I've had users complain, and have now noticed myself, that there is a delay at login after encrypting a system. I'm building a new machine so I can benchmark, but the consensus is that the amount of time it takes from when they accept the legal agreement (happens on each login) to the time Explorer actually loads and they see a desktop is ~15-20 seconds longer than it used to be.
My next steps are reimaging a machine, timing exactly how long it takes as part of our default image, and then encrypt it, reboot a few times and make sure that SB is all comfortable and run the same test and compare the time. I'm thinking I'll probably then upgrade the client files and see if there is an improvement, and also try the same test on a system without Netware.
Environment : Windows XP SP2 Corporate Image, MS Critical and Important Patches (Optional Excluded), HP NC6400's, McAfee Endpoint Encryption 5.1.7. Novell Netware Client 4.91 SP3. On average 3-5 users assigned to each machine.
I'm curious if anyone else noticed the delay. I heard rumors that there could be some conflict with the Intel Wireless drivers, but that's not confirmed.
try it with and without SSO on - Windows XP has features which allow you to login well before the system has finished booting - that's why it's unresponsive to begin with. EEPC has to wait until more of the OS has loaded up before it can do SSO so often on a machine with lots of extraneous drivers, that can make a lot of difference.
the worst offending machines are the ones which try to load a whole bunch of unneccesary drivers because they are using a generic image which runs on multiple platforms. It just takes a lot longer to get these out of the way.
I ran a number of tests on the same system both encrypted an unencrypted. For each test I used the same stop watch and tracked the time between when I clicked "OK" to our legal notice to the time I noticed Explorer load. I didn't wait for applications to start or for the hourglass to go away, only until I saw a desktop and a start button with System Tray.
All of my online tests were over Gigabit Ethernet, wireless was always disabled. For each of these tests I logged in four consecutive times (reboot between each) and the seconds I've listed below is the average of the four times.
It's worth noting that the legal notice comes up after you've logged into the system (about 3 seconds after the logon dialog box goes away both offline and online), so the time I'm tracking is post authentication.
Client Not Installed, Unencrypted Laptop, On Network - 22 Seconds Client Installed, Unencrypted Laptop, Off Network - 8 Seconds Client Installed, Encryption in Progress, On Network - 35.75 seconds Client Installed, Encryption in Progress, Off Network - 36 seconds Client Installed, Encryption in Progress, SSO Disabled - 36.25 seconds Client Installed, Encryption in Progress, Logon Component Disabled - 44.75 seconds
So, as soon as encryption starts, loading explorer is delayed. Changing SSO didn't seem to change the time much (less than a second, in the wrong direction, we'll call it a wash), but we can see that there's an extra 14 seconds to login once the user accepts the legal notice. I'm not sure why unchecking "Endpoint Encryption Logon Component Always Active" would increase the logon time, I expected the opposite.
I disabled System Restore (odd little hunch) and that didn't improve times.
Suggestions appreciated! My next steps will be to run through the tests once Encryption hits 100%, and I'm also going to try disabling a few drivers and uninstalling some software to see what happen. Basically throwing darts at the board happy If I don't get anywhere, I'll open a ticket and let you all know how it goes from there.
I seem to recall Novell Client 4.91 SP5's release notes include a fix for slow Mcafee SafeBoot logins. Maybe time to upgrade clients? We use SB 5.1.3 with Novell 4.91 SP4 here, haven't seen the slow logins.
Sorry, meant to provide an update. Ran the same tests when encryption was complete and the delay was around ~8 seconds. This may be a case of a small user base who knew they were supposed to be looking for problems post-encryption seeing delays that weren't there. Or maybe they were there, but were fixed with one of our upgrades... who knows happy ?
Semi related to this, but does anybody know how to timeout the OK button on the legal notice and kill the logon process? Here is the scenario:
Customer has SSO enabled User logs on at PreBoot User Walks away from machine Machine sits at Legal Notice waiting for the OK to be pressed At this point anybody can come press OK and be logged in as that user I want to timeout the OK after say 2 minutes and kill the logon process.