#208817 - 2014-05-05 01:02 AM
KiXtart stalling GPClient for 10 minutes on logon
|
Danski
Fresh Scripter
Registered: 2014-05-04
Posts: 5
Loc: New Zealand
|
Hello,
I work for an enterprise (USA based) at a branch office (New Zealand based, ~280ms ping) that is having an intermittent logon problem only at our site. I've never written a KiXtart script and only found out about kix when it was called up by a group policy boot script.
When the command to run kix is called a 600 second delay occurs before the gpclient calls timeout. The problem only happens when a foreign domain controller is used to serve up the logon scripts.
Logon Script that calls kix:
adlogon.cmd
set HERE=%0\..
set ADLOGFN=%TEMP%\adlogon_%USERNAME%
set ADLOGEXT=.log
set KIXLOG=%ADLOGFN%_kix%ADLOGEXT%
...
echo %HERE%\kix32.exe "%HERE%\adlogon.kix" $adlcdir="%HERE%" "$logfile=%KIXLOG%"
%HERE%\kix32.exe "%HERE%\adlogon.kix" $adlcdir="%HERE%" "$logfile=%KIXLOG%"
...
We have put an echo above the line that calls kix32 with the exact same command and it outputs the following: \\<LOCALDC>\netlogon\ADLogon\adlogon.cmd\..\kix32.exe "\\<LOCALDC>\netlogon\ADLogon\adlogon.cmd\..\adlogon.kix" $adlcdir="\\<LOCALDC>\netlogon\ADLogon\adlogon.cmd\.." "$logfile=C:\Temp\adlogon_<USERNAME>_kix.log"
As you can see the kix program, script and run dir are all on the DC. The kix script that runs starts off with:
adlogon.kix
;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;This is the logon script for the Active Directory <DOMAIN> domain
;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
IF ISDECLARED($logfile)
IF REDIRECTOUTPUT($logfile,1) <>0
REDIRECTOUTPUT()
ENDIF
ENDIF
? "@DATE @TIME,ADLogon Kixtart Started"
BREAK ON
$RC = LogEvent( 4 , 5901 , "AD Logon script started: "+@LDOMAIN+"\"+@USERID+" at site: "+@SITE+" by "+@LSERVER,"","KIX32")
...
The 3rd last line is output to the log file and the last line is output to the windows event viewer. When a foreign DC is used these two lines are not run but the echo to output the command to call kix is run from the adlogon.cmd.
If you have any idea or suggested problem solving tips as to how or why kix doesn't run or stops please let me know.
Version: KiXtart 2001 4.22 Windows 7 AMD64 Enterprise SP1
Occurs on all Win7 pcs on this site.
Thank you.
|
Top
|
|
|
|
#208819 - 2014-05-05 03:58 AM
Re: KiXtart stalling GPClient for 10 minutes on logon
[Re: Allen]
|
Danski
Fresh Scripter
Registered: 2014-05-04
Posts: 5
Loc: New Zealand
|
Yes, the hang is happening between the echo out of the command to run kix32.exe and the ? "@DATE @TIME,ADLogon Kixtart Started" line. This has been established due to the echo line being present in the log file as the last entry on a failure.
I don't know why the paths have \..\ in them. The local env var is set to HERE=%0\.. where %0\ picks up the directory that the calling script is located.
I must stress that this is not my script/domain/deployment. It's just become my problem as the local IT guy. These scripts were probably written when version 4.22 was the latest and they work well on 30k computers a day but when we try to fetch and run them from a reasonably slow WAN link on a foreign DC with 2-300ms of ping there becomes a problem.
My best bet is on the network failing to download the kix32 and adlogon.kix but I wanted to know if the community had experienced anything like this before.
|
Top
|
|
|
|
#208833 - 2014-05-05 11:45 PM
Re: KiXtart stalling GPClient for 10 minutes on logon
[Re: Lonkero]
|
Danski
Fresh Scripter
Registered: 2014-05-04
Posts: 5
Loc: New Zealand
|
\\~DC~\NETLOGON\ADLogon directory has all of the files that are required. adlogon.cmd adlogon.kix KIX32.exe
Due to this being an enterprise deployment I do have to be careful of what I release here. I don't think pasting the script in its entirety would be ok or given that it doesn't hit the 6th line in the script, necessarily helpful.
I am investigating the antivirus being the problem. There seems to be no explicit exclusion of the NETLOGON folder. The product is Symantec Endpoint Protection V.12
I just want to reemphasize that the script works fine and runs in less than 1 second from the local DC.
Thank you all for your help so far.
Edited by Danski (2014-05-05 11:46 PM)
|
Top
|
|
|
|
#208835 - 2014-05-06 12:16 AM
Re: KiXtart stalling GPClient for 10 minutes on logon
[Re: ChristopheM]
|
ShaneEP
MM club member
Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
|
Should this line...set KIXLOG=%ADLOGFN%_kix%ADLOGEXT% be...set KIXLOG=%AdLogFilename%_kix%ADLOGEXT% ?
|
Top
|
|
|
|
#208854 - 2014-05-09 01:37 AM
Re: KiXtart stalling GPClient for 10 minutes on logon
[Re: ChristopheM]
|
Danski
Fresh Scripter
Registered: 2014-05-04
Posts: 5
Loc: New Zealand
|
I have made some of the suggested changes to the adlogon.cmd
...
set HERE=%~dp0
...
set RUNDIR=%TEMP%\ADLogon
...
:: KIX drive mappings
echo Starting AD logon script for %USERDNSDOMAIN%...
echo Copying KIX32/KIX Script/Mapping file to %TEMP%\ADLogon...
:: Copy to local machine to prevent running from DC (AV issues etc)
xcopy %HERE%* %RUNDIR%\ /Y /E /C
echo %RUNDIR%\kix32.exe "%RUNDIR%\adlogon.kix" $adlcdir="%RUNDIR%" "$logfile=%KIXLOG%"
%RUNDIR%\kix32.exe "%RUNDIR%\adlogon.kix" $adlcdir="%RUNDIR%" "$logfile=%KIXLOG%"
I've emailed this script to a domain administrator that I've been working with on this issue. Now to wait and see what he comes back with.
Thank you everyone so far.
|
Top
|
|
|
|
#208866 - 2014-05-11 09:56 PM
Re: KiXtart stalling GPClient for 10 minutes on logon
[Re: ChristopheM]
|
Danski
Fresh Scripter
Registered: 2014-05-04
Posts: 5
Loc: New Zealand
|
Following the lead of other logon scripts for the enterprise I have specifically not used /D so the scripts cannot be modified while on the local drive.
As for robocopy, using /MIR would probably be the best solution but since we still have a few XP machines lingering on the network this isn't an option.
The one problem I don't have a solution for is if someone accidentally/unwittingly dumps a large file in the \\DC\ADLOGON folder as it will copy down. The other option would be to explicitly call xcopy only on the files kix needs but this would then make the script a hidden dependency if the files were to change in future.
It's tough writing code for an enterprise.
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 248 anonymous users online.
|
|
|