Hi folks. We've been setting up Global Secure Access but are struggling with bad performance and disconnections. Clients are mapping file shares, but this happens before the GSA client connects. Users are reporting randomly lost connectivity to file shares, causing loss of work. Starting an application from an on prem file share takes ages. Earlier, when the client was using Always On VPN, starting the application took only a few seconds before it was ready. We've set up GSA connectors on 4 VMs. 2 VMs are in the quick access app connector group and 2 VMs are in the connector group for all other enterprise apps. HTTP/2 is disabled and TLS1.2 is set up according to this MS KB article. The GSA connector is not installed on any application VMs, which means all traffic are tunneled between clients -> MS endpoints -> GSA Connector -> Application. Conditional Access (incl. MFA) is not enabled at this point. Does anyone have any input to what can be done to speed up and stabilize the connections?

The issue you are seeing is described here https://msandbu.org/entra-id-private-access-performance/

Hi Marius. I've read your blog post, but since it's 1.5 years old I was hoping something had happened in the mean time. So, this could explain the bad throughput but not the instability? If this is by design it's unusable for the majority of our clients..

that can be a combination of access token expiration and just latency. The blog post is only half year old, but ufortunately nothing has changed on the protocol

My mistanke, we're in 2025 still 😌 If the access tokens expired, it would make all apps inaccessible until renewal, but only one fileshare on the same "fileserver" (Nutanix Files) are behaving like that. Are there any considerations on DFS fileshares/SMB multichannel that we need to address?

access tokens are on per app basis

Btw, all file shares are made available through the same app.