Announcement

Collapse
No announcement yet.

[AD2000] 10 to 15min logon times.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • [AD2000] 10 to 15min logon times.

    I have been pulling out my hair with this issue that i cant seem to resolve.

    We have a windows 2000 domain with 3 domain controllers, used to be 2 but i added a fresh one to ensure FSMO availability as our proprietary software depends on it for authentication.

    Clients are XP and Vista (around 120)

    Nothing has changed in the weeks before the problem started, only MS updates and a reboot the morning before the storm.

    Logon simply takes 10 to 15 mins, regardless of which machines u use.
    I have seen numerous event ids come past, the most significant one being #1053

    Things ive tried:
    - Checking SRV and PTR records for AD services.
    - Verify DNS settings on servers.
    - Checking SYSVOL shares
    - Bounced the network segment
    - Enable/Disable cached credentials option in GPO

    Im lost please let me pick ur brains ;-(


    ADDED INFO:
    - I have a Windows 2003 domain too with a trust to this one and authentication to that is instant.
    - I also have a Windows 2008 member server to which the authentication is also instant.

    So it seems that the issue lies only with the three windows 2000 machines ;-(
    Last edited by dotnerd; 25th March 2009, 06:22. Reason: added info
    MCITP:SA 2008, MCITP:EA 2008
    MCTS Vista, MCTS Windows 7
    Cisco Certified Network Associate
    ITIL Practitioner V3
    IBM Certified Specialist: System X
    IBM Certified Systems Expert: BladeCenter
    VMWare Certified Professional
    Working on:
    Bcom Criminology, MS OCS

  • #2
    Re: [AD2000] 10 to 15min logon times.

    Run DCdiag and netdiag on the DC's and check it out.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: [AD2000] 10 to 15min logon times.

      FIXED!!

      Turns out that some developer added a 2008 DC but misconfigged the DNS resulting in failing auth sessions that then resulted in using cached credentials.

      Im so relieved!

      PS: This is a good example of layer 8 of the OSI model
      MCITP:SA 2008, MCITP:EA 2008
      MCTS Vista, MCTS Windows 7
      Cisco Certified Network Associate
      ITIL Practitioner V3
      IBM Certified Specialist: System X
      IBM Certified Systems Expert: BladeCenter
      VMWare Certified Professional
      Working on:
      Bcom Criminology, MS OCS

      Comment


      • #4
        Re: [AD2000] 10 to 15min logon times.

        Wow, a developer that can add a DC to your domain sounds scary. You know who can add DC's to my domain? Me. You know what I tell someone who asks for more permissions than they need for their job? No.

        Comment


        • #5
          Re: [AD2000] 10 to 15min logon times.

          So he probably is a domain admin?
          Why?
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: [AD2000] 10 to 15min logon times.

            Like i said, Political layer...

            I recently joined this company and all the other people have been here for 15yrs+ so implementing a security policy that restricts access here and there is a mission.

            What i can tell you is that whenever there is a problem i wil now first not think technical but grill the developers first.

            /me cries
            MCITP:SA 2008, MCITP:EA 2008
            MCTS Vista, MCTS Windows 7
            Cisco Certified Network Associate
            ITIL Practitioner V3
            IBM Certified Specialist: System X
            IBM Certified Systems Expert: BladeCenter
            VMWare Certified Professional
            Working on:
            Bcom Criminology, MS OCS

            Comment


            • #7
              Re: [AD2000] 10 to 15min logon times.

              Should I make a trip to Johannesburg and to explain them how important security is?
              While I'm there I also would probably join a nice tour through Kruger or Verloren Vallei Nature Reserve
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: [AD2000] 10 to 15min logon times.

                Originally posted by Dumber View Post
                Should I make a trip to Johannesburg and to explain them how important security is?
                While I'm there I also would probably join a nice tour through Kruger or Verloren Vallei Nature Reserve

                hehe,

                Well ive been here 6 months and the first 4 months i spent trying to explain this to them. Thing is small family-like companies like these are full of love anf effection so no one want to deny anyone rights (read: access rights)

                As a former IBM employee im just used to structure and discipline so a small company like this kinda cought me off guard.

                Ive gotten them to implement ITIL atleast which is a start

                PS: De zon staat hoog en de biertjes staan koud!
                MCITP:SA 2008, MCITP:EA 2008
                MCTS Vista, MCTS Windows 7
                Cisco Certified Network Associate
                ITIL Practitioner V3
                IBM Certified Specialist: System X
                IBM Certified Systems Expert: BladeCenter
                VMWare Certified Professional
                Working on:
                Bcom Criminology, MS OCS

                Comment

                Working...
                X