اطلاعیه

بستن
هنوز اطلاعیه ای در دست نیست.

So you have a slow logon

بستن
این موضوع بسته شده است.
X
X
 
  • فیلتر کردن
  • زمان
  • نمایش
Clear All
پست های جدید

    So you have a slow logon

    کد:
    http://blogs.technet.com/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-1.aspx
    PART-1


    Hi, Bob Drake here again after a short blogging hiatus. I have put this two-part blog post together with hope that it will save you countless hours and a few aspirin when troubleshooting a slow logon. I have had the luxury of working many different slow logon cases and I have to say that these can be the most grueling to handle, depending on how they are approached and what information you have. There are multiple reasons why slow logons can occur and sometimes they are a result of multiple issues masked as one.

    For this first part in the series I want to cover some well-known causes of slow logons, optimizing logon for your environment, and assist you with documenting your baseline to identify when you really have a slow logon issue. But before I do we need to set some expectations.

    The “logon process” (I use this term to encompass both the boot up of the workstation and the user login that is completed with a functioning desktop) has a lot of moving parts. The most important question to address is “What is an acceptable logon time to you?” If you have expectations that your logon should only take 3-5 minutes from the time you turn your computer on to the point you get your desktop, you will have a brief window to perform all tasks. Your business requirements will dictate what you will be able to accomplish during the logon, so a thorough understanding of your goals is needed before moving forward.

    Once you have your logon task list, then you can start testing the logon time frame. If all is configured and you are over your accepted limit, then an adjustment will need to be made by either limiting your tasks or accepting the lengthier time. There is a saturation point that will be reached when you try to accomplish too much in too little time.

    So you want to know what the top items are that will definitely slow your logon process? Here’s a list of configurations that will have an impact on your logon time:
    • Outdated drivers: Your network interface card (NIC) should use the latest drivers installed.
    • Outdated operating system (OS) patch level: Your operating system should have the latest service pack installed from windows update
    • Roaming user profiles: Roaming profiles change the way group policy processing is performed. When roaming profiles are configured the processing is changed from “asynchronous” (background processing or multiple at a time) to “synchronous” (foreground processing or one at a time). This disables “Fast logon Optimization” which will delay the user getting the desktop by waiting for the network to initialize first.
    Note: This is really important to understand that when roaming profiles are implemented, group policy software installations and folder redirection requires that the user is NOT logged on before the network is initialized and processes policy synchronously- ONE AT A TIME. This is the default behavior and changing it could cause inconsistencies with your logon.
    • Home folders: This could impact your logon times because instead of looking at a local location for system DLL’s, the client machine will look for them in the home folder instead. If that mapped network share is across a wide area network (WAN) link that is slow you can bet that your logon time is going to suffer even more.
    Note: If home folders are needed with roaming profiles there is a registry key tweak (SafeDllSearchMode) that can be added that will change the behavior. If you’re not sure that this is an issue in your environment, take a network trace at logon and see if DLL’s are being queried across the network to the home folder. There is also another tweak on the same page (StartRunNoHOMEPATH) that will assist with applications doing this behavior.
    • Start up applications: Applications that are configured to automatically run during startup will slow the logon down.
    • Profile scanning: There are many antivirus software applications that will scan profiles at login and at their home location if they are roaming. This is not limited to just antivirus software but other applications will as well. (In the troubleshooting section we will review how to discover if this is happening)
    • Excessive group policies: Having a ton of group policies that perform extensive tasks or configurations (like software restrictions) will increase your logon time. A few policies that accomplish everything are better than many policies that do a handful of things each. If possible consolidate your group policies.
    • Excessive startup/logon scripts: Scripts that run at logon or start up can delay the process significantly if they perform a lot of tasks or use inefficient code
    • Excessive WMI filters: Having excessive WMI filters can slow group policy processing
    • No local domain controllers: Not having local domain controllers (users authenticating across a wide area network-WAN) will cause a logon delay

    Before we get into troubleshooting a slow login we need to first identify what is a slow login and where is it slow. To be able to say a logon or boot up is slow you must know what a normal logon or boot time looks like in YOUR environment. With the above expectations the next step is to document the time a logon takes under normal conditions and under load (morning and afternoon rush hours). This should be done with all the different operating system builds in your environment (desktops, laptops, servers, XP, Vista, Win 7, 2003, 2008, 2008 R2) to have a standard baseline to work with.

    Here is a short starter list of things to include in your baseline documentation:
    • Network topology
    • Active Directory Topology
    • User and computer group membership
    • Operating system and service pack level
    • Installed applications
    • Network bandwidth and latency )
    • NIC driver information
    • “UserEnv” log (from several users who are members of different security groups) from XP or 2003, and ETL logs from Vista, 2008 and Win7
    • Network traces
    • Group Policy information (both computer and user)

    Once you have a solid baseline of average times, then you will know right away when logon times increase and where to narrow your search for the culprit. With the above documentation in hand the issue will be resolved much quicker. Without the documentation you’re setting yourself up for hours of agony and a costly resolution.

    Be sure to check out the next part in the series on slow logon where we actually get into the troubleshooting steps.

    See you then…..


    - Bob “My idea of a short hiatus is 18 months” Drake
    آخرین ویرایش توسط patris_70; در تاریخ/ساعت 2010/11/05, 03:37 AM.
    داخل انجمن سوال کنید تا دیگران هم اگر مشکل شما را دارند یا برایشان در آینده پیش بیاید استفاده کنند. پیغام خصوصی برای جواب دادن به سوال نیست.

    #2
    کد:
    http://blogs.technet.com/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-2.aspx
    PART-2


    Bob Drake again and welcome back for the second part of the slow logon series. In this next part I want to dive into some simple troubleshooting techniques to assist you in isolating the cause of your slow logon.

    To dissect where it is slow is not that difficult to tackle….
    • Is it slow from when you hit the power button to the point where you get to the login screen?
    • Is it quick to get to the login screen but then hangs for a while to get to the desktop?
    • Is it all users, and not administrators?
    • All the above

    Troubleshooting will be dictated by the answers to those questions. We will start off with a slow boot that occurs when the power button is hit and it takes forever to get to the logon screen (even though a slow boot is NOT a slow logon). If the slowness occurs when the machine first boots up before you get to the login splash screen, then typically there is either an issue with the core OS, the applications installed, or a combination of both. A great place to start troubleshooting is to enable verbose startup, shutdown, logon and logoff messages (providing the operating system is XP or higher) according to KB 325376. With this enabled you will receive additional information during the boot/login process:

    Policy location (XP and 2003)




    View of additional messages (XP and 2003)








    Policy location (Windows 7, Windows 2008)




    View of additional messages (Windows 7, Windows 2008)














    The first thing that should be determined is if the delay happens when the machine is “clean booted (Windows XP/2003)(Vista/2008/Win7)”. With MSCONFIG you can selectively disable all third party services and applications from loading. Now before the bashing begins here about the necessity of the applications that are on the machine, this step is quite essential to know if the OS is the issue or the applications that are installed on the OS. Here is how it’s done:
    1. Click Start then Run and type “MSCONFIG”

    2. Select the “Services” tab as displayed and check the “Hide all Microsoft Services” and click “Disable All”.

    NOTE:
    When you “Hide all Microsoft Services” you will see the applications that are installed on the system. Often times there are applications that are crucial to the boot/logon process (like drive encryption software) which will cause the machine even more problems. You will need to review the applications and disable what you can (more the better).

    Select the “Startup” tab and click “Disable All” once again. If you find disabling all the third party applications causes a bigger issue you can press F8 at startup and select “Last Known Good” or “Safe mode” to back out the changes to “msconfig”.

    3. Once the third party services are disabled you will need to reboot (a window will appear stating you need to reboot. Once the machine comes back up another window will appear when you logon, just click “OK”).

    4. Test and see if the boot time is the same or not.

    When you disabled the third party services did the computer boot and logon faster or normally? If the answer is yes then you have a conflicting piece of software on the machine that is causing the delay. To find out which one can be a little more laborious but the quickest way will be to enable half the services (making sure to list which ones you are enabling) and see if the delay comes back. If not, repeat process by enabling half of the other services you haven’t tried yet until you get issue to return. Once you identify which one it is, try updating that application or components. You may also take a quicker approach if you believe that one particular application is the issue (due to a recent install) and simply disable that one only for confirmation. You will have to reboot several times during this process to be confident that you have discovered the cause. When you believe you have discovered the application causing the delay, re-enable it and see if the delay comes back just to be sure.

    Once you identify the application with the issue call the vendor and explain why it has been pinpointed as the issue and seek guidance from them. Often times there are updates or hotfixes that will resolve the conflict.
    NOTE: Some antivirus applications will still load filter level drivers even though their services are disabled from starting with MSCONFIG. The only way to truly rule out antivirus as a possible contributor to a slow logon is to uninstall it during the test.
    So it’s still slow!?!

    If the boot up is still slow check your client DNS configuration. DNS servers along with other hardware (like switches, routers) could also be the source of the problem. If you find that one section of your network is having the issue but other portions don’t, there is a good chance that you may have some network issues. A good way to determine network and DNS type issues is to take a network trace using a packet capture application like Netmon . The hard thing to do is capture a trace when the machine is starting up. This can be accomplished by monitoring the computer with another computer that is plugged in to the same hub or switch (port mirroring). You enable the network capture utility from one and filter for the other’s IP address.

    Things to look for in the traces are the following:
    • Valid DNS responses (does the query response match what was queried for?)
    • Delayed or unanswered responses (both from the DNS servers to domain controllers)
    • Kerberos failures
    • SMB failures
    • Numerous TCP resets or retransmits
    • A specific Domain Controller consistently used when the issue happens (possible issue with the Domain Controller itself)

    If there are any network related issues you should see them stand out without having to be a master at reading traces.

    If you have disabled all the third party software using the above method and still find that you have a lengthy boot process, then the next step is to look at what policies are being applied to the machine. A great place to start troubleshooting group policies is the technical reference.

    In most environments there will be numerous policies applied, so how do you rule them out as being an issue? The quickest method is to create a new “TEST” organization unit (OU) in the Active Directory Users and Computers snap-in and block policy inheritance to the OU. Once this is done, you can move the problem computer to that OU. Verify that there are no policies being “enforced” or set to “no override”. If there are polices with those settings, they will still be applied to an OU where policy inheritance is blocked.

    Before you move the computer you should run the following command to find out exactly what group policy objects are linked to it:



    When you open the “gp.txt” you can view the policies as shown:




    You can see that the only policies that are applied to the machine are the “Default Domain Policy” and “Local Group Policy” (The above snip was shortened here to show user and computer).

    Once you have the policies identified you can move forward with creating the test OU. Here is a step by step on creating the OU and blocking the inheritance:
    1. Create a “Test” OU and move the computer account to it.

    2. Open the Group Policy Management Console and block inheritance to the TEST OU.

    Note: You will know that you are blocking inheritance when the OU icon has a blue exclamation as seen:

    3. Once you have inheritance blocked and the computer moved to the OU, reboot the computer at least two times to clear the previously set policies.
    There are times where you cannot remove all policies if they are enforced. At least you will have a short subset of policies at this time. Time to test again…

    If the computer boots fast now then you have a group policy (or combination of policies) that ARE causing the delay. To find which policy is causing the issue you will need to link them one at a time rebooting in between and monitor when the delay occurs again. This is done by selecting the “Link an Existing GPO” as seen in above picture. Once you have the policy identified a thorough audit should be done to determine which setting in the policy is causing the delay.

    So it’s still slow…!?!


    If you have gone through the above steps and were not able to find why the boot up is slow and you were not able to disable all software or policies then the next step to do is enable debug logging. There are a few ways to enable logging depending on which operating system you are using.

    For 2000, XP, 2003 you can enable logging by following the article: “How to enable user environment debug logging in retail builds of Windows “How to enable user environment debug logging in retail builds of Windows. Lucky for me one of my co-workers has already written a blog on how to interpret the output (find more in his two part section: Section 1 Section 2). For Vista, 2008 and Windows 7 Microsoft has changed the debug logging format to what is called “Event Tracing”. Basically the data output is the same as the output from the above KB article once it is converted from the binary output. You will need Microsoft’s assistance with converting these files since they contain source code (to view the policy portion without the profile use gpsvcdebug logging).

    Another great tool to use is “Autoruns”. This utility will show you programs that are configured to run during system start or during login. One of the best features of this tool is the “Hide Microsoft Entries”:



    It also allows you to select the autoruns per user as seen:



    Autoruns may also find items not normally seen with other applications.

    To wrap it up, most of the time a slow boot or slow logon happens there is a conflict with an application, restrictive group policy or configuration issue. With the above troubleshooting and a little homework you will be able to identify where and why you have a slow logon and be able to resolve it in minimal time.




    - Bob ‘Quasi-Manager’ Drake

    آخرین ویرایش توسط patris_70; در تاریخ/ساعت 2010/11/05, 03:40 AM.
    داخل انجمن سوال کنید تا دیگران هم اگر مشکل شما را دارند یا برایشان در آینده پیش بیاید استفاده کنند. پیغام خصوصی برای جواب دادن به سوال نیست.

    کامنت

    در حال انجام ...
    X