How to resolve Windows-Xp domain logon delay problem-Kerberos Problem

Problem Question:

I had 800 Pc's windows-xp loaded through Ghost  it takes more  than 15 minutes to login the domain
& if i run SYSPREP  it comes on 10 minutes; at a time near about 200 Computers are online 
Server is Win2008 Enterprise Edition 
Can u any 1 help me out for this issue?
Its related to N/w or Win domain issues?

Solution:

 I Face a same problem .I was able to fix the problem... after looking at the file myself and with the help of  Microsoft chat support we came to the same conclusion.. it was a problem with Kerberos we found the same KB (force Kerberos to use TCP instead of UDP in Windows) I applied the fix to a computer it worked like a charm... 


Steps: Collect Information


1. Userenv.log
a. On the Windows XP machine, use Registry Editor to add the following registry value (or modify it, if the value already exists):
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Value: UserEnvDebugLevel
Value Type: REG_DWORD
Value Data: 10002 (Hexadecimal)
Note: To disable logging, change the value to 0.
b. Restart the computer, and make sure the issue occurs.
c. The log file is written to the %Systemroot%\Debug\UserMode\Userenv.log
Step: Identify the problem
I have checked the log files, and found the following main error message:
---------------------------
USERENV(280.984) 16:58:41:265 PingComputer:  Fast link.  Exiting.
USERENV(280.984) 17:01:42:078 MyGetUserName:  GetUserNameEx failed with 1359.
USERENV(280.984) 17:01:42:078 MyGetUserName:  Retrying call to GetUserNameEx in 1/2 second.
---------------------------
In order to isolate this issue, I performed the following steps:
How to force Kerberos to use TCP instead of UDP in Windows Server 2003, in Windows XP, and in Windows 2000 http://support.microsoft.com/?id=244474
I change MaxPacketSize to 1 to force the clients to use Kerberos traffic over TCP.  
To do this, follow these steps:
1.       Start Registry Editor.     
2.       Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters
Note If the Parameters key does not exist, create it now.
3.       On the Edit menu, point to New, and then click DWORD Value.     
4.       Type MaxPacketSize, and then press ENTER.     
5.       Double-click MaxPacketSize, type 1 in the Value data box, click to select the Decimal option, and then click OK.     
6.       Quit Registry Editor.     
7.       Restart your computer.    
The following template is an administrative template that can be imported into Group Policy to let the MaxPacketSize value be set for all enterprise computers that are running Windows Server 2003, Windows XP, or Windows 2000. To view the MaxPacketSize settings in Group Policy Object Editor, click Show Policies Only on the View menu so that Show Policies Only is not selected.
This template modifies registry keys outside the Policies section. By default, Group Policy Object Editor does not display these
registry settings.


CLASS MACHINE
CATEGORY !!KRB_PARAMS
KEYNAME "SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters"
POLICY !!SET_MAXPACKETSIZE
EXPLAIN !!MAXPACKETSIZE_HELP
PART !!MAXPACKETSIZE NUMERIC REQUIRED
VALUENAME "MaxPacketSize"
MIN 1 MAX 2000 DEFAULT 2000
END PART
PART !!MAXPACKETSIZE_TIP TEXT
END PART
END POLICY
POLICY !!LOGLEVEL
EXPLAIN !!LOGLEVEL_HELP
VALUENAME "LogLevel"
END POLICY
END CATEGORY
[strings]
KRB_PARAMS="Kerberos Parameters"
SET_MAXPACKETSIZE="Set MaxPacketSize"
MAXPACKETSIZE_HELP="The Windows 2000 Kerberos Authentication package is the default in Windows 2000. It coexists with challenge/response (NTLM) and is used in instances in which both a client and server can negotiate Kerberos. Request for Comments (RFC) 1510 states that when a client contacts the Key Distribution Center (KDC), it should send a User Datagram Protocol (UDP) datagram to port 88 at the KDC's IP address.
The KDC should  respond with a reply datagram to the sending port at the sender's IP  address.\n\nWindows 2000, by default, uses UDP when the data can be fit in  packets under 2,000 bytes. Any data above this value uses TCP to carry the packets. The value of 2,000 bytes is configurable via this policy."
MAXPACKETSIZE="Bytes: "
MAXPACKETSIZE_TIP="Range is from 1 to 2000. Use 1 to force Kerberos to use TCP."
LOGLEVEL="Kerberos Event Logging"
LOGLEVEL_HELP="Windows 2000 offers the capability of tracing detailed Kerberos events through the event log mechanism. You can use this information when you troubleshoot Kerberos. All Kerberos errors are logged to the System log."

Comments

Popular posts from this blog

Linux File and Directory Permissions

How to Disable SSL for Webmin

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442