Server: Windows Server 2003 R2 SP2, IPSec policy with filter rule for just the 4 common File Sharing ports.In production Clients: Windows XP, IPSec policy mirrors server policy for file sharing just the 4 common ports.In test Clients: Windows Vista/7, same IPSec policy as the XP clients.Problem: throughput going from test clients to server is 16Kb/s on a 1GB connection. for perspective, a 1.2 MB file takes90 seconds to copy up toashare on the server. throughput going from production clients to server is 10MB/s or better. copying the same filefrom XP up to the server takes less than a second. throughput going from server toany client is 10MB/s or higher. i can download 500MB in about 4 minutes. changing the IPSec policy to "ANY" port, rather than the FS portsallows the test clients to server connection to operate 10MB/s or faster, in both directions.The slowness only happens under the following conditions, and weve gotten it to be repeatable now: 1) These test clientsare Windows 7, Windows Vista exhibits this as well, XP does not. 2) Just File sharing ports are active in the IPSec Policy UDP137, UDP138, TCP139 and TCP445. Changing the policy to use ANY port makes this behavior disappear. 3) Slow copy traffic is only *up* to the server, copying down from the server, speed seems unaffected. To rule out Kerberos Authenticated IPSec in general I issued a certificate from our CA outside this particular domain, and installed it on both the server anda testclient and set the IPSec policy accordingly. The behavior described above persists, only 16 Kb/s when copying up to the server, any copies down from the server happens at full speed, in MB/s. Weve duplicated this on a domain joined computer using Kerberos, and a computer that is not joined to this domain and only used the certificate based IPSec to connect between the same test clients and the same server. Under both scenarios copy throughput up to the server averaged 17 Kb/s. Copies down from the server happen at nearly 10 MB/s. Does Vista and or 7 have some kind of extra overhead when writing to server 2003 over IPSec?

Hi, Based on my research, I would like to suggest the following:1. Disable "Large Send Offload" on the Windows Vista or Windows 7cleint: 1) Open an elevated command prompt and press Enter: netsh int ip set global taskoffload=disabled 2) Disable and re-enable the network interface. 3) Run the following command in an elevated command prompt to confirm the command above is successful: netsh int ip show offload 2. Please check the following document and try the method on the Windows 2003 Server: A Windows Server 2003-based computer responds slowly to RDP connections or to SMB connections that are made from a Windows Vista-based computer http://support.microsoft.com/kb/947773 3. Just for a test, please disable IPSec and see how it works. Hope this helps. Thanks. Nicholas Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com.Nicholas Li - MSFT