Slow login once MFA fulfilled

JJ-Admin 5 Reputation points
2023-05-17T11:48:38.15+00:00

Hi Team,

We have a user who has slow login times once MFA has been fulfilled. This happens on any network, home or office.

Once the user fulfills mfa, it just loads for 2 minutes before logging the user in.

User's image

This only happens on his Windows device (we haven't tested on another device).

Any idea how to troubleshoot this?

Thanks,

Jimmy

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

7 answers

Sort by: Most helpful
  1. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2023-05-17T19:32:17.3933333+00:00

    Hi @JJ-Admin , there are a few steps you can take to see what the issue is here:

    1. Check the PRT status: Open a Command Prompt window in the context of the logged-in user and run dsregcmd /status. The "SSO state" section provides the current Primary Refresh Token (PRT) status.
    2. Find the error code: Check the "Attempt Status" field under the "AzureAdPrt" field in the dsregcmd output for any error codes or issues.
    3. Review sign-in logs: Examine the Azure AD sign-in logs for any authentication-related issues or delays. You can access these logs in the Azure portal under Azure Active Directory > Monitoring > Sign-ins.
    4. Check device performance: Analyze the Windows device's performance, including CPU, memory, and disk usage, to identify any bottlenecks that could be causing the slow login times.
    5. Examine event logs: Review the Windows Event Viewer logs for any errors or warnings related to the slow login issue. Focus on the Application, Security, and System logs.
    6. Test with another device: If possible, test the user's login process on another device to determine if the issue is specific to their current Windows device.
    7. Update software: Ensure that the user's Windows device and any related software (e.g., Azure AD Connect, Azure AD PowerShell) are up-to-date with the latest patches and updates.

    Also maybe clearing the cache and cookies. Let me know if any of this helps. If not we can open a free support ticket for you.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James


  2. JoeC 0 Reputation points
    2023-06-12T14:32:51.8166667+00:00

    Recently started seeing the same with some AAD joined machines. Long time to load the SSO login screen, and then a long time to process the authentication after entering credentials. Some machines it works fine in browsers outside of Edge, other machines happens in every browser.

    Have you been able to narrow this down at all?

    0 comments No comments

  3. tadmaz 5 Reputation points
    2023-07-11T18:00:50.1733333+00:00

    Seeing the same thing. Have opened a Microsoft support call.


  4. tadmaz 5 Reputation points
    2023-08-02T16:53:35.6233333+00:00

    Had many users with this issue when the 90 day mark was hit, Outlook, Teams, OneDrive, Intune would have login prompts and each would have a 3 minute and 5 second delay after successful MFA. I reproduced the issue with Microsoft support many times, by doing "Revoke sessions" for a user. Approximately 7/17/2023, the issue has disappeared for all users.

    0 comments No comments

  5. FrancisG 0 Reputation points
    2023-08-21T12:29:16.21+00:00

    We see the same thing on our tenant. About 3 minutes to successful MFA for every products.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.