Re: 30 minute logon time - This is a rough one

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


"Zookie" <zmorvik@xxxxxxxxx> wrote in message
news:1142829131.676613.9170@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Trust No One,

Hope you enjoyed your trip overseas. Thanks for the tip on changing
from udp to tcp. This has dropped the time from 30 minutes down to
just over 3 minutes. Still over 2.5 minutes slower than it used to be,
but obviously this is a huge improvement. Did you ever figure out what
the actual cause of the problems was? Our circuits, routing,
everything is exactly as it always has been so we are trying to now
figure out what the issue is with UDP and kerberos at this site.

Another problem could be your circuit's MTU size, this has been a bit of a
nightmare with some our VPN locations. If the MTU size for the circuit has
changed and is smaller than the default MTU size on your workstations then
the resulting fragmentation can cause problems.

Setting the kerberos tcp fix I mentioned earlier plus tweaking the MTU size
on the local workstations to match that of the VPN circuit has fixed our
problems with VPN sites.

Other than asking your VPN provider, a quick way to determine the max mtu
size using ping is detailed at:

http://www.dslreports.com/faq/695

Try the ping method against the remote domain controller and determine the
maximum mtu size supported.

One thing to note is the login problem seems to be related to the size of
the group membership of the afflicted userid - it wouldn't normally happen
with a userid that is a member of say a single group. It is apparently
someething to do with exceeding the size of a single UDP packet - I'll look
this up when I have time. The kerberos - tcp fix resolves this.

--
Peter <X-Files Fan>
Please Note: Emailed replies cc'd / bcc'd , containing HTML or attachments
auto-binned as spam






.

Relevant Pages

  • Re: Voip for LG- Nortel phone
    ... TCP 5103 ... All forwarded to management port on PABX - this works ... UDP 8002 - 8005 ... LAN VPN facility we require. ...
    (uk.telecom)
  • Re: HELP: NFS mount hangs when attempting to copy file
    ... A lot of these VPN solutions are unfriendly to MTU ... Sun uses TCP by default when mounting NFS ... that's breaking the PMTU discovery if you can (usually it's too ...
    (Linux-Kernel)
  • Re: L2TP mit IPSec Verbindungsprobleme
    ... DSL-Router an einen VPN Server zu senden. ... Ich habe bereits Portforwarding von Port 500 für IKE und Port ... Du brauchst nur UDP/500 und ESP (das ist ein eignes IP Protokoll wie UDP, ... TCP und ICMP mit der Nummer 50). ...
    (de.comp.security.firewall)
  • Re: ISA VPN Accessing Mapped Drives
    ... Exactly how are these applied to the ISA policies you created for the VPN ... 139 TCP ... 53 UDP ...
    (microsoft.public.isa.vpn)
  • Re: PATCH: VLAN support for 3c59x/3c90x
    ... I once had an NFS server and client using UDP. ... TCP negociates the MSS which is in some sort the min of both MTU - headers. ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)