| Author |
Message |
flukster
Guest
|
 Posted:
Wed Jan 05, 2005 1:39 am Post subject:
Logon Script Issues |
|
|
We have just finished migrating our nt4 domian to Win 2000
Just to give you an idea of what we are dealing with here.
All users are in one Domain. We will call it "User" domain.
All resources (computer,servers, printers etc) are in a seporate domain.
We call it "Resource A " domain
The resources domain is the domain that was migrated to "Resource B"
"Resource B" will be new AD 2000 Domain.
After Migrating the machines to "resource B" we started having issues with
Laptops running XP SP1 and or SP2 that VPN or use Dialup to connect to the
domain.
The logon script runs but it takes 30min to run a script that should take
less then 30 sec.
If the machine is moved back to the old NT4 domain "recource A" the logon
script is fine. But as soon as it is moved back to the "resource B" domain
the script acts up again.
Also the Script runs without insident on XP machines that are connected
directly to the network and are installed in "resource B" .
*************This issue only occues over VPN or Dialup.***************** |
|
| Back to top |
|
 |
SubnetJO
Guest
|
| Posted:
Wed Jan 05, 2005 3:41 am Post subject:
RE: Logon Script Issues |
|
|
Hi Flukster.
You answered yourself.
This is not a scripting iussue, but a networking trouble!
If I correctly understood, in network troubleshooting, don't care about VPN
or Dial-Up connections!
Machines joining "Resource A" over a VPN, run the script correctly.
I think you have located "Resource B" in different subnets, with different
network paths.
If in your script you try to reach a network resource (file servers, print
servers...), you may take very long, if network doesn't work well.
Start checking your networking services.
Did you change your DNS servers? (I think so, migrating from an NT4 domain...)
Have they changed your network "logical" positions?
The access server is integrated with the "local" DHCP server to offer the IP
configuration to the VPN clients?
Is the DHCP server response quick?
If you have a Cisco AS and use the TACACS service for user authentication,
how good is the DC response to the AS?
Is it quick?
Do you have mappings to network SMB (windows) shares in your script?
How much time takes the "name resolution" of the server name?
How much time takes your client to authenticate to the file server?
If you connect very large network shares (many files and folders), how much
time the client takes to receive al data from the share? (expecially if NTFS
formatted).
It is impossible to troubleshoot your problem without the knowledge of your
enviroment.
You may approach connecting a client over a VPN WITHOUT running the logon
script.
If the connection works fine, try launching a "modified" versione of the
script locally.
I think you may want the script in this "test version" to echo you the
result of each operation in a "step by step" way... ;-)
Doing so, you may check which operation in the script takes long an then
adjust your "Windows Network Achitecture".
I hope this may help.
Bye,
SubnetJO
Italy |
|
| Back to top |
|
|
flukster
Guest
|
| Posted:
Wed Jan 05, 2005 4:01 am Post subject:
RE: Logon Script Issues |
|
|
To answer some of your questions.
The network still has the same subnets.
Yes we have a new dns server.
The script does have mappings and uses AD groups to do mapping.
We have tried a Kixtart script and a VBS script with the same results.
The only probem i have with your theroy about it being a network problem is
that we have NO issues with the Windows 2000 sp4 machines.
Windows 2000 machines run the script in about 30 sec over VPN and 90 sec
over Dialup.
It is definatly Windows XP related but i cant figure out why.
If i connect to the network via VPN but logon with a name that doesn't use
logon script i can fly (move fast) from one server to another by using the
name of servers or ip address both work fine. Also TS works without any issue.
It is just the script on XP machines that has the issue.
"SubnetJO" wrote:
| Quote: | Hi Flukster.
You answered yourself.
This is not a scripting iussue, but a networking trouble!
If I correctly understood, in network troubleshooting, don't care about VPN
or Dial-Up connections!
Machines joining "Resource A" over a VPN, run the script correctly.
I think you have located "Resource B" in different subnets, with different
network paths.
If in your script you try to reach a network resource (file servers, print
servers...), you may take very long, if network doesn't work well.
Start checking your networking services.
Did you change your DNS servers? (I think so, migrating from an NT4 domain...)
Have they changed your network "logical" positions?
The access server is integrated with the "local" DHCP server to offer the IP
configuration to the VPN clients?
Is the DHCP server response quick?
If you have a Cisco AS and use the TACACS service for user authentication,
how good is the DC response to the AS?
Is it quick?
Do you have mappings to network SMB (windows) shares in your script?
How much time takes the "name resolution" of the server name?
How much time takes your client to authenticate to the file server?
If you connect very large network shares (many files and folders), how much
time the client takes to receive al data from the share? (expecially if NTFS
formatted).
It is impossible to troubleshoot your problem without the knowledge of your
enviroment.
You may approach connecting a client over a VPN WITHOUT running the logon
script.
If the connection works fine, try launching a "modified" versione of the
script locally.
I think you may want the script in this "test version" to echo you the
result of each operation in a "step by step" way... ;-)
Doing so, you may check which operation in the script takes long an then
adjust your "Windows Network Achitecture".
I hope this may help.
Bye,
SubnetJO
Italy |
|
|
| Back to top |
|
|
SubnetJO
Guest
|
| Posted:
Wed Jan 05, 2005 4:11 pm Post subject:
RE: Logon Script Issues |
|
|
I still think is a "communication" problem... about how the WinXp client
manage it...
The script surely works fine, because it run fast over LAN connection.
Look for configuration differences between WinXp and Win2000 clients.
I will start looking in:
- Kerberos or NTLM authentication configurations
- DNS client registration
- Network Interfaes Bindings
- NetBios over TCP/IP (if used)
- Local software firewalling on clients (may be something "on", expecially
with WinXP SP2)
To troubleshoot, the first step is to find the operation that takes long
time in the script.
Try running the script locally on a WinXP client connected over VPN,
modified with the "step by step" echos...
You may assign the "test script" to a "test user" and then use that user to
logon to the client... if you prefer...
I don't see other ways, from here, to troubleshoot.
I hope this can help.
Good Luck!
Bye,
SubnetJO
Italy
"flukster" ha scritto:
| Quote: | To answer some of your questions.
The network still has the same subnets.
Yes we have a new dns server.
The script does have mappings and uses AD groups to do mapping.
We have tried a Kixtart script and a VBS script with the same results.
The only probem i have with your theroy about it being a network problem is
that we have NO issues with the Windows 2000 sp4 machines.
Windows 2000 machines run the script in about 30 sec over VPN and 90 sec
over Dialup.
It is definatly Windows XP related but i cant figure out why.
If i connect to the network via VPN but logon with a name that doesn't use
logon script i can fly (move fast) from one server to another by using the
name of servers or ip address both work fine. Also TS works without any issue.
It is just the script on XP machines that has the issue.
"SubnetJO" wrote:
Hi Flukster.
You answered yourself.
This is not a scripting iussue, but a networking trouble!
If I correctly understood, in network troubleshooting, don't care about VPN
or Dial-Up connections!
Machines joining "Resource A" over a VPN, run the script correctly.
I think you have located "Resource B" in different subnets, with different
network paths.
If in your script you try to reach a network resource (file servers, print
servers...), you may take very long, if network doesn't work well.
Start checking your networking services.
Did you change your DNS servers? (I think so, migrating from an NT4 domain...)
Have they changed your network "logical" positions?
The access server is integrated with the "local" DHCP server to offer the IP
configuration to the VPN clients?
Is the DHCP server response quick?
If you have a Cisco AS and use the TACACS service for user authentication,
how good is the DC response to the AS?
Is it quick?
Do you have mappings to network SMB (windows) shares in your script?
How much time takes the "name resolution" of the server name?
How much time takes your client to authenticate to the file server?
If you connect very large network shares (many files and folders), how much
time the client takes to receive al data from the share? (expecially if NTFS
formatted).
It is impossible to troubleshoot your problem without the knowledge of your
enviroment.
You may approach connecting a client over a VPN WITHOUT running the logon
script.
If the connection works fine, try launching a "modified" versione of the
script locally.
I think you may want the script in this "test version" to echo you the
result of each operation in a "step by step" way... ;-)
Doing so, you may check which operation in the script takes long an then
adjust your "Windows Network Achitecture".
I hope this may help.
Bye,
SubnetJO
Italy |
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in