I should start off by saying we have a very large network, where one side of the company has probably made changes to the AD without my knowledge that is causing these issues.
We have a branch office connected to our network through a site to site VPN, on 192.168.9.0/24, to our main datacenter at 192.168.200.0/24 which hosts our primary DC and primary exchange server. A few months ago the site started to experience issues with logging on and opening outlook, where it would take 1-5 minutes for a user to log in, or outlook to actually connect to exchange.
Our domain users are set up with local administrator accounts on their computers, and any user that has cached credentials can login in less than 2 minutes. When I was at the site, i tried logging in to a PC using my domain admin credentials, and it took about 6-7 minutes to actually log me in for the first time.
With Outlook, the first time outlook is opened on a PC it will almost always fail to connect and pop up saying a connection couldn't be established, where you can choose to retry or work offline. It's about a 50/50 chance that outlook will connect the second time if we try retry, the third try almost always works.
This isn't specific to the computers at the site, as my laptop which works perfectly fine at every other location, has the same problems when i'm on their network.
This part of our network is configured and run by an outside company, who says everything is working 100% and they can't find a problem.
Changing the dhcp subnet from 192.168.9.0 to 10.80.9.0
changing the dhcp to point all clients to a different set of DC's at a different datacenter, & the AD sites and services to point to those dc's
uninstalling our antivirus, symantec endpoint, as it has a network access control feature
Using wireshark to watch what happens when outlook is opened, nothing stood out to me but i'm not a networking guy. (can post a wireshark if someone wants)
Based on a microsoft kb article i found i checked and confirmed that the web client network provider is at the bottom of the list, i have not tried disabling it completely. There is no service running on port 80 on the dc's.
Anyone have any suggestions to things i can try? I pretty much have free access to change anything for the site to try and fix this problem.
edit: Also, once a user has successfully connected to the exchange server, the user can open/close outlook as much as they won't and the problem will not happen again until after a reboot.