Problem with slow working at home

Hey Guys,

I am having somewhat of a struggle here with the job i'm working at know. I will try and make as good of a description of the problem as possible.

We have multiple laptop users who would like to work at home (off course). The issues we are seeing when they try to work at home is this. When thay have a network connection at home (cabled or wireless) login takes a long time (for about 3 to 4 minutes), it pauzes after the applying your personal settings screen and it just keeps sitting there with the nice blue XP background. When users login without any connection to the any kind of network, so really stand alone, everything works fine..

To point out some config settings we have. Our network has a complete external DNS structure, so no NATting done here. If i'm sitting at home it would be possible to ping my own machine. This means it is also possible to ping all of our DC's externally. I am not the administrator of the firewall, nor the network, but i do need to fix the slow logins for the users.

The things i've figured out this far (and also, please correct me if i'm wrong) is that domain members get a primary DNS suffix that is the same as the name of the domain. When i'm trying ot work at home i still have my Primary DNS suffix pointing to my domain meaning i'm able to ping domain machines only using the NETBIOS name. Second, it looks like the time out I'm receving when logging in is the TCP/IP timeout which (according to al the papers) is like 4 minutes.

I am aware that this isn't really something that is fixable within a minute or so, i would like to get some of your points of view regarding this issue.  Maybe you can point me into the right direction? And please try not to point out the obvious, I am well aware that using a pingable DC isn;t best practice :)  :)

Any help is appreciated

Ray

LVL 23
rhandelsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pwindellCommented:
How does it behave after they have logged in and everything finally "settles in"?  Does it work normal after that?
 
0
rhandelsAuthor Commented:
Hey,

Thanks for your reply, and yes it does.. But the problem is that some people need to wait for like 1 to 2 minutes and look at a blue screen, so telling them just to wait unfortenately isn;t an option :(..
0
pwindellCommented:
Sounds like it is a Roaming Profile issue.   You need to combine Active Directory Folder Redirection with the Roaming Profiles if you want the Roaming Profiles to work efficiently over a slow WAN link.
DSL & CableTV
DSL & CableTV  is almost always Asynchronous,..meaning it has a much slower upload speed than it is on the download speed which can severly effect two way traffic.  
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

rhandelsAuthor Commented:
Hey pwindell..

Thanks for our reply, but this isn't a roaming profile issue.. The laptops don';t use roaming profile to make sure we don;t get that issue.. For as far as i can see know it looks like the machines, when connected to any kind of internet (and not the internal network itself) it's able to see the DC's and even able to look up service records... It looks like the laptop is trying to contact the domain but is unable to...
0
pwindellCommented:
How do you handle DNS?  For DNS to be proper they would have to always use the AD/DNS machine on your LAN no matter where they are at.  Since you are not using NAT,...and the DCs are directly available from anywhere,...that should not be a problem.  But when they are at home,...they get their config from the ISP's DHCP (or their "home router"),...which gives them the DNS from the ISP,...which is the wrong one for your LAN.  To avoid that you can use VPN which would over-ride the ISP's TCP/IP specs with the specs given through the Virtual VPN Adapter.  You didn't say you were using VPN, and since there is no NAT,...I assume VPN is not used.
Also,...Perhaps the Firewall is a problem,..even if it isn't using NAT.  The Admin of the Firewall can check the logs to see if anything is happening there.  It should be logged since they have to cross the Firewall to get to the DNS when they are not on the LAN.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rhandelsAuthor Commented:
Hey,

Ok, so were do i start here :)

If users are at home i don't want them to use our DNS servers, i want them to use their own servers, the nicest thing would be if we had a complete different DNS structure external and internal, i'm well aware of that.. If i give them our DNS servers internally for working at home, I'm afraid they will still have these issues because they are working at home.. VPN indeed would be a good solutions, but then users are required to have an internet connection and unfortenately that is not an option for us :(

I've tried to do some tests and what i see is when users are logging in they are able to resolve srv records for our domain, they seem to be able to do ldap queries and so on and so on.. I did ask my networking collegues to block specific porst, but here is were i'm facing some issues.. Even if i block all ports from the domain, it seems like Microsoft still want's to connect to the domain, even if users are working at home with their own DNS server. I can see that when the users log in they try to connect to our domain servers but are unable to connect to them.

What i would like to know is what Microsoft tries to do when logging into the domain. Should i be able to make Microsoft clear that even if our DC's are pingable that the machine is offline..
0
rhandelsAuthor Commented:
I'm going to close the question and at least award you some points because you did take the time trying to help me.. Unfortenately i don;t have the answer now.. If i find it ever, i will post it..
0
pwindellCommented:
Ok, thank you sir.
Good luck with it!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.