Sorry for the delayed reply, yesterday got out of hand and today hasn't been much better. Yup. I think I've got this working at least part way. Originally the users had login scripts adding the mapped drives persistently. I changed that to a non-persistent group policy, but for some reason the drive maps were still persistent. After manually removing them and letting group policy re-apply them, the login is back to normal. This means the users don't have mapped drives when they take their machines home, so as a work around I've just given them a shortcut to batch script to manually map the drives after connecting to VPN. Messy, but it works for the moment. Tried this early on in the piece, no go. Default unconfigured is only a 30 second wait anyway so I don't think it could account for the 5+minute wait. I had this thought, but I haven't figured out what to do about it.