Poor performance in remote site connect via VPN

Similar Messages

• Users can only connect to RD farm website and cannot remote into terminal server , when connected via VPN

  Hello,
  I have a RD farm using 3 Win 2012 servers (1 broker and 2 session host), for internal use only, have not
  configured gateway for internet access.
  Users are able to connect to RD farm website and remote into terminal server, within office
  but can only connect to RD farm website and cannot remote into terminal server , when connected via VPN
  Its takes long time at securing connection and fails.
  Thanks

  Hi,
  Thank you for your posting in Windows Server Forum.
  First of all I would suggest you to configure RD gateway role on your server and pass all the connection through it because it’s a best practice to use RD Gateway in RDS Farm. 
  Apart from this, if you are not using RD Gateway then you must check that you have successfully forwarded port 3389 for RDS to access via VPN. Also check that you have made configuration under IIS Manager to enable Forms Authentication. Please check
  this link.
  In addition, please refer beneath article for additional details.
  1. How to Access Windows Remote Desktop Over the Internet
  2. Remote Desktop Services in Windows 2008 R2 – Part 3 – RD Web Access & RemoteApp
  (For reference)
  Hope it helps! 
  Thanks,
  Dharmesh

• Kerberos issue when connecting via VPN

  Hi,
  I am have some issues when connecting via VPN.
  The following kdc log is issued when I log via VPN
  May 02 12:12:21 ATHENA.MYDOMAIN.LAN krb5kdc[163](info): DISPATCH: repeated (retransmitted?) request from 192.168.2.5, resending previous response
  May 02 12:12:21 ATHENA.MYDOMAIN.LAN krb5kdc[163](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.2.5: UNKNOWN_SERVER: authtime 1146535939, [email protected] for ldap/[email protected], Server not found in Kerberos database
  I also have a system log May 2 12:12:21 ATHENA DirectoryService[41]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
  This logs only happen while logging through VPN.
  Any idea?
  Cheers
  Ben

  Hi,
  When using your VPN are yo using Terminal LIcense or Remote Desktop Connection?
  Please do the following to save form settings:
  1. Only 1 module should be open when using form settings.
      Close other modules that doesn't need.
  2. Close the module after changed. To make sure the settings are saved.
  3. Always close all the module before exiting SBO program, use the click FIle and Exit habit.
  4. Terminal Licensing should be use when connecting remotely.
  Thanks.
  Clint

• Financial Reports Client - 11.1.2.1 - Won't connect via VPN only?

  When I try and connect via VPN only. I get: You are not authorized to use this functionality. Contact your administrator.
  Here's the log from client. We have ensured the client version matches the server version exactly. Funny as when I'm directly on their network I can connect just fine. Hoping this log will point to solution.
  Log:
  [2012-06-01T10:31:45.196-04:00] [EPMFR] [ERROR] [] [oracle.EPMFR.core] [tid: main] [ecid: 0000JUcTOpZD4io5KVt1ie1FmD9H000000,0] [SRC_CLASS: com.hyperion.reporting.registry.FRSystem] [SRC_METHOD: lookupHsServer] [[
  com.hyperion.reporting.util.HyperionReportException: Could not connect to the server.
  Please make sure that the server is running as specified in the logon dialog (including port number if not default).
       at com.hyperion.reporting.registry.FRSystem.lookupHsServer(Unknown Source)
       at com.hyperion.reporting.javacom.HsServer.getServer(Unknown Source)
       at com.hyperion.reporting.javacom.HsHelper.getServer(Unknown Source)
  [2012-06-01T10:31:45.273-04:00] [EPMFR] [ERROR] [] [oracle.EPMFR.core] [tid: main] [ecid: 0000JUcTOpZD4io5KVt1ie1FmD9H000000,0] [SRC_CLASS: com.hyperion.reporting.javacom.HsServer] [SRC_METHOD: getServer] [[
  java.lang.NullPointerException
       at com.hyperion.reporting.javacom.HsServer.getServer(Unknown Source)
       at com.hyperion.reporting.javacom.HsHelper.getServer(Unknown Source)
  ]]

  I think you have already posted this problem on another post, I said it is possible it could be a ports issue.
  Have a look at the following http://www.oracle.com/technetwork/middleware/bi-foundation/epm-component-communications-11121-354680.xls
  Select FR studio as the client and it should give indication to the ports that need to be opened.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• 4150L - Works on web, but can not connect via VPN or Remote Desktop

  Recently purchased a 4150L and installed the latest firmware.  We have been able to access all public websites without any problems.  But, when we try and access our customers computers via VPN (various types) or Remote Desktop, we can't connect.  We can sign-in to VPN, but when we try and access the computer, it says "can't connect".  Exact same message with Remote Desktop.   We are able to connet when use a Verizon phone as a hotspot and from every other internet service that we have tried (i.e. hotels, starbucks, etc.)   It appears it is an issue with the 4150L.
  Verizon Tech Support has been no help!
  All ideas are appreciated!
  Thanks,
  Skip

  Skip,
  VPN traffic should be allowed through on the MiFi 4510L by default.  I know I do not have any issues with mine on either the Cisco IPSec or Cisco SSL VPN Clients.
  If Verizon DNS is interferring then perhaps you could try to connect to your VPN via a direct IP Address instead of a URL.  Not sure what VPN client you have but there should be a No DNS option to connect if you know the correct IP.  You could also try switching your DNS to one of the free ones such as the one offered by Google or any of the others.
  VPN's carry alot of overhead on existing connections in my experience.  Its not untypical to have a 3G connection cut in half when a VPN is applied.  Try running a speed test to make sure your connection is atleast 1 MB on download before initiating a connection.  If the performance of the MiFi is too poor in that area it may never be stable enough to support a connection.  Feel free to post some Speedtest.net averages so we can see what you are working with.
  Something to note about the MiFi 4510L is that it is on the SIM card network.  That means that NAT is always going to be an issue and block your users from providing a truely public IP Address.  Directly remoting to them through any means will be nearly impossible.

• Can i connect via vpn on a mac to a windows computer

  I know this question has probably been asked a number of times but:  Can a Mac be used to connect via a VPN connection to a Windows machine?  I need to do this to access a Windows desktop via remote access.  Have not found a way to do it yet.

  Yes, it can. Restore it on the PC; doing so on the Mac will put it in a format the PC can't use.
  (79280)

• Remote site redundancy IPSEC VPN between 2911 and ASA

  We already have IPSEC VPN connectivity established between sites but would like to introduce some resilience/redundancy at a remote site.
  Site A has an ASA with one internet circuit.
  Site B has a Cisco 2911 with one internet circuit and we have established site-to-site IPSEC VPN connectivity between the 2911 and the ASA.
  Prior to getting the new internet circuit, Site B had a Cisco 877 with an ADSL line which are still available but aren’t currently in use.
  The internet circuit at Site B has dropped a few times recently so we would like to make use of the ADSL circuit (and potentially the 877 router too) as a backup.
  What is the best way of achieving this?
  We thought about running HSRP between the 877 and 2911 routers at Site B and, in the event of a failure of the router or internet circuit, traffic would failover to the 877 and ADSL.
  However, how would Site A detect the failure? Can we simply rely on Dead Peer Detection and list the public IP address of the internet circuit at Site B first with the public IP address used on the ADSL line second in the list on the ASA? What would happen in a failover scenario and, just as important, when service was restored – I’m not sure DPD would handle that aspect correctly?
  I’ve read briefly elsewhere that GRE might be best to use in this scenario – but I can’t use GRE on the ASA. I have an L3 switch behind the ASA which I may be able to make use of? But I don’t want to disrupt the existing IPSEC VPN connectivity already established between the ASA and the 2911.   Can I keep IPSEC between the ASA and 2911 but then run GRE between the L3 switch and the 2911? If so, how would this best be achieved?  And how could I also introduce the 877 and ADSL line into things to achieve the neccessary redundancy?
  Any help/advice would be appreciated!

  Hello,
  I don't think GRE tunnel that you could set up on the switch  behind ASA would be really helpfull. Still site-2-site tunnel you want  to establish between ASA and some routers, but still it is ASA which needs to make decision about which peer to connect to.
  Possible solution would be to do HSRP between both routers on LAN side and with two independent tunnels/crypto maps (one on each of them). On ASA you would need to set up two hosts in set peer. Problem of this solution is that if one router at side B is going to go down and second ADSL line will take over ASA will not do preempt after you main Internet connection is up again. This would happen after ADSL Internet connection will be down.
  Solution to that would be to assign two different public IP addressess on two different interfaces of ASA. Then you attach two crypto maps to both interfaces and by using sla monitor (let's say icmp to main router, if it does not respond then you change routing for remote LAN to second interface) you are selecting which crypto map (with one peer this time) should be used.
  I hope what I wrote makes some sense.

• General Settings not retained when connecting via VPN

  Forum,
  We have a user who connects to SAP via a VPN connection. Since then they have found that any form settings/column amendments made are not being retained when next logging into SAP.
  When these changes were made direct in the office, they are retained.
  My question. Is there any differences in how the settings are retained within SAP when accessing via a VPN?
  Regards,
  Juan

  Hi,
  When using your VPN are yo using Terminal LIcense or Remote Desktop Connection?
  Please do the following to save form settings:
  1. Only 1 module should be open when using form settings.
      Close other modules that doesn't need.
  2. Close the module after changed. To make sure the settings are saved.
  3. Always close all the module before exiting SBO program, use the click FIle and Exit habit.
  4. Terminal Licensing should be use when connecting remotely.
  Thanks.
  Clint

• While connected Via VPN - Couldnt reconnect to disconnected or active session

  Hi Folks,
  Looking for some help here, I got users who are having problem while connecting remotely via VPN .
  Users can take remote desktop to server if they do not have any disconnected or active session without any problem
  But if they do have active or disconnected session than they see below error:-
  This computer cant connect to remote computer , Try connecting again
  and this was only noted when using VPN, but when we are in same network and try to take rdp even disconnected or active connections get connected.
  Couldn't narrow down where the problem could be any help appreciated,
  This topic first appeared in the Spiceworks Community

  Hi,
  I am setting up the lab to see if the issue can be reproduced. I will give you an update as soon as possible. Appreciate your patience.
  Thanks.
  Jeremy Wu
  TechNet Community Support

• I have connected via VPN but can't see lion server .private

  when I am in my local network at home I simply go to finder and click on my server and connect to it. When I VPN form the net into my servers local network I dont see it in my finder? I know I am in the next work being I did a IP Check but am I am missing something how am I to get to the server to get to my files? it is set up as a .private.

  Spoke to an apple rep today. when accessing via VPN go to finder then go to the top menu click GO at the bottom of the drop down will be connect to server simply add the IP address to access.

• Email connectivity via VPN

  Hi,
  I'm currently unable to force a recieve email option via vpn on my nokia E72 phone. Details as follows:
  email setup: pop3/imap
  incoming: imap
  outgoing: smtp
  Nokia updates recent: yes.
  There is no "send/receive" option on the client and the "synchronise all" option appears to do nothing. I can create and send emails no problem, they are received by the addressee with no problems, I just can not receive emails or download/synchronise with my company email account.
  To connect I open the email client, choose the vpn connection, enter my username and appropriate passcodes, the connectivity is established, then no email is received, even if I syncrhonise.
  Any advice/help would be appreciated.

  Its a server which can be virtualized. You will  have to order it. 
  http://www.cisco.com/c/en/us/products/collateral/unified-communications/expressway-series/datasheet-c78-730478.html
  The top level part number is R-UCL-UCM-LIC-K9. You will need CUCM 9.1.2 or higher with CUPS to get it working. 

• I want to remote desktop connect via Bluetooth

  I have two laptops on a little pan network. I can share folders and files between them. But I additionaly want to be able to establish a remote desktop connection between the two laptops. I'm not having too much success here. Can someone point me in the right direction? Thank you.
  Oh - XP Professional SP3. Toshiba BlueTooth Stack which hasnt been upgraded.
  Thanks again.

  I use remote desktop access - mstsc.exe - to remote all my servers at work.
  So I have my PAN at home on two XP Pro SP3 laptops w/ internal bluetooth. I run mstsc.exe and cannot see my other computer across the PAN. I can share folders without issue. Both laptops are in the same workgroup but mstsc.exe fails.
  I'm missing something.
  Ahhhh. Figured it out. The remote desktop access network configuration is in it's options. The computer field has a drop down menu, I was expecting it to populate being a drop down menu. But there were no menu items listed. That throw me off. But I just typed my other computer's name in the field and it connected me to the log in screen and my other comuter is now listed in the drop-down menu. That how its done.
  It's slow though. But I knew that.

• Poor performance and now dropping connection

  I am very underwhelmed by performance since switching to infinity FTTC last year. Download speed is very variable and I just cannot get an upload speed much better than 1.1 Mb/s.
  Now we have a regularly dropping connection. Last Saturday morning we had a thunderstorn with heavy downpour and phone line dropped completely - no dialtone and unsurprisingly no broadband. Did a line check from my mobile - all fine and no reported problems in the area. I phoned BT and got an Indian who just repeated what the website told me and said couldn't get an engineer for 4 days! Phone came back late the same afternoon and a little while later broadband came up but connection was up and down like a yo-yo. After 4 days of sunshine when the engineer turned up broadband had been up solid from 3 am and phone was fine. Engineer did more detailed tests which showed no problem and reckoned our problem must have been fixed, and that reason broadband had been dropping was because of computerised checks due to reported fault which would cause line to drop.
  For a few days all was fine, although performance still underwheliming, until we had another downpour yesterday morning. Phone line stayed up, although a little crackly, but once again broadband started dropping regularly. Since then it has gradually improved (no more rain).
  My suspicion is (and always has been) that with the heavy rain water is getting into a connection somewhere. How do I go about communicating it to BT support (I can't even find a web page or number for reporting broadband problems) this fact and actually getting someone to look into it properly? I rejected the "fault reported fixed" on the tracking your fault web page but so far nothing.
  I am distinctly unimpressed with BT support and unless this gets fixed soon I am seriously thinking of switching to fibre to the home with Virgin (despite hating Branson) especially as the move from Yahoo mail to BT mail has not been smooth and the BT webmail is full of bugs (which again I cannot find any way of reporting).

  Thanks. I tried that. Broadband up and down regularly until the day the engineer came. Day before had intermittent heavy crackling on the line and calls dropping. Day he came all is fine and of course his diagnostics checks come back all clear. Apparently, or so he told me, they are not allowed to work on our line unless the checks show a fault...which they didn't.
  I've just had 24 hours of our broadband working but just now it's started dropping regularly again.
  I am getting very frustrated/annoyed. What do I do now? How do they expect to solve the problem if it isn't constant and they can't get an engineer to look at it within 3 or 4 days? Do I just keep on calling our an engineer until by chance it happens to hit a problem while they're on site? Not good for customer satisfaction and surely it must cost them to keep sending out an engineer!

• Can connect via VPN, but can't access AFP server on same Xserve

  Hi:
  I've set up our XServe with MacOS X Server 10.5.2 to do AFP and VPN (L2TP only; PPTP is disabled). The XServe is a standalone server, not connected to any other direstory server.
  I can connect to the XServe's AFP server from my Mac over our wired and wireless network. The AFP server shows up in the sidebar of Finder windows. So far, so good.
  I am able to successfully connect to our network via the VPN with Mac OS X 10.5.2 client (on two different machines) using L2TP through our network's firewall (on a Netopia T1 router; UDF ports 500 and 4500 and IP Protocol 50 and 51 are open) using a shared secret.
  But I cannot connect to the XServe itself to use Server Admin or AFP (using afp://server.company.com or afp://xxx.xxx.xxx.xxx via the Go > Connect to Server command).
  The error I get while connecting to the 10.5.2 AFP server is Some data in apf://server.mycompany.com could not be read or written (Error Code -36 ). I saw this error associated with a SMB problem in 10.4.x, but SMB is not running.
  Other iChat users in my office also do not automatically show up in the Bonjour list when I connect to the network. Other computers on our network do not appear in the sidebar of a Finder window. (I'm told these are to be expected, as Bonjour isn't supported (in the "local area Bonjour" over a WAN link - it's purely a multicast feature on the network in the office, and won't be routed across the VPN link. True?)
  Now, here's the odd part. There is a second server (v10.4.11) on our network running AFP. I can connect to it (using afp://server.company.com via the Go > Connect to Server command) and mount its various sharepoints via the VPN.
  The only thing I see in the VPN log that seems amiss is this (but I have no idea what it means):
  Tue Mar 11 23:09:27 2008 : Unsupported protocol 0x8057 received
  --Both the 10.5.2 and the 10.4.11 servers have DNS properly configured (though our ISP; we're not running our own DNS).
  --Both servers and the client have public IP addresses and have the same subnet mask. Network Utility confirms this while connected to the VPN.
  --NAT is not running. The ISP is responding with public IPs for the servers.
  --The firewall for the 10.5.2 server is not running (but will be once I get this all working).
  --The IP address range for the VPN server doesn't overlap our DHCP pool (which also currently uses public IP addresses).
  --Any user can access any service.
  --No network routing definitions have been set up.
  --In essence, I've followed the steps on Pages 141-142 of the Network Services Admin Guide.
  One other note: After I connect, the Network Preferences > VPN > Advanced > TCP/IP window shows the IP address for the client just fine (assigned from the VPN pool), but lists the router as having the IP address of the XServe (rather than the router on the network). Is that normal?
  I'm hoping I don't need to have the XServe run DNS as an internal LAN DNS server.... And I'm not sure why I would have to if I can already successfully connect to the 10.4.11 AFP server .
  What simple step am I missing?
  TIA,
  mm

  "I am able to successfully connect to our network via the VPN with Mac OS X 10.5.2 client (on two different machines) using L2TP through our network's firewall (on a Netopia T1 router; UDF ports 500 and 4500 and IP Protocol 50 and 51 are open) using a shared secret."
  I suspect you mean UDP ports and you might need UDP port 1701 open too.
  You only need IP protocol 50 (ESP), protocol 51 (AH) isn't used. And ESP is only used when client and server isn't behind NAT (when NAT is used only the UDP ports are used).
  "Unsupported protocol 0x8057 received"
  This is usually seen when you can't get GRE through but since you don't use PPTP I can't be sure why this is registered in the logs. Sometimes when connecting using PPTP you have to disconnect and then reconnect for everything to work - you might try this for L2TP too.
  But if you already can reach services on any LAN nodes through the VPN I wouldn't bother with it.
  As you have a firewall in front of the server you need a second alias IP on the server that you can use to get at the services running on the server through the VPN. The firewall blocks all ports protocols not opened - that's why you can't use the server main IP even if the VPN is up.
  The netmask is used by all nodes to determine how big your subnet is: what part of the IP number is the network number and what range the node number is in => really: should traffic be directed to a node on the same LAN or sent directly to the gw/router for forwarding.
  What you can't do is connect from a NATed network to another NATed network that both are using the same network number. (That's why people should stay away from using the "default" 192.168.0.0/24 and 192.168.1.0/24 networks for VPN server LANs).
  Try your settings at http://www.jodies.de/ipcalc to see what I mean.
  "...lists the router as having the IP address of the XServe (rather than the router on the network). Is that normal?"
  Yes. The VPN server is the VPN gw/router.
  "The firewall for the 10.5.2 server is not running (but will be once I get this all working)."
  If you already have a firewall in front of your servers that is a bit redundant.
  "--No network routing definitions have been set up."
  "I'm hoping I don't need to have the XServe run DNS as an internal LAN DNS server"
  You need routing definitions if you want to setup a split tunnel VPN or all traffic is routed through the VPN when connected. The VPN becomes the default gw.
  Without ipforwarding ON in the server you can only reach nodes on the server LAN - not Internet.
  DNS is needed for your servers forward and reverse names/IPs for advanced services but doesn't need to run in any of your own servers.
  If you decide to do a split tunnel VPN config (adding public and private routing definitions) a reachable DNS IP for VPN clients (in VPN config on server) is needed for VPN clients or they can't use names to find anything. To reach this DNS IP if public/not on your server LAN, you need your server to forward IP DNS lookups and have a routing definition for it.
  A split tunnel VPN only send traffic for your server LAN through the VPN and all other traffic directly to the local gw/router (Internet).

• SGD + Poor Performance After 3 Hour Connection

  Hello,
  I have a user who connects from home via a DSL connection to the internet then to a Windows XP VM (VMWARE) through SGD. The performance is good for the first 3 hours or so and then begins to slow down. The user is mainly working in MS Word 2000 and what starts to happen is the screen refreash becomes so slow that she is able to type several sentances with nothing showing on the screen. Then after a few minutes everything appears all at once.
  The issue happens everytime the user connects for a long period of time. At first she has no delay issues but 3 hours later the screen refreash is so slow it is not usable. To fix the issue the user reboots the Windows XP VM and closes the SGD connection. She then reconnects and it is good for another 3 hours.
  I have logged into the VM here locally when she reports that it is slow and the VM is running fine at normal performance so the issue is not with the VM. We are using RDP to make the connection to the Windows XP VM.
  Any ideas why this session is slowing down after about 3 hours of use. She might be my only user who is on SGD for that long (3+ hours) so I am not sure if it would happen with other sessions (users).
  Thanks
  Bryan Gawronski

  Hello,
  What you need to know is if the issue is between your SGD server and the VM or between the SGD server and your client?
  Might i suggest that you get her to immediately report the issue when it happens next to you and you have a look at the load on the network, cpu and ram on the SGD server and if that doesn't show up anything unusual then login to SGD with her account and resume her session to the VM and see if it is also slow for you.
  You could also try other things like giving her another VM to try both when the first one slows down and also instead of the first one to see if it slows down at all.
  If you can replicate the error in your own office then it will help you to better troubleshoot the issue.
  Hope this can be of some help to you.
  Jason