A
AhmadJY
Guest
Hi all,
I have a customer complains of slow login to domain issue for Windows 10 machines, this issue started 10 days ago, the machines, random clients working with OS Windows 10 suffer the slow logon from 2 or 3 minutes to 10 and some even more.
We did the below:
1. Disabled all non-Microsoft services, same issue
2. Removed\disabled all security controls in AD servers like Symantec, Fire Eye, Microsoft ATA gateway, splunk services, etc.. same issue
3. We build new DC and force client to authenticate against that DC, same issue.
4. We connected one DC to the same switch as the client and in same vlan, same issue
5. We checked all events, logs, netlogin, etc.. in AD, no errors...
We end up logging a case with MS, they collected the logs from a client suffers from the issue and currently investigating them.
However I found one interesting thing, which is if the client has direct internet access -no proxy in browser- login is fast, in 4-6 seconds only, but if the machine has the proxy, login takes long time. I did the below tests:
So it seems the windows client is trying to connect to Microsoft online services during the login to domain at least one time, if it got successful, it will login normally, even after you remove the access to those online services IPs, the machine still login normally, but long login time behavior comes back after a while.
Would you please let us know if this behavior is normal or not? I mean we need to know the root cause for why Windows 10 client is trying to connect to Microsoft Online Services (OneDrive, Cortana, etc.) during logging to domain.
Please note that our customer cannot allow direct internet access to the user machines in their proxy, thier proxy is ZScalar.
More...
I have a customer complains of slow login to domain issue for Windows 10 machines, this issue started 10 days ago, the machines, random clients working with OS Windows 10 suffer the slow logon from 2 or 3 minutes to 10 and some even more.
We did the below:
1. Disabled all non-Microsoft services, same issue
2. Removed\disabled all security controls in AD servers like Symantec, Fire Eye, Microsoft ATA gateway, splunk services, etc.. same issue
3. We build new DC and force client to authenticate against that DC, same issue.
4. We connected one DC to the same switch as the client and in same vlan, same issue
5. We checked all events, logs, netlogin, etc.. in AD, no errors...
We end up logging a case with MS, they collected the logs from a client suffers from the issue and currently investigating them.
However I found one interesting thing, which is if the client has direct internet access -no proxy in browser- login is fast, in 4-6 seconds only, but if the machine has the proxy, login takes long time. I did the below tests:
- Once we connected the laptop to direct internet access (without proxy), the client logged in to domain in 4-6 seconds only, we noticed that the client is trying to connect to Microsoft online services (OneDrive, Cortana, etc.…); we found that by running command: netstat -ano and observing the results.
- After we did the test in point 1 above, we did the following tests: Connect back the machine to use proxy with no direct internet access, user still login normally (4-6 seconds) to the machine. We removed internet access totally (no proxy, no direct internet access) from the machine, user still login normally (4-6 seconds) to the machine.
So it seems the windows client is trying to connect to Microsoft online services during the login to domain at least one time, if it got successful, it will login normally, even after you remove the access to those online services IPs, the machine still login normally, but long login time behavior comes back after a while.
Would you please let us know if this behavior is normal or not? I mean we need to know the root cause for why Windows 10 client is trying to connect to Microsoft Online Services (OneDrive, Cortana, etc.) during logging to domain.
Please note that our customer cannot allow direct internet access to the user machines in their proxy, thier proxy is ZScalar.
More...