0

We have two windows 2003 machines, one is a DC and another is joined to the domain of the DC. These machines are not locally available to us so we have to remote desktop into them. When we first got the machines remote desktop was blazing as the machines are only a couple of miles away. I then installed AD and setup routing and remote access, I also setup DNS on the DC. Now when I try remote Desktop into the machine which is part of the domain (not the DC) it is painfully slow! Remote Desktop onto the DC is also noticeably slower! Another problem is that our FTP to the DC has also become slow. I don't know what other information I can provide, as I am new to Sys Admin (moving over from development).

The speed should be fast as these machines are only a couple of miles away. Any help / suggestions is greatly appreciated!

Thanks Peuge

  • What do you mean by "setup routing"? If the logon process is slow, then you'll want to focus on your AD setup, if Remote Desktop generally seems slow, then you'll want to focus on the "routing" changes you made. – Eric H Apr 07 '10 at 14:00

2 Answers2

1

What do you mean "slow" ? Is it during the logon process (if so, what part exactly) or once you're on the desktop and using the machine ? Have you performed even a basic network route diagnostic ? Are the machine fast when you are at the console ? What's the network topology you're going through ?

Stephane
  • 6,382
  • 3
  • 25
  • 47
1

It's been my experience that issues like this are generally related to DNS in some form. That is assuming that once you are connected it seems to work fine. From your description it sounds like it is just the initial connection/handshake/authentication part of it.

Check your DNS zones, check the records for the DC's themselves, check the reverse pointers for the servers as well as the client you are using to connect. Check the security on those records as well. If you see some 'Unknown Accounts' in the ACLs, delete the record and run 'ipconfig /registerdns' to have the machine re-register itself. You want to check all of the AD specific SRV records too, as in, is the _ldap record correct under _msdcs\pdc_tcp, etc?

netdiag and dcdiag on the Domain Controllers may give you some insight as well. Do you have any errors or warning in the event logs on the servers? If you restart the File Replication service on one of the DC's, does it generate any errors or warnings? In that scenario I would be looking for a 'Couldn't resolve partner' warnings.

Without having a local DC to authenticate against, I'd also take a look at the traffic over the connecting pipe. Is it maxing out at any point? Are you loading user profiles over it? It's generally recommended that you have at least one DC at each site. If your connection dies, what are you going to authenticate against? You'll be stuck with cached credentials on each computer.

sinping
  • 2,055
  • 14
  • 12