Friday, March 19, 2010

PC: slow login - DFS refferal to wrong DC -using dfsutil

After a re-IP two sites were experiencing slow logins.  Both sites had a "shared services" network where the DC was placed.  The shared services network is on a different VLAN than the user VLANs on the sites.

Start troubleshooting by logging into the local DC, going to Start\Run and typing \\full.domain.name.com\sysvol.  Once the sysvol window opens, right-click on any blank area and go to Properties/DFS.  The local DC should be set as the active referral ("Yes" next to the DC's name and a little tick on the name).  NOTE:  you can perform this check from any server or desktop on the site.

If the DFS referral is pointing to anything else than the local DC chances are there is a problem with Sites and Services; additionally a cleanup of the DFS cache on the DC might be necessary.
  • Make sure all the subnets at the location are in Sites and Services, INCLUDING the one the DC is in
  • Use dfsutil to clean up the DFS packets and cache
Full details of the dfsutil commands can be found HERE

On the DC run:
  • dfsutil /purgemupcache
  • dfsutil /pktflush
  • dfsutil /spcflush
  • dfsutil /pktinfo (shows which DC the DFS share is referring to)
  • dfsutil /spcinfo (shows the full path to the DFS share)
Typing "dfsutil" from the command prompt will get a list of commands.

Restarting after running these commands.
Posted by at No comments:
Labels: ,

Monday, March 15, 2010

Mac User can't log in: computer bound to AD

In the ongoing saga of Mac users unable to log into a bound machine, we add this to the list:

A user could log into bound PCs but was unable to log into any bound Mac.  The user would get a shaky login screen with a cryptic message.

The problem was the user's AD account had a home folder set in their AD "profile" tab that pointed to an invalid share.

We have also seen the same problem with SMB shares full-stop.  Removing the home folder path in the AD account allowed the user to log in.
Posted by at No comments:
Labels: , ,

Wednesday, March 10, 2010

Entourage database and Time Machine

Time Machine and the Entourage database don’t play well together.  The problem most people have is that their Entourage profile is a massive, monolithic database and even opening Entourage causes Time Machine to back up the entire database not just the changes.  Normally the advice is to manually copy the user profile every once and a while and not let Time Machine back it up unless you have an infinite amount of disk space.

You can also have problems because even if all your Office apps are closed the database daemon is still running and this can lead to corrupt database backups.  Before you backup the Office database you can run this command:

tell application "Microsoft Database Daemon" to quit

And after you are done you can do restart or run this command:

tell application "Microsoft Database Daemon" to launch
Posted by at No comments:
Labels: , , ,

PC slow login- Sites and Services correct but incorrect SRV record

A site that had recently been re-IPed was complaining about slow logins on their PCs- it could take a user up to 15 minutes to log in.

Sites and Services was setup correctly with the proper subnet and DC assigned to the site.

We found that there was an erroneous entry in DNS which was causing the machines to use the wrong DC for authentication.  The entry was found here:

Forward Lookup Zones
[our domain]
DomainDnsZones
_sites
[site name]
_tcp

There were two _ldap entries in this location.  One pointing to the correct DC and one to an incorrect DC.  Removing the incorrect record resolved the issue.

Note:  it is a good idea to check all the Sites entries in DNS to make sure that there are not other erroneous _ldap entries
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)