Gekko_uk Posted December 27, 2006 Share Posted December 27, 2006 Active Directory Lag---------------------------------------------------------------------------Seasonal Greetings Everyone!I have a strange problem that is happening with my Servers.I have a server (Dell 2900) with Windows Server 2003 R2 on it.It is running as a DC, with DHCP,DNS,and Active Directory present.I have roughly 45 Clients attached, running happily.BUT.....I have noticed (and did from day one) that if I am administrating Active Directory ie resetting password, disabling accounts etc it tends to lag.for example.I was asked by a user to reset her password, so I went to server, active Director screen>Right clicked her name>properties and ticked "user must change there password at next logon".So she logged out, then back in again but it didnt prompt her, on loggin in she could access her network drives, so in other words the server/AD was waiting on the passwiord change but it had not instructed the client to prompt for it.At this point I got her to restart her PC and it prompted her at that stage.Additionaly, when browsing the AD screen it tend to lock up/take awhile eg if I right click on a user nothing happens then after a short time I get the expected meny appearing.Now.... the plot gets thicker, I setup another server at a different site (which is in no way connected to this site) and the same thing is happening.Is it the way I am configuring the Server? I have been following the same template for years now as to my setups so I cant see what I am doing wrong.Somtimes it seems to be fine, ie I went to server couple of mins ago and could browse AD in "real time" but then after a coulpe of mins it was doing as described above.Event Logs are all clear...I am at a loss so if anyone can offer any words of wisdom I woudl greatly appreciate it.Specs for server areDel 29002 x 2.3Xeon Cpu's6 x 300GB RAID 5 Disks4 GB RamWindows Server 2003 R2 + all the available secruity updatesAny further info req please ask.Many ThanksGekko Link to comment Share on other sites More sharing options...
cluberti Posted December 28, 2006 Share Posted December 28, 2006 What are the DNS configurations on the clients, and on the server? Are they all pointing at the same DNS server(s), and if so, what DNS servers are they pointing to? Link to comment Share on other sites More sharing options...
Gekko_uk Posted December 28, 2006 Author Share Posted December 28, 2006 Hi, Thanks for the reply.The Client machines DNS is provided via the DHCP service on the server and points to the DC (192.168.5.5).The DC network config has its DNS as the Router.CheersGekko Link to comment Share on other sites More sharing options...
fizban2 Posted December 29, 2006 Share Posted December 29, 2006 is the DC also the router? or do you have a routing device that bring in internet? truly the DC should point to itself for DNS and then have forwarders setup in DNS to direct any queries out too the router if it is needed Link to comment Share on other sites More sharing options...
Gekko_uk Posted December 29, 2006 Author Share Posted December 29, 2006 (edited) Agh,Could this possible be where me problem is then?I have the DC (DNS/DHCP/AD) - 192.168.5.5.I have the router - 192.168.5.10On the server the Network config is - IP - 192.168.5.5Subnet Mask - 255.255.255.0Gateway - 192.168.5.10DNS1 - 192.168.5.10DNS2 - blank.The clients are setup asIP - 192.168.5.XSubnet Mask - 255.255.255.0Gateway - 192.168.5.10DNS1 - 192.168.5.5DNS2 - blank.Should the server DNS point to itself then?Would this be causing the problem detailed above?CheersGekko Edited December 29, 2006 by Gekko_uk Link to comment Share on other sites More sharing options...
InTheWayBoy Posted December 29, 2006 Share Posted December 29, 2006 Yeah, use 127.0.0.1 on the server for DNS1, and configure the DNS service to use 192.168.5.10 as a forwarder. Link to comment Share on other sites More sharing options...
fizban2 Posted December 29, 2006 Share Posted December 29, 2006 correct, with the DC going out to the Router first for DNS queries it will slow things down till it times out on the router and then tries itself for DNS. change it to the 127.0.0.1 and add a forwarder to the router in DNS and see if that fixes the issue Link to comment Share on other sites More sharing options...
Gekko_uk Posted December 30, 2006 Author Share Posted December 30, 2006 Thanks Guys,I will try this over the weekend and report back.Many ThanksGekko Link to comment Share on other sites More sharing options...
cluberti Posted December 31, 2006 Share Posted December 31, 2006 If your DC doesn't have itself listed as a DNS server, then yes, AD will be slow and unreliable. Almost everything in AD requires a fully-functional DNS infrastructure, and the DC's need to be pointed at themselves or other DCs running DNS - no non-AD machine DNS information should be in any configuration. Link to comment Share on other sites More sharing options...
Gekko_uk Posted January 2, 2007 Author Share Posted January 2, 2007 Changed to 127.0.0.1 and all is now good!Many Thanks to all of you.RegardsGekko Link to comment Share on other sites More sharing options...
Gekko_uk Posted January 24, 2007 Author Share Posted January 24, 2007 Hi guys,It has came to my attention that there are still some issues.The lag on the server has now been fixed, but the user accounts still seem to lag behind the server - example - I wanted to do some maintannce on someones account the other day, so I went into AD and right clicked their name and chose reset password and set it to "password".This worked fine.Went to their system and installed the software (sage client) and logged out.I then set in AD for their name - "user must reset password at next login".So next morning they login with password.... but no prompt.They then could not access any network resources etc.If I unticked "user must reset..." and they logged in with password it is fine.This is mirrored accross all PC's - no matter who/what machine it happens.ALso, I have noticed that somtimes when they do manage to get a prompt appearing it wont take any password ie they are told it must be 7 characters and not any one of their X number of password - even when I put in ones which have never been used before and meet all the req criteria it still wont let it happen.Only way around it is to click and un click user must reset password box for that user and the odd restart of the client and it seems to be ok.But this is obviously not ideal.Also, when their password expires, they do not get a prompt, but instead are allowed to login but cannot access any network resources.If they do a ctrl +alt+del and change their password it works.... this is really really weird.if anyone has a hint as to the cause and solution to this I would appreciate it.PS the lag in AD on the server ie browsing it etc has disapaeared.Kind RegardsGekko Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now