Network Logon Issues with Group Policy and Network

Solution 1:

Some random thoughts:

  1. Perform a DCDIAG on each DC and address issues.
  2. Check DNS. Turn on Advanced Features in the MMC tool, and root around in:

    \Forward Lookup Zones\<domain>\_msdcs

  3. Check that each of your AD sites is listed. Check that in the non-site-specific branches that all DCs appear in the _tcp and _udp leaf zones (if that makes sense)

  4. If necessary, force DCs to re-register their SRV records in DNS using nltest /dsregdns

  5. Check DHCP and ensure that the option 006 (DNS servers) is set to point at a minimum of two DNS servers (DCs). Check option 015 (domain name) is set.

  6. Check AD replication (although DCDIAG will pick this up), using repadmin /replsummary from a DC

  7. Check your clients know where the DCs are using nltest /dclist:<DOMAIN>

  8. Check you clients know which AD site their in using nltest /dsgetsite. If there's any issues here, check your subnet definitions in Active Directory Sites and Services.

  9. Check you FMSOs are all running using netdom query fsmo

  10. Check your DCs all have consistent time (they should all be in sync with the PDC emulator). Check you PDC emulator has good time.

  11. Check you clients can consistently ping your DCs

If I think of anything else, I'll amend...

Solution 2:

My take is that NETLOGON 5719 is the root of the issue. check out this: http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx

and in particular the line:

If you're only seeing Netlogon 5719 at startup then the port the machine is connected to on your switch may not be fully up when Netlogon starts.

which points to http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10553-12.html