Very slow Windows domain login over IPSec VPN

Similar Messages

• Slow window domain logon over ezvpn netw ext mode tunnel

  I have 4 branch offices connected to a central EZVPN server in network extension mode.
  tunnels are working correctly but domain logon is extremely low (often more than 10 minutes).
  Do you think it could be a fragmentation issue?
  If it is, do you know any way to solve it?
  The errors reported are in windows XP system logs are the following:
       System     > LSASRV 40961 no secure connection with server, no authentication protocol available
       Application> usernv 1030
       Application> usernv 1006
  Thanks
  Johnny

  Hi
  I am in exactly the same situation with the ASA 5510 running security plus license, version 8.0(5) 512 MB RAM
  going to try to upgrade the IOS tonight and upgrade the RAM to 1GB to take it up to version 9 will let you know if it helps,
  cureently download speeds are very bad aroudn 14MB where as uploads are around 96 MB

• 9.0 can a dynamic nat be used over ipsec vpn?

  9.0 can a  dynamic nat be used over ipsec vpn?
  we have a vpn up and working between two asa's and when we run the traffic through a static nat rule the traffic passes over the vpn. When we use a dynamic nat the traffic does not get picked up by the vpn ACL. 
  we are disabling the nat rules to switch back and forth so even when we use the same source destination the result is the same. 
  Am I missing something with 9.0 code versions? If i disable all nats and pass the traffic it goes over the vpn. 
  So it seems when using the dynamic nat statement it pushes the traffic to the outside interface without looking at the vpn acl. Please let me know if I am off base I am a newb on post 8.3 code. 
  Thanks

  I didn't do that at first because I remember reading something about in ver 9 to only use the unnatted IP because of order of ops. That seemed weird to me at the time. 
  Yes it seems that you need the nat ip like always. Should have just went with my gut on that. 
  Thanks

• Is it possible configurate split-tunnel at l2tp over ipsec vpn at asa

  Dear i want to know is it possibly to configurate split-tunnel at l2tp over ipsec vpn at asa???
  thanks.

  please help me.

• Configurate L2tp over ipsec vpn at ASA

  Hi dear i want to  configurate L2tp over ipsec vpn at asa. my asa behind nat device(nat device is router).
  is it working?

  thanks to reply me.
  i have a transfor set for ipsec vpn client.  yes you are rigth i have same sequence dynamic map. which one i changed? and then what about  crytpto map? how i do it? please write to me how to do at my configuration??
  i have real working network i confused to test it. please write me how to do it.
  thanks.

• Trying to connect to a L2TP over IPSec VPN

  There are quite a few threads on here about VPN's and Lion, and clearly quite a number of questions. However, I haven't found one that quite addresses the problem I've got and I've now exhausted all my ideas and am looking for help...
  I have a hardware VPN server that I know is working correctly. I normally have it setup so that all connections have to be L2TP over IPSec, but currently also have PPTP connections enabled.
  At the moment I can do the following:
  Connect to it from a machine running Windows 7 using all methods
  Connect to it from a machine running Snow Leopard using the in built PPTP and L2TP over IPSec network configurations
  Connect to it from a machine running Lion using the in built PPTP network configuration
  Connect to it from a machine running Lion using Equinux's VPN Tracker 6
  What I can't do is connect to it from a machine running Lion using L2TP over IPSec using the network configuration
  I have tried a clean install of Lion and entering the connections. I have tried using an install of Snow Leopard that works and then upgrading it. I just cannot get it to work.
  Looking at the logs on both the VPN server and my machine I can see that the IPSec connection is established but then my client says that it cannot connect to the server whilst my server is saying that CHAP login has failed.
  I have been through all of the potential solutions I can find on here or the wider internet, no matter how unlikely they seem to be to my problem. I've ensured that there are no potential firewall issues. I've also tried every setting I can think of on both my client and the server. I've tried changing secrets and passwords, including reducing their length, ensuring nothing like Back to My Mac can interfere, and even starting up in 32 bit mode.
  I've now exhausted my ideas. Does anybody have any ideas, a potential solution or managed to get this to work?
  My connection is set up to use a shared secret and a password.

  I am trying to set up connection to PureVPN for security purposes and have followed their config settings for my Macbook.
  So how do I check the ports on my machine, as I'm sure it's not a problem at their end. I only have one machine so don't understand how it is possible to see if ports are being blocked at my end.
  Do I run that /var/log/ppp.log in Terminal?

• Photoshop CS6 very very slow (Windows 7)

  Hi, im desperate as ive run out of options i think. Photoshop CS6 behaves slow, very slow.
  Even with no document open, right after launch it reacts with delay on any mouseclick, sometimes it takes
  more than 20 seconds before a menu pops open after clicking. Painting paintbrushes are impossible slow.
  Basically any action is dragged.
  Its impossible to work like this. With all previous versions of PS i never encountered this.
  Things i tried :
  - turned off gpu acceleration (i read that gpu can cause performance issues, some ppl solved slowness by turning it off)
  - updated latest nvidia drivers
  - reinstalled photoshop
  - tried to inspect photoshop processes with ProcessHacker, even when at 5% cpu it runs extremely slow
  specs :
  Windows 7
  Nvidia GT545
  1 terrabyte free scratch disk space (on C:)
  8 gb ram
  CPU i7 2600

  Has it always run slow, or did this start recently?
  What anti-virus are you using?  Have you tried disabling it to see it that make a difference?
  Are you working over a network?

• After Photoshop CC 2014 update - Photoshop is very slow (Windows 7)

  After updating today to the latest photoshop cc2014 Version, Photoshop starts very slow and is not useable.
  I updated from V. 2014.1.0 to 2014.2.1 20141014.r.257.
  Starting Photoshop Needs 6 minutes (before 1.5 minutes). The menue and button reactiontime is more than slow, you cant work with this Setup.
  Is there a Problem with the new release?
  And please Adobe, dont tell me, my System has a problem. Did only an update on the CC2014 Suite via creative cloud. Old PS Version (2014.1.0)runs great.
  After testing a few time, I recovered my System back to Version 2014.1.0 with Windows recovery and Photoshop works good again.
  So whats wrong with the new release?
  My PC config:
  Adobe Photoshop Version: 2014.2.1 20141014.r.257 2014/10/14:23:59:59 CL 987299  x64
  Windows 7 64-Bit
  Version: 6.1 Service Pack 1
  Intel CPU-Familie:6, Modell:10, Stepping:5mit MMX, SSE (ganze Zahl), SSE FP, SSE2, SSE3, SSE4.1, SSE4.2, Hyper-Threading
  Physischer Prozessor: 8
  Logischer Prozessor: 16
  Prozessor-Taktfrequenz: 2664 MHz
  Memory: 20463 MB
  Thanks for any tipp!
  BR.
  Werner

  The CC 2014 update  2014.2.1 is a month old and ACR 8.7 is two days old.  Something strange is happening to you.  First try resetting your Photoshop Preferences. This is a Adobe Photoshop User forum your not dealing with Adobe here. You seem to think you are and your attitude seems like you not open to to possibility that your system may have a problem. I think you may have one..
  Adobe CC 2014 Product Updates/Downloads for Windows
  Photoshop CC 2014
  File Download
  Size
  Date
  Notes
  Adobe Photoshop 2014.2.1 Update for CC 2014 (64-bit)
  249 MB
  10/20/2014
  Release 15.2.1
  Adobe Photoshop 2014.2.1 Update for CC 2014 (32-bit)
  223 MB
  10/20/2014
  Adobe Photoshop 2014.2.0 Update for CC 2014 (64-bit)
  249 MB
  10/6/2014
  Release 15.2
  Adobe Photoshop 2014.2.0 Update for CC 2014 (32-bit)
  223 MB
  10/6/2014
  Adobe Photoshop 2014.1.0 Update for CC 2014 (64-bit)
  236 MB
  8/5/2014
  Release 15.1
  Adobe Photoshop 2014.1.0 Update for CC 2014 (32-bit)
  210 MB
  8/5/2014
  Adobe Camera Raw – ACR
  Adobe Camera Raw 8.7 Update for CC
  122 MB
  11/18/2014
  Release 8.7
  Adobe Camera Raw 8.6 Update for CC
  106 MB
  7/28/2014
  Release 8.6
  Adobe Camera Raw 8.5 Update for CC
  100 MB
  6/18/2014
  Release 8.5

• Very Slow VDI Client Login Time

  Hi,
  My environment contains two Hyper-V Servers for DCs, Connection Broker, RD-Web, and two Hyper-V servers as virtualization host to thin clients. All Hyper-V servers are only 35% utilized and all client VMs don't have a performance issue.
  After setting up the roles and creating the "Personalized Pools", I open the RD-Web, click on the collection and here it takes a very long time in securing connection part, then a warning message appears for the connection broker self-signed certificate,
  I accept it and again a very long time to open the VM.
  After searching the internet I figured out that I should install "PFX" certificates for the connection broker (SSO, Publisher). In my environment, we don't use a public certificate from trusted root CAs, however, we have our own "Enterprise
  Root CA".
  I then figured that I should create a certificate with the following attributes:
  Advanced Key Usage: Server Authentication, Client Authentication
  Key Usage: Data encipherment, Digital Signature, Key Agreement
  I created the certificate and imported it to the RD CB, however, the "securing connection" part was even slower than before, so I duplicated the "Computer" certificate, and configured 1024 bit certificate instead of the old one "2048".
  The "securing connection" part is taking half the time now, however it is still very long "+60 seconds" to open the VM.
  I still suspect that it is a certificate issue and not sure if I have done the correct certificate.
  Would anyone help in this case and providing the correct steps to install a certificate for the RD CB from internal CA.
  Thanks.

  Hi,
  To avoid confusion, let's focus on the same thread.
  http://social.technet.microsoft.com/Forums/en-US/17fb24d7-61a7-49be-83b3-35bd9d8b6863/very-slow-vdi-login-time?forum=winserverTS
  Thanks.
  Jeremy Wu
  TechNet Community Support

• Time Capsule - Very slow and eventually unresponsive over wi-fi.

  Hi,
  I've been using my TC for some time now, but it was the first time I had to recover a file. I know it's slow as **** to backup over wi-fi and that it takes aaages to "prepare" the backup. Also I did the initial backup using a cable and not wi-fi.
  My question is: Why is it SO slow to browse and restore small files from a not-so-far-away backup, like, from yesterday? First, when I tried to browse the previous versions of the file it took aaaages to show the contents of the folder and eventually crashed while I stared incredulous the screen...
  Then when I tried again it took it a very long time to browse the folder (I went for a coffee...) and then another 5 minutes to restore a very small file.
  I know it's not supposed to be blinking fast, but it's borderline unusable. Isn't it supposed to be at least "not annoying"?

  Experiencing the same problem. Drag/Dropping a 30Mb file from my HD to TC takes about a minute. Tried about all suggestions and didn't see an improvement. TC is in 5GHZ n mode with only my iMac as a client. Speeds should be around 9 Mb/s instead of the 0.5 Mb/s I'm observing. I've switched off Spotlight indexing for TC, de-activated the Airport status indicator, did several hard resets of TC and put ACK at zero instead of the default value of 3. No major impact; my 30Mb file continues to be transferred in around 60 seconds from iMac to TC. I read one comment that TC might be sensitive to heat, so my next trial-and-error initiative will be to put TC in a cooler spot to see if this has an effect. I'm very eager to learn how to get TC up to 9 Mb/s and hope Apple will pick up on this discussion. I assume they're very aware of the issue as there's quite some discussion going on on this topic. One thing I also tried was downgrading TC firmware to a more stable version, where Airport Extreme v5.5 was advised. I didn't succeed, assuming this old version is not compatible with my Intel Mac. I would like to know if there's a stable robust throughput firmware version available for TC I could downgrade to...??

• Smtp_out very slow external domains

  I have ocs 10.1.2 on Red Hat Enterprise Linux ES release 4 (Nahant Update 2)
  When I send mail to external domain
  smtp_out is very slow to close session
  When I send 2 mails to the same outside user, the second mail is very to be delivered
  because smtp_out try the last session wich is closed by the remote host.
  My ocs is directly connected to Internet so no relay needed.
  OCS / External Domains
  SYN -->
  <--- SYN
  PUSH --->
  <---PUSH
  <----FIN
  15,30 minutes later
  FIN ----> (I supposed ignored by the remote server)
  Think you

  OiDAdmin / Directory Manager:
  Entry Management, OracleContext, Computers, midtier, midtier ORACLE_HOME,
  EMailServer, mailprocessconfig, smtp_in:
  Right hand site, click on "All" attributes.
  Change: orclmailsmtpminqueueage from 30 to 1
  Add: orclmailsmtpminqueuepollinterval: 10
  Entry Management, OracleContext, Computers, midtier, midtier ORACLE_HOME,
  EMailServer, mailprocessconfig, smtp_out:
  Right hand site, click on "All" attributes.
  Change: orclmailsmtpqueuepollinterval: 120 to 10.
  orclmailsmtpconnectionnumber: 30 to 0 (yes you read correctly)
  orclmailsmtpminqueueage: 30 to 1
  Stop and restart both smtp_in and smtp_out.

• Help with Windows Domain Login on Mac

  Hello Everyone,
  We have two Mac Pros at my work running Mac OS 10.5.8 and they are attached to the Windows Server / Domain so when the Mac is turned on you login with your Domain credentials (using Win Server to Authenticate). Now all of this has been working fine since the computers were purchased a year ago, until two days ago that is. I turned on the Mac Pro in the morning and tried to login, and the Mac would freeze and do nothing. I restarted and tried again, using the same credentials I always use, but nothing worked. I called the IT guys and had my windows user account reset thinking that the password was expired, still didn't help, so I asked them to reset the whole account, still didn't help.
  At this point I asked a few of my co-workers to login on my Mac using their login info, and they had no problems at all. I decided to dig deeper into this problem and logging in under a "local" Mac account I went into the "Accounts" preferences to check what was going on, to my surprise my Domain account was visible (normally it wasn't unless you were logged in) and under the account it said "sharing only".
  I am still trying to figure out why my Domain account was changed from "Admin, Managed" to "Sharing Only"? So I decided that the easy fix here was to use a previously made (and tested) image file which I created when the Mac Pro was first setup and all the software was installed. So after cloning the image to the Mac HD I turned on the Mac and tried to login, again nothing happened. I can login using the local account, and my co-workers can login fine, but my domain login just refuses to work. I have also tired to login on other Macs in the department and I can login just fine on each one, the only Mac that doesn't let me login is my machine.
  I have run out of ideas, short of re-installing the entire system from scratch.. which I really don't want to do unless I have to. But if anyone out there has any ideas I would more than welcome them.
  Thanks in advance..

  It's probably related to some type of DRM (copy-protection) on the digital copy, and not due to it being any particular type of file format. The DRM scheme probably only works under Windows. And if that is the case, I don't think you will be able to get it to work under Mac OS X, short of running VMware Fusions or Parallels Desktop (or Sun's free VirtualBox) and installing Windows to run under Mac OS X.
  Considering the popularity of Macs recently, and higher use of Macs among creative folks, it's pretty stupid for the studio/distributor to make a key feature Windows-only.

• Windows Domain login and timer

  We are binding several Macs to the windows domain here.  That really hasnt been an issue, we used Centrify Express, and that went fine.  Users can log into the domain no problem.  All the Macs were built with a service account (UID svc-account) similar to an admin account on windows.  Any user can sit down at a Mac and if they enter good domain credentials they get logged in.
  But when a mac is first powered on, and gets to the login screen, the svc-account is first presented, then after about 10 sec, a little arrow appears.  by clicking on the arrow, you can choose "other user" and log in with domain credentials.  Is there a way to shorten this timer, or default to "other user", or default to any domain user account?

  We are binding several Macs to the windows domain here.  That really hasnt been an issue, we used Centrify Express, and that went fine.  Users can log into the domain no problem.  All the Macs were built with a service account (UID svc-account) similar to an admin account on windows.  Any user can sit down at a Mac and if they enter good domain credentials they get logged in.
  But when a mac is first powered on, and gets to the login screen, the svc-account is first presented, then after about 10 sec, a little arrow appears.  by clicking on the arrow, you can choose "other user" and log in with domain credentials.  Is there a way to shorten this timer, or default to "other user", or default to any domain user account?

• Very Slow Windows Networking

  My department is running OS X 10.4, and we're networked with a Windows server for storage and job backup. One of our main backup servers is very slow. Logging into the server can take up to 5-7 minutes, and for a period of 5-7 minutes after that the machine logging into the server will run very slow, even when not copying a file.
  Now the backup server is quite large (almost a terrabyte), which is my belief why it runs so slowly. We have two other servers on the same network that behave fine.
  Is there something on my end (OS X) that can speed up the problem, or is this a server issue? My boss is demanding answers and our Windows IT guy is placing the blame solely on our Macs (with no evidence of course). Help!

  Google for "SMB performance". There are a bunch of discussions on macosxhints on how to tweak SMB performance on Max OS X. I have tried a few different ones, which all seem to help in some small way. YMMV.
  Apple SMB is not known for its performance.

• GRE OVER IPSec vpn

  ACC
  http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009438e.shtml#diag
  this is lab i did, today,and  offcouse i am able to understand this lab bus the confusion are
  1 . why we use crypto map on both interface (phiycal interface or tunnel interface)
  2.  when i remove crypto map from tunnel interface i recieve this message
  ( R2691#*Mar  1 01:12:54.243: ISAKMP:(1002):purging node 2144544879 )
     please tell me what is meaning of this message
  3.But i can see vpn is working fine. this is cryto sa and crypto isakmp sa
  R2691#sh crypto ipsec sa
  interface: Serial0/0
      Crypto map tag: vpn, local addr 30.1.1.21
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (30.1.1.21/255.255.255.255/47/0)
     remote ident (addr/mask/prot/port): (10.1.1.1/255.255.255.255/47/0)
     current_peer 10.1.1.1 port 500
       PERMIT, flags={origin_is_acl,}
      #pkts encaps: 65, #pkts encrypt: 65, #pkts digest: 65
      #pkts decaps: 66, #pkts decrypt: 66, #pkts verify: 66
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts compr. failed: 0
      #pkts not decompressed: 0, #pkts decompress failed: 0
      #send errors 2, #recv errors 0
       local crypto endpt.: 30.1.1.21, remote crypto endpt.: 10.1.1.1
       path mtu 1500, ip mtu 1500, ip mtu idb Serial0/0
       current outbound spi: 0xDBF65B0E(3690355470)
       inbound esp sas:
        spi: 0x44FF512B(1157583147)
          transform: esp-3des esp-md5-hmac ,
          in use settings ={Tunnel, }
          conn id: 5, flow_id: SW:5, crypto map: vpn
          sa timing: remaining key lifetime (k/sec): (4598427/3368)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       inbound ah sas:
       inbound pcp sas:
       outbound esp sas:
        spi: 0xDBF65B0E(3690355470)
          transform: esp-3des esp-md5-hmac ,
          in use settings ={Tunnel, }
          conn id: 6, flow_id: SW:6, crypto map: vpn
          sa timing: remaining key lifetime (k/sec): (4598427/3368)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       outbound ah sas:
       outbound pcp sas:
  R2691#sh crypto isakmp sa
  IPv4 Crypto ISAKMP SA
  dst             src             state          conn-id slot status
  30.1.1.21       10.1.1.1        QM_IDLE           1002    0 ACTIVE
  IPv6 Crypto ISAKMP SA.
  4 . how do i know it is useing GRE over IPsec.
  i am also attach my topology on which i did lab

  MR. Anuj here is my config
  R7200#sh ip int b
  Interface                  IP-Address      OK? Method Status                Protocol
  Serial1/0                  10.1.1.1        YES NVRAM  up                    up
  Loopback1                  50.1.1.1        YES NVRAM  up                    up
  Loopback2                  50.1.2.1        YES NVRAM  up                    up
  Tunnel0                    40.1.1.2        YES NVRAM  up                    up
  Tunnel1                    40.1.2.2        YES NVRAM  up                    up
  Tunnel2                    40.1.3.2        YES NVRAM  up                    up
  =========================================================
  R7200#sh int tunnel 0
  Tunnel0 is up, line protocol is up
    Hardware is Tunnel
    Internet address is 40.1.1.2/24
    MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation TUNNEL, loopback not set
    Keepalive not set
    Tunnel source 10.1.1.1 (Serial1/0), destination 30.1.1.1
    Tunnel protocol/transport GRE/IP
      Key disabled, sequencing disabled
      Checksumming of packets disabled
    Tunnel TTL 255
    Fast tunneling enabled
    Tunnel transport MTU 1476 bytes
    Tunnel transmit bandwidth 8000 (kbps)
    Tunnel receive bandwidth 8000 (kbps)
    Last input 00:00:04, output 00:00:04, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2
    Queueing strategy: fifo
    Output queue: 0/0 (size/max)
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
       2229 packets input, 213651 bytes, 0 no buffer
       Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
       0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
       2292 packets output, 220520 bytes, 0 underruns
       0 output errors, 0 collisions, 0 interface resets
       0 unknown protocol drops
       0 output buffer failures, 0 output buffers swapped out
  ===============================================================
  my cryto acl
  is
  access-list 101 permit gre host 10.1.1.1 host 30.1.1.1