Active Directory management tasks slow over SSLVPN?

I have fairly fast & robust internet connections at both ends and most normal tasks behave fine over SSLVPN. However when I need to perform AD management tasks, (modify AD U&C or AD GPO) those seem to crawl for some reason- I haven't actually timed it, but it probably takes a full 90 seconds to open ADU&C. The DC's that I'm working on are right at the other end of the SSLVPN tunnel so I wouldn't expect these tools to behave so slowly.

However, one additional aspect of the AD structure as a whole is that the Global Catalog server is an additional hop away through a BOVPN. I'm not sure that this is a factor because when I'm actually in the office (at the other end of my current SSLVPN, still a BOVPN hop away from the GC server) these AD tools behave fine.

Does anyone else notice the same slow behavior when locally using AD specific tools over an SSLVPN or is it just my setup?

SSLVPN client 12.5.2 & XTM 270 w/ 12.5.2 OS all traffic forced through the SSLVPN

Answers

  • edited April 9

    One other detail for information: while on the SSLVPN, I can RD into any machine at the other end of the SSLVPN and run the AD management tools there and they also run normally.

    And for the record I just timed opening ADU&C and it actually took nearly 6 minutes to appear! much worse than my earlier guess.

  • If this also happens with any other client VPN type, then it may well be a MTU issue.
    A resolution is to enable PMTU (path MTU) discovery in the Windows registry.
    Also, one can enable black hole router discovery in the registry too.
    I have done this in my PC.

    Here are the registry keys & values to do both:
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    EnablePMTUDiscovery dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    EnablePMTUBHDetect dword:00000000

Sign In to comment.