Recently ran into an opportunity that prevented a user from connecting into the network via VPN.
They would click login after entering her username and password and it would take up to 12 minutes before it would attempt to connect. This caused the login attempt to fail due to the secondary password changing several times since it was entered.
After researching the process with tools from SysInternals, it ended up being CScan.exe. The CScan utility was kicking off a scan after entering the credentials and was reading every key in Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages. Cleaning up the windows update files with cleanmgr.exe resolved this.