Windows 7 slow boot with Sophos installed

Windows 7 boot - Please wait...

Issue

  • Windows Small Business Server 2008 domain
  • Some Windows 7 computers take over 10 minutes to boot
  • During delay Windows displays “Please Wait…” message (above) 
  • If “Verbose vs normal status messages” Group Policy is enabled, Windows displays “Applying Software Installation Policy…

Windows 7 boot - Applying computer settings... 

Troubleshooting, Cause and Resolution

There were no clues in Application, System, or Group Policy logs. After some testing I discovered that issue only occurs with Sophos Antivirus installed. Stopping on-access scanning or even disabling all Sophos services does not resolve the issue. Only completely uninstalling Sophos fixed the problem.

After more extensive troubleshooting (involving helpful Sophos technical support), I discovered that there was another component apart Sophos that must be present for the issue to occur. This component was ClientAgent.vbs startup scrip. This script is part of Windows SBS CSE Policy, which by default is not only enabled by also enforced on SBS 2008 domain.

Disabling above group policy resolved the issue. This, however, was not a satisfactory solution. Not all machines were affected and this script is part of default SBS setup and should not case such issues.

Another workaround was enabling “Run startup scripts asynchronously” Group Policy. This was better, but still not ideal solution.

Then tried to run full startup script (as run by group policy) manually, after logging on:
“C:\Windows\System32\WScript.exe” “\\domain.local\SysVol\domain.local\ClientAgent\ClientAgent.vbs” \\domain.local\SysVol\domain.local\ClientAgent\machine\sbslogon.exe SBSCSE32 \\domain.local\SysVol\domain.local\ClientAgent\machine\clientagentx86.msi X86

This failed with following error:

Windows Script Host error - Can't find script engine "VBScript"

Windows Script Host
Can’t find script engine “VBScript” for script “\domain.local\SysVol\domain.local\ClientAgent.vbs”

After some more Googling on the above error I discovered that the whole issue was caused by a leftover registry entry from old McAfee antivirus installation!
[HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32]
(Default) value was set to:
C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120629152114.dll
Changing this to C:\Windows\system32\vbscript.dll resolved all issues.

Still not entirely sure why login delay was only occurring with Sophos Antivirus installed, but I could not justify spending even more time on this after actual problem was identified and resolved.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *