Throughput of Microsoft DirectAccess is directly linked to client latency on server side upload RRS feed

  • Question

  • I seem to have a fundamental issue with Microsoft DirectAccess.

    I will list what hardware I am using first

    2 x Servers with Xeon E5-2667 v3 @ 3.2GHz with 32GBs RAM and 10K SAS Disks

    1 x Cisco ASA firewall performing just NAT for 443 and 80 to the above servers in an NLB

    lots of laptops (new ones with latest generation Core i7's and 16GB RAM with SSD's)

    I am using machine certificates with ECC suite B and Windows 7 - Note this issue also happens with Windows 8.1 and Windows 10 as I have also tested this.

    Connections to the DirectAccess are fine and are all working - logging in and communicating with the domain fine in both directions using IPHTTPS.

    Our problem is directly related to client latency it we plug in a client right at the front door of the DirectAccess solution so the client has less than 1ms of latency then we get throughput of 600Mbs+. So i know that it is not an issue with IPHTTPS and double encryption or using ECC certificates or any issue with the configuration of the server

    As the latency of the line is increased by every single millisecond throughput is dropped to the point where at 20ms with is most peoples minimum latency when connection from home to work throughput is now down to exactly 2MB's or aprox 20Mb's.

    This only happens when the server is uploading data to the client.

    This has been tested with a WAN emulator and I can provide exact metrics for throughput if required.

    Note this this does not happen with the client is uploading data to the server.

    It seems to me that the client is able to scale its TCP Window to the server, but the server is not able to do the same.

    Please can anyone provide a fix or a work around for this issue. There seems to be a lot of people on this forum that seems to have similar issues but have not nailed the correlation to latency or tested with WAN emulation - also note I have tried two different WAN emulators and also correlated this data with users at home.

    Additional information can be provided on request.

    Any help would be appreciated or even how to raise with with Microsoft directly.


    Thursday, November 24, 2016 1:16 PM