none
Very slow login due to network connection problem

    Question

  • I got this very strange issue going on here.

    We have 4 servers at the same location:

    LOGIN-SRV01 Server 2008 x64 (AD and DC, File sharing, DNS, DHCP)
    LOGIN-SRV02 Server 2008 R2 (Exchange 2010, IIS)
    LOGIN-SRV03 Server 2008 x64 (TS)
    LOGIN-WEB Server 2003 x86 (File shares, IIS)

    A few days ago the switch failed and rebooted itself, causing connections to be lost. We then needed to reboot our servers because many services were no longer working properly (DNS, DHCP, Exchange Information store, etc.). The reboot solved everything, except for the exchange server.
    Logging in at the Exchange server via remotedesktop or directly on the console takes ages. After login, the folowing warnings are in the event log: http://pastebin.com/rHJRUPRk (or here as evtx file: http://home.ayra.ch/LOGIN/pub/LOGIN/LsaSrv.evtx)
    The messages are in german, but he basically complains about no authentication servers being reachable.
    Only the exchange server has this issue, the other servers are fine.
    I read at some other posts, that DNS settings were usually incorrect, but I verified them. I can resolve the name of LOGIN-SRV01 from the exchange server via name and reverse IP lookup. The domain controller is the only DNS server in the organization and is the only DNS server listed in the exchange servers network interface.

    When logging in at the Domain controller I get the folowing Error in the Event Log from NETLOGON:

    Der Anmeldedienst konnte den Namen LOGIN<1B> aus folgendem Grund nicht registrieren:
    \Device\NetBT_Tcpip_{782A44BC-ADB9-4F89-ABA4-88E27E2E97C7}

    and from time to time this one:

    Der Name "LOGIN          :1b" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.254.1 registriert werden.
    Der Computer mit IP-Adresse 192.168.254.70 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.

    The IP mentioned in the second post is occupied by a NAS for years now. The Name of the device is LOGIN-NAS.

    Services are all running normally


    • Edited by Kevin Gut Thursday, June 27, 2013 9:45 AM grammar
    Thursday, June 27, 2013 9:38 AM

Answers

All replies

  • Hello,

    please post a unedited ipconfig /all from the DC/DNS server and the problem server.

    With a single domain DC, NOT recommended, assure the DC/DNS server is the FIRST one that is full started BEFORE starting any other server or domain machine to avoid problems with correct registration/authentication.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, June 27, 2013 9:54 AM
  • DC:

    Windows-IP-Konfiguration
    
       Hostname  . . . . . . . . . . . . : LOGIN-SRV01
       Prim„res DNS-Suffix . . . . . . . : login.local
       Knotentyp . . . . . . . . . . . . : Hybrid
       IP-Routing aktiviert  . . . . . . : Nein
       WINS-Proxy aktiviert  . . . . . . : Nein
       DNS-Suffixsuchliste . . . . . . . : login.local
    
    Ethernet-Adapter LAN-Verbindung:
    
       Verbindungsspezifisches DNS-Suffix: 
       Beschreibung. . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Adapter #41
       Physikalische Adresse . . . . . . : 00-21-5A-F1-53-FE
       DHCP aktiviert. . . . . . . . . . : Nein
       Autokonfiguration aktiviert . . . : Ja
       Verbindungslokale IPv6-Adresse  . : fe80::c098:8ed5:22b:7400%10(Bevorzugt) 
       IPv4-Adresse  . . . . . . . . . . : 192.168.254.1(Bevorzugt) 
       Subnetzmaske  . . . . . . . . . . : 255.255.255.0
       Standardgateway . . . . . . . . . : 192.168.254.50
       DHCPv6-IAID . . . . . . . . . . . : 167780698
       DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-10-27-D0-6F-00-21-5A-F1-53-FE
       DNS-Server  . . . . . . . . . . . : 192.168.254.1
       NetBIOS ber TCP/IP . . . . . . . : Aktiviert
    
    Tunneladapter LAN-Verbindung* 2:
    
       Medienstatus. . . . . . . . . . . : Medium getrennt
       Verbindungsspezifisches DNS-Suffix: 
       Beschreibung. . . . . . . . . . . : isatap.{782A44BC-ADB9-4F89-ABA4-88E27E2E97C7}
       Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP aktiviert. . . . . . . . . . : Nein
       Autokonfiguration aktiviert . . . : Ja
    

    Exchange:

    Windows-IP-Konfiguration
    
       Hostname  . . . . . . . . . . . . : LOGIN-SRV02
       Prim„res DNS-Suffix . . . . . . . : login.local
       Knotentyp . . . . . . . . . . . . : Hybrid
       IP-Routing aktiviert  . . . . . . : Nein
       WINS-Proxy aktiviert  . . . . . . : Nein
       DNS-Suffixsuchliste . . . . . . . : login.local
    
    Ethernet-Adapter LAN-Verbindung 2:
    
       Verbindungsspezifisches DNS-Suffix: 
       Beschreibung. . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Adapter #42
       Physikalische Adresse . . . . . . : 00-23-7D-34-83-A2
       DHCP aktiviert. . . . . . . . . . : Nein
       Autokonfiguration aktiviert . . . : Ja
       Verbindungslokale IPv6-Adresse  . : fe80::34b3:5690:31b1:d863%12(Bevorzugt) 
       IPv4-Adresse  . . . . . . . . . . : 192.168.254.2(Bevorzugt) 
       Subnetzmaske  . . . . . . . . . . : 255.255.255.0
       Standardgateway . . . . . . . . . : 192.168.254.50
       DHCPv6-IAID . . . . . . . . . . . : 285221757
       DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-19-47-70-96-00-23-7D-34-64-4C
       DNS-Server  . . . . . . . . . . . : 192.168.254.1
       NetBIOS ber TCP/IP . . . . . . . : Aktiviert
    
    Tunneladapter isatap.{19B1696B-BC4E-4AB4-A58B-89C8CB60D4DA}:
    
       Medienstatus. . . . . . . . . . . : Medium getrennt
       Verbindungsspezifisches DNS-Suffix: 
       Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #2
       Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP aktiviert. . . . . . . . . . : Nein
       Autokonfiguration aktiviert . . . : Ja
    
    Tunneladapter Teredo Tunneling Pseudo-Interface:
    
       Medienstatus. . . . . . . . . . . : Medium getrennt
       Verbindungsspezifisches DNS-Suffix: 
       Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP aktiviert. . . . . . . . . . : Nein
       Autokonfiguration aktiviert . . . : Ja
    

    Thursday, June 27, 2013 10:19 AM
  • Hallo,

    this looks ok so far.

    What about the machine mentioned in "Der Computer mit IP-Adresse 192.168.254.70 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet"

    Are there any machines created from an image not prepared with sysprep? See also http://support.microsoft.com/kb/822659 It seems there is a machine using the same machine name?


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, June 27, 2013 11:23 AM
  • The device with the specified IP is a NAS, that had this IP now for years and has been an AD member forever. The IP is not occupied by any other device. The dns nam is LOGIN-NAS which does not even matches the host name given.

    I also just rebooted the exchange server again (who knows) but no success.

    Measured login time: 4 minutes and 32 seconds at the "welcome" text.
    • Edited by Kevin Gut Thursday, June 27, 2013 11:35 AM measured time
    Thursday, June 27, 2013 11:27 AM
  • Hi,

    Thank you for the post.

    Please refer to this troubleshooting guide and see if it helps: http://technet.microsoft.com/en-us/library/cc296564(v=exchg.80).aspx

    Regards,


    Nick Gu - MSFT

    Monday, July 01, 2013 2:24 AM
  • I could solve the exchange issue by removing and adding the kerberos authentication dll in IIS again.

    It di not change the slow login but the exchange management console and powershell are working again.

    Sunday, July 07, 2013 11:26 AM
  • I am writing again, as this error still persists.

    I have tested more solutions to this but have not found a solution that works.

    What I notice so far for the problematic server:

    • Exchange server is registered in DNS and its name can be resolved from other machines and the exchange server can resolve the names of devices in the network.
    • accessing C$ share from the DC (LOGIN-SRV01) does not works, not via DNS and not via IP
    • Accessing the C$ share from LOGIN-SRV03 works (after a long delay) via DNS and quickly via IP.
    • The command "KLIST" returns 0 entries, even after all those tests.
    • DC answers pings from Exchange
    • Port 88 on the DC (TCP) is reachable from the Exchange server
    • opening the snap-in has just taken about 5 minutes and it freezes.

    I am basically left with 2 questions:

    1. can I disable kerberos (switch to NTLM) so I can at least work again with the server until a solution is found?

    2. Can I join the Active Directory domain again without uninstalling the exchange server? Since only the exchange server cannot authenticate I assume either the DC does not sends an answer (for whatever reason) or Kerberos is somehow messed up on the exchange server

    Thursday, July 25, 2013 1:53 PM
  • better to check your netwrok connection performance on first hand otherwise rest of work will all go in vain, for that you may follow the following link with just a click.
    http://www.netscan.co
    The Connectivity Checker will perform a series of network tests for modern Web Services like WebSockets and WebRTC as well. 
    Wednesday, March 26, 2014 7:17 PM