Solved

MUVPN 7.3 - Slow logon at 'Applying Computer Settings' - Disable NLA Service?

Posted on 2007-03-29
8
9,870 Views
Last Modified: 2013-11-16
Hi

After connecting through our VPN software (MUVPN by Watchguard - V7.3) remotely, users are experiencing slow logon times when returning to the office.  After entering network credentials, the logon box hangs at 'Applying Computer Settings' for around 10-15 minutes.  MUVPN deploys a 'deterministic network enhancer' which has a patch available to supposedly fix this issue (http://www.deterministicnetworks.com/downloads/dneupdate.asp).  However, I have just tried to connect to the domain on a laptop with this patch installed and still we are experiencing latency when applying computer settings.

All clients are running fully patched XP SP2, with both wired and wireless access to the corporate LAN.

I've just discovered that stopping, then disabling the NLA service & rebooting resolves the latency issue - However, this isn't a particularly nice fix as the users in question are constantly connecting to various networks to establish their internet connection - and Microsoft insist that this service is a necessity for the smooth running of such changes.  (As well as optimising GPO deployment).

Has anyone out there experienced similar issues?  If so, what fixes have you applied?  Is the disabling of the NLA service the only way we can overcome the latency?

Many thanks
0
Comment
Question by:ddh76
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18819137
Sounds like the machines are retaining the old DNS server information. Is that possible? Restarting the NLA service would likely reset that, so it is possible. Are they shutting down their laptops, or just going into stand-by? Shutting down should force re-assignment.
Using the wrong DNS or even having another as the alternative will cause very slow logons.

Short term solution might be to create a batch file for the user's to put on their desktop to restart NLA, but they would still have that initial slow logon
  net stop "Network Location Awareness (NLA)"
  net start "Network Location Awareness (NLA)"
  exit
0
 
LVL 1

Author Comment

by:ddh76
ID: 18822288
I see what you're saying and it's quite feasible that DNS information is being cached, but a logoff/logon script won't cure the slow login.

What pitfalls are there to permanently disabling the NLA service?  I've just read an article on Vista - apparently NLA has been 'dramatically improved' in this version of Windows - is this Microsoft's way of admitting a problem in XP and prior?

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18822723
>>"a logoff/logon script won't cure the slow login."
Wasn't suggesting that but you had said restarting the NLA service resolved the problem. Not a good solution, but once logged on, running the stop/start script should fix it for the next logon, from the same location.

I don't know if the NLA service has to be run. I have read different articles on that. My "opinion" from what I have read is unless you are using ICS (Internet Connection Sharing) you can turn it off. Can't hurt to give it a try. Worst case scenario somebody can't connect.

However, I think we are confusing cause and effect. I think turning off NLA is dealing with the symptoms. I have never heard of a problem with this service, though in XP I don't think it does much, so the real problem may be something else. The NLA service is closely tied to the NIC driver, TCP/IP, and IPSec (the MUVPN client). Are all laptops similar units? If not it probably rules out the driver. If they are I would update the NIC driver first. If that doesn't resolve I would look to the MUVPN client. What version of the client are you using? Do you have an older one you can try?

For the record, I have never had a problem as you describe, with NLA and MUVPN. I have had problems with laptops occasionally, especially IBM, not reseting their TCP/IP configuration if not powered off.
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 
LVL 1

Author Comment

by:ddh76
ID: 18824291
Ok, I'm with you.  Sorry - I missed out the fact that restarting the NLA service doesn't fix the slow logon - if you disable it, then restart, it logs in fine - however, if you boot with the service enabled, you experience the latency.

We don't use ICS, so disabling it permanently might be our only option.

The client version is MUVPN V7.3 and the safenet soft remote V is 10.3.5 Build 6.  we don't have any older versions that we can roll back to I'm afraid - Although I can certainly see your thinking here!

The laptops are all Dell 400 series - mostly 420's.  I'll try changing the NIC driver on one of the affected machines and see if that helps.

Many thanks - I'll post next week when I've had a chance to update the driver.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18824385
If you wanted to give it a try I have a copy of version 6.11 MUVPN. It's for the SOHO series. I think it's compatible, but can't confirm that. I don't see it a a licensing violation for me to supply you with an earlier client, where you have licensed hardware with current client.

Let us know how it goes with the drivers.
Have a good weekend.
--Rob
0
 
LVL 1

Author Comment

by:ddh76
ID: 18850872
No joy with the upgrade of the NIC I'm afraid.

As we have users that don't have the problem outlined above, I'm reluctant to try an older version of the software.  I think in the mean time, I'll disable the NLA service on the affected machines and hope for the best.

If I do happen to stumble across a more suitable solution, I'll be sure to let you know.

Many thanks for your help on this matter - much appreciated.

Nathan
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 18851041
Thanks for the update Nathan. Disabling NLA shouldn't be a problem as we discussed, but at least if there is an issue you can easily re-enable.
Let us know how it goes ultimately.
Cheers !
--Rob
0
 

Expert Comment

by:cheesebugah
ID: 21911122
I had a laptop earlier today, well,, been an issue for the last few weeks. It was a slow login at " Applying Computer Settings ".. I disabled this service and BAM.. good to go.

Thanks EE
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question