Discussion:
Slow login times at remote location
(too old to reply)
pvliii via WinServerKB.com
2008-10-13 16:02:18 UTC
Permalink
We have a remote location connected over VPN via broadband link. We have AD
running on 2K3 server at HQ. Each user has a roming profile. There are no
login issues at HQ. The login times at the remote location are prohibitively
slow, and as such we are leaving the machines logged in under a generic
username, wich compromises security.

How can I speed up the login times? We have a server in storage (it's older,
but still usable). What about setting it up as a BDC at the remote location.
Will that speed up the loading of users profiles?


I appreciate the suggestions.

PJ
--
Message posted via http://www.winserverkb.com
Marcin
2008-10-13 16:16:17 UTC
Permalink
PJ,
where are roaming profiles of users at the remote location hosted (are they
residing on a server at the same site as users or one sitting in the HQ data
center)? Having a local domain controller in the remote site is likely to
speed up logon times, but I'm not convinced that this is the primary issue
here (btw. the BDC designation no longer applies in Windows Server 2003 AD
domain - unless you still have NT 4.0 domain controllers around).
Is HQ the only site which contains domain controllers?
Do you use logon scripts? If so, what are the tasks that they perform?
What Group Policies have you implemented for users at the remote location?

hth
Marcin
Post by pvliii via WinServerKB.com
We have a remote location connected over VPN via broadband link. We have AD
running on 2K3 server at HQ. Each user has a roming profile. There are no
login issues at HQ. The login times at the remote location are
prohibitively
slow, and as such we are leaving the machines logged in under a generic
username, wich compromises security.
How can I speed up the login times? We have a server in storage (it's older,
but still usable). What about setting it up as a BDC at the remote location.
Will that speed up the loading of users profiles?
I appreciate the suggestions.
PJ
--
Message posted via http://www.winserverkb.com
pvliii via WinServerKB.com
2008-10-13 17:36:47 UTC
Permalink
Post by Marcin
PJ,
where are roaming profiles of users at the remote location hosted (are they
residing on a server at the same site as users or one sitting in the HQ data
center)? Having a local domain controller in the remote site is likely to
speed up logon times, but I'm not convinced that this is the primary issue
here (btw. the BDC designation no longer applies in Windows Server 2003 AD
domain - unless you still have NT 4.0 domain controllers around).
Is HQ the only site which contains domain controllers?
Do you use logon scripts? If so, what are the tasks that they perform?
What Group Policies have you implemented for users at the remote location?
hth
Marcin
Post by pvliii via WinServerKB.com
We have a remote location connected over VPN via broadband link. We have AD
[quoted text clipped - 13 lines]
Post by pvliii via WinServerKB.com
PJ
Marcin:

The roaming profiles are stored at HQ, therefore they need to be transfered
to the remote computer at each login. We currently only have one domain
controller; we're a smaller setup ~20 computers, 90 users.

The only logon scripts are drive mappings.
--
Message posted via http://www.winserverkb.com
Marcin
2008-10-13 17:49:54 UTC
Permalink
PJ,
if that's the case, then I'd suggest that you first address the roaming
profile issue. A couple of possibilities (folder redirection/offline files)
were suggested by Phillip in his post - another, more straightforward option
would be to set up a local server in the remote office and store profiles of
users at that location there...
There are quite a few "bandwidth friendly" technologies that you might be
able to take advantage of in your environment (DFS, Terminal Services, etc.)
hth
Marcin
Post by pvliii via WinServerKB.com
Post by Marcin
PJ,
where are roaming profiles of users at the remote location hosted (are they
residing on a server at the same site as users or one sitting in the HQ data
center)? Having a local domain controller in the remote site is likely to
speed up logon times, but I'm not convinced that this is the primary issue
here (btw. the BDC designation no longer applies in Windows Server 2003 AD
domain - unless you still have NT 4.0 domain controllers around).
Is HQ the only site which contains domain controllers?
Do you use logon scripts? If so, what are the tasks that they perform?
What Group Policies have you implemented for users at the remote location?
hth
Marcin
Post by pvliii via WinServerKB.com
We have a remote location connected over VPN via broadband link. We have AD
[quoted text clipped - 13 lines]
Post by pvliii via WinServerKB.com
PJ
The roaming profiles are stored at HQ, therefore they need to be transfered
to the remote computer at each login. We currently only have one domain
controller; we're a smaller setup ~20 computers, 90 users.
The only logon scripts are drive mappings.
--
Message posted via http://www.winserverkb.com
pvliii via WinServerKB.com
2008-10-13 18:09:39 UTC
Permalink
Post by Marcin
PJ,
if that's the case, then I'd suggest that you first address the roaming
profile issue. A couple of possibilities (folder redirection/offline files)
were suggested by Phillip in his post - another, more straightforward option
would be to set up a local server in the remote office and store profiles of
users at that location there...
There are quite a few "bandwidth friendly" technologies that you might be
able to take advantage of in your environment (DFS, Terminal Services, etc.)
hth
Marcin
Post by pvliii via WinServerKB.com
Post by Marcin
PJ,
where are roaming profiles of users at the remote location hosted (are
[quoted text clipped - 26 lines]
Post by pvliii via WinServerKB.com
The only logon scripts are drive mappings.
Thanks, I'll look into all of that from both of you.

As a side note, all users in the domain use both the HQ computers and the
remote computers. Since this is the case, I think I'm unable to store
individual profiles at the remote location, it would need to be a 100%
replication.

Best,
PJ
--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-ad/200810/1
Phillip Windell
2008-10-13 16:17:35 UTC
Permalink
Post by pvliii via WinServerKB.com
We have a remote location connected over VPN via broadband link. We have AD
running on 2K3 server at HQ. Each user has a roming profile. There are no
login issues at HQ. The login times at the remote location are
prohibitively
slow, and as such we are leaving the machines logged in under a generic
username, wich compromises security.
How can I speed up the login times? We have a server in storage (it's older,
but still usable). What about setting it up as a BDC at the remote location.
Will that speed up the loading of users profiles?
There is no such thing as a "BDC" since NT4.0. Even what is now called a
"PDC" is not the same thing as what a PDC used to be in NT4.0.

Anyway, you need to make use of Active Directory Sites Objects and Subnets
Objects.
These do basically 2 things [basically :-)]:

1. Regulates AD Replication over the slow WAN link.

2. Users/Clients will use their own *local* AD that is physically in the
location as the DC they log into which greatly speeds up the login process.

So, reseach the use of AD "Sites" and "Subnets" Objects. The two work
together and are pretty much inseparable.

You also need to consider *replacing* or *combining* the Roaming Profiles
with Folder Redirection and maybe (maybe) Offline Files. Roaming Profiles,
Folder Redirection, and Offline Files can all work together in combination
to create a proper solution.
--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Continue reading on narkive:
Loading...