Slow password change on domain

By Swiftie
in Microsoft (Windows)

 Share

Recommended Posts

Experienced

Swiftie

Posted
Posted

Hi guys

Have a bit of mistery issue that has cropped up and I'm trying to assit to look into it, but want to seek advice as so far nothing has stuck out.

The setup is a Windows 7 clients, mixture of 32 and 64bit SP1. Domain controller is Windows 2008 R2 SP1.

Domain controller is hosted on a VPS, no local DC on site. There is a S2S vpn between the office to the VPS server with a good up/down link between the two.

PC's are joined to the domain and functioning, its only this 1 niggly thing that has cropped up now when a user changes the password via CTRL + ALT + DELETE and it takes over 2 minutes from hitting the arrow to submit the change to getting a confirmation to say the password was changed. If you hit CTRL + ALT + DELETE whilst the screen is stuck on "Changing Password" with the wheel spinning then you get the confirmation that the password was changed and password definitely gets updated.

Anybody have any ideas on why the password change has a delay if you leave it to complete by itself?

Link to comment
https://www.neowin.net/forum/topic/1090377-slow-password-change-on-domain/
Share on other sites
Collaborator

stumper66

Posted
Posted

I would start by checking the following:

  • DNS: Can it resolve the domain and all domain controllers? Are the IP addresses correct?
  • Run a diagnostic check for active directory. I can't remember how exactly but dcdiag sounds right.
  • Check event viewer on the domain controller and clients for any clues on related errors.
  • What domain functional level is the forest and domain? May want to raise them to Server 2008 R2 if not already.
  • How is the latency and bandwidth between the DC and client site?

Experienced

Swiftie

Posted
  • Author
Posted

I would start by checking the following:

  • DNS: Can it resolve the domain and all domain controllers? Are the IP addresses correct?
  • Run a diagnostic check for active directory. I can't remember how exactly but dcdiag sounds right.
  • Check event viewer on the domain controller and clients for any clues on related errors.
  • What domain functional level is the forest and domain? May want to raise them to Server 2008 R2 if not already.
  • How is the latency and bandwidth between the DC and client site?

Thanks for the response.

Latency between DC and client is around the 10ms mark average.

PC's can resolve the domain and DNS is correct with the settings being picked up from the server.

No issues found with DCDiag and event logs on server and client are clean with no obvious errors to highlight the cause of the delay.

At the moment my suggestion has been to put a local DC onsite which can then replicate to the VPS DC.

Rookie

TyRmYz

Posted
Posted

We had similar problems in our remote office. about 200 pc.s there XP SP3 and Windows 7 32/64-bits.

First we tried Slowlink mode and that helped much, but final solution was that we added RODC, now everything works nicly there.

  • 5 months later...
Experienced

Swiftie

Posted
  • Author
Posted

Can I bump this for a revisit for your thoughts please

I'm basically still experiencing the same issues as what I've already highlighted in my previous posts and what this user has posted here -> http://social.technet.microsoft.com/Forums/en-US/itprovistanetworking/thread/06dce842-c6dc-4e1f-9f86-7fd7a0a55191

We have implemented a DC locally and there is a DC in a remote site linked via S2S, I've checked the PC logon server and it is the local server, not the remote server. But yet when I try and do a password change. IT JUST TAKES an age...

Experienced

Arkos Reed

Posted
Posted

If there's a firewall between the computers and the DC, I would look at that... Typically dynamic RPC ports allocation. Try to restrict the ports used for RPC by the domain controllers and make sure the now fixed tcp port range is open on the firewall.

Have a look at these KBs

http://bensjibberjabber.wordpress.com/2011/07/26/configuring-domain-controllers-to-use-fixed-rpc-ports-behind-firewalls/

http://support.microsoft.com/kb/832017

http://support.microsoft.com/kb/154596

Experienced

Swiftie

Posted
  • Author
Posted

Something doesn't sound right withy the network setup. Could be active directory, could be Dns, could be replication..... Any event logs on the servers (system, application, security, Dns, replication).

Well AD replication tests out fine, No critical errors in my dcdiag and also dcdiag /test:dns and repadmin /showrepl * /errorsonly comes back clean. I can PM or post the outputs if it will help.

With regars to event logs, apart from some errors that may have been caused when I was changing some of the settings. There is nothing that stick out from the server end. Once again, I'm happy to get this posted if it will help. From the client (workstation) side, everything event wise is so clean, I wish something was erroring out.. :(

If there's a firewall between the computers and the DC, I would look at that... Typically dynamic RPC ports allocation. Try to restrict the ports used for RPC by the domain controllers and make sure the now fixed tcp port range is open on the firewall.

Have a look at these KBs

http://bensjibberjab...hind-firewalls/

http://support.microsoft.com/kb/832017

http://support.microsoft.com/kb/154596

Well the local DC and workstation are now all within the same network with obviously a firewall protecting that whole network. So don't think if the above will help, but will keep in mind.Windows firewall is disabled.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Microsoft explains why PowerToys 0.100.0 is faster and slimmer, there are new features too

      By matthiew · Posted

      I just looked on my computer and there are settings and log files for utilities I have never even turned on!
    • O&O ShutUp10 3.1.1104

      By Copernic · Posted

      O&O ShutUp10 3.1.1104 by Razvan Serea O&O ShutUp10 offers a simple yet effective way to take control of your Windows privacy. It provides access to almost 50 privacy-related tweaks, most of them hidden or not easily accessible to the average computer users. Using a very simple interface, you decide how Windows 10/11 should respect your privacy by deciding which unwanted functions should be deactivated. Using ShutUp10 you can easily disable Windows Defender, turn off telemetry, disable peer-to-peer updates, turn off Wi-Fi Sense, disable automatic Windows updates, turn off and reset Cortana and more. ShutUp10 allows you to create a System Restore point before you apply any changes, so that you can revert your system at any time if you run into problems. O&O ShutUp10 is entirely free and does not have to be installed – it can be simply run directly and immediately on your PC. And it will not install or download retrospectively unwanted or unnecessary software, like so many other programs do these days! O&O ShutUp10 Free and Premium The latest version brings O&O ShutUp10 Premium, expanding the app’s long-standing privacy controls with automatic enforcement of user-defined settings. Instead of manually rechecking options after every Windows update, users can set their preferred privacy configuration once—or apply recommended settings in a single click—and the tool continuously monitors them in the background. If Windows 10 or 11 re-enables disabled features or introduces new data collection paths, Premium restores the chosen settings automatically without user intervention. The free version remains available and fully functional for manual adjustments, offering the same core privacy controls for Windows. However, the Premium tier is aimed at users who want long-term, hands-off protection, adding automatic reapplication after updates, ongoing monitoring, and optional notifications to ensure privacy settings remain consistent over time. O&O ShutUp10 3.1.1104 changelog: Added “Show Differences” button in the overview panel “Don’t show again” option for the restore point prompt Ctrl+F keyboard shortcut for search/filter functionality Detection and linking of system-wide and user-specific setting associations Automatic search while typing PREM: Option to preserve notification counters and timestamps across application restarts PREM: Reset blocked settings button in the Settings dialog PREM: Informational message when no settings are blocked PREM: Update check can also be triggered from the menu PREM: Notification deduplication and activity log summary feature Improved L005 “Disable Windows Location Service”: Version-specific split (up to Windows 11 23H2) and new variant for Windows 11 24H2+ L001 (Disable Location): Added Night Light warning to the description in all languages Search now detects setting IDs even when ID display is disabled and offers to enable it Detection and removal of Copilot/AI desktop apps in RecallTerminator Optimized High DPI support PREM: Reset button is now only enabled when blocked items exist – setting IDs are shown in the confirmation dialog PREM: Updated tray icons with higher-resolution versions PREM: Activity Log timestamps now use localized date and time formats PREM: Tray icon status now uses OK/Warning indicators and localized tooltips PREM: Recall folder detection switched to service-based detection PREM: Copilot uninstallation now provides UI feedback and improved verification Fixed Description text was not displayed correctly for the last item and disappeared when clicking the scrollbar Crash when clicking a search result heading or the […] button PREM: Installation path is now correctly preserved during upgrades PREM: Tray icon was not reliably removed when exiting the application PREM: Main window was not displayed correctly in single-instance mode PREM: Incorrect display of the & symbol in tray icon tooltips on Windows 10 PREM: Fixed notification flooding after sleep/standby PREM: Dashboard was not refreshed after applying recommended settings during onboarding PREM: Progress bar was not reset after deleting Recall folders PREM: Fixed service startup failures PREM: Fixed incorrect drift detection when Automatic Protection was disabled PREM: Notifications now correctly count all deviating settings when protection is enabled PREM: Registration Wizard was shown after sleep/standby despite a valid license Download: O&O ShutUp10 3.1.1104 | 76.4 MB (Freeware) Download: O&O ShutUp10 32-bit | ARM64 View: O&O ShutUp10 Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • New Site Moderation

      By +Edouard · Posted

      Fascinating...W h i t e P o w e r is now also asterisks out.  
    • New Site Moderation

      By +Edouard · Posted

      In the past few days I have noticed two odd moderation activities. First, when I posted the term 'White Nationist Christian' it was asterisk's out. When I changed it to **** it was allowed! Second, in the Politics is a ###business thread I was allowed to post that the GOP is a party of p e d ophiles but I was censored  when I posted the GOP are a party of p e d ophile protectors. Wtf Neowin. Please explain.
    • Latest Rufus update improves new Windows 11 install method

      By WITHOUT-ME · Posted

      send him paypal

  • Recent Achievements

    • One Month Later
      Vincian earned a badge
      One Month Later
    • First Post
      Jocimo earned a badge
      First Post
    • Week One Done
      suprememobiles48 earned a badge
      Week One Done
    • One Month Later
      Windows Guy earned a badge
      One Month Later
    • One Month Later
      Prasann earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      546
    2. 2
      +Edouard
      165
    3. 3
      PsYcHoKiLLa
      86
    4. 4
      Steven P.
      66
    5. 5
      ATLien_0
      64
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!