaviour in the sense that a "clean" domain client will not behave this way. If the number of machines is relatively small, the quickest fix might be to replicate what you've just done on the others. Otherwise, if you'd like to troubleshoot:

- Try getting a packet sniffer trace of a workstation failing to log on in normal mode while it's connected to a foreign network where there's no chance it'll find its DC(s). Presumably, it will be sending requests for something which you may recognise in the packet trace, thus providing insight into the problem.

- If it's a vast environment, MS have the ability to do something called ETW tracing of the netlogon components. They should be able to tell you why it's failing to log on in normal mode until that reboot to safe mode "fixes" the issue.
 

My Computer

Also just rebooted in normal mode, while still not connected to the domain and everything came up normal. The only thing that comes to mind is that it is searching for the domain to verify the credentials, before it loads the cached profile, but does not time out? does that sound right?


Have you installed any network monitoring software, Remote control softwares like dameware, goverlan etc. or firewall client in the clients?
No nothing like that.

Are you using symantec endpoint protection 11 in your clients
 

My Computer

System One

  • Manufacturer/Model
    Wipro
    Motherboard
    Intel dq35j0
    Memory
    8 Gb
    Graphics card(s)
    inter express chipset
    Sound Card
    Realtek
    Monitor(s) Displays
    Wipro
    Screen Resolution
    1024*768
    Hard Drives
    500 gb
    Mouse
    Dell
    Keyboard
    DELL
    Internet Speed
    100 mbps(office lan)
Still having this problem. I thought it may be connected to the printers we are deploying through group policy so I removed them from the OU and just manually added one printer, but still didn't do anything.
 

My Computer

Still having this problem. I thought it may be connected to the printers we are deploying through group policy so I removed them from the OU and just manually added one printer, but still didn't do anything.

Got a packet trace?
 

My Computer

No I'm not really sure how to do one either...

Packet trace generation is a useful skill for a sysadmin :)

For obvious reasons, it's tricky (but possible) to do a capture on the box which is undergoing logon. There are two basic alternatives:

1) Run the capture from a machine on a spanned/mirrored switch port. It "sees" all the same traffic as the box with the problem.

2) Find a hub without layer-2 switching capabilities (not an easy thing to buy nowadays), uplink that to the switch, plug both the "problem" machine and the one running the capture into the hub.

Generating the capture is like working a network tape recorder:

- Download Wireshark (www.wireshark.org)
- Install
- Run as admin
- Select NIC on which to capture
- Start capture
- Repro problem
- Stop and save the capture.

In your case, the objective is to analyse the capture for clues as to what the workstation might be attempting to access during the delay period - what's it waiting for?
 

My Computer

I am still having this problem. New updates. Domain is now a w2k8 domain, upgraded from 2k3. There are no longer any batch files mapping network drives, it is still done, however using group policy client side redirection features. Every ounce of security related anything, antivirus, manufacturer branded software ect, has been removed. All computer and user group policies have been disabled from propigating to the machine(in relation to my test machine). Still nothing. I have been unable to do any packet tracing as I don't have the necessary hub/switches to do so.
 

My Computer

Back
Top