# Takes Forever to Log in from Workstations



## jcantele (May 15, 2007)

Hi everyone,

The problem I'm having is that whenever I log in as administrator on the server (running Windows Server 2003), it comes right up. However, if I try to log in as administrator on the individual XP workstations, it will take approximatly 30 minutes to 2 hours to come up. I am able to log in as other users on the workstations just fine, however.


----------



## geewhiz (Jul 5, 2006)

Where those other users created locally on the XP clients?


----------



## jcantele (May 15, 2007)

no, they were created on the server (but also created on local machines afterwards).


----------



## geewhiz (Jul 5, 2006)

I don't know much about this, new to it all :grin: 
But I was having problems with long time for loggins because my DNS wasn't setup correctly.


----------



## geewhiz (Jul 5, 2006)

Make sure your NAT, or router, is configured such that it points to your server as the DNS server.


----------



## newhouse1390 (Jan 10, 2005)

Login to a computer with the slow logon times.

Open up a command prompt (Start -- Run -- "cmd")

Type "ipconfig /all"

Paste results here. This will help make sure that DNS is configured properly on the workstations. If the machine is on the network and DNS is not configured correctly you will not be able to login to the domain unless you have already been able to login with that user previously. You would then be able to login with cached credentials.

You are running Active Directory, right?


----------



## jcantele (May 15, 2007)

Hey guys, thanks for the help. Sorry for the delayed response.

I am running active directory. Here's the ipconfig window:


----------



## newhouse1390 (Jan 10, 2005)

Is 192.168.2.100 the address of the domain controller?


----------



## jcantele (May 15, 2007)

Yes, it is.


----------



## newhouse1390 (Jan 10, 2005)

Let me make sure I understand the issue...

You have a Windows 2003 AD environment and all the machines that are haveing this issue are on the domain. You create users in the AD Users and Computers Console and they can logon/logoff fine, but when you try to logon as the LOCAL administroator it takes 30 min to 1 hour?


----------



## jcantele (May 15, 2007)

Yes to all of that except the last part. It is when the workstations try to log on to the DOMAIN administrator account that this problem occurs.

This problem is occuring on ALL workstations that are running XP. My boss says there are a few which are running Windows 2000 which don't have this problem.


----------



## crazijoe (Oct 19, 2004)

Disable the Windows Firewall service. Make sure you disable it, not just turn it off.


----------



## newhouse1390 (Jan 10, 2005)

You are not using roaming profiles are you?

If not logon and delete the locally stored Domain Administrator profile, by opening system properties > advanced > user profiles.

Try creating a new domain admin account (for testing) and see if the same issue occurs.


----------



## jcantele (May 15, 2007)

crazijoe said:


> Disable the Windows Firewall service. Make sure you disable it, not just turn it off.


My boss is extremely wary of turning off the Windows Firewall. Could you elaborate a bit on your thinking here?


----------



## jcantele (May 15, 2007)

newhouse1390 said:


> You are not using roaming profiles are you?
> 
> If not logon and delete the locally stored Domain Administrator profile, by opening system properties > advanced > user profiles.
> 
> Try creating a new domain admin account (for testing) and see if the same issue occurs.


Not using roaming profiles.

Ok, I deleted the domain adminstrator account on the local workstation, and created a new one. Same thing.


----------



## newhouse1390 (Jan 10, 2005)

We need to get this issue isolated, in order to continue troubleshooting and to make sure that the communication is not hindered in any way we must make sure that the Windows firewall and other anti-virus programs are turned off. 

You can isolate this policy (firewall off) to only one machine.

This may be a little out there but boot into safe mode w/networkking and logon to the domain with the domain admin account and see if the issue still occurs.


----------



## jcantele (May 15, 2007)

Does being in safe mode with networking disable the firewall?

I have not been able to turn off the firewall yet because it is set up as a group policy. How can I disable a firewall on an individual workstation without changing the group policy?

I have just tested it in safe mode with networking.. Same problem.


----------



## crazijoe (Oct 19, 2004)

jcantele said:


> My boss is extremely wary of turning off the Windows Firewall. Could you elaborate a bit on your thinking here?


It is known how ineffective Windows firewall is and thus most enterprise networks will implement a third party program. Beit stand alone or integrated with antivirus software (client security). Windows firewall will only monitor oneway while third party will watch both. 
If you do use a third party firewall solution, you should turn off the Windows firewall anyways because you should always run a single instance of a firewall and AV program. 

If a workstation is part of a domain, it will actually have 2 Windows firewall profiles. If you turn off Windows firewall in a domain users profile that is logged into the machine, before he actually logs in, the firewall is enabled. When the machine applies the user settings, it will shut off the firewall. The only real way of disabling thie firewall is to disable Windows Firewall and ICS service. By default, Windows Firewall does not allow incoming ICMP Echo messages and therefore the computer cannot send an ICMP Echo Reply in response. You can set the firewall to permit certian ICMP settings but since we already had individual third party firewall on all workstations, we decided to disable it.
We have notice that this effected our domain logons and after we disabled it on all workstations, the problem was resolved.


----------



## newhouse1390 (Jan 10, 2005)

This issue only affects Domain Administrators?

Try taking a machine off the domain and putting it back on.


----------



## jcantele (May 15, 2007)

crazijoe, I'm goign to try to relay back some of my boss's response to your post.

He says that he does not see how the Windows firewall could create this problem, because it only exists *for a single domain administrator, "Administrator."* All of the other administrator accounts work fine. How could the windows firewall create a problem with a single account, with all of the other accounts working fine?


----------



## jcantele (May 15, 2007)

newhouse1390 said:


> This issue only affects Domain Administrators?
> 
> Try taking a machine off the domain and putting it back on.


We've actually tried this already. Didn't do anything. :sigh:


----------



## newhouse1390 (Jan 10, 2005)

Have you enabled a security policy to rename the Local Administrator account?

If you put another user in the DOMAIN/ADMINISTRATORS group does the problem still exist?

I think booting into safe mode turned off the firewall.


----------



## crazijoe (Oct 19, 2004)

> because it only exists for a single domain administrator, "Administrator." All of the other administrator accounts work fine.


This clears up a little bit more info.
Since you are having this problem with this single account, I would delete it and recreate it. I would also advise not using that name "*Administrator*" as it could have issues with Windows as the default local admin account is Administrator. 

Is there a particular reason why you have a domain account called Administrator? If this is used as a common account for all admins to use, I really hate to say this but this is not good practice. 

To answer the question about the firewall, Windows firewall may not have created the problem but can hinder logon of any users logging into the domain.


----------



## giogioforums (Feb 18, 2008)

THIS IS THE SOLUTION I FOUND HI all.
After getting crazy for fours months here the solution to save you some pain.
http://techrepublic.com.com/5208-11184-0.html?forumID=47&threadID=197152&messageID=2311170
Once I've fould out that the workstation service was slowing the all start up / login process with windows XP.
Here I am posting some considerations.
First the problem appear as a very slow login after typing your passord prior the desktop to appear.
The problem also appeared as an infinite need to repair continuously the connection (right clicking on the wireless icon) or often as inability to 

connect wirelessly.

The SOLUTION to the problem "login to XP takes forever" is to remove any other software that manages the wireless card and let only the native Windows 

Wireless Zero Configuration to handle it but the problem immediately desappear!!!.
Once you unistall any other software excepts the drivers of the wireless card, you must go on control panel/network 

connections/advanced/general/properties/wirelss network and click on Use 
Windows to configure my wireless network settings which will anable the native Windows Wireless Zero Configuration.

The problem is probably found in many computer that have the intel centrino chip set which uses the Intel(R) PRO/Wireless 3945ABG Network Connection but 

maybe is with any other wireless 
card that uses the intel software to manage.

Myself I did also utilize a second D-Link wireless card which was also utilizing its own software to manage and could work with the native Wireless Zero 

Configuration) but it turned out because of the Intel(R) PRO/Wireless manager.
Myself just to be safe I unistalled also the D-Link softwarebut is not really necessary.

TWO MORE IMPORTANT Considerations:
THE PROBLEM DID NOT IMMEDIATELY GO AWAY!
1)
I had to reinstall (from an image I had) the entire operating system and then remove the Intel Wirelss manager from it.If I was not removing the Intel SW 

the problem after few hours the problem reappeared (I restored the OS from the image like 30 times so I am certain).
For many people the problem will go away immediately just unistalling the wirelss software but that was not my case.
If you do not want to uninstall the operating system.you may go through a procedure to reset entirely the networking in your OS, I know there is a way to 

do it but I never researched it. 
(Maybe all you need to do is to remove all network conncections by uninsalling all drivers I chose to restart with a new XP)

2)
I utilize 2 wireless cards and I am having a second minor issue:
IF I DISABLE the wireless switch of my Intel card and connect the 2nd one, the pc still says that there are network available on the 1st. In other words 

the card is not entirely off. I use a brand new DELL LATITUDE D820. Maybe this is to avoid the Plug&Play procedure.
As result I see two wireless icons on the bottom right when I only want one and altough the external DLINK says that is correctly connected to the 

wireless network, Windows still seem to remain internally connected to the Intel one and as result will still be unable to see a webpage.
In order to "connect" Windows to the correct external network card I must click on its repair button (right click on its icon) and then everything is 

ok. Maybe this is another bug of the os which wouldn't come as a real surprise.
I hope this all note will be useful to you and save you a lot of time.
Good luck!
PS 
If you find on the web that the prefetcher is the problem.. I think it is not true.


----------

