Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Windows 7 long login times

This thread has been viewed 1 times

  • 1.  Windows 7 long login times

    Posted Jul 10, 2015 04:49 PM

    Hi,

     

    I have been testing using enforce machine auth vs disabling enforce machine auth.  The login times vary from 30 seconds to 1 minute.  Probably stupid question, but is this by design?  On our wired network we just have comp auth.  The wireless is using computer or user auth.  When at the Ctrl+alt+delete screen, the computer does authenticate from the radius server.

     

     



  • 2.  RE: Windows 7 long login times

    EMPLOYEE
    Posted Jul 10, 2015 04:50 PM

    Few questions:

     

    • EAP-TLS or EAP-PEAP/MSCHAPv2 ?
    • Are you using ClearPass?
    • Are you restricting access in your machine authentication role?


  • 3.  RE: Windows 7 long login times

    Posted Jul 10, 2015 05:01 PM

    EAP-PEAP/MSCHAPv2

    No, we do not have clearpass

     

    We have a domain-computer role which includes logon-control (dns, dhcp, icmp) and (allow domain controller) policy which gives full access to the domain controllers.



  • 4.  RE: Windows 7 long login times

    Posted Jul 10, 2015 05:03 PM

    Ok, you had me think.  I added allowall to the domain-computer policy -- and that did the trick.  Now only took 5 seconds compared to 1min 18 seconds.



  • 5.  RE: Windows 7 long login times
    Best Answer

    EMPLOYEE
    Posted Jul 10, 2015 05:04 PM

    Generally slow logon times mean something is being blocked.

     

    Just to test, can you change that role to have an allowall and see if it speeds up?

     

    If so, remove the allowall and then use the "show datapath session table <client-ip> | include D" command to see what is being blocked during the logon process.