Do you have ADSI in your logon scripts? We suffered with an issue where the ADSI call in the logon script was forcing the Active Directory sub-schema to be downloaded (approx 600KB in our case) at every logon. This wouldn't explain 25 minute logon time but every little helps :-)
Paul Marsh -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of England, Christopher M Sent: 25 September 2003 13:41 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Incredibly slow log on On point two below, I will say that we have had a problem before. If a script has an error and prompts for something (or just keeps trying a task), it will do so until the timeout you have set for Group Policy elapses. The default is set to 600 seconds (10 minutes), but we changed ours to 6 minutes. Just a thought. Chris England --------------------------------------------------------- Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University -----Original Message----- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Thursday, September 25, 2003 7:27 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Incredibly slow log on Roaming profiles sounds a likely problem candidate. Some other thoughts. 1. Could be a problem with the firewall and Kerberos using UDP by default. Have a look at this article: http://support.microsoft.com/?kbid=244474 2. What are the scripts doing? This might point to the problem, as could certain Group Policy settings. Maybe try to isolate the problem by moving one of the user and computer accounts to an OU that doesn't have the GPO linked to it. 3. Is a GC available at the hub site? The GC is required during client logon to enumerate Universal Group membership (in native-mode domains). Tony ---------- Original Message ---------------------------------- From: Roger Seielstad <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Thu, 25 Sep 2003 07:25:56 -0400 First thoughts are: -Roaming profiles aren't very quick ever, especially if the server storing them is on a different network -There could be a problem with the MTU sizes involved across the VPN concentrators. Do a search on Technet for PMTU and see if you can set a client's MTU size in the 1300-1400 range, then try it again. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Abbiss, Mark [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 25, 2003 4:37 AM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] Incredibly slow log on > > > Just wondering if anyone else has encountered this problem. > > We have just installed a small external office with some new clients. > They authenticate with the AD across a 512Mb fixed line. There are the > "usual" > encryption/firewall devices between the two sites. > > When logging on in the office with an adminstrative account which has > no associated scripts, the logon process is quick and painless. The > admin accounts also have no roaming profiles to worry about. > However, when logging > on with a user accounts, which does have a script and roaming profile > (max size 8MB) associated with it, the logon process can take 25 > minutes and generally the roaming profile it not successfully > retrieved. > > A couple of old NT cleints left in the office that authenticate with > an NT domain controller across the same line through the same > encryption/firewall devices have no such problems at all. > > What I would like to ask is what part of the W2K environment could be > causing such slow responses across this line ? The clients are XP. Is > there some tweak that could speed up the data exchange ? I have been > discussing it internally and mention has been made of whether the > communication is UDP or TCP. I have to admit complete ignorance of > what this means. > But it seems > communication can be defaulted to one or the other, which has an > impact. I really am clueless though. > > I probably wont get any replies to this but am just curious as to what > could possibly be contributing to the problem. > > Many thanks for any pointers. > > Mark > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
