I'm using 1703 and 1709, while people say the LSTB ones work, multiple vmware people I've talked to suggested to stay away even though its supported.

agalliasistju,

Here is what we do now at teh hospital.  We do use Imprivata throughout.  They badge in with Prox card, Imprivata launches an app called iAccess (made by our EMR company) then the view client is launched, and then the desktop.  So the time that i am referring to is just when the desktop is launched until the time i get windows icons on the desktop.  That is the painful part.  No matter what we try the login times always exceed a minute.  There is really nothing on the windows setup that loads at all.  My login monitor times say about 30 seconds but that is not what i see when we login.  Is usually about double what the login monitor says.  I understand that GPO's will play a role in that but we need to get that as close to 30 seconds as possible.   Not sure how to accomplish that.  Thanks for the reply

Are the clients essentially waiting for a login to the physical client, and then additionally waiting for a login to the Windows VM?

Our people required an 8 second login.  So to realistically accomplish that we do what I referred to, using a Wyse thin client auto launching View and logging in with a generic account.  Essentially when an end user walks up to a workstation they tap the badge and Windows unlocks for them to the VM desktop.  🙂 Like I said initially could be a big architecture discussion.  Maybe you should consider allowing the VMs to roam with the end-user so they aren't waiting for the VM to login each time (Just the first time after they start their shift).  I know sometimes it's not feasible for EMRs to "roam" to a new location without being closed and reopened from scratch, so that might not work either.

sjesse,

I have not tried this optimization article but am going to give it a whirl.  The issue i have so far is with the ISO file.  On my Volume License Portal i have a lot of options for iISO's but mine don't quite launch the way it does in the KB.  Mine doesn't let me chose the OS since it's already there.  Here is the name of the iso..SW_DVD5_WIN_ENT_LTSB_2016_64BIT_English_MLF_X21-07421.ISO.  This is 2016 Windows 10 LTSB Enterprise.  All my VDI masters are currently using this ISO so i'm curious if this is going to make a difference going thru these steps if the ISO isn;t the same.  There seems to be a few differences.  Any help with the correct iso would be great.  Thanks for the reply.

Perry

If you use a mandatory profile and run into issues with the start menu, try not using it. I just found that 1703 can't use a mandatory profile because of how the permissions work, but it looks like it works correctly in 1709.

I only have access to Version 1607 LTSB which is on the compatibility list.  Ran thru the entire setup and did my fist test image and it still takes 45 seconds to get to a desktop. Strange thing in the Login Monitor log, says it took 15 seconds for the GPO's and there is only one policy and that is UEM.  Nothing is really enables in UEM at this point so not sure why it takes 15 seconds.  Total time say 60 seconds.  Is the master better off being joined to the domain or not??  At this point it is NOT.  Still going to look through logs to see what i can but it doesn't look promising.  Any comments are welcome.  Thanks.

Perry

I don't join the parent to the domain, for us it makes it easier. Try disabling the logon monitor service and disabling the startup tool. Its weird that monitoring tool adds to the logon time from what I've seen. Add or edit this key below, it will make the desktop appear quicker, and you can see how long that vlm_helper command runs. I took a look at the fling where that started, I think it later versions they are going to disable this by default and you can enable it if you need it.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

"DelayedDesktopSwitchTimeout"=dword:00000002

What I've done  before too is enable this

https://support.microsoft.com/en-us/help/325376/how-to-enable-verbose-startup-shutdown-logon-and-log...

Instead of saying welcome to windows and preparing desktop, it says what services are starting and exactly what is going on. I'm probably going to add this to mine again, I did this in the past and saw in windows 2012 r2 it was hanging on the UEM service for some reason. You can see if when UEM starts if it just sits there for some reason, and that may help really pinpoint

Followed your last couple posts.  Seems like there are a couple places it hangs.  One is GPO's and the other is UEM.  The VMlogin monitor hangs at the very end as well.  Probably adds about 5 seconds to it. The Login Monitor service is disabled yet this still runs.  Any thoughts?

I use noad mode,  it was originally to be able to handle a second domain that we have limited access to, but not having the GPOs load on logon help.

Its in the userinit registry key

VMware Knowledge Base

Just be aware on agent updates it will probably come back.

Are you currently using NOAD mode for both domains??  What are your thoughts on Time savings??  I appreciate all the feedback!!

The Horizon environment is entirely in one domain, with the exception of a few security groups, and those are just for app volumes. We have a two way forest trust setup, and any gpos are throughly vetted, but I currently don't have any. Everything is done within UEM, and every logon monitoring I do has gpo time at 1 second or below. The only logon script per say is based on the users profile that gives the helpdesk phone number and maps drives. Thats why I found that delayed desktop switch registry key, before that was being hidden it was showing up right before the vlmn key. I can't remember what our times where before, but they are definatly better. At one point we had 90-120 seconds, but now we average 20 seconds with the longest 80 seconds. The 80 seconds are large profiles being imported. Our savings were a mixture of optimizing appstacks, removing gpos, and trying to optimize the parent images as much as possible.

I just made another parent image from scratch using 1703 and what we've talked about, and without appvolumes I am geting to the desktop in 30 seconds, including a 5-7 second logon script I mentioned before. The key I noticed is if you don't use a mandatory profile, the logon times are over a minute, at least how I'm building the image