Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Router to Router IPSec - Microsoft Domain Login Takes Forever

I have recently implemented a router to router IPSec tunnel between my main facility (C2691VPN) and a remote office (C1761VPN-K9). The transport is an Internet T1 at the remote and multiple T1's at the main office.

Machines in the remote offices that are in the same domain as the remote office take forever to boot up and log in.

Here are some results of lab testing when booting a remote Win2000 client that is a member of the domain/active directory in the main office:

* Startup Windows - A couple seconds

* Preparing Network Connection - 1.5 minutes

* Applying Computer Settings - 1 HOUR

* Login Screen - here I entered my domain credentials

* Loading Your Personal Settings - 22 minutes

* Blue background with wallpaper - Turned off computer after 30 minutes.

These results were in a lab environment using a cross over cable for the T1 interface. I get the same results with identical equipment in the remote office.

I ran another test yesterday where the Loading Your Personal Settings took over 1.5 HOURS. This entire process should only take 60 to 75 seconds.

I have a 256k frame relay connection going to the same office. I can move the above computer over to the frame relay network and the login process takes about 60 seconds.

Anyone seen this before? I can provide configurations if necessary.

Thanks,

Danny Mc?

4 REPLIES
Silver

Re: Router to Router IPSec - Microsoft Domain Login Takes Foreve

Do you have an active directory server at that site? If you do, do you have a site defined in AD for it?

Community Member

Re: Router to Router IPSec - Microsoft Domain Login Takes Foreve

Nope. The only thing on the remote network using the IPSec T1 connection is the PC I am working with and nothing else.

TCP/IP traffic flows over the network fine. As a matter of fact, I'm in TN and the PC is in Canada and I am able to use remote control software from my desk to take over the PC during these long boot and login processes. The tunnel is up and running. Other traffic such as HTTP to our Intranet server is fine as is telnet traffic to our AS/400's back to the main site.

The 256k Frame Relay network works fine. That is what they are using today in production and have been using for several years. I am trying to replace the Frame Relay network with the IPSec T1 connection.

On their production network using the frame relay network, they have a WinNT server that is a PDC. It does not have any shares or relationships with the Active Directory back at the main site. It is stand alone and they do not know about each other. Please note, the PC that I am using in my tests is NOT a member of the domain in the remote office. It is a member of the Active Directory back at the main office in TN.

Thanks,

Danny Mc?

Silver

Re: Router to Router IPSec - Microsoft Domain Login Takes Foreve

Anything in the eventlog? Are you doing any software publishing in AD?

Forcing kerberos to use TCP might be something to try

http://support.microsoft.com/?kbid=244474

Community Member

Re: Router to Router IPSec - Microsoft Domain Login Takes Foreve

I had checked the event log and nothing. I also made the change indicated in the document listed. I rebooted the computer and the "Applying Computer Settings" is going on 25 minutes.

Thanks,

Danny Mc?

198
Views
0
Helpful
4
Replies
CreatePlease to create content