Group policy and high latency connection

ChrisD. · 21 Jan 2012 at 13:14

I have an XP client machine on a connection that takes a sat hop before it sees its Win 2k3 DC. It goes over a tunnel and the IP traffic is encrypted. I'd estimate the real time bandwidth to be no more than 128k, with a latency of just under 700ms.

Group policy is not being applied correctly to the machine, I have changed some registry values as advised on varying Microsoft forums but it's still not working as expected.

Am I peeing into the wind trying to get this client to work properly or are there some other suggestions?

moss · 21 Jan 2012 at 14:02

You can change the slow link thresholds in GP using the following:

Computer Configuration\Administrative Templates\System\Group Policy\Group Policy slow link detection

User Configuration\Administrative Templates\System\Group Policy\Group Policy Slow link detection

We have some machines on pretty slow links at work but the GP usually seems to apply so its not something I've ever tried.

ChrisD. · 21 Jan 2012 at 21:05

I'll give it a go, cheers.

ChrisD. · 1 Feb 2012 at 10:24

Got to the bottom of this in the end in case anyone is interested.

Force Kerberos to use TCP instead of UDP.

Changed MTU to 1412.

Ace T · 2 Feb 2012 at 21:15

We have similar issues with our 2008 AD Domain and XP and Win2003 clients. Even with slow link detection some of them error out as they send a ping to a DC across the WAN and the reply never comes back so they don't process GPO's. We switched to TCP a while ago which makes a lot of difference.

Interesting with the MTU setting. What made you choose the 1412 value ?

ChrisD. · 4 Feb 2012 at 00:11

We have another client in in a similar situation but it's on a 10Mbit LAN, the MTU on that was set to 1412 by someone previous so we assumed it'd help. We may have to lower it actually.

Skidilliplop · 4 Feb 2012 at 13:07

Lowering the MTU reduces fragmentation over the slower link and makes better use of available bandwidth. Sometimes tunnelling adds bloat to headers requiring the MTU to be reduced accordingly.
Ideally you want to know the lowest MTU on the route and set it to that to prevent any fragmentation in transit.