Re: Logon/rename via VPN

Tech-Archive recommends: Speed Up your PC by fixing your registry

Brian <Brian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Thanks. See notes inline. It may be that increasing the bandwidth will
rectify the situation, but I can't know for sure until I try it.

"Lanwench [MVP - Exchange]" wrote:

Brian <Brian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
1. I have only one user on the remote LAN because she works from her
home. Defnitely not worth setting up another server.

Yeah, I guess I can seethat.

2.I know my method works, because I have another client who has a
T-1 at their host site (35 LAN stations) with two remote sites on <
1Mb DSL's and 4 remote LAN stations each. The remote users are able
to work without a problem, other than the obvious delay opening
files from the shared folders on the DC. The difference in my
current case may be that the host site has a DSL that averages
about 600k (the remote site has a cable connection at 6 Mb/768k).

ADSL, I'm presuming. This will never be pretty.

Yes. Cheap DSL from the phone company. I wouldn't be so persistent at
this if it were not for the fact that I have several similar
configurations working without any problem for other clients, most
notably the client that has 2 remote LANs connected via VPN, 4
concurrent stations each. Logon takes perhaps 60 seconds, and the
only performance issue is access to shared folders at the host site.
The remote sites are about the same as this one; the only difference
is the T-1 at the host site, and that may well be my bottleneck.

Could be....


3. I need a VPN for two reasons

a. The remote user needs to print to her house from the host LAN
(using MAS90, a ProvideX-based accounting package), hosted on the
DC, to a multi-function laser printer at the remote office (her
house). As I am sure you are aware, support for many
multi-function printers is very shaky or nonexistent via RDP,

Yep....which is why I strongly discourage them. However, you can
often find a comparable DeskJet driver for any HP inkjet
multifunction, and so on.

I got tired of beating my head against the wall on all-in-one devices
some time back and gave up, always recommending instead plain laser
printers except in cases like this where an entire remote office
needs to operate with the space contraints of a home office.

Yep.


so I elected to have the TS
print directly to her IP-based networked printer. This works just
fine with no delays.

Well, yes, but you shouldn't need a VPN for that. Printer
redirection to a network printer isn't a problem per se....

I plead ignorance here: I don't understand how to redirect a printer
to a remote LAN without the VPN. Or are you talking about just
opening the client printer connection through RDP?

Redirecting it to the remote session, yes.

I thought that
worked only to printers connected locally to the client.

Nope. See http://www.sessioncomputing.com/printing.htm - most specifically,
http://support.microsoft.com/?kbid=302361


Besides,
there are times when other users on the TS need to print to the
remote office, and it's a pain for them to have to ensure that the
remote user is online so the printer is available.

How often does this really need to happen?
Again, there's nothing wrong with keeping your VPN even if you use it only
to get her to TS & Exchange, but that won't help w/your file access
performance problems.


b. The user needs remote access to both Outlook

.....RPC over HTTP will be useful there

I've looked at that a little, and the initial setup docs start
talking about multiple servers. How workable (and difficult to
configure) is it on a single SBS2003 server?

Piece of cake. Take a look at http://yourserver/remote - there are
instructions (customized to your server/domain) for setting this up.

& shared files hosted
on the server.

This won't be pretty, as mentioned....

I know I can leave off the domain membership & just
write a batch file for the user to map the drives (instead of using
the AD login script), but I'm not sure that would be much different.

Yes, it will make a big difference.

I understand it makes a huge difference with logon, but I don't think
it will make much difference with file access, since access is stilll
remote.

Yep.

4. She does run MAS90 via a terminal server at the host site, but I
don't really want to get into trying to license Word & Excel for the
terminal server,

Understood, but if you want good performance for any sort of file
access, I'd think this was the most logical path.

Agreed, but that becomes a budget issue for fairly small businesses
like this one.

How much time are they spending trying to get the existing setup working?
Seems it would be more efficient (and therefore, cheaper) to throw some
money at the problem to make it go away. Every time you have a new remote
office/user, you're going to run into this sort of issue - so why not set it
up properly once, and never worry about it again?

and she needs realtime access to those types of
files in her home folder & shared folders on the server.

Realtime meaning ?

Forget about the time. How about just "real". The organization has
files that need to be shared amongst users, including this remote
user, and they are stored on the DC for backup purposes.

Again, TS is your best bet, unless you're going to use DFS or other
replication services to get your data out to remote servers (which would
mean a local DC / file/print server in each office).


The bottom line? Everything works fine except the logon process.

Whichis understandable.

Internet access using the DC as her DNS server is perfectly fast;
file access from the DC is slow but adequate. The logon process,
though, takes a good five minutes. At the moment, my first step may
just be to get the host site upgraded to a cable connection at over
1Mb.

That might help, but I'd still be skeptical.

Someone told me there is a way to have "authentication lite" for
remote stations to speed up the logon process, but I have been
unable to find anything on this.

Not sure what they referred to. There are various things you can
tweak via group policy, but I'm not sure what you'll be able to do
with this.


<snipped for length>



.

Relevant Pages

  • Re: Logon/rename via VPN
    ... Defnitely not worth setting up another server. ... at their host site with two remote sites on < 1Mb ... DSL's and 4 remote LAN stations each. ... Understood, but if you want good performance for any sort of file access, ...
    (microsoft.public.windows.server.networking)
  • Re: ip addresses for wireless connection
    ... How much do you trust the security of this wireless link? ... what you say and install a DMZ with the remote workstations on it, ... > the existing SBS2K server that I support. ... > another hub/switch at the new remote office. ...
    (microsoft.public.windows.server.sbs)
  • SecurityFocus Microsoft Newsletter #152
    ... MICROSOFT VULNERABILITY SUMMARY ... Real Networks Helix Universal Server Remote Buffer Overflow ... ... NEW PRODUCTS FOR MICROSOFT PLATFORMS ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #140
    ... Cafelog b2 Remote File Include Vulnerability ... Webfroot Shoutbox Remote Command Execution Vulnerability ... Pablo Software Solutions Baby POP3 Server Multiple Connection... ... Microsoft Windows XP Nested Directory Denial of Service... ...
    (Focus-Microsoft)
  • Re: Connecting a remote workstation to a domain
    ... to the remote office but the remote office computers were already in ... profile pre-configured on the server LAN then copied to the Default User ...
    (microsoft.public.windows.server.sbs)