I have inherited a small network consisting of a Win 2K file server running Active Directory, 4 Windows XP Pro workstations and 4 Win 98 workstations. One of the XP workstations recently lost it's hard drive, which I had to replace. I had to reinstall the OS and software.

After I reinstalled the OS and software, I began experiencing a problem: the first login after a reboot on this workstation hangs at "Applying Computer Settings" for up to 10 minutes. Subsequent logouts and logins behave normally.

I have searched the web for information about this problem and have not yet found any solution. Most of the suggestions involve DNS settings, but I have checked these settings exhaustively, and they are correct.

If I change user settings on the server so that the user is not associated with a directory on the server, the problem does not occur. This makes me believe Roaming Profiles may be the culprit, however I do know that the size of the profile is not the issue. (The same problem occurs with users with very small profiles.) Disassociating this folder is not a solution, because this user needs their network folder mapped whichever computer they may use.

Does anyone have any ideas? If you need more info, I'll answer the best I can. Thank you!

Jeremy,

Please don't be disappointed if I ask some questions only to later say 'I cannot help' (or don't answer!) 'cause I am not sure about this one, but:

By 'associated directory' do you mean a mapped drive or roaming profile? - not the same thing at all.

Do you have the problem with mapped drives/shared folders only i.e, when the profile is not roaming?

Peter
(Alert me if you want a reply)

Peter,

Excellent question, and I wish I could answer it properly. I'm guessing it's a roaming profile. My training is in Novell, so I'm not certain how roaming profiles are enabled and disabled on an Active Directory server. Is there a way to map a particular directory as a drive letter without making it a roaming profile? I know this is easily done in NDS, but I haven't seen anything that looks equivalent on the AD Users.

Thanks!
Jeremy

Jeremy,

"I don't know" is always the best answer when it is true. ;-).

Roaming profile basically means everything in documents and settings dir for a user, which normally stored on the boot disk, is stored on the server. Includes My docs, preferences, just about everything that is personal to that user. It is not on by default.

Mapping is a totally different thing. Yes, it is very easy. Open My Computer, on the Tools menu, Map Network Drive and browse to the directory. It must be shared, of course. If _that_ is giving you trouble like delays, but eventually opens, meaning it is not a security issue, then it is probably a standard networking issue - hardware, network traffic, whatever. I would always start with pinging and see what kind of return I get between the stn and server - especially larger ping packets (ping myserver -l 8192)

Peter
(Alert me if you want a reply)

Okay... Here's what I've found so far this afternoon.

Return time on ping for large packets is <13 ms. Considering this is a 10 MB/sec network, I don't think that's too bad.

The initial login after a cold boot (or a reboot) is hanging at "Applying computer settings". Subsequent logins do not show "Applying computer settings" -- or move so quickly I can't see this.

Searching for that problem indicates that normally this is a DNS issue -- however, DNS settings for this workstation are correct, indicating the AD server as the DNS server. As a side note, this problem has persisted when the computer is given static IP info, and through DHCP. (All other office machines are DHCP, and this workstation is DHCP currently.)

I tried disabling the "Windows XP Pro Fast Logon Optimization Feature", as some people inidcated this may help slow logins to a domain. The login itself was faster, however the machine spent quite a bit of time (several minutes) waiting on a window that said "Preparing network connections". I don't believe there was any net increase in speed.

Looking at the AD Users, this is what I see indicated: on the Profiles tab, both boxes are blank under "User Profile". Under "Home Folder", the local path is blank, and "Connect" is selected, with drive Z mapped to the user's home directory. Is this a roaming profile?

I had considered mapping the drive persistently to this particular workstation, however the user needs this mapping on other machines at times when she logs in to them. A persistent mapping on those machines would be a bad idea from a security viewpoint. Any other ideas?

Jeremy,

Congrats on posting good info! Some comments in-line..

Return time on ping for large packets is <13 ms. Considering this is a 10 MB/sec network, I don't think that's too bad.

10 is slow, and I assume a hub, not a switch. Perhaps that is part of the problem.

The initial login after a cold boot (or a reboot) is hanging at "Applying computer settings". Subsequent logins do not show "Applying computer settings" -- or move so quickly I can't see this.

So subsequent logins are okay - don't hang? I thought this was the problem. Please clarify

I tried disabling the "Windows XP Pro Fast Logon Optimization Feature", as some people inidcated this may help slow logins to a domain. The login itself was faster, however the machine spent quite a bit of time (several minutes) waiting on a window that said "Preparing network connections". I don't believe there was any net increase in speed.

I don't see that as anything to do with your problem, but sure, trying both makes sense. I would set it back to default (on) now.

Looking at the AD Users, this is what I see indicated: on the Profiles tab, both boxes are blank under "User Profile". Under "Home Folder", the local path is blank, and "Connect" is selected, with drive Z mapped to the user's home directory. Is this a roaming profile?

On my system the choice is Local or Roaming - there is no "connect", but it must be roaming. Did you do that? - Somebody did....

I had considered mapping the drive persistently to this particular workstation, however the user needs this mapping on other machines at times when she logs in to them. A persistent mapping on those machines would be a bad idea from a security viewpoint. Any other ideas?

Mapping is a part of the user profile, so it won't 'persist' to other users, but there is no security issue with mapping. You set the security on the target folder. If mapping is a security concern then the permissions are wrong.

As a test, I would change the profile to Local (you might lose the data in it - not sure about that, so back it up first. Actually I think a copy will stay on the server to whatever path the profile is set to know, but won't swear to that).

If the user needs to map to that drive on multiple stns you can easily do that with a logon script. If everything is hunky-dory this way, then you have narrowed the problem to the roaming profile, which may simply be a slow network issue, and if all you really need is the mapped drive, then that has been accomplished.

For sure you do not want to use a roaming profile for the sole reason of having a mapped drive.

Peter
(Alert me if you want a reply)

Please look at

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ss_apply.mspx

you will notice that everytime that you restart the computer settings are applied.

Next look at
http://support.microsoft.com/default.aspx?scid=kb;en-us;329457

I had this same problem, it appears that after a restart the policies have to be reapplied.

You can fix this by getting the fix listed in the url above, installing SP2 or changing the group policy to apply group policy settings asynchronously on both logon and startup

"Connect is selected, with drive Z mapped to the user's home directory. Is this a roaming profile?"

That is a mapped drive not a roaming profile. Right now you have local profiles which mean that if a user moves to a new workstation most likely his desktop or my documents will not follow him. If they do then you probably have folder redirection enabled in active directory.