Authentication during a pcAnywhere connection attempt using Active Directory credentials is slow
|Article:TECH147363|||||Created: 2011-01-03|||||Updated: 2013-03-04|||||Article URL http://www.symantec.com/docs/TECH147363|
Authentication may take longer than expected during a pcAnywhere connection attempt using Active Directory credentials.
In large Active Directory environments, authentication of a user may take several minutes as the pcAnywhere host program processes all of the users from an Active Directory group.
In addition, delays in initialization of pcAnywhere sessions may be the result of delays in name resolution, especially in an extended network environment such as a WAN.
Symantec has added multiple fixes to pcAnywhere, including two registry keys named NeedToBypass and QuickADSGroupAuth, which improve Active Directory authentication speed. The pcAnywhere host program (the one hosting the remote control session / the one to which a remote user is connecting) is responsible for authentication of the credentials provided by the remote users; therefore, these registry keys are to be set on the host computers.
Here is the link to the pcAnywhere standalone or "box" product SP2 Release Notes article: http://www.symantec.com/docs/TECH132060
1. The SP2 Release Notes refer to a registry key named NeedToByPass. That registry key forces the host to send the authentication request to a local domain controller (a domain controller closest in proximity rather than the one with the "Primary domain controller emulator" master role). This registry key will work with the host program provided with pcAnywhere 12.5 SP2 and later, as well as pcAnywhere Solution 12.5 SP2 and later.
2. The following article refers to a different registry key named QuickADSGroupAuth: http://www.symantec.com/docs/TECH109926
Note that the QuickADSGroupAuth key may not work in environments which have more than one domain or forest.
Test both of these registry keys on host computers in various sites or regions, to verify whether they improve the pcAnywhere authentication speed in your environment, individually or together. Then based on the most efficient combination, implement the registry key(s) for all computers that run pcAnywhere.
If delays persist when initializing pcAnywhere remote control sessions, the root cause of the problem may be name resolution. See "Troubleshooting delays in PcAnywhere connections over Wide Area Networks" at http://www.symantec.com/docs/TECH157421 for more information.
Article URL http://www.symantec.com/docs/TECH147363