Roaming profiles sounds a likely problem candidate. Some other thoughts. 1. Could be a problem with the firewall and Kerberos using UDP by default. Have a look at this article:
http://support.microsoft.com/?kbid=244474 2. What are the scripts doing? This might point to the problem, as could certain Group Policy settings. Maybe try to isolate the problem by moving one of the user and computer accounts to an OU that doesn't have the GPO linked to it. 3. Is a GC available at the hub site? The GC is required during client logon to enumerate Universal Group membership (in native-mode domains). Tony ---------- Original Message ---------------------------------- From: Roger Seielstad <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Thu, 25 Sep 2003 07:25:56 -0400 First thoughts are: -Roaming profiles aren't very quick ever, especially if the server storing them is on a different network -There could be a problem with the MTU sizes involved across the VPN concentrators. Do a search on Technet for PMTU and see if you can set a client's MTU size in the 1300-1400 range, then try it again. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Abbiss, Mark [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 25, 2003 4:37 AM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] Incredibly slow log on > > > Just wondering if anyone else has encountered this problem. > > We have just installed a small external office with some new > clients. They > authenticate with the AD across a 512Mb fixed line. There are > the "usual" > encryption/firewall devices between the two sites. > > When logging on in the office with an adminstrative account > which has no > associated scripts, the logon process is quick and painless. The admin > accounts also have no roaming profiles to worry about. > However, when logging > on with a user accounts, which does have a script and roaming > profile (max > size 8MB) associated with it, the logon process can take 25 > minutes and > generally the roaming profile it not successfully retrieved. > > A couple of old NT cleints left in the office that > authenticate with an NT > domain controller across the same line through the same > encryption/firewall > devices have no such problems at all. > > What I would like to ask is what part of the W2K environment could be > causing such slow responses across this line ? The clients > are XP. Is there > some tweak that could speed up the data exchange ? I have > been discussing it > internally and mention has been made of whether the > communication is UDP or > TCP. I have to admit complete ignorance of what this means. > But it seems > communication can be defaulted to one or the other, which has > an impact. I > really am clueless though. > > I probably wont get any replies to this but am just curious > as to what could > possibly be contributing to the problem. > > Many thanks for any pointers. > > Mark > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
