[THIN] Re: Slow login with Windows Server 2003 SP1
- From: "Rick Mack" <Rick.Mack@xxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Tue, 11 Oct 2005 21:49:56 +1000
Hi People,
Had a bit of fun on a customer site.
Win2k XP FR3 to 2003 PS4 upgrade, upgraded all the front and back end
servers with new faster hardware, all gigabit, CSG MSAM, all the latest
hotfixes, the works. With local flex profiles and a bit of fairly neat
scripting we had login times down to sub 10 seconds.
Then while we were finishing up the back end stuff, login times suddenly
went dead slow and took over a minute. The Citrix Client connection
status screen stayed frozen on "restoring network drives" for about a
minute. RDP connections just showed a blue, blank screen for what seemed
like forever, but was a bit over a minute. This happened for ICA or RDP
connections, but not on the console, or if the RDP client used the
/console switch.
Customer wasn't real happy since they'd been told how much better
everything was going to be :-(
Had a look at everything, and even found I could shave a couple of
seconds more off the login, but it still took over a minute.
Filemon and regmon only told me there was a delay, but not where. I
started to get a clue when I enabled userenv.dll debugging. Everything
was working fine until a certificate autoenrollment event happened just
about when userinit.exe kicked in. 60 seconds later userinit started up
again and login scripts etc ran to complete the login. I later found
there were also a few Autoenrollment errors (event id 15) in the event
log.
Reading up on certificate autoenrollment, an interesting part was a
description of a 60 second delay while the autoenrollment UI was
supposed to kick off for a user. Sounded kind of like what was
happening, but why? And why wasn't there a UI?
One of the things we did while finishing up the back-end servers was to
install certificate services on one of the DCs so we could generate
private certificates to enable SSL connections from the DMZ into the
internal network. We had also set our logins to run silently. Made me
wonder ....
If you follow KB310461 you can disable certificate autoenrollment. Did
that and we were back to fast logins, sub six second.
Life was wonderful again ;-)
So basically what I found is that if you install a CA into active
directory, AND you've got 2003 SP1 then it appears that certificate
autoenrollemnt is enabled by default. If you happen to have your login
scripts running sliently then you may just have bought yourself a 60
second login delay with damn little indication of what's broke.
I guess I'm adding that to my feature list for SP1.
Regards,
Rick
Ulrich Mack
Volante Systems
#####################################################################################
This e-mail, including all attachments, may be confidential or privileged.
Confidentiality or privilege is not waived or lost because this e-mail has been
sent to you in error. If you are not the intended recipient any use,
disclosure or copying of this e-mail is prohibited. If you have received it in
error please notify the sender immediately by reply e-mail and destroy all
copies of this e-mail and any attachments. All liability for direct and
indirect loss arising from this e-mail and any attachments is hereby disclaimed
to the extent permitted by law.
#####################################################################################
********************************************************
This Weeks Sponsor: Cesura, Inc.
Know about Citrix end-user slowdowns before they know.
Know the probable cause, immediately.
Know it all now with this free white paper.
http://www.cesurasolutions.com/landing/WPBCForCitrix.htm?mc=WETBCC
********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
