Slow SCCM Imaging with R80.20

Satdefender · ‎2019-05-30

Since we have upgraded Management and Gateways to R80.20 T101 we've had a lot of latency issues with SCCM imaging our laptops. A 13500 appliance sits between the imaging laptop and the SCCM server.

In our packet captures we can see 3 Retransmission packets before a 4th allows traffic through. This behavior happens continuously. We believe this is the cause for the laptops that took 45 mins to image to now take 3.5 hours.

The following Blades are active:

FW,VPN,IPS,App,URL,AV,AB

The FW policy allows connection to the imaging server using standard TCP and UDP ports. But the rest of the policy in other sections is using Updateable Objects (to support O365) and domain objects. I state that other information because I'm not sure if that will affect performance.

We have tried the follow actions to address the issue without success:

Rebuilt SCCM Management Point and Distro Points.

Failover to the standby cluster member

disable fwaccel

Ensured there were no drops in FW policy

created custom application risk level low

Unchecked "Block requests when web service is unavailable" in Blades - AppControl Advanced Settings

In Blades - AppControl - Website categorization mode: Background

In Blades - Threat Prevention- Website categorization mode: Background

Validated the networking is solid the whole way. The laptop images fine when the gateway isn't in the path.

CPU runs less than 10% average

All errors resolved in a zdebug + drop

I would appreciate some suggestions on where to look next.

_Vic_

Satdefender · ‎2019-05-31

So after posting this question we have come to a resolution.

SCCM uses port 80 to download its imaging files which was a fact missing from my initial post. In order to get this working I had to remove HTTP in the Blades - AppControl, Application Control Web Browsing Services. Push policy, then add it back and push policy again.

We initially thought removing it would fix the issue, but it didn't change any of the behavior. So we put it back, and then it started to work. Very strange indeed.

Another option for those that might experience this issue is to ask your SCCM administrator to image over a different port.

Good Luck.

Bryan_Cromwell · ‎2019-09-06

We are seeing the same issues you are but removing and readding http in Application Control Web Browsing Services didn't help. Assuming your SSCM imaging still working at this point which Jumbo hotfix are you running?

Jans_Nijboer

Hello we ran into the same problem as we recently updated from R77:30 to R80.20.
Imaging fat-clients and laptops became very slow and Provisioning Citrix XenApp servers (PXE booted from base image)
with applications (delivered through Microsoft SCCM) takes a lot longer than before the upgrade.
Like a specific package used to take about 10 minutes and it takes 6 hours at R80.20.
We discovered that on a newly created VLAN with XenApp server was performance as before upgrade 10 min.
We made a lot of traces and could't explaine (not a lot time between packets or error's) the difference.
disabled IPS eventualy bypass infrastructure of firewall for specific VLAN to be sure the promblem was within checkpoint.
We have still have the 77.30 view in smartdashboard so we first missed the new serverVLAN was not in AV/AB.
We also excluded the imaging/provisioning trafic to the Management Point and Distro Points.
Performance is as before upgrade.
So we pinpointed it to the AV/AB section in R80.20

We still have a ticket open with R&D for this performance isue as we had the same config on R77.30 with AV/AB and it performed ok.

Slow SCCM Imaging with R80.20

Re: Slow SCCM Imaging with R80.20

Re: Slow SCCM Imaging with R80.20

Re: Slow SCCM Imaging with R80.20