Re: Branch offices and not stable WAN links
- From: "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@xxxxxxxxxxx>
- Date: Sat, 20 Aug 2005 12:56:47 -0400
In news:%23YT$vYKpFHA.3756@xxxxxxxxxxxxxxxxxxxx,
Rytis <ask@xxxxxx> made this post, which I then commented about below:
> We have a lot of small branch offices (~5-10 PCs in each), which
> connects to our central office via slow WAN links (256 kbps). And
> these WAN links are not stable - usualy their are down from 10 min to
> ~1 hrs per day. And all branch offices have their own file server.
> In our central office we have Windows 2003 domain. We decided to join
> all branch offices PCs (and servers of course) to our domain. All
> branch offices will use DCs in our central office for authentication.
>
> The problem is that when WAN link goes down, users in branch can not
> access files located in branch`s file server (it is critical point).
> My task is to find a solution, how users can access files on file
> server, when the WAN link is down (= the DC is not accessible).
> One guy recommend us to disable Kerberos.
> How to do this? I found a GP setting in Default Domain policy
> "Enforce user logon restrictions" (Computer Configuration\Windows
> Settings\Security Settings\Account Policies\Kerberos Policy), which
> is Enabled by default in Windows 2003 domain enviroment. Is this can
> help?
> Or maybe there are other solutions or ideas?
>
> Thanks
> Rytis
>
> P.S.
> a) It is impossible to place DC on each branch office.
> b) It is impossible to rise WAN link quality (stability)
I would choose both A and B above. A to have a DC locally so logon and
authentication traffic doesnt consume the WAN link, which it's doing now. I
bet half the traffic going across it now is authentication traffic.
B because AD's default threshold to indicate a "slow" link is 512k. 256k is
way below it. Below this level, many things do not come across, such as
GPOs, and other vital configuration during the logon process.
I wouldn't disable Kerberos. Update your infrastructure to properly support
AD, and provide a DC at each location if there are more than 5 users (that's
my magic number).
--
Regards,
Ace
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
.
- References:
- Branch offices and not stable WAN links
- From: Rytis
- Branch offices and not stable WAN links
- Prev by Date: Re: Infrastructure Master and Global Catalog
- Next by Date: Re: Problem with AD and win98 shares
- Previous by thread: Branch offices and not stable WAN links
- Next by thread: Folder Replication
- Index(es):
Relevant Pages
|
