Solved

Problem with slow working at home

Posted on 2009-07-08
8
276 Views
Last Modified: 2013-11-05
Hey Guys,

I am having somewhat of a struggle here with the job i'm working at know. I will try and make as good of a description of the problem as possible.

We have multiple laptop users who would like to work at home (off course). The issues we are seeing when they try to work at home is this. When thay have a network connection at home (cabled or wireless) login takes a long time (for about 3 to 4 minutes), it pauzes after the applying your personal settings screen and it just keeps sitting there with the nice blue XP background. When users login without any connection to the any kind of network, so really stand alone, everything works fine..

To point out some config settings we have. Our network has a complete external DNS structure, so no NATting done here. If i'm sitting at home it would be possible to ping my own machine. This means it is also possible to ping all of our DC's externally. I am not the administrator of the firewall, nor the network, but i do need to fix the slow logins for the users.

The things i've figured out this far (and also, please correct me if i'm wrong) is that domain members get a primary DNS suffix that is the same as the name of the domain. When i'm trying ot work at home i still have my Primary DNS suffix pointing to my domain meaning i'm able to ping domain machines only using the NETBIOS name. Second, it looks like the time out I'm receving when logging in is the TCP/IP timeout which (according to al the papers) is like 4 minutes.

I am aware that this isn't really something that is fixable within a minute or so, i would like to get some of your points of view regarding this issue.  Maybe you can point me into the right direction? And please try not to point out the obvious, I am well aware that using a pingable DC isn;t best practice :)  :)

Any help is appreciated

Ray

0
Comment
Question by:rhandels
  • 4
  • 4
8 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 24806573
How does it behave after they have logged in and everything finally "settles in"?  Does it work normal after that?
 
0
 
LVL 23

Author Comment

by:rhandels
ID: 24806684
Hey,

Thanks for your reply, and yes it does.. But the problem is that some people need to wait for like 1 to 2 minutes and look at a blue screen, so telling them just to wait unfortenately isn;t an option :(..
0
 
LVL 29

Expert Comment

by:pwindell
ID: 24806745
Sounds like it is a Roaming Profile issue.   You need to combine Active Directory Folder Redirection with the Roaming Profiles if you want the Roaming Profiles to work efficiently over a slow WAN link.
DSL & CableTV
DSL & CableTV  is almost always Asynchronous,..meaning it has a much slower upload speed than it is on the download speed which can severly effect two way traffic.  
0
 
LVL 23

Author Comment

by:rhandels
ID: 24807046
Hey pwindell..

Thanks for our reply, but this isn't a roaming profile issue.. The laptops don';t use roaming profile to make sure we don;t get that issue.. For as far as i can see know it looks like the machines, when connected to any kind of internet (and not the internal network itself) it's able to see the DC's and even able to look up service records... It looks like the laptop is trying to contact the domain but is unable to...
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 24807206
How do you handle DNS?  For DNS to be proper they would have to always use the AD/DNS machine on your LAN no matter where they are at.  Since you are not using NAT,...and the DCs are directly available from anywhere,...that should not be a problem.  But when they are at home,...they get their config from the ISP's DHCP (or their "home router"),...which gives them the DNS from the ISP,...which is the wrong one for your LAN.  To avoid that you can use VPN which would over-ride the ISP's TCP/IP specs with the specs given through the Virtual VPN Adapter.  You didn't say you were using VPN, and since there is no NAT,...I assume VPN is not used.
Also,...Perhaps the Firewall is a problem,..even if it isn't using NAT.  The Admin of the Firewall can check the logs to see if anything is happening there.  It should be logged since they have to cross the Firewall to get to the DNS when they are not on the LAN.
0
 
LVL 23

Author Comment

by:rhandels
ID: 24811105
Hey,

Ok, so were do i start here :)

If users are at home i don't want them to use our DNS servers, i want them to use their own servers, the nicest thing would be if we had a complete different DNS structure external and internal, i'm well aware of that.. If i give them our DNS servers internally for working at home, I'm afraid they will still have these issues because they are working at home.. VPN indeed would be a good solutions, but then users are required to have an internet connection and unfortenately that is not an option for us :(

I've tried to do some tests and what i see is when users are logging in they are able to resolve srv records for our domain, they seem to be able to do ldap queries and so on and so on.. I did ask my networking collegues to block specific porst, but here is were i'm facing some issues.. Even if i block all ports from the domain, it seems like Microsoft still want's to connect to the domain, even if users are working at home with their own DNS server. I can see that when the users log in they try to connect to our domain servers but are unable to connect to them.

What i would like to know is what Microsoft tries to do when logging into the domain. Should i be able to make Microsoft clear that even if our DC's are pingable that the machine is offline..
0
 
LVL 23

Author Comment

by:rhandels
ID: 24857243
I'm going to close the question and at least award you some points because you did take the time trying to help me.. Unfortenately i don;t have the answer now.. If i find it ever, i will post it..
0
 
LVL 29

Expert Comment

by:pwindell
ID: 24858982
Ok, thank you sir.
Good luck with it!
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now