While working at a customer site with a pretty decent size Active Directory where they have implemented an Empty root structure, vCAC login through Single Sign On when using Active Directory accounts were pretty slow. It took up to 10-15 minutes at time per login attempt.
The customer had a multitiered domain in a single forest. The top domain/root domain or if you want to call it level 1 domain was empty, where all the users and where vCAC users were coming from is the level 2 domain. What was happening is when a user of the level 2 domain try to login he was facing one of the below two problems:
1- If the user does not have any group membership outside the level 2 domain, they were allowed to login, but it took quite a bit for the login attempt to complete. (10-15 minutes)
2- If the user has any group membership or any tie outside the level 2 domain, after the log on attempt, the progress bar on the log on page will stop and nothing will happen.
At first, I thought I might be short at resources on my SSO server so I boosted that up, while it speeded things a bit it was not too noticeable of improvement and I knew there was a bit more work to do.… Read More