Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Slow Domain Login Unless 2003 Server Has Firewall Off

  • Please log in to reply
1 reply to this topic

#1 msass


  • Members
  • 8 posts
  • Location:Chicagoland
  • Local time:04:35 PM

Posted 06 December 2007 - 02:13 PM

I just brought up a domain - one DC filling all roles for a small company. Went to join first test computer to it, wouldn't join. Disabled Windows firewall on the 2003 server, computer joined domain fine, rebooted. Found info while doing some searching suggesting various exceptions in the firewall for AD - ports for LDAP, Global Catalog, etc. Added those exceptions and re-enabled firewall. Logged in the computer that had recently joined domain as domain user. Took about 12-15 minutes the first time. Logged off and logged back in a couple more times - about 3 minutes to login each time. Disabled firewall on the server again, tried domain user login again - took a few seconds. Can anyone suggest other changes to the Windows firewall on Server 2003 that would allow me to leave it enabled but speed up the login?

Here are the exceptions I added already:
Global Catalog Server TCP 3269
Global Catalog Server TCP 3268
LDAP Server TCP/UDP 389
NAT-T UDP 4500



Found the answer a few hours later at the following link:

Added exceptions:
DNS TCP/UDP 53 - DUH! :thumbsup:
Kerberos TCP/UDP 88

Login is now nice and fast.

Edited by msass, 06 December 2007 - 05:55 PM.

BC AdBot (Login to Remove)


#2 gavinseabrook


  • Members
  • 773 posts
  • Gender:Male
  • Location:El Paso
  • Local time:03:35 PM

Posted 01 January 2008 - 05:22 PM

Make sure that you setup the DNS correctly. Also you might want to install WINS on your server, this way the PCs will have a better understanding of the server.

Gavin Seabrook


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users