This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Active Directory Users & Computers slow over GlobalProtect

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Active Directory Users & Computers slow over GlobalProtect

ShippG
L1 Bithead

‎12-02-2019 01:51 PM

We are experience an issue that I am curious if anyone else has encountered. When any of us IT folk are VPN'd in via GlobalProtect (tested on different internet connections, hardwired and wifi) whenever we open up MSFT Management Console Active Directories Users & Computers, it takes about 5-7 minutes to open.  I can see the traffic in our traffic logs on the Palo, nothing denied, it just takes a long time until it opens and runs painfully slow once opened. 

 

If anyone has encountered this before if you could point me in the right direction that would be great, I will update if I do find anything.

 

Thanks,

15 people had this problem.
0 Likes Likes
29 REPLIES 29

dpeterson4
L2 Linker

‎12-02-2019 02:16 PM

Hello,

 

We ran into this same issue.  We had to add a special registry key.  Problem is cause by weakhostsend in windows or some cases it was a DNS issue.

 

We had to add the following registry key.

 

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\post-vpn-connect

 

Name: command

 

Data: powershell -Command "Get-WmiObject win32_networkadapter | where-object NetConnectionStatus -eq 2 | where-object ServiceName -ne PanGpd | ForEach {netsh interface ipv4 set interface $_.InterfaceIndex weakhostsend=disabled}"

(1)

ShippG
L1 Bithead
In response to dpeterson4

‎12-03-2019 08:49 AM

Hmm I don't seem to have a key for post-vpn-connect under settings just "remove-gpa-cp"

0 Likes Likes

ShippG
L1 Bithead
In response to ShippG

‎12-03-2019 09:23 AM

Nevermind I figured out how to add this (sorry I'm a network guy my brain is wired differently). Thanks for the input but this did not seem to resolve my issue - back to digging!

0 Likes Likes

cezarb
L2 Linker
In response to ShippG

‎03-25-2020 06:55 AM

Any new leads on this? I think we might have hit the same issues (probably related to DNS) and the register change did not help either.

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks