TechFRP Search

Custom Search

Wednesday, March 23, 2011

Auto Login Troubles in Windows

     We have had a problem for some time now with the new PC's we've been getting. All of them are having difficulty properly logging into the Domain in situations where an Auto Login is configured. Regular manual logins by desktop users have no difficulty, but in situations that call for a PC that uses a predefined Auto Login setup, there are problems.

     When Auto Login is set there is no obvious error until you see that no network resources were mapped. Further investigation reveals that the system used "Cached Credentials" to log the user into the PC. It is like the network wasn't yet ready to accept connections but Windows was. The real problem is that any network resources like, the assigning of a home directory, the running of Login scripts and proper Domain Authentication do not occur. These network resources are accessible after the desktop loads but do not run automatically as they are supposed to.

     We found that if we plugged in a small Hub/Switch so that the PC went to the Hub first, then the Hub went to the Network jack, the problem did not occur. This wasn't a good solution though as we didn't want to have small Hub's all over the place. As a temporary fix it worked but we had to find what the real problem was. We called the Vendors that made the PC's (Big Industry Names) but not one of them could help at all with explaining why their new PC's were doing this.

     After a lot of research, trialling and testing we found a solution. The core of the problem was the New PC's. They were so much faster than the older models that Windows was ready to login before the network card had completed it's speed and duplex auto negotiation. The Auto Login setup will run as soon as Windows is ready and sees an active network. Even though the network link is active, it was taking another second or so before the Speed and Duplex was negotiated with the Switch. At that point Windows uses the Cached credentials because the Domain controller is unreachable. A second or two later the negotiation has completed and the network is accessible but not until after Windows login has occurred.

     We figure out two ways that you can Fix this problem. One would be to disable the Switch's Auto Negotiate settings for that Port. Set it to a predefined speed that is known to be good with the PC. This wasn't considered to be the best solution though because changes to individual Ports tend to be forgotten over time and if the PC is moved the Port will probably be left at the Static settings. The way we chose to correct the problem was to disable the Auto Negotiate feature at the PC. In this way you set the PC itself to the speed and duplex you know it is capable of, in our case 100/Full. Now if the PC is moved to another location it will still work in any Port/Jack and there are no changes required at the Switch.

     Once this was changed every Auto Login functioned correctly. The systems logged in, Authenticated properly with the Domain, mapped home directory assignments and completed the running of all login scripts. This setting may vary with Network card manufacturers but for us it is found under the NIC's Device Properties. Setting it to 100/full instead of Auto Negotiate resolved the problem entirely. By doing this you eliminate the need for interaction between the NIC and the Switch. It takes time for them to figure out the best settings to communicate. When it's statically assigned the network activation happens quicker. It saves you that second or two difference between Windows being ready and the Network being ready.

     If you are having similar problems and haven't been able to figure it out yet, give this a try and see if it solves your troubles. It did for us. :-)

     As always, I hope you found this useful. If you did, please leave a comment and let me know, I'd love to hear from you. Until next time don't forget you can always find me on Twitter @wjgtech.
Have a great day.

No comments:

Post a Comment