Solved

MUVPN 7.3 - Slow logon at 'Applying Computer Settings' - Disable NLA Service?

Posted on 2007-03-29
8
9,857 Views
Last Modified: 2013-11-16
Hi

After connecting through our VPN software (MUVPN by Watchguard - V7.3) remotely, users are experiencing slow logon times when returning to the office.  After entering network credentials, the logon box hangs at 'Applying Computer Settings' for around 10-15 minutes.  MUVPN deploys a 'deterministic network enhancer' which has a patch available to supposedly fix this issue (http://www.deterministicnetworks.com/downloads/dneupdate.asp).  However, I have just tried to connect to the domain on a laptop with this patch installed and still we are experiencing latency when applying computer settings.

All clients are running fully patched XP SP2, with both wired and wireless access to the corporate LAN.

I've just discovered that stopping, then disabling the NLA service & rebooting resolves the latency issue - However, this isn't a particularly nice fix as the users in question are constantly connecting to various networks to establish their internet connection - and Microsoft insist that this service is a necessity for the smooth running of such changes.  (As well as optimising GPO deployment).

Has anyone out there experienced similar issues?  If so, what fixes have you applied?  Is the disabling of the NLA service the only way we can overcome the latency?

Many thanks
0
Comment
Question by:ddh76
  • 4
  • 3
8 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18819137
Sounds like the machines are retaining the old DNS server information. Is that possible? Restarting the NLA service would likely reset that, so it is possible. Are they shutting down their laptops, or just going into stand-by? Shutting down should force re-assignment.
Using the wrong DNS or even having another as the alternative will cause very slow logons.

Short term solution might be to create a batch file for the user's to put on their desktop to restart NLA, but they would still have that initial slow logon
  net stop "Network Location Awareness (NLA)"
  net start "Network Location Awareness (NLA)"
  exit
0
 
LVL 1

Author Comment

by:ddh76
ID: 18822288
I see what you're saying and it's quite feasible that DNS information is being cached, but a logoff/logon script won't cure the slow login.

What pitfalls are there to permanently disabling the NLA service?  I've just read an article on Vista - apparently NLA has been 'dramatically improved' in this version of Windows - is this Microsoft's way of admitting a problem in XP and prior?

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18822723
>>"a logoff/logon script won't cure the slow login."
Wasn't suggesting that but you had said restarting the NLA service resolved the problem. Not a good solution, but once logged on, running the stop/start script should fix it for the next logon, from the same location.

I don't know if the NLA service has to be run. I have read different articles on that. My "opinion" from what I have read is unless you are using ICS (Internet Connection Sharing) you can turn it off. Can't hurt to give it a try. Worst case scenario somebody can't connect.

However, I think we are confusing cause and effect. I think turning off NLA is dealing with the symptoms. I have never heard of a problem with this service, though in XP I don't think it does much, so the real problem may be something else. The NLA service is closely tied to the NIC driver, TCP/IP, and IPSec (the MUVPN client). Are all laptops similar units? If not it probably rules out the driver. If they are I would update the NIC driver first. If that doesn't resolve I would look to the MUVPN client. What version of the client are you using? Do you have an older one you can try?

For the record, I have never had a problem as you describe, with NLA and MUVPN. I have had problems with laptops occasionally, especially IBM, not reseting their TCP/IP configuration if not powered off.
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 1

Author Comment

by:ddh76
ID: 18824291
Ok, I'm with you.  Sorry - I missed out the fact that restarting the NLA service doesn't fix the slow logon - if you disable it, then restart, it logs in fine - however, if you boot with the service enabled, you experience the latency.

We don't use ICS, so disabling it permanently might be our only option.

The client version is MUVPN V7.3 and the safenet soft remote V is 10.3.5 Build 6.  we don't have any older versions that we can roll back to I'm afraid - Although I can certainly see your thinking here!

The laptops are all Dell 400 series - mostly 420's.  I'll try changing the NIC driver on one of the affected machines and see if that helps.

Many thanks - I'll post next week when I've had a chance to update the driver.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18824385
If you wanted to give it a try I have a copy of version 6.11 MUVPN. It's for the SOHO series. I think it's compatible, but can't confirm that. I don't see it a a licensing violation for me to supply you with an earlier client, where you have licensed hardware with current client.

Let us know how it goes with the drivers.
Have a good weekend.
--Rob
0
 
LVL 1

Author Comment

by:ddh76
ID: 18850872
No joy with the upgrade of the NIC I'm afraid.

As we have users that don't have the problem outlined above, I'm reluctant to try an older version of the software.  I think in the mean time, I'll disable the NLA service on the affected machines and hope for the best.

If I do happen to stumble across a more suitable solution, I'll be sure to let you know.

Many thanks for your help on this matter - much appreciated.

Nathan
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 18851041
Thanks for the update Nathan. Disabling NLA shouldn't be a problem as we discussed, but at least if there is an issue you can easily re-enable.
Let us know how it goes ultimately.
Cheers !
--Rob
0
 

Expert Comment

by:cheesebugah
ID: 21911122
I had a laptop earlier today, well,, been an issue for the last few weeks. It was a slow login at " Applying Computer Settings ".. I disabled this service and BAM.. good to go.

Thanks EE
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to rollback Windows updates with SCCM? 6 74
BgInfo help 5 54
send to option in chrome 11 34
Move files based on file names? 8 16
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question