Re: Group policy performance over the WAN

Howdie!

SRG schrieb:
Okay so remote sites have at least a T1 of bandwidth available to them. Not an option to put a domain controller at these remote locations. To get to the desktop where one can login it takes about 10 minutes, to get to the desktop after login takes about 10 minutes and to get to a fully functional desktop takes about another 10 minutes. I did a packet capture and the login process was about 50,000 packets. It was apparent there were a lot of resends. I noted that the group policy and scripts are running from the sysvol which means they are running via SMB and more so w/ core transfer method at boot up. I realize it is common for SMB to cause ridiculous resends over a WAN so I adjusted the sizreqbuffer and TCP Window Size on the domain controllers and file servers. The file servers do appear to have better performance, the Domain Controllers do not. I did see some fragmented packets but not too many including everything 1400b and above is fragmenting due to overhead outside of my control. We are not able to set for the group policy to run in the background and we have quite a few policies that are not a choice, we must run them. I still think this is revolving around SMB causing the group policy to resend and resend and resend. Any advice anyone?

I wonder why you'd have a certain amount of data crossing the wire every logon since the amount of GP traffic should decrease once the GPs are downloaded and applied successfully. There's only downloads if there are changes to the policy (apart from the initial checking whether there are changes). Are there scripts that download or copy files off the file servers? Is there a policy in place like one of the "process although policies have not changed"-policies in CompConf\AdmTemp\System\Group Policy\?

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Use a newsreader! http://www.frickelsoft.net/news.html
.

Relevant Pages

  • Re: Group policy performance over the WAN
    ... Okay after performing debug level breakdown I see a couple of areas of ... I noted that the group policy and scripts are running from the ... the Domain Controllers do not. ... causing the group policy to resend and resend and resend. ...
    (microsoft.public.windows.group_policy)
  • Re: Group policy performance over the WAN
    ... You can use userenv debugging to see what is going on that takes so long: ... I noted that the group policy and scripts are running from ... the Domain Controllers do not. ... causing the group policy to resend and resend and resend. ...
    (microsoft.public.windows.group_policy)
  • Re: Group policy performance over the WAN
    ... I noted that the group policy and scripts are running from the ... I realize it is common for SMB to cause ridiculous ... the Domain Controllers do not. ... causing the group policy to resend and resend and resend. ...
    (microsoft.public.windows.group_policy)
  • Re: After enabling GPO, client pc needs synchronization
    ... correct DNS configuration. ... Server 2003 domain controllers dynamically register information about ... As far as Group Policy troubleshooting you can use rsop.msc on the client ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Group Policy Delegation of Control
    ... I mean is there in general any impact on domain controllers if group policy ... nothing to do with servers, except some servers related to desktop ... to link GPOs on OUs that contain machines managed by Desktop Team ...
    (microsoft.public.windows.group_policy)