Group Policy Processing over Slow Links (Part2)
Windows method for locating a domain controller is that the workstation
checks connectivity with the DC it first uses a normal ICMP ping. If the
normal ping succeeds it then tests the connection speed with an oversized
ping. Specifically the size is 2048k* which puts the total packet size over
2k due to headers. This isn’t a problem when you are on a local network with
nothing between you and the DC but a switch. In VPN sites Router denies
oversized ICMP traffic by default. Because of this behaviour
workstations at remote sites succeed with the first normal ping but
fail on the oversized one. That causes the following error to show up
in the workstation’s event log.
Event ID: 1000 and 1054
Windows cannot obtain the domain controller name for your computer
network. Return value (59).
To test the network:
Ping the Domain controller from workstation with –l switch
Ping DC Name –l 2100
Above ping will work only if the VPN MTU value more then 2K (ICMP packet size more then 2K)
Solution one:
Need to configure the Router to accept the ICMP packet size more then 2048k
Solution two:
Need to implement the below registry change
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSystem]
“GroupPolicyMinTransferRate”=dword:00000000
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USERSoftwarePoliciesMicrosoftWindowsSystem]
“GroupPolicyMinTransferRate”=dword:00000000
These keys tell the workstation to not test the speed of the connection
with the DC. This setting is also available in group-policy
Implement this setting through GPO:
To specify settings for Group Policy slow link detection for computers, use the Group Policy slow link detection policy setting in the Computer ConfigurationAdministrative TemplatesSystemGroup Policy Group Policy slow link detection – Enable
Connection speed 0
To set this for users, use the Group Policy slow link detection policy setting in User ConfigurationAdministrative TemplatesSystemGroup Policy Group Policy slow link detection – Enable
Connection speed 0
0 to disable slow link detection
Note: the computers must first have the setting to download the group-policy, other wise computer will not get the updated policy, for this need configure the above registry key manually to the workstations.
To know Group Policy Processing over Slow Links
http://ganesh-windowstricks.blogspot.com/2009/07/group-policy-processing-over-slow-links.html
Related Articles
loopback processing
Loopback policy
group policy
Group Policy Processing
ie7 group policy
