×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Secure Desktop works great on some Windows instalations, but not on others

Unanswered Question
Apr 12th, 2006
User Badges:

Hello guys,


We did a pilot implementation of WebVPN with Cisco Secure Desktop. I believe Clientless WebVPN + Secure Desktop combo is great (think Internet Kiosks). Anyway, we found out that CSD works very-veeeeery slow on some workstations (unusuable).

This doesn't seem to be hardware-dependent, because on the very same laptop, with two windows installations on different partitions it works fine with one, but not with the other. The one that works has Windows XP with no service pack, only video driver and java installed. The one that doesn't work has Windows XP SP2 and various other software installed.

To summarize, after testing on various machines I found out that it works on:

- my laptop, fresh Win XP installation, no service pack

- windows 2000 server (IPCC server)

- one of my colleague's laptop (Windows XP SP2 with various other software installed)


It doesn't work (CSD works so slow that it's unusuable, CPU rises up to 99% when doing anything - opening browser window etc.) on:

- my laptop (Windows XP SP2)

- my home computer (Win XP SP2)

- lab laptop (Windows 2000, fresh installation, no other software installed)

- two of my colleagues' laptops (Windows XP SP2 with various other software installed)


The webvpn gateway is a Cisco 2801, with 12.4(6)T software, and CSD / SVC are the latest version (3.1.1.27 / 1.1.0.154).


Any ideas?


Thanks!



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (3 ratings)
Loading.
globalnettech Wed, 04/12/2006 - 23:27
User Badges:
  • Silver, 250 points or more

Hello,


I had a similar issue a few months ago, where the problem turned out to be the fact that installing SP2 limits your TCP connection attempts to 10 (whereas there wasn't any limit in SP1). Microsoft supposedly did this as a security measure.


There is a patch available which lets you increase the number of connection attempts, you might want to give that a try:


Running EvID4226Patch212 has increased the connection attempts to 50. If 50 is not enough then run EvID4226Patch212 using the /L=limit switch. Replace "limit" with any value from 10 to 16777214.


I you wanted to make the number of connection attempts unlimited just like SP1 then run the utility like this:


EvID4226Patch.exe /L=16777214


For a listing of program switches and their usage run it like this:


EvID4226Patch.exe /?


You can downoad the patch here:


http://www.lvllord.de/?lang=en&url=downloads&PHPSESSID=1adeed3306d1c923aef0ed30a76814fc


If that doesn´t work, post your external email address, and I´ll send you the file.


Regards,


GNT

angeldustine Thu, 04/13/2006 - 05:10
User Badges:

Hi GNT,


Thanks for your reply. I have tryed the patch, but it didn't change how Secure Desktop behaves. Besides, I tested CSD on an unpatched Win XP SP2 workstation, and it worked fine. I don't think it has to do with anything related to networking. Opening a browser windows causes the CPU to rise up to 99 percent, but so does opening "My Computer" or "My Documents", or Notepad...


Thanks again! Any other ideas?

angeldustine Mon, 04/17/2006 - 04:02
User Badges:

Thanks, GNT. Actually, I found out what the culprit was before reading you reply.


Here goes: it's JRE 1.5.0 Update 6.


So, if you want Secure Desktop to work, then you must use any other JRE version on the guest computer. It doesn't work by simply downgrading, you must actually use a computer account that has never even tryed to load Secure Desktop while JRE 1.5.0_6 was installed.

If you have JRE 1.5.0_6 installed, and try to load Secure Desktop, then uninstall JRE and install JRE 1.5.0_5 or earlier, it still doesn't work right if you use the same computer account as before; the simptoms are the same as in my earlier posts. But if you create a new account, and use it to load Secure Desktop, it works.


Maybe Cisco already knows about this, and I hope a fix will be available in the next CSD release. CSD should not depend on the JRE version...


I'm glad I finally got it. :) Cheers everyone.

Actions

This Discussion