Mac AD issues -slow logon
Our setup is as follows for 20 PowerMac G4's (recently upgraded to 10.5.8) in school on a Child Domain.
These Macs were bound to pre-created computer accounts in AD on our Server 2003 domain. We have mapped the users' home directories and set the proxy settings etc etc & everything was working fine.
In the last 2 weeks users are now either not logging on (it takes 2 or 3 attempts for the Mac to accept their authentication details - you get the shaky login window once or twice) and/or it can take up to 3-4 minutes for the Mac to logon. When the user is logged on everything is fine. If I log on locally as the Mac local admin account it is equally slow.
The only thing that has changed recently is that our domain forest has had it's functionality level raised.
Our Domain Controllers (for our child domain) have now been demoted to member servers and the Council have replaced them with 2 virtual DC's (We had no choice in this). Our member servers have retained DHCP & Print server functionality but AD and DNS etc have been moved to the virtual DC's. Despite reconfiguring the Macs so that they have the updated DNS entries added to their Network Settings logon time is still poor. FWIW we have not had any issues with our Windows PCs after these changes.
As an experiment on 1 Mac we deleted it's AD account, recreated a different one and then went thru the process of renaming the Mac and rebinding it. That didn't fix things.
In addition we have tried various suggestions such as deleting the kerberos realm information files using the rm Kerberos command and restarted the Directory service using the killall DirectoryService command. This didn't make any difference.
The Mac were upgraded from 10.4(Tiger) to 10.5 (Leopard) in July and the Macs were fine after the upgrade. This leads me to think that it is either something to do with the further upgrade to 10.5.8 or something to do with the changes to our Domain structure.
So at the moment we are left with a suite of Macs that used to be really nippy at logging on and for reasons unknown are now problematic at logon which is making life tricky for our users and my blood pressure. Any advice would be gratefully received before my Technician's head explodes.