Hi, thanks for the quick response.
In response to your comments:

1)Usually such problems are DNS related but taking "20 minutes" they would
usually just fail to authenticate (and logon) completely.

The machines always authenticate with the correct DC.

2)Are you Sites specifically defined in AD Sites and Services? Are all DCs
located in the correct Site (in Sites and Services)?

Yes, all UK DCs are listed in the UK sites and services

3)Does every DC pass a full "dcdiag" with NO "FAIL" or "WARN" messages?

BTINET Fails, im not sure what this is? that is the only test that does not
pass.

4)Do both the clients and servers (esp. DCs) use ONLY the INTERNAL
DNS which can resolve the DCs etc?

Yes confirmed, the clients pick up the DNS from DHCP.

5)It sounds likely that you have not correctly defined your Sites, Subnets,
and/or located the DCs in the correct Sites.
Point noted, the problem I have is a lot of this is managed in india, and
the staff dont really have a clue, im looking to give them some pointers to
check. I also suspect there is an issue with sites&subnets. But the local
client seems to pick all the correct info. Maybe something else is going on
in the backround? Could it be down to the group policy not coming from the
local site DC perhaps?


thanks again for your reply





"Herb Martin" <news@learnquick.com> wrote in message
news:uilmSFbmIHA.5820@TK2MSFTNGP04.phx.gbl...
>
> "Anthony" <qwer@awwewe.com> wrote in message
> news:uD%23oCqamIHA.4480@TK2MSFTNGP03.phx.gbl...
>> Hello. I hope someone can help with the issues I have.
>> Im having problems with machines taking up to 20 minutes to logon to the
>> network, this does not affect all machines just random ones.(most
>> machines)
>
> Usually such problems are DNS related but taking "20 minutes" they would
> usually just fail to authenticate (and logon) completely.
>
>> We have used a network sniffer to look at the traffic from the client
>> machines and for some reason the client authenticates fine with the local
>> domain controller, and know which site it is in, but then goes off
>> talking to
>> other domain controllers around the world in other sites. Im not sure if
>> this
>> is when it is trying to pull down the group policy, does anyone know why
>> this
>> would happen?
>
> Are you Sites specifically defined in AD Sites and Services? Are all DCs
> located in the correct Site (in Sites and Services)?
>
> Does every DC pass a full "dcdiag" with NO "FAIL" or "WARN" messages?
>
> Do both the clients and servers (esp. DCs) use ONLY the INTERNAL
> DNS which can resolve the DCs etc?
>
>> Also if I ping my domain name the reply changes every so often, and its
>> always from a DC in another country site, if we add a host entry for the
>> local DC to the domain name it fixes the issues on some machines.
>
> It sounds likely that you have not correctly defined your Sites, Subnets,
> and/or located the DCs in the correct Sites.
>
>> Also on almost all machine I get the error in the event log "The Security
>> System could not establish a secured connection with the server
>> DNS/blah.blah.blah.com. No authentication protocol was available."
>> What does this mean?
>>
>> I know that's all a bit random so any help would be appreciated.
>>
>> Thanks
>
>