This content has been marked as final. Show 9 replies
try it with and without SSO on - Windows XP has features which allow you to login well before the system has finished booting - that's why it's unresponsive to begin with. EEPC has to wait until more of the OS has loaded up before it can do SSO so often on a machine with lots of extraneous drivers, that can make a lot of difference.
the worst offending machines are the ones which try to load a whole bunch of unneccesary drivers because they are using a generic image which runs on multiple platforms. It just takes a lot longer to get these out of the way.
We'd noticed that in our office too, but we use SSO - thanks for the explaination Safeboot.
I ran a number of tests on the same system both encrypted an unencrypted. For each test I used the same stop watch and tracked the time between when I clicked "OK" to our legal notice to the time I noticed Explorer load. I didn't wait for applications to start or for the hourglass to go away, only until I saw a desktop and a start button with System Tray.
All of my online tests were over Gigabit Ethernet, wireless was always disabled. For each of these tests I logged in four consecutive times (reboot between each) and the seconds I've listed below is the average of the four times.
It's worth noting that the legal notice comes up after you've logged into the system (about 3 seconds after the logon dialog box goes away both offline and online), so the time I'm tracking is post authentication.
Client Not Installed, Unencrypted Laptop, On Network - 22 Seconds
Client Installed, Unencrypted Laptop, Off Network - 8 Seconds
Client Installed, Encryption in Progress, On Network - 35.75 seconds
Client Installed, Encryption in Progress, Off Network - 36 seconds
Client Installed, Encryption in Progress, SSO Disabled - 36.25 seconds
Client Installed, Encryption in Progress, Logon Component Disabled - 44.75 seconds
So, as soon as encryption starts, loading explorer is delayed. Changing SSO didn't seem to change the time much (less than a second, in the wrong direction, we'll call it a wash), but we can see that there's an extra 14 seconds to login once the user accepts the legal notice. I'm not sure why unchecking "Endpoint Encryption Logon Component Always Active" would increase the logon time, I expected the opposite.
I disabled System Restore (odd little hunch) and that didn't improve times.
Suggestions appreciated! My next steps will be to run through the tests once Encryption hits 100%, and I'm also going to try disabling a few drivers and uninstalling some software to see what happen. Basically throwing darts at the board happy If I don't get anywhere, I'll open a ticket and let you all know how it goes from there.
56 minutes left until 100% encryption...
While encryption is running, I can certainly understand it taking longer to boot. The disk usage that the encryption process has is extremely high.
I seem to recall Novell Client 4.91 SP5's release notes include a fix for slow Mcafee SafeBoot logins. Maybe time to upgrade clients? We use SB 5.1.3 with Novell 4.91 SP4 here, haven't seen the slow logins.
The fix in the release notes is about off-network logons, i'm testing this right now...
hope to have some numbers by the end of the day, or tomorrow :)
I'll let you know how i experience things... grin
Sorry, meant to provide an update. Ran the same tests when encryption was complete and the delay was around ~8 seconds. This may be a case of a small user base who knew they were supposed to be looking for problems post-encryption seeing delays that weren't there. Or maybe they were there, but were fixed with one of our upgrades... who knows happy ?
Not a real fix, still a long period when nog connected to the network...
im gonna try to find out the timeouts that the Novell Client uses, and see if i can tweak those...
Semi related to this, but does anybody know how to timeout the OK button on the legal notice and kill the logon process? Here is the scenario:
Customer has SSO enabled
User logs on at PreBoot
User Walks away from machine
Machine sits at Legal Notice waiting for the OK to be pressed
At this point anybody can come press OK and be logged in as that user
I want to timeout the OK after say 2 minutes and kill the logon process.