Thanks Chuck.
I double checked the server settings. They are set for allow secure updates
& the DNS server is listed as its own IP.
On the wkstn, i disabled ntbios during previous tshooting. i thought it
could be holding up my login. But same slow result.
I did a test on the dsl connection, 4.5 dwn/600k up. my ping to server thru
vpn avgs 49ms. I am also able to RDC thru the vpn to server & its pretty
snappy. Tonight i will try the last things u mentioned.
One thing i will add. When i first went to add the workstation to the
domain, it gave an error that the control response took too long. SO what i
had to do was rename the comp, reboot & then join w/ new name. Worked fine.
The only thing different about this site is, the Netscreen fw/vpn hands out
the ip & isp dns. This is for the other computer. Since the isp dns wont
work for the domain, i static assigned the server dns into the workstation.
when i do ipconfig /all, it only shows the 1 ip addy. so i know its not
getting dns from the netscreen.
Brian,
What DSL services the other 3 remote sites? When you describe your test ("4.5
dwn/600k up"), it sounds like ADSL, which is not a good choice for business
applications. Business applications, and WANs, run better on SDSL. There's
more issues with business WANs than simple speed concerns. Latency ("...the
control response took too long...") can also cause problems.
Now browsing uses SMBs. SMBs can be either directly bound, or bound to NetBT.
If you disabled NetBT, and your DNS is properly setup, on both ends of the VPN
tunnel, you'll be using directly bound SMBs and DNS based name resolution. I'll
refer you to the Microsoft white paper, which should explain the issues in
detail.
<
http://www.microsoft.com/technet/archive/winntas/deploy/prodspecs/ntbrowse.mspx?mfr=true>
http://www.microsoft.com/technet/archive/winntas/deploy/prodspecs/ntbrowse.mspx?mfr=true
I have advised a few times here about browsing, and name resolution, on domestic
LANs connected by VPN to a business LAN. Your case, though, is the first one
where we've tried extending a domain thru the VPN. Domains use the clock on the
client and the domain controller as part of the authentication process, and
again latency can be a problem here.
I suspect that we'll both learn a bit here, if you're patient with me. Besides
the Microsoft paper, you may find my browser article to provide a good overview.
<
http://nitecruzr.blogspot.com/2005/04/nt-browser-or-why-cant-i-always-see.html>
http://nitecruzr.blogspot.com/2005/04/nt-browser-or-why-cant-i-always-see.html
I'll look forward to what you find tonight.