Trying to resolve slow log on/off times with DirectAccess RRS feed

  • Question

  • Having spent a lot of time getting DirectAccess working (thanks, JJ!), I'm now piloting the service with a select group of staff before making it more widely available.

    What I'm finding is that log on and log off times can be very - very - long sometimes, and there doesn't always seem to be a reason for it. I've worked closely with the testers to try to keep their profile size under control. I've used group policies to redirect some folders (e.g. Documents, Photos), group policies to exclude some folders from the profile (e.g. Downloads, Music) but even with a reasonable size profile, the time take could well turn out to be unacceptable.

    For example, on a test I did with my own profile (and I apologise that I don't have the profile size recorded for this exercise but the tests were all done just by starting up and shutting down), the time it took with the laptop directly on the LAN was 1 minute 15 seconds from entering my credentials to getting to the desktop. With the laptop on the DMZ (i.e. outside the LAN but with no Internet connection to go through), it took 1 minute 20 seconds. At home, with an ADSL broadband connection running at about 6Mb/s download and 512Kb/s upload, it took 11 minutes to get from entering my credentials to seeing the desktop.

    A traceroute from my work laptop connected at home to the file server hosting my profile showed times of around 30ms for each hop. With DirectAccess, though, you only really see three hops - the outside of the IPv6 path, the inside of the UAG/DA server and the destination server - so I'm just "hoping" that the time it shows for the first hop is realistic.

    So I'm running out of ideas as to what else I can do to try and get a consistently faster logon/logoff experience.

    Clearly, I could stop using roaming profiles, and perhaps stop using redirected folders as well. I'd need to do some further testing to see if the redirected folders are making any sort of contribution to the delay. There are two main downsides to stopping the use of roaming profiles:

    1. I don't then have a backup of the user's profile if their computer goes phut. That can be resolved using DPM which we have licences for.
    2. It would make life very difficult if we wanted to roll out a virtual desktop infrastructure, which I am keen to do because of the increasing number of home workers where I cannot so easily control their computer environment.

    Has anyone got any experiences they care to share around logon/logoff times and what they did to try and improve the experience?

    The good news is that once the user is logged on, things seem to be at an acceptable speed. You can browse a file server and it doesn't "hang" for a noticeable period of time. It literally is just the log on and log off times that are causing the headache.




    Wednesday, January 4, 2012 7:55 AM

All replies

  • Unfortunately I bet your problem is completely related to the fact that you use roaming profiles. No matter how small, when you are pushing and pulling a profile over any network it can dramatically increase your logon and logoff times. If you can, create a baseline of testing for a particular user and then disable the roaming profile for that user, see if that suddenly fixes the problem. Of course you can also probably get small decreases by the ways you mentioned, by continuing to whittle down on the number of things that are happening during login.
    Wednesday, January 4, 2012 11:56 AM