Slow login issue after PIN setup when windows hello for business is enabled.

Question

Hi,

I have deployed and configured Windows Hello for Business -On Premises Certificate Trust for one customer on their Internal Only Network.
.
The infrastructure details are as follows:

1. AD 2016 Domain Controllers.
2. AD schema is Windows Server 2016.
3. AD CS with windows server 2016.
4. 2 x Windows Server 2019 AD FS with Certificate Authentication as MFA. Certificate used for ADFS is issued from Internal CA.
5. Windows 10 1803 or above clients.

The Pilot users is able to setup the PIN and is able to login with the PIN when enabled for WHFB. All the Pilot users when login using PIN gets a delays for about 30 to 60 seconds as compared to normal password login which is approximately 3 to 4 seconds.

Please note that we are using Internal PKI Certificate as an additional Authentication method as MFA with ADFS.

Need guidance to troubleshoot the slow PIN login issues or is this the expected behavior?

Answer 1

Hi,
For the slow logon issue, i would suggest you use the sbsl tool for more research.
https://social.technet.microsoft.com/wiki/contents/articles/10128.tools-for-troubleshooting-slow-boots-and-slow-logons-sbsl.aspx

Best Regards,

Answer 2

Probably unrelated but the same issue had happend on my personal tablet device (Windows Home) after upgrade from Windows 8.1 to 10. Unlocking by PIN took at least 20 seconds. I had to perform TPM clear to resolve it.