slow network browsing when there are VPN connections

Our company has a small 1Gb wired windows network with two 2003 and 2008 DC. The network works pretty fast on file transfer, etc. Also we have a SonicWall TZ170 firewall/VPN server. When an user establish a VPN connection from his home, the network browsing from the office location becomes VERY slow. I.e., say I open the windows explorer, then go to the "Network" node, and it takes 30 sec. to enumerate all the computers. If there is no VPN tunnel established, the enumeration takes 0.02 sec.
nbtstat shows that the remote connected laptop is currently a master browser (__MSBROWSE__)
C:\>nbtstat -a user-laptop

Local Area Connection:
Node IpAddress: [10.0.0.52] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    USER-LAPTOP    <00>  UNIQUE      Registered
    DOMAINNAME     <00>  GROUP       Registered
    USER-LAPTOP    <20>  UNIQUE      Registered
    DOMAINNAME     <1E>  GROUP       Registered
    DOMAINNAME     <1D>  UNIQUE      Registered
    ..__MSBROWSE__.<01>  GROUP       Registered

    MAC Address = 00-60-73-03-5A-16


Local Area Connection* 9:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

Cisco VPN:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

Open in new window

May be that be a reason of the slowness?
I tried to disable the " Enable Windows Networking (NetBIOS) Broadcast " on the VPN server settings - did not change a thing.
Attached the screenshot of the VPN server settings
Any ideas?
vpn.png
LVL 19
zc2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
I open the windows explorer, then go to the "Network" node, and it takes 30 sec. to enumerate all the computers

That is quite normal over VPN. VPN is normally slow (slow side of the internet link always being used).

I do not browse the Network location over VPN just for this reason.

Map the folders you need (NET USE Z: \\servername\folder) and then go directly to the file you need. Even for large folder structures this will be slow.

... Thinkpads_User
0
zc2Author Commented:
I'm sorry for not making the question clear enough.
I am in the office and do the network enumeration be located in the office network.
And the other guy is connected via VPN. I don't care how fast or slow he browses the network.
I want when he's connected, the local office network speed was not affected.
That's correlated for sure - his connection over the VPN and network browsing slowness.
0
JohnBusiness Consultant (Owner)Commented:
If your local browsing is slowed down by the other person's VPN usage, try using a VPN that logs into a VPN appliance and not a server. That is probably why you are getting affected.

Other than that, you may be trying to enumerate the other person's computer over VPN, and again, that would be normally slow.

My other advice could be just as useful:  Map a local computer directly and do not browse the network.

.... Thinkpads_User
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

zc2Author Commented:
This is a VPN appliance: SonicWall TZ170
It'a small box and it works as a firewall and also as DHCP and VPN server as well.

So, the question here - how to exclude the connected over the VPN computer from the local network enumeration.
0
JohnBusiness Consultant (Owner)Commented:
If the computer is a domain-connected computer, then network enumeration will include the computer.

Option 1: Just do not use Network Enumeration. It does not give me any value. I just go to the target I want.

Option 2: For one, or a small number of users, remove remote users from the domain. Make them local users and have them map appropriate resources as they need.

... Thinkpads_User
0
zc2Author Commented:
I'm sorry, but those are not appropriate solutions.
I can't tell users not to do the enumeration, because the application they use every day does that. And to minimize the waiting time they do use network mapped drives. But sometimes they still have to wait for the enumeration, it can't be avoided.
Also I can't exclude them from the domain,because that will bring a lot of much uglier problems that the discussed one.

My questions, are:
If being the master browser makes some kind of conflicts, how to make the remote computer not be the master browser?
Should I concentrate on cutting off the remote PC from the network?
May be I need to configure the firewall on the VPN box to prevent the remote PC being browsed?
0
JohnBusiness Consultant (Owner)Commented:
minimize the waiting time they do use network mapped drives.  

As I was suggesting earlier.

 I can't exclude them from the domain, because that will bring a lot of much uglier problems  

I can see where that might apply to you more than in my environment.

Should I concentrate on cutting off the remote PC from the network?  

That is effectively excluding them from the domain. Their PC would not operate as expected.

May be I need to configure the firewall on the VPN box to prevent the remote PC being browsed?

I cannot tell you how to do that without just blocking the remote user and you do not want to do that.

I understand that once you start enumerating, it is slow. I know this from experience. My only solution is do not do it. It just wastes time.  Sorry.

... Thinkpads_User
0
zc2Author Commented:
I've disabled the the VPN which disconnects the remote PC.
Then I removed the remote computer name on both WINS servers. Cleared the cache (nbtstat -c)
But still I can see the remote computer name in the enumeration. Where it comes from?
How can I purge it from the network completely?
Can I locate the services where it could be stored and manage them?
0
JohnBusiness Consultant (Owner)Commented:
Does the remote computer still have a DHCP lease?  Otherwise, I am not sure.

... Thinkpads_User
0
zc2Author Commented:
No, I checked the DHCP leases (on the same appliance as the VPN server), the remote computer IP is not there.
But "net view" as well as network enumeration still lists its name.
Where can it be kept, I wonder...
0
JohnBusiness Consultant (Owner)Commented:
I do not know where the names are kept. Any attempt on my part to find information led to programming and registry changes.

So I cannot help further.

.... Thinkpads_User
0
zc2Author Commented:
Thank you.
0
JohnBusiness Consultant (Owner)Commented:
@zc2 - I did try very hard on your behalf. Sorry I could not help further. Thank you.

... Thinkpads_User
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.