Greetings. I'm hoping I can find some assistance here with a puzzling issue
I'm up against.
Background:
I'm managing a hub-and-spoke single-domain network consisting of Windows
Server 2003 server systems.
Network connections from the spoke sites to the hub site are via hardware
VPN (combination SonicWall/Netgear hardware) over consumer-grade ADSL.
Spoke sites are all running a single DC hosting AD (with Global Catalog),
WINS, DNS and DHCP services. Network address range at all sites is
10.11.x.x (internal), with each site receiving a Class C subnet internal
address. Maximum number of users at a given site is 5; local networked
hardware (printers, routers, etc.) at the spoke sites also use IP addresses.
WINS on the server points to itself. DNS on the server is directed as
follows:
Hub Site DNS Server 1
Spoke Site DNS Server (itself)
Hub Site DNS Server 2
Client machines are Windows XP and all are joined to the network.
WINS/DNS clients are pointed to WINS/DNS servers through DHCP in the
following order:
Spoke Site WINS/DNS Server
Hub Site WINS/DNS Server 1
Hub Site WINS/DNS Server 2
Users authenticate against their spoke site server, and access their home
directories via DFS shares that point to folders on their spoke site's
server.
Symptoms:
When the VPN tunnel is up and functioning properly, client machine speed is
about what you'd expect from decently-fast (2.4GHz) client hardware under
low utilization (i.e. pretty darned fast!).
However, when VPN utilization is extraordinarily high (file copying, FRS
activities) or when the VPN tunnel drops (for any reason) the client
machines at the spoke sites slow to a complete crawl.
Some of the effects are:
- It can take up to 2 minutes for the Start Menu to appear once the user
has clicked the "Start" button on the desktop.
- Opening the "My Documents" folder (which is redirected to their network
folder on the spoke site's server) can take up to 2 minutes.
- Starting any program (e.g. Word, Adobe Acrobat Reader, etc.) takes up
to 2 minutes before the user sees the program interface.
I'm beginning to delve into the mystery using available monitoring tools;
however, as the sole administrator/technician for 11 separate sites, I'm not
blessed with "copious spare time" at the moment.
It seems as though the client machines are trying to access some form of
authentication channel from the hub site; however, I'm puzzled as to why
this is, since all spoke site users should be receiving authentication only
from their site's server.
Any ideas would be greatly appreciated.
Regards,
--
Troy L. Yochelson
IT Technician
Episcopal Community Services
Direct: tyochelson[at]ecs-sf[dot]org
|
Similar Threads
Linear Mode
