Rewrites for my book continue. I have two chapters left to adjust and then a final read through before I turn it over to the husband for commentary. Here's hoping it's awesome enough.
So, AD Ninja. Maybe. We've been battling a slow login problem ever since our tree was rooted..ahem. Couldn't help the pun. My predecessor was tearing his hair out about it before he left and I was equally stymied and vexed. Essentially what's happening is logins are consistently over a minute, sometimes up to forty five minutes at the high schools and middle schools. That's a lot of computers and a lot of frustrated kids and teachers. Also, the weirdest thing is it only seems to be happening in places were large groups of machines are located. We could have a 40 port switch completely full with one lab on it and five classrooms and still only the lab is effected. It's frustrating. My cohorts and I have pushed out a profile cleaning script that runs on shutdown, but it only seems to be helping so much.
So today, boss man and I went out to one of our schools that was having an issue specifically in their media center and the lab off the media center. Apparently nobody before me thought to look at the damn cables going into the machines because there was a loop in plain sight under the table. A network cable was plugged into a drop, plugged into a cable extender(HUGE boo hiss), and then plugged back into another drop patched into the same switch. This is not good. If certain protections aren't enabled on that switch, it will cause a flood of traffic not unlike rush hour. This slows things down. Again, not good. So, I removed the loop. Logins sped up a little bit. Still not perfect, but slightly better. I ran two hotfixes for the local workstations that deal with Folder Redirection and Group Policy Item Level Targeted shortcuts. I also ran a hotfix on the local DC that deals with high lsass utilization. All of these things combined with me cleaning up the login and startup scripts made for zippy logins. Like 17 seconds zippy. Keep in mind, our network has about 15,000 machines in it. Ish. That's my rough estimate and I'm not counting printers, ipads, copiers, etc.
The reason for the "might be" in front of "Active Directory Ninja" is because we're still seeing weird periodic delays on bootup. I'm wondering if the machines just haven't gotten the policy updates or if they all just need to be wiped out. I personally am in favor of wiping. The machine I worked on primarily had been freshly imaged and I got a brand new profile to load in 45 seconds. 17 seconds for second login. That's pretty damn fast for us. So here's to hoping that my fixes work. That will solve a lot of stress at work for me if I can solve the mystery of the slow login gremlins.
No comments:
Post a Comment