Login of AD SSO Users Is Delayed

This section describes how to troubleshoot the issue that user login to the FW is delayed in a scenario where the AD SSO service program works in PC message receiving mode.

Symptom

An enterprise has deployed the FW as a gateway that connects the intranet to the Internet.

AD authentication has been deployed on the intranet. The AD server stores user information. Users who have logged in to the AD domain using domain accounts and passwords can access intranet resources without re-authentication.

On live networks, the login of intranet logged in users is delayed on the FW.

Possible Causes

If the user PC runs Windows8.1 or Windows Server 2012 R2 or higher, a 5-minute login delay exists by default before the login script is run.

Fault Diagnosis

Disable the login script delay on the PC.

Procedure

Right-click Start, choose Run and enter gpedit.msc to open Local Group Policy Editor.
Choose Computer Configuration > Administrative Templates > System > Group Policy > Configure Logon Script Delay.
Select Disabled.