Analyze and solve the problem of slow computer login domain speed

Windows 2000/XP Client logon to Windows 2000 domain is very slow, mainly because when the domain user enters the user name and password in the logon dialog box, the logon dialog box is grayed out and takes a long time, the login process and startup process are much longer than normal, just like the loss of response (normally the login window is a flash.

Problem Analysis

From the symptoms, it seems that the client did not quickly contact the domain controller, because the user name and password did not respond after entering a gray, Why did not quickly contact the domain controller? Because when the Windows 2000/XP Client hosts a domain, it first finds the DNS server based on its DNS settings to find the SRV record in the DNS server, find the location of the domain controller (so there is no place to directly set the domain controller address in the client). From this login process, the client did not promptly contact the domain controller because it did not find the SRV record of the domain controller on the DNS server.

Why is the Windows 98 runtime domain not so slow? Originally, Windows 98 (also including Windows NT4.0 and Windows 95) does not depend on the DNS name resolution service as Windows 2000/XP does, it continues to use NetBIOS for name resolution to find the domain controller. However, we recommend that you direct all computers to the Windows 2000 DNS server for name resolution, in this way, the startup process and logon process will be faster.

According to the above analysis, the DNS of my client is definitely not the Windows 2000 DNS server for the domain controller (this domain controller is also a domain DNS server. I set the DNS of the client to the internet server because the Internet can be shared, but there is a problem when accessing the domain.

Problem Solving

Now that the cause of the problem has been found (for now, I think this is the reason ^ o ^), how can we solve it? Because the DNS settings for accessing the Internet are different from those for accessing the domain, the DNS needs to be set as the internet server, and the domain controller needs to be set when accessing the domain, but we can't combine the internet server with the domain controller. Isn't there any other way?

Although the two servers cannot be combined into one, can they build bridges between them? This reminds me of the DNS forwarding function. As long as the DNS of the client is directed to the DNS server of the domain controller, the domain name is resolved to Windows 2000 DNS, on the Internet, if it cannot be parsed, it will be forwarded to the Internet server. Isn't that enough?

So I entered the settings page of the Windows 2000 DNS server on the domain controller and wanted to add the IP address of the Internet server to the forwarder list. The "forwarder" label displayed is a gray one! My day, it seems that the day is about to die. I am not a soldier too! But if you think about it again, Microsoft will never be idle about providing this setting page. Now that he has given it, it will be useful. So I calmed down and looked at this gray page and found a diplomatic statement: "This is the root server, so there is no forwarder." In addition, the "root directory prompt" label is also gray, the prompt "because this computer is a root server, no root suggestion is required ". So it turns out! The default Windows 2000 DNS Server is a root server. It seems that the solution is to make it not a root server, but it cannot affect DNS queries in the domain, then delete ". "region, restart the DNS server, and then perform simple query and recursive query. It seems that the resolution outside the domain is okay. I will immediately test it on a client, and I will be able to access the Internet normally. OK, this solves the problem.

Summary

First, the DNS service is an essential service for the Windows 2000 Domain and an integral part of it. The DNS of computers in the domain should point to the Windows 2000 DNS server that provides services for the domain.

Second, when we install the first domain controller, the DNS service is automatically required to be installed. However, the DNS service installed by default contains ". "region, which should be deleted normally. Otherwise, the root server's external name resolution cannot be performed on the Internet. In this case, the DNS of the domain controller should be set to itself.

Third, the relationship between the preferred DNS server and the backup DNS server: if there is only one network connection (such as one Nic), requests will be sent to the backup DNS server only when the preferred DNS server does not respond, if the preferred DNS server has a response, even the error response will not be sent to the backup DNS server, which is why I did not delete ". "the reason why I set the preferred DNS server as the domain controller and the backup DNS server as the internet server is not successful-if the time domain controller is not turned on, that is to say, when there is no response, the client will request the backup DNS server, then it will be able to access the Internet. If there are two Network Connections-for example, there are two NICs or one Nic and one dial-up connection-the preferred DNS server will query the backup DNS server if it cannot be resolved.

Fourth, another solution to this problem is that you do not need to set the forwarder, but set the gateway of the Domain Server (also the DNS server) as the internet server. This is because when you want to resolve an Internet Name, it will automatically enable the root directory prompt if it cannot find the record on the server, and then find the root server through the gateway, in this way, the DNS settings of the domain controller should be directed to itself (running DNS itself ).