60 second logoff with Terminal Services

I have a problem that is driving me crazy.  I have worked extensively on this with Microsoft, Symantec, and through independent research with no resolutions.  I have consulted with Brian Madden as well as Thomas Koetzing with no solutions yet.  These servers have the latest and greatest of all Microsoft updates as well as Symantec Endpoint Protection.  Here is the scenario:

1.  If I RDP to a particular system I have across the WAN and choose to cancel the connection once the login screen is up...it takes right at 60 seconds to close out.  It works the same if I do it from their
internal LAN.  I normally do this from Vista Enterprise SP1, but have tried from every other Microsoft
operating system before Vista.  Same results.

2.  If I login to the same system and logoff, it takes the same amount of time as #1.

3.  In either #1 or #2, there is a system process under the same session id allocated for the connection
for winlogon.exe and csrss.exe that remain.

4.  If watching with TSADMIN, after logoff the user account gets logged off and all processes under
the users context are terminated properly.  The only two that remain are mentioned in #3.

Here is more information:

1.  This is a one server environment from a customer with 4 facilities.  Three of the facilities had the same issue of this 60 second logoff time.

     Here are some of the weird things:
        1.  Server one was Windows 2000 with Symantec Endpoint Protection.  The fix to this one was
         installing WMSoftware's Shutdown Plus.  It took the logoff time from 60 seconds to about 3
         seconds.  Symantec's MR2 for SEP11 did not fix this one's 60 second logoff issue.  As an
         addendum, this box had Terminal Services in application mode.

         2.  Server two never had an issue before or after Shutdown Plus or SEP11.  It is Windows 2003,
         with Terminal Services in Remote Administration mode.  It logs off in 2-3 seconds.

         3.  Server three had the same issue, but was resolved after installing MR2 for SEP11.  Shutdown
         Plus was installed afterwards, but I definitely know the MR2 fixed the issue on that server.

        4.  That brings me to the problem server.  Windows 2003 same config as #3, #2 - all updates,
        SEP11 MR2, Shutdown Plus.  60 seconds to logoff.  

       It does not matter what user account I use and does not seem to matter if I even logon.  If I just
       launch an RDP session to this server and cancel from the login screen, I get the same results.

       No Citrix involved

       I have tried the UPHC service from Microsoft - no luck
       I have used Process monitor, Process Explorer and Autoruns - no luck
       I have tried not enrolling certificates automatically - no luck
       I have tried the latest hotfixes from Microsoft that replace winlogon.exe and csrss.exe - no luck
       I have worked with 6 Microsoft engineers and 3 Symantec - no luck
       I have googled and read about every article I can find with different things to try - no luck

       I am thinking about reapplying Service Pack 2 or possibly running an sfc /purgecache and then sfc
       /scannow and seeing if it puts back any files.

        Not that it is a surprise, but Microsoft and Symantec support have been useless.  I might as well
        have asked my 4 year old for assistance.

       I have really spent a great deal of time and research on this and will be surprised if anyone can come
       up with something I have not tried.  Anyone's help is appreciated.

      Thanks,

       Jody Meadows MCSE NT4/W2K/W2K3, CCA, CCEA
       jmeadows@dom-sys.com
       Computer Systems Engineer
       Dominion Systems LLC
       www.dom-sys.com
      Start Free Trial