Remote login takes too long? RRS feed

  • Question

  • We have a windows network using active directory on a 2003 server (Cisco switches and routers). Our employees have the option of working between anyone of 7 branches using roaming profiles which are around 10 mb in size. The remote logon process use to take about 2-3 minutes but it now takes up 45 minutes. What needs to be done to fix this?
    Monday, April 20, 2009 3:42 PM


  • Hello,


    Based on the experience, the roaming profile issue could be due to several causes. To narrow down and troubleshoot the issue, would you please collect some information and meanwhile refer to the following steps to test?


    1. Does this issue happen on a particular client computer? In the other word, do all the users in the remote branch office encounter the roaming profile slow issue?


    2. Does this issue happen on a particular user account? How it works if you logon to the computer with other user accounts?


    3. Please help to collect the Application event logs on the problematic computer that may record more detailed information that may indicate errors in profile service. You also can export the events to *.evt and send to me at


    Steps to test:


    1. Please check and verify that the shared folder which contains the roaming profile of these domain users are shared out correctly. You may run "net share" in the command prompt to see if it is shared out.


    2. Check if the domain users group has both Share and NTFS security permission with Read and Write on the shared folder.


    3. Please check in the Active Directory Users and Computers snap-in to verify that the user profile path is specified to the shared folder location on Windows Server 2003 computer. If possible, please take the following actions on the domain controller which holds the PDC emulator.


    4. How many sites in your environment? Do the problematic domain clients in the same site or they are located in all the sites? From my experience, I think this issue may be related to the AD replication latency. I suggest you may propagate these modification to the other domain controllers by running "repadmin /syncall" on the domain controller. Thus, you can verify that the AD replica on all the domain controllers in synchronization with the each other.


    5. Meanwhile, I would like to know do you configure any Group Policy that applies to the domain clients? You may run "gpresult /v > D:\gp.txt" and then post back the content of gp.txt here. Since you mentioned that the issue occurs on Windows Server 2003, Windows Server 2008 and Windows XP client, this issue may be related the fast logon feature. The fast logon is by default enabled in Windows XP, not enabled in Windows Server 2003 nor Windows Server 2008. Thus, I would like to suggest that you disable the fast logon feature by creating or modification a GPO.


    Steps to disable the fast logon feature:


    a. Open the Group Policy Object that is linked to these computer accounts.


    b. Enable the 'Always wait for the network at computer startup and logon' setting (disable fast logon feature) in Computer Configuration--->Administrative Templates--->System--->Logon


    c. On the domain clients, run "gpupdate /force" in command prompt and then restart to get policies refreshed.


    Afterwards, please reset the computer to see if the issue still exits.


    6. To further investigate on the issue, could you please help to collect the MPS report on the Windows Server 2003 DC and send it to me.


    Microsoft Product Support's Reporting Tools (MPSRPT_DirSvc.EXE)


    Hope this can be helpful for you.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by David Shen Monday, April 27, 2009 10:09 AM
    Tuesday, April 21, 2009 7:48 AM