[THIN] Re: Slow login with Windows Server 2003 SP1

• From: "M" <mathras@xxxxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Wed, 12 Oct 2005 23:14:30 +0100

Thanks for that info Rick.

One quick question .. "With local flex profiles and a bit of fairly neat
scripting we had login times down to sub 10 seconds."
How are you deleting local profiles off the box when users log off  ?

Regards

----- Original Message ----- 
From: "Rick Mack" <Rick.Mack@xxxxxxxxxxxxxx>
To: <thin@xxxxxxxxxxxxx>
Sent: Tuesday, October 11, 2005 12:49 PM
Subject: [THIN] Re: Slow login with Windows Server 2003 SP1


Hi People,

Had a bit of fun on a customer site.

Win2k XP FR3 to 2003 PS4 upgrade, upgraded all the front and back end
servers with new faster hardware, all gigabit, CSG MSAM, all the latest
hotfixes, the works. With local flex profiles and a bit of fairly neat
scripting we had login times down to sub 10 seconds.

Then while we were finishing up the back end stuff, login times suddenly
went dead slow and took over a minute. The Citrix Client connection
status screen stayed frozen on "restoring network drives" for about a
minute. RDP connections just showed a blue, blank screen for what seemed
like forever, but was a bit over a minute. This happened for ICA or RDP
connections, but not on the console, or if the RDP client used the
/console switch.

Customer wasn't real happy since they'd been told how much better
everything was going to be :-(

Had a look at everything, and even found I could shave a couple of
seconds more off the login, but it still took over a minute.

Filemon and regmon only told me there was a delay, but not where. I
started to get a clue when I enabled userenv.dll debugging. Everything
was working fine until a certificate autoenrollment event happened just
about when userinit.exe kicked in. 60 seconds later userinit started up
again and login scripts etc ran to complete the login. I later found
there were also a few Autoenrollment errors (event id 15) in the event
log.

Reading up on certificate autoenrollment, an interesting part was a
description of a 60 second delay while the autoenrollment UI was
supposed to kick off for a user. Sounded kind of like what was
happening, but why? And why wasn't there a UI?

One of the things we did while finishing up the back-end servers was to
install certificate services on one of the DCs so we could generate
private certificates to enable SSL connections from the DMZ into the
internal network. We had also set our logins to run silently. Made me
wonder ....

If you follow KB310461 you can disable certificate autoenrollment. Did
that and we were back to fast logins, sub six second.

Life was wonderful again ;-)

So basically what I found is that if you install a CA into active
directory, AND you've got 2003 SP1 then it appears that certificate
autoenrollemnt is enabled by default. If you happen to have your login
scripts running sliently then you may just have bought yourself a 60
second login delay with damn little indication of what's broke.

I guess I'm adding that to my feature list for SP1.

Regards,

Rick

Ulrich Mack
Volante Systems
############################################################################
#########
This e-mail, including all attachments, may be confidential or privileged.
Confidentiality or privilege is not waived or lost because this e-mail has
been sent to you in error.  If you are not the intended recipient any use,
disclosure or copying of this e-mail is prohibited.  If you have received it
in error please notify the sender immediately by reply e-mail and destroy
all copies of this e-mail and any attachments.  All liability for direct and
indirect loss arising from this e-mail and any attachments is hereby
disclaimed to the extent permitted by law.
############################################################################
#########
********************************************************
This Weeks Sponsor: Cesura, Inc.
Know about Citrix end-user slowdowns before they know.
Know the probable cause, immediately.
Know it all now with this free white paper.
http://www.cesurasolutions.com/landing/WPBCForCitrix.htm?mc=TBCC
********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm



********************************************************
This Weeks Sponsor: Cesura, Inc.
Know about Citrix end-user slowdowns before they know.
Know the probable cause, immediately.
Know it all now with this free white paper.
http://www.cesurasolutions.com/landing/WPBCForCitrix.htm?mc=WETBCC
******************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

• References:
  • [THIN] Re: Slow login with Windows Server 2003 SP1
    • From: Rick Mack

Other related posts:

• » [THIN] Re: Slow login with Windows Server 2003 SP1
• » [THIN] Re: Slow login with Windows Server 2003 SP1
• » [THIN] Re: Slow login with Windows Server 2003 SP1
• » [THIN] Re: Slow login with Windows Server 2003 SP1
• » [THIN] Re: Slow login with Windows Server 2003 SP1

1. Home
2. thin
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---