The Windows firewall on a Server 2003 domain controller is creating problems. It can take 2-3 minutes (or more) to logon & 5 minutes to log off with the firewall turned on It takes less than 10 seconds with the firewall turned off The domain controller is all patched up - as are the Vista workstations. NOT using roaming profiles (anymore) I have already created more than a dozen recommended exceptions on the firewall. I am using the Windows firewall because the McAfee firewall SUDDENLY would not allow RDP to the domain controller (but does to workstations) after latest Patch Tuesday + MCafee updates

Hello, never see until now that the firewall slow down the network. either it blocks or allows connections. Please post an unedited ipconfig /all from the DC/DNS server and a problem client.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

I just tried again With the Windows firewall on: logoff took 4-5 minutes. Just 10 seconds with it off I removed the router from the DNS server addresses - but that seems to have made no difference I have DNS forwarding set up There's only 1 server & only 4 workstations I am considering setting up fixed IP addresses -- Windows 2003 SP2 Domain Controller U:\>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : w2k3 Primary Dns Suffix . . . . . . . : ttcs-van.local Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : ttcs-van.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2 Physical Address. . . . . . . . . : 00-1E-4F-39-35-E6 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.100.101 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.100.1 DNS Servers . . . . . . . . . . . : 127.0.0.1 ------------------------------ Workstation U:\>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : TTCS-FOUR Primary Dns Suffix . . . . . . . : ttcs-van.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : ttcs-van.local Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Win32 Adapter V9 Physical Address. . . . . . . . . : 00-FF-E0-3C-27-57 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : ttcs-van.local Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Connection Physical Address. . . . . . . . . : 00-1D-09-91-54-CC DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::5ca1:fcfa:7711:d844%8(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.100.107(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 2011-Feb-12, Sat 1:50:20 AM Lease Expires . . . . . . . . . . : 2011-Feb-16, Wed 1:50:21 AM Default Gateway . . . . . . . . . : 192.168.100.1 DHCP Server . . . . . . . . . . . : 192.168.100.101 DHCPv6 IAID . . . . . . . . . . . : 167779593 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-15-64-00-00-1D-09-91-54-CC DNS Servers . . . . . . . . . . . : 192.168.100.101 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 13: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{E03C2757-1FDD-4D07-A944-CD02F8B75553} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 7: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 14: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : ttcs-van.local Description . . . . . . . . . . . : isatap.ttcs-van.local Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes

Hello, Open port 53 on the firewall for DNS. If the client cannot access the DC's DNS, then the logon process takes a long time. Cheers ChazChazzie / IT Manager Advanced Door Controls, Inc.

Here are most of the exceptions I have already allowed 53 both 88 both 123 udp 135 tcp 137 tcp 389 both 464 both 500 udp 636 both 3268 tcp 3269 tcp file & printer sharing lsass.exe MMC ntfrs.exe RDP both

Are you running RRAS and using the firewall that it has or do you have a third party firewall? My guess is that this is related to DNS. Check the logs on both the server and clicnet for some more clues.Chazzie / IT Manager Advanced Door Controls, Inc.