Solved

MUVPN 7.3 - Slow logon at 'Applying Computer Settings' - Disable NLA Service?

Posted on 2007-03-29
8
9,840 Views
Last Modified: 2013-11-16
Hi

After connecting through our VPN software (MUVPN by Watchguard - V7.3) remotely, users are experiencing slow logon times when returning to the office.  After entering network credentials, the logon box hangs at 'Applying Computer Settings' for around 10-15 minutes.  MUVPN deploys a 'deterministic network enhancer' which has a patch available to supposedly fix this issue (http://www.deterministicnetworks.com/downloads/dneupdate.asp).  However, I have just tried to connect to the domain on a laptop with this patch installed and still we are experiencing latency when applying computer settings.

All clients are running fully patched XP SP2, with both wired and wireless access to the corporate LAN.

I've just discovered that stopping, then disabling the NLA service & rebooting resolves the latency issue - However, this isn't a particularly nice fix as the users in question are constantly connecting to various networks to establish their internet connection - and Microsoft insist that this service is a necessity for the smooth running of such changes.  (As well as optimising GPO deployment).

Has anyone out there experienced similar issues?  If so, what fixes have you applied?  Is the disabling of the NLA service the only way we can overcome the latency?

Many thanks
0
Comment
Question by:ddh76
  • 4
  • 3
8 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18819137
Sounds like the machines are retaining the old DNS server information. Is that possible? Restarting the NLA service would likely reset that, so it is possible. Are they shutting down their laptops, or just going into stand-by? Shutting down should force re-assignment.
Using the wrong DNS or even having another as the alternative will cause very slow logons.

Short term solution might be to create a batch file for the user's to put on their desktop to restart NLA, but they would still have that initial slow logon
  net stop "Network Location Awareness (NLA)"
  net start "Network Location Awareness (NLA)"
  exit
0
 
LVL 1

Author Comment

by:ddh76
ID: 18822288
I see what you're saying and it's quite feasible that DNS information is being cached, but a logoff/logon script won't cure the slow login.

What pitfalls are there to permanently disabling the NLA service?  I've just read an article on Vista - apparently NLA has been 'dramatically improved' in this version of Windows - is this Microsoft's way of admitting a problem in XP and prior?

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18822723
>>"a logoff/logon script won't cure the slow login."
Wasn't suggesting that but you had said restarting the NLA service resolved the problem. Not a good solution, but once logged on, running the stop/start script should fix it for the next logon, from the same location.

I don't know if the NLA service has to be run. I have read different articles on that. My "opinion" from what I have read is unless you are using ICS (Internet Connection Sharing) you can turn it off. Can't hurt to give it a try. Worst case scenario somebody can't connect.

However, I think we are confusing cause and effect. I think turning off NLA is dealing with the symptoms. I have never heard of a problem with this service, though in XP I don't think it does much, so the real problem may be something else. The NLA service is closely tied to the NIC driver, TCP/IP, and IPSec (the MUVPN client). Are all laptops similar units? If not it probably rules out the driver. If they are I would update the NIC driver first. If that doesn't resolve I would look to the MUVPN client. What version of the client are you using? Do you have an older one you can try?

For the record, I have never had a problem as you describe, with NLA and MUVPN. I have had problems with laptops occasionally, especially IBM, not reseting their TCP/IP configuration if not powered off.
0
 
LVL 1

Author Comment

by:ddh76
ID: 18824291
Ok, I'm with you.  Sorry - I missed out the fact that restarting the NLA service doesn't fix the slow logon - if you disable it, then restart, it logs in fine - however, if you boot with the service enabled, you experience the latency.

We don't use ICS, so disabling it permanently might be our only option.

The client version is MUVPN V7.3 and the safenet soft remote V is 10.3.5 Build 6.  we don't have any older versions that we can roll back to I'm afraid - Although I can certainly see your thinking here!

The laptops are all Dell 400 series - mostly 420's.  I'll try changing the NIC driver on one of the affected machines and see if that helps.

Many thanks - I'll post next week when I've had a chance to update the driver.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 77

Expert Comment

by:Rob Williams
ID: 18824385
If you wanted to give it a try I have a copy of version 6.11 MUVPN. It's for the SOHO series. I think it's compatible, but can't confirm that. I don't see it a a licensing violation for me to supply you with an earlier client, where you have licensed hardware with current client.

Let us know how it goes with the drivers.
Have a good weekend.
--Rob
0
 
LVL 1

Author Comment

by:ddh76
ID: 18850872
No joy with the upgrade of the NIC I'm afraid.

As we have users that don't have the problem outlined above, I'm reluctant to try an older version of the software.  I think in the mean time, I'll disable the NLA service on the affected machines and hope for the best.

If I do happen to stumble across a more suitable solution, I'll be sure to let you know.

Many thanks for your help on this matter - much appreciated.

Nathan
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 18851041
Thanks for the update Nathan. Disabling NLA shouldn't be a problem as we discussed, but at least if there is an issue you can easily re-enable.
Let us know how it goes ultimately.
Cheers !
--Rob
0
 

Expert Comment

by:cheesebugah
ID: 21911122
I had a laptop earlier today, well,, been an issue for the last few weeks. It was a slow login at " Applying Computer Settings ".. I disabled this service and BAM.. good to go.

Thanks EE
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now