+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 42
Windows Server 2008 R2 Thread, 2008R2 Firewall causes delays on My Documents and browsing UNC paths in Technical; I've got a weird problem on a brand new 2008R2 domain with Windows XP clients. I've just noticed that when ...
  1. #1
    morganw's Avatar
    Join Date
    Apr 2009
    Location
    Cambridge
    Posts
    816
    Thank Post
    46
    Thanked 132 Times in 126 Posts
    Rep Power
    39

    2008R2 Firewall causes delays on My Documents and browsing UNC paths

    I've got a weird problem on a brand new 2008R2 domain with Windows XP clients. I've just noticed that when saving a file in Office2003, when clicking 'My Documents' I would get a 15 second-ish delay before the contents were shown. The same delay is also present while trying to access a server by the UNC path, e.g. typing \\SERVER\ into the run box. It also seems to only delay on the first try, so a subsequent attempt to do the same thing will not be delayed

    The problem seems to be related to the Windows firewall on Server 2008R2, if I turn the firewall off the delay disappears.

    Since this a brand new install I really wanted to start with all of the server firewalls turned on, I've got the exception in for 'File and Printer Sharing' for the domain.

    I found someone with exactly the same problem on experts-exchange, they just ended up turning their firewall off.
    My Documents Properties responding slow after Redirection Change from Group Policy

    Anyone know what is going on with this?

  2. #2
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    39
    Maybe I am wrong but have never enabled any firewalls on an internal lan clients or servers. Instead I have relied on firewalls at the edge of the network to protect the entire lan. Of course if you get an attack from within your network the external firewall won't stop that. Fair enough if you have a server which is open to access from a public facing IP a firewall is a must. It would be interesting to hear from other people what they do with firewalls on clients and servers in a protected lan envionment on 2003 or 2008.

  3. #3
    morganw's Avatar
    Join Date
    Apr 2009
    Location
    Cambridge
    Posts
    816
    Thank Post
    46
    Thanked 132 Times in 126 Posts
    Rep Power
    39
    I was thinking of more internal attacks, viruses and other non-internet type things. It's been pointed out to me that the ports that are open for the network to function are the ones which are most likely to be used in such attacks but I'd still rather have them on.

    As an example, the SIMS Docstorage and SQL backups will be rsynced to a backup server overnight, there is a complex encrypted password involved in doing this but running with the firewall up allows me to also specify which IP addresses are allowed to connect to the rsync port. It will probably never matter but it lets me sleep a little easier at night.

    I think i've found the problem for the slow unc access, I've disabled the webclient service on the clients and now the delay is gone. Apparently this service will attempt to connect on port 80 on the server when the UNC path isn't immediately valid.

    Info here:
    A long delay occurs when you try to open a network share by entering a path in the Run box on a Windows Vista-based or Windows Server 2008-based computer

  4. #4

    Join Date
    Aug 2010
    Location
    Dibba
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Is this a proper solution? Have somewhat strange issue

    I've setup my VPN cisco connection to a windows 2008 server. Works perfectly even though i thought it would be a headache but then i realised something strange:

    I did a transition from Server 2003 to Server 2008 recently and moved across all the data (network shares, emails etc).

    Now, the issue is, that i noticed when i VPN from home, i map 2 drives: my home network share (H Drive) and another Common Staff Folder (M Drive). Althought i realise that the upload/download speed depends on my connection from home, i found out that when i am browsing through the M drive, it goes smooth (back and forth through the folders, subfolders, etc), however, when i start browsing my home H drive, it takes 5 to 6 seconds. Then i went into work and realised it takes 2 to 3 seconds on the LAN to browse through the H Drive. Again, M drive is smooth.

    After literary reading hours of articles and playing around, i came to notice that actually only when i go back to the documents (which is now redirected so staff can access their H drive through My Documents or by going to My Computer and then H Drive) or browse through other redirected folders such as My Pictures, My Music, My Videos, that browsing through these and their sufolders takes 2 to 3 seconds each time, however, if i am browsing folders i created and their subfolders, there is no issue!!!! Everybody uses Windows XP SP3 at work with Windows Server 2008 R2...if anyone can shed any light on how to fix this i would be most grateful!

    Thank you!!

  5. #5
    morganw's Avatar
    Join Date
    Apr 2009
    Location
    Cambridge
    Posts
    816
    Thank Post
    46
    Thanked 132 Times in 126 Posts
    Rep Power
    39
    If it's ok on folders that you've created then maybe the delay is a problem translating the security identifiers on the folders. I had a similiar thing a couple of days ago when I had a switch with a duplicate IP address and the primary domain controller seemed a little unresponsive. I was getting a 2 -3 second delay trying to view security settings. Just a guess.

  6. #6

    Join Date
    Aug 2010
    Location
    Dibba
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    so you reckon i should go through the network equipment (Switches, firewalls, etc)?

  7. #7
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    We have the Windows firewall enabled on all systems here, XP SP2/SP3 boxes and 2008 SP2 servers and we don't seem to have any issues. Defence in layers as they say it's there so use it, (unless of course you're having issues with it ). This saved our bacon when someone bought conficker onsite as only a few test PC's and Windows 2000 boxes became infected.


    Do you have all of the necessary ports for DNS open and are they the same on all DNS servers, could it be waiting on one DNS server timing out then moving to another that's configured correctly?


    EDIT: Reading the link posted above KB958970 that makes sence as we have the WebClient service dissabled on all PC's/
    Last edited by cookie_monster; 5th August 2010 at 08:53 AM.

  8. #8
    morganw's Avatar
    Join Date
    Apr 2009
    Location
    Cambridge
    Posts
    816
    Thank Post
    46
    Thanked 132 Times in 126 Posts
    Rep Power
    39
    Quote Originally Posted by lefty8680 View Post
    so you reckon i should go through the network equipment (Switches, firewalls, etc)?
    Maybe as a last resort, for a physical pc you could try disabling the WebClient service although you can test if that is an issue by turning the firewalls off on the servers - the delay should then disappear.

    Does your VPN go straight to the server which contains the files you are browsing or are you connected to some kind of gateway which then links to the fileservers?

  9. #9
    morganw's Avatar
    Join Date
    Apr 2009
    Location
    Cambridge
    Posts
    816
    Thank Post
    46
    Thanked 132 Times in 126 Posts
    Rep Power
    39
    Quote Originally Posted by cookie_monster View Post
    We have the Windows firewall enabled on all systems here, XP SP2/SP3 boxes and 2008 SP2 servers and we don't seem to have any issues. Defence in layers as they say it's there so use it, (unless of course you're having issues with it ). This saved our bacon when someone bought conficker onsite as only a few test PC's and Windows 2000 boxes became infected.
    That is my thinking and I'd rather go for extra layers of protection. The only server that I can't use the firewall on at the moment is the SIMS server, the SIMS application fails to login with reason '0'. I've opened the default SQL port but it still doesn't connect. Don't suppose you know which ports should be open? Everyone else I speak to normally has the firewalls off.

  10. #10
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Ha interesting that you should ask that, our SIMS box is still on 2003 and I don't have the firewall on that. As soon as we move to 2008 (soon) i'll be turning it on and sorting the pirts out.

  11. #11

    Join Date
    Aug 2010
    Location
    Dibba
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    mogranw: as i said, VPN is fine - this entire situation i am talking within the actual LAN, ie, when a client sitting in his office is trying to connect to the server which is 1 floor below him...i read about the web client thing - should that really help me out? Is it a valid solution? Would i have to tweak each invididual user pc?

  12. #12

    Join Date
    Aug 2010
    Location
    Dibba
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    just tried disabling firewall, symantec antivirus, but nothing and like i said earlier, all shared folders and shared drives (like the mapped staff common drive) open fine no issues - only problem with My Documents, My Videos, My Pictures - redirected folders problem only!

  13. #13
    morganw's Avatar
    Join Date
    Apr 2009
    Location
    Cambridge
    Posts
    816
    Thank Post
    46
    Thanked 132 Times in 126 Posts
    Rep Power
    39
    Is the My Documents redirection done with environment variables or are you using a DNS name of a server?

  14. #14

    Join Date
    Aug 2010
    Location
    Dibba
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    in the group policy, i selected redirect folder, documents, basic redirection and at the bottom redirect to user profile. Then when i map the drives, i use ip address or name of server - is this what you mean?

  15. #15
    morganw's Avatar
    Join Date
    Apr 2009
    Location
    Cambridge
    Posts
    816
    Thank Post
    46
    Thanked 132 Times in 126 Posts
    Rep Power
    39
    Yes, if you do it that way then the My Documents redirection should be based on %HOMESHARE%%HOMEPATH%. If you log in and type echo %HOMESHARE% and then echo %HOMEPATH%, if you join those two together that should show what the system trys to resolve when using the redirection. You shoulnd't have to map the homedrive, i'm not sure whether you meant you map it or you were talking about map drives to other shares, but whatever is set in AD on the 'profile' tab should get mapped automatically and that is where the %HOMESHARE% value should be read from. That is my understanding anyway.

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Delays to SIMS releases
    By Mcshammer_dj in forum MIS Systems
    Replies: 23
    Last Post: 14th December 2009, 10:15 AM
  2. UNC Paths - Macs?
    By mbrunt in forum Mac
    Replies: 6
    Last Post: 8th December 2009, 03:36 PM
  3. Word 2003/Program UNC Browsing
    By rh91uk in forum Windows Server 2000/2003
    Replies: 11
    Last Post: 24th May 2009, 11:20 PM
  4. BSF Delays... Again!
    By Diello in forum BSF
    Replies: 3
    Last Post: 15th October 2008, 08:34 AM
  5. More BSF Delays
    By steve in forum BSF
    Replies: 36
    Last Post: 6th February 2008, 03:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •