Our domain of 900 users is having a problem with user domain authentication. We are using a 2003 domain with Windows XP clients. What I think is happening is, users are being allowed to log onto their PCs using cached credentials before the PC makes its network connections. If the password is within the expiry notification range (7 days), they are not notified and allowed to log on normally. When their password eventually expires, it is usually in the middle of the day and their outlook suddenly starts prompting for a username and password to connect to the Exchange server. In rare cases, their account will be locked from a bad logon on a second PC, and it will still allow them to log onto a different PC, if they have cached credentials. I partially solved the problem by removing MS .Net 4.0 from all PCs. I found out .NET 4 was causing a delay of up to 2 minutes for the PC to make its network connections, but the problem still exists. I'm reluctant to turn on the group policy setting "Always wait for the network at computer startup and logon" because I don't know what side-effects it might have... like will it disable logging on or create a long delay when the PC is taken outside the network? Is it just that the users are logging on too quickly? What else could be causing the network connection delay?

Hello, make sure the users are gettign the proper dns configuration. Post an IPconfig /all from a workstation and two domain controllersIsaac Oben MCITP:EA, MCSE

Workstation Windows IP Configuration Host Name . . . . . . . . . . . . : DMSD601531 Primary Dns Suffix . . . . . . . : dms.ds.state.fl.us Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : dms.ds.state.fl.us ds.state.fl.us state.fl.us fl.us Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller Physical Address. . . . . . . . . : 00-18-8B-23-6B-1A Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 199.250.28.200 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 199.250.28.1 DHCP Server . . . . . . . . . . . : 199.250.23.34 DNS Servers . . . . . . . . . . . : 199.250.23.34 199.250.23.33 Primary WINS Server . . . . . . . : 199.250.23.34 Secondary WINS Server . . . . . . : 199.250.23.33 Lease Obtained. . . . . . . . . . : Thursday, August 26, 2010 8:08:51 AM Lease Expires . . . . . . . . . . : Saturday, September 25, 2010 8:08:51 AM DC 1 Windows IP Configuration Host Name . . . . . . . . . . . . : dmsdcbe009 Primary Dns Suffix . . . . . . . : dms.ds.state.fl.us Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : dms.ds.state.fl.us ds.state.fl.us state.fl.us fl.us Ethernet adapter Public: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Fiber WOL #2 Physical Address. . . . . . . . . : 00-0D-60-9C-44-44 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 199.250.23.33 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 199.250.23.1 DHCP Class ID . . . . . . . . . . : DMSDCBE009 DNS Servers . . . . . . . . . . . : 199.250.23.33 199.250.23.34 Primary WINS Server . . . . . . . : 199.250.23.33 DC 2 Windows IP Configuration Host Name . . . . . . . . . . . . : dmsdcbe029 Primary Dns Suffix . . . . . . . : dms.ds.state.fl.us Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : dms.ds.state.fl.us ds.state.fl.us state.fl.us fl.us Ethernet adapter Public: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2 Physical Address. . . . . . . . . : 00-0D-60-9C-64-A2 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 199.250.23.34 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 199.250.23.1 DHCP Class ID . . . . . . . . . . : DMSDCBE029 DNS Servers . . . . . . . . . . . : 199.250.23.34 199.250.23.33 Primary WINS Server . . . . . . . : 199.250.23.34

Are these affecting wired or wireless users or both? 1- Look at the events log for any errors ? 2- Can you ping the Dc1 and dc2 from the workstation? 3-can you resolve names from workstation using nslookup? Also, look into this KB http://support.microsoft.com/kb/906736/en-usIsaac Oben MCITP:EA, MCSE