Extremely slow logon via VPN

  • Thread starter Thread starter Brian
  • Start date Start date
B

Brian

I have several WinXP Pro stations in the following network topology:

All are part of a Windows 2003 SBS domain.
Corporate office has five computers and Windows 2003 SBS DC.
Remote office has one computer.
Remote office is connected to corporate office by a hardware VPN (Netgear
FVS318 on a Comcast Internet connection) at each end.

Logon to the domain (i.e. basic workstation logon) at the remote station
took 5-10 minutes (completely unacceptable) for the domain administrator, but
less than one minute (acceptable, considering the speed of the WAN
connection) for a domain user.

I discovered this much: as soon as I remove the home folder
connection/mapping from ActiveDirectory for the domain admin, it also takes
less than a minute. However, the domain user also has a home folder mapping
in AD, and it never takes 10 minutes.

Why would connection to a home folder take so much longer for a domain admin
than a domain user?
 
Usual reason is that something is being synchronized over the link. This
could be that you are using a roaming profile, or it could be a (home or
other) folder set to perform offline sync. The latter sounds likely from your
description.

The problem will be exacerbated by large files such as (for example) an
Outlook .pst which might be 1GB in size, and which needs resyncing each time
a few kB of new email is added in a logon session.

One solution may be to change the share properties on the server to disallow
'offline files.'
 
I checked everything I could think of, and here is how it stands:

I do not use roaming profiles (i.e. no path in Profile Path in AD)
Offline File Synch is disabled for the domain admin's profile on the remote
station.
Every user has a unique home folder on the server, and my login script used
for all users, including the domain admin, includes a net use to map three
other drive letters to other shares on the server.
There are no files in the domain admin's home folder on the server; there
are, however, many files in the other shared folders mapped to other drive
letters via the login script.
The problem occurs only for the domain admin, and then only when I set
Profile -> Home Folder -> Connect to assign a drive letter to a home home
folder drive to a share on the server.
I can map that same drive manually after login or via the login script with
no problem (i.e. it connects immediately), so it has something to do with the
Home Folder mapping in AD.
 
Back
Top