Problem solve Get help with specific problems with your technologies, process and projects.

Tackling slow domain logons

I have a network composed of a W2k server (SP4) with 2- 3GHz Xeon processors, a ton of beaucoup RAM and fast SCSI RAID setup. It is servicing +/- 25 clients; all P4's running XP-Pro (SP1). They have fast NICS; we have 10/100 switches, and certified cable runs using CAT5 wiring. When I have the network set up using a workgroup model, everything virtually flies, but just as soon as I set it up as a domain, performance drops to a crawl. It takes users (or administrators) two or three minutes just to log on even though I'm not running any custom scripts. But it may take a user two minutes to open a small spreadsheet, or two minutes to change screens in Peachtree Accounting.

I have monitored server performance at these times and the processors are virtually idle at 2% to 3 %. I have a gig of memory and hardly anything is being paged out. Fragmentation is being handled. It's such a problem that I have returned to the workgroup model. However, I have little control over security like this and I feel it is a big problem waiting to happen. I can't help but wonder if it is related to how the workstations are set up. Have you seen this before?
Slow domain logons are usually due to a couple of possible conditions. One of the most common reasons, especially in XP, is the use of asynchronous networking. You can disable this feature in Group Policy, under Computer Configuration | Administrative Templates | System | Logon. Change "Always wait for the network at computer startup and logon" to "Enabled" and see if that helps.

If this setting is missing in the Group Policy, you can set the value through a Registry key, which is usually more permanent. Create the REG_DWORD value SyncForegroundPolicy in HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon\ and set it to 0.

Another reason for slow domain logons is DNS. Make sure the primary DNS for the workstations is pointing at the domain controller, and not an external address.

I have also seen in some networks that the choice of network interface (NIC) sometimes affects this -- some NICs seem to cause it spontaneously and some don't. In cases like that I suspect the NIC driver is misconfigured or buggy. Sometimes the Web Client service in WinXP can cause a slow domain logon as well; try disabling it or setting it to start manually rather than automatically and see if that changes login times.

Dig Deeper on Windows client management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.