When a Windows endpoint has a very large number of local user accounts, the Rublon Prompt may appear with a significant delay during Windows Logon or RDP sign-in.
Why Does This Happen?
This behavior is caused by Windows, not by Rublon MFA.
Our analysis showed that Windows logon performance degrades when a machine stores a very large number of local user accounts. The delay happens before the user reaches the Rublon MFA step. During that time, the user may only see the blurred Windows sign-in background with no interactive elements. After the delay, the standard Windows sign-in view is rendered, and the user can enter their password.
This also explains why the same issue persists regardless of whether the user is set to Active or Bypass in Rublon MFA: the delay affects the first sign-in factor in Windows, and is not dependent on any Rublon MFA policy decision. The Rublon Prompt appears later only because it is part of the overall Windows sign-in flow.
Microsoft documents the Interactive logon: Don’t display last signed-in policy. Windows also supports a policy to hide entry points for Fast User Switching. In our testing, enabling these Windows settings resolved the delay.
How to Fix It
Note: Before applying the registry DontDisplayLastUserName change below, note that it is not necessary on all Windows Server systems because slowdown behavior is also affected by whether the Remote Desktop Session Host role is installed. According to Microsoft, the IsActiveSessionCountLimited() function returns false on Windows Server only when the Remote Desktop Session Host role is installed. In practice, this means the DontDisplayLastUserName registry change is not necessary on servers where the Remote Desktop Session Host role is already installed. On such servers, only change HideFastUserSwitching.
On the affected Windows endpoint, open the Windows Registry and set the following value:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName = 1
In our testing environment, this change was sufficient to resolve the issue.
If the delay still occurs, also set:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\HideFastUserSwitching = 1
A reboot is not required after applying these changes.
What Do These Settings Do?
Setting DontDisplayLastUserName to 1 corresponds to the Windows security policy that tells Windows not to display the last signed-in user on the sign-in screen.
Setting HideFastUserSwitching to 1 hides the Fast User Switching entry points. This setting is relevant in a different scenario than the main sign-in delay. If a user session is still active, for example, after selecting Lock instead of Sign out, the delay does not occur because the session has not been closed. In that case, the user can normally sign back in to the existing session. However, selecting the Switch user button makes Windows load the user-switching view, which can introduce a delay on systems with many local user accounts.
Is This a Rublon MFA Issue?
No. This is a Windows local account sign-in performance issue, not a Rublon MFA issue.
The delay affects the Windows sign-in flow before the Rublon MFA step is shown. If you remove Rublon MFA, Windows will still experience the same underlying delay on systems with an unusually large number of local accounts. The fact that the fix is applied through Windows registry settings, not through Rublon MFA configuration change, is a strong indicator that the root cause is on the Windows side.
Additional Recommendation
If you need to manage very large numbers of users, using Active Directory is generally a better fit than storing thousands of local accounts on one machine.
Helpful Links
Rublon MFA for Windows Logon & RDP - Documentation
Why is the Rublon Prompt not appearing on Windows?
How to speed up Rublon Prompt loading on Windows Logon & RDP
Interactive logon: Don’t display last signed-in - Microsoft
Web Sign-In defeats the Fast User Switching policy - Microsoft
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article