Odd domain login problem (slow login) - Windows 2003

[tbone83]

Hey,

I've searched high and low for a solution to this, but can't find one or fix it myself!

This is the network in a nutshell:

Basically we've got a medium sized network - about 7 or 8 servers (all Server 2003 with some R2's in there) and about 2 additional servers that are virtualized. Our domain controller is also functioning as the DHCP and DNS server - this is also being replicated to a backup DC. We're also running ISA 2006 on a physical box which is not joined to the domain. Nearly all the client computers are Windows XP (mix of SP2 and SP3) or Vista. The DNS server is the same as the domain controller.

The problem:

Everyone can login to their XP/Vista computers no problem at all. I can login to all the servers except 2 without any problem. On two of our servers, what happens is when I attempt to login with an incorrect password I get an error saying incorrect password straight away. I type the right password in it takes about 15/20 seconds before you get that splash "Applying Computer Settings". This only happens on two servers in the network. Both of the servers have static IP's and are pointing to the correct DNS server(s). Pinging the DNS server from these servers is fine, pinging the two servers from the DNS server is fine.

When I look in the Security event log on the servers that have the problem and also the domain controller, I see an event get logged straight away on the server and about 15/20 seconds later I see the corresponding event get created in the domain controller (I'm not sure what these events mean, but looking in the detail they are related to the login process).

The weird thing is, is that if I log into the server at just the right time, the login process is normal - no delay at all. There seems to be this window that lets me login without any delay, but it only happens every 15/20 odd seconds. I would understand if the delay happens all the time, but for a fast (normal) login to occur every 20 odd seconds is really weird.

The timing made me think that there is a process running somewhere on the network that could be hammering with server with network traffic (both servers are on the same switch, but so are other servers) or perhaps one server was behind the other server in terms of time so I checked the time service on both servers - one server had an old time server which I corrected and stopped/started the time service which didn't fix the problem.

The only thing I have not tried is using wireshark to track network activity which I will be trying, but just thought I'd post a message in here to see if anyone has encountered something like this before. Could the replication of AD/DNS/DHCP to the backup server be affecting this? If so it's a bit weird that it only affects two of the servers on the network.

Any help would be much appreciated!

[tbone83]

Just in case anyone else gets a similiar problem this was related to mixing User and Computer group policies in the same GPO.

[dubsdj]

Thanks I will remember that