Slow logins to AD across VPN

E

ESM

I have numerous sites connected back to a corporat eoffice over VPN's. The
Corporat eoffice has 10 meg internet with only 25% utilization.

Remote sites have Cable or DSL at speeds of 3.0 mbps down and 512k up, all
the way to 7.0/768.

Remote offices do not have a local AD server. They autneticate across the
VPN to 2 AD servers at the corporate location. CPU load on those AD servers
is low.

Login times to computer at these remote sites can be up to 30 minutes.
Computers will "hang" at "applying computer settings".

I'm not do much with GPO. Is there a way to find out what's going on and be
able to speedup this process? Deploying a DC is not my preferred method.
 
T

Trust No One®

ESM said:
Remote offices do not have a local AD server. They autneticate
across the VPN to 2 AD servers at the corporate location. CPU load
on those AD servers is low.

Login times to computer at these remote sites can be up to 30 minutes.
Computers will "hang" at "applying computer settings".
Click to expand...
We had similar problems with 30-45 minute logins at a number of our VPN
sites, and the odd frame relay site.

Forcing Kerberos to use TCP rather than UDP may well cure your problem.

See:

http://support.microsoft.com/kb/244474/

may well cure your problem.

hth
 
E

ESM

Very interesting. Did you force this company wide using the ADM provided
for GPO, or just at effected sites? I can't think of a reason not to do
this companywide. It seems like the only reason UDP is used is because of
the RFC on this subject. TCP clearly sounds like the best way to do this.
 
T

Trust No One®

ESM said:
Very interesting. Did you force this company wide using the ADM
provided for GPO, or just at effected sites? I can't think of a
reason not to do this companywide. It seems like the only reason UDP
is used is because of the RFC on this subject. TCP clearly sounds
like the best way to do this.
Click to expand...
Hmm... MSFT have updated the KB article :)

At the time I first used this tweak (about 18 months ago), only the registry
tweak was available so we deployed it as needed to workstations/servers at
affected sites.

I'm glad to see it can now be deployed and managed via Group Policy. To be
honest I really can't see any reason why it shouldn't be rolled out company
wide.
 
M

Mark D.

ESM said:
I have numerous sites connected back to a corporat eoffice over VPN's. The
Corporat eoffice has 10 meg internet with only 25% utilization.

Remote sites have Cable or DSL at speeds of 3.0 mbps down and 512k up, all
the way to 7.0/768.

Remote offices do not have a local AD server. They autneticate across the
VPN to 2 AD servers at the corporate location. CPU load on those AD
servers is low.

Login times to computer at these remote sites can be up to 30 minutes.
Computers will "hang" at "applying computer settings".

I'm not do much with GPO. Is there a way to find out what's going on and
be able to speedup this process? Deploying a DC is not my preferred
method.
Click to expand...

Could you please tell me how you accomplish this? I've tried to use VPN's to
connect remote sites back to the corp DC but couldn't get it to work. Any
help would be appreciated?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD Across VPN 1
AD across site-2-site VPN 1
Slow logins via RDP in Branch offices 1
Question - Remote sites without servers over vpn 3
Multi-site AD setup 3
Can I Bridge AD across a frame relay network?? 9
AD site to site replication 2
Residential ISP VPN Provider 0

Top