Issue

All installed AuthAnvil products are extremely slow to load most pages and often time out trying to log in. Client browser connections and 2FA agents experience significant delays.

Cause

If AuthAnvil is installed on Windows Server 2008, the system may not properly delete temporary files that are created when AuthAnvil performs cryptographic functions. Each time this is done, several temporary files are created in the %windir%\Temp folder. These files are not properly deleted when the CryptQueryObject function finishes its task. When the number of temporary files reaches over 65,000 the call to the CryptQueryObject function takes much longer to finish.

Note %windir% represents the path of the Windows system folder. Typically, this path is C:\Windows. See this Microsoft KB article for more details: http://support.microsoft.com/kb/931908

Resolution

To prevent the issue from happening again, first apply the Microsoft Hotfix at this link: http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=931908&kbln=en-us

1. Restart the server after applying the hotfix.
2. In order to clean out the existing temporary files run the following command from an elevated CMD prompt:

   del /q /f /s C:\Windows\Temp\tmp*.tmp

3. Try logging into any of your AuthAnvil products to verify that the problem has been resolved.

Affects

Any versions of AuthAnvil Two Factor Auth, Single Sign On, and Password Server installed on Windows Server 2008

Questions?

If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.