network

Why is Office 365 going slow?

Is your Office 365 running slow at random times? Does it seem to happen at work but be fine from home (or some other location)? Here is a short check list to help diagnose the problem.

Where is your Office 365 Tenant located?

Make sure your tenant is hosted in a location that makes sense. For us New Zealanders, the nearest location is Australia. Check the Office 365 Datacenter map.

Are you behind a Firewall or Proxy Server?

All Office 365 services use SSL. Firewalls and Proxy server with SSL Packet Inspection enabled can be a source of latency, especially if they are under a heavy load. Does turning off packet inspection improve performance? Does the Firewall’s console show high memory or CPU usage? This article ‘Should you use SSL Inspection’ by Forinet is a good read and applies to other vendors too.

Check your international bandwidth

In New Zealand some ISP’s limit the amount of international bandwidth allocated to each customer. If you have a large number of users, this could be a bottleneck. Talk to your ISP about the bandwidth allocation. Some may also have Office 365 specific plans.

Express Route is another technology that can improve performance for Azure and Office 365. See Microsoft’s Express Route partners and peering locations document. Talk to your ISP about Express Route.

Are you connecting across a WAN to your company internet connection?

If you are working from a branch office, then your internet traffic may be passing over a WAN link before getting to the internet. How much bandwidth do you have and are you sharing it with other traffic? Are you slowing down when someone prints a big file?

Other things to check

  • Network switches on your local LAN. Look for packet loss, latency and retry errors
  • Wireless network. Is the issue related to your WiFi only?
  • Your PC (or Mac). Is the problem specific to one device?
  • Run a speed test on your internet connection.
  • Are you over your data cap?

For a details example of how to troubleshoot Office 365 performance, read this article from Microsoft Premier Support.

There are other reasons Office 365 might be running slow, but in my experience most issues relate to the environment users are in. Try to eliminate the easiest things first.

Windows 7 DirectAccess overview

Windows 7 clients can gain remote access to network resources using a feature called DirectAccess. Microsoft see this as a game breaking technology that will change the way we work remotely. A Windows 2008R2 server  acts as a gateway for DirectAccess clients providing access to servers on the internal LAN.

DirectAccess does away with the need for third party VPN clients or access gateways on client devices and simplifies data access from the end user.The end user experience is seamless and simple. The user simply turns on and connects to the internet, no additional user actions required. DirectAccess will automatically reconnect if the internet connection is dropped for any reason.

DirectAccess removes some of the more frustrating issues end users have when working remotely. Connections are over port 443 (a standard port) removing connection issues due to firewall rules on remote networks and routing issues due to subnet clashes. Intelligent routing means users can access internet services at the same time as company resources.

For Network Administrators the ability to manage computers outside the firewall will be a key driver for using this technology. NAP can be used to audit clients before allowing network access. Group Policy can be applied over the DirectAccess connection before the user gains full network access.

One of the biggest difference between DirectAccess and traditional VPN solutions is that the DirectAccess connection can be initiated from either end where VPN’s are initiated from the client only. The connection is established when the client device starts up and doesn’t require the end user to login and initiate a connection.

DirectAccess Requirements:

  • Windows 2008R2 Server Active Directory Domain Controller Role
  • Windows 2008R2 Server DirectAccess Role
  • 2 Network cards configured
  • 2 consecutive public static IPv4 addresses with public DNS names
  • Digital Certificates with CRL attributes
  • Windows 7 client joined to the domain

Firewall configuration details can be found on technet – DirectAccess requirements article.

DirectAccess really is in my opinion one of the best reasons to move to Windows 7 when it is released later this year. End users will love seamless access to company resources while Network Administrators will see real value in the management capabilities.

Microsoft have recently published some tools to help implement and manage Direct Access. Download the kit from here:
Direct Access Admin Kit

DNS Aliasing

How many times have you had to upgrade a server and run around making changes to login scripts and group policies. How about migrating users to a new terminal server or migrating applications to a new SQL server. DNS aliases can be used to simplify these tasks and with a little bit of thought prevent the need to ever make those changes again.

File Server example

In this example we have a existing file server  FS-1 and a new file server FS-2. We will create an alias called FILESERVER

Disable Strict Name checking on both file servers (needed to allow connection to SMB shares):

  • Edit HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
  • Add a REG_DWORD DisableStrictNameChecking = 1
  • Restart the server so the setting takes affect

In DNS create a CNAME record called FILESERVER and point the CNAME at the DNS A record for FS-1.

You can now change login scripts and GPO’s to connect to FS-1 in two ways. Note this works for file shares and shared printers too:

  • \\FS-1\share
  • \\FILESERVER\share

Now lets assume you want to replace FS-1 with a new server FS-2. Simply move the data and create shares on FS-2 and when your’re ready to swap servers change the FILESERVER CNAME to point to FS-2. No changes to login scripts or GPO’s.

Tips:

Before cutting over to FS-2 you can use a hosts file on a PC to connect to shares and test your shares.

The same concept can be used in many places including aliases for SQL databases, Sharepoint, mail servers, web servers and many applications that use TCP/IP to communicate.

This is a good way to present “friendly” server names to users while maintaining names that are meaningful to the IT team.

You can have multiple CNAME records pointing to the same server. Useful for application specific DNS aliases e.g. a SQL server running several databases could have CNAME for each databases so that if one is moved to another server in the future the CNAME can follow.