Slow AD-logins on new Windows 2019 servers after moving to different subnets

Alex 1 Reputation point
2020-09-11T10:10:32.467+00:00

Hi.

I'm wondering what might affect the login times on newly deployed virtual servers that has been moved from one subnet to another.

Scenario:
I deploy several VM's and do some configuring on the servers.
I join the domain on a temporary deployment network and when configuration is complete i move the machine to a different subnet.

On the next(and any other logins that follow) the login time changes from seconds to 30-60 seconds.

To "fix" the issue, i leave the domain, and rejoin it - after this the ad-logons are fast again.

I'm wondering what the reasons for this might be.
Is it cached data that is causing the slow logons?
Is there a command i can run to not have to leave/rejoin AD to purge that data?

Any/All information is welcome, links to in depth is very welcome.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,208 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,942 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
516 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Patrick 426.1K Reputation points MVP
    2020-09-11T10:16:08.77+00:00

    Almost always DNS related. I'd check the problem member has the correct DNS servers listed on connection properties and that ports are flowing on new route.
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts

    Might also try a simple ipconfig /flushdns, ipconfig /registerdns

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments
  2. Daisy Zhou 18,721 Reputation points Microsoft Vendor
    2020-09-14T02:12:00.16+00:00

    Hello @Alex ,

    Thank you for posting here.

    We can check whether the IP address of the problematic VM machine belongs to the new subnet we moved to.

    If the IP address of the problematic VM machine is not in the new subnet we moved to, maybe the VM machine may take time to find a DC in other site to authenticate, and it is looking for the proper DC to authenticate when the ad-logons begins.

    Also, we can check whether the DNS server of the problematic VM machine points to the correct DNS server after moving the problematic VM machine to the new subnet.

    And check whether we have changed any settings after move the VM to different subnets (such as we may change the IP address of the VM), and check whether there are any restrictions on network access.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  3. MKL 1 Reputation point
    2021-12-14T07:03:28.377+00:00

    Hi there,

    i have the same problem. I'm starting to do some network segmentation and when I move the servers to a new subnet, logins are very slow. After get off and get on to the domain again, it's working.
    Is there any solution already?

  4. MKL 1 Reputation point
    2021-12-14T09:21:37.107+00:00

    I already found out, that the problem only exists, when i'm logging in by remotedesktop session. when I log in straight at the server (with vmware viewer), it's a lot faster.

    0 comments