none
slow logon on windows xp sp3 in domain

    Question

  • Hi

    I have about 7,000 Win XPsp3 stations in a corporate domain.

    Users experience a very slow logon of 8-12 minutes.

    I noticed that after the user is typing his credentials, the GINA is waiting for something for aboout 60 seconds.

    what is the best way to debug this?

    userenv.log doesnt show something decisive.

    thanks, 

    TH

    Sunday, February 12, 2012 3:54 PM

All replies

  • Dude, the best way to debug a problem like this would be to use the "Sysinternals Suite" and use the Process Monitor tool (procmon) within this you can trace the next boot, this will show you what is happening all under the hood, so you will be able to trace the slowness from the timestamp records, then see the previous event to that event and see what is causing the problem.  Hope this all makes sense!
    Monday, February 13, 2012 9:37 AM
  • I forgot about procmon.

    I will give this a try.

    thanks

    Monday, February 13, 2012 10:46 AM
  • No worries....when in doubt....PROCMON it! Options - Enable Boot Logging

    If you know its GINA thats waiting for something filter on that, look whats happening just before it, and then you should catch the suspect...remember to filter out all the things you dont need. Helping to find the needle in the hay stack :)


    (Please vote if helpful)
    • Edited by adamgovuk Monday, February 13, 2012 9:43 PM
    Monday, February 13, 2012 9:35 PM
  • hi,

    Here's a link to Mark Russinovich's blog which will surely help:

    The Case of the Slow Logons: http://blogs.technet.com/b/markrussinovich/archive/2010/01/13/3305263.aspx

    On a side note, if you have logon scripts you should look into these as well as they are a very common cause for slow logons

    hope this helps and please let us know how this develops


    David

    Monday, February 13, 2012 11:03 PM
  • Hi adamgovuk and David and thanks for your reply

    today I managed to get the procmon boot log.

    it collected over 9GB of data!

    I must say Im a bit frustrated due to the size of the data.

    will let you know whats I found in a year or two :-(

    th

    Tuesday, February 14, 2012 10:35 PM
  • Man exclude what you don't need...as in success items, things you are not interested in.  Look at the timeline on your left, and look for the big jumps of time data, then inspect what was happening just before that! Come on man plenty of useful info supplied and no votes :(


    Remember to vote if useful info has been supplied

    Sunday, February 19, 2012 10:24 PM
  • Hi  adamgovuk

    sorry for the voting matter...

    I couldnt yet find something in procmon log. meanwhile I noticed that right after I enter credentials, it takes about 30-40 seconds for logon to occure, so I looked at userenv.log.

    at the first line I isolated, I can see a gap of 25 seconds. any idea what this mean?

    USERENV(250.88c) 16:27:03:415 IsSyncForegroundPolicyRefresh: Synchronous, Reason: policy set to SYNC
    USERENV(d1c.974) 16:27:28:978 LibMain: Process Name:  C:\WINXP\system32\mpnotify.exe
    USERENV(250.254) 16:27:29:009 LoadUserProfile: Yes, we can impersonate the user. Running as self
    USERENV(250.254) 16:27:29:009 =========================================================
    USERENV(250.254) 16:27:29:009 LoadUserProfile: Entering, hToken = <0xabc>, lpProfileInfo = 0x6e3e0
    USERENV(250.254) 16:27:29:009 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
    USERENV(250.254) 16:27:29:009 LoadUserProfile: lpProfileInfo->lpUserName = <ld093000>
    USERENV(250.254) 16:27:29:009 LoadUserProfile: NULL central profile path
    USERENV(250.254) 16:27:29:009 LoadUserProfile: lpProfileInfo->lpDefaultPath = <\\dcserver\netlogon\Default User>
    USERENV(250.254) 16:27:29:009 LoadUserProfile: NULL server name
    USERENV(250.254) 16:27:29:009 LoadUserProfile: In console winlogon process
    USERENV(250.254) 16:27:29:009 In LoadUserProfileP
    USERENV(250.254) 16:27:29:009 =========================================================
    USERENV(250.254) 16:27:29:009 LoadUserProfile: Entering, hToken = <0xabc>, lpProfileInfo = 0x6e3e0
    USERENV(250.254) 16:27:29:009 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
    USERENV(250.254) 16:27:29:009 LoadUserProfile: lpProfileInfo->lpUserName = <ld093000>
    USERENV(250.254) 16:27:29:009 LoadUserProfile: NULL central profile path
    USERENV(250.254) 16:27:29:009 LoadUserProfile: lpProfileInfo->lpDefaultPath = <\\dcserver\netlogon\Default User>
    USERENV(250.254) 16:27:29:009 LoadUserProfile: NULL server name
    USERENV(250.254) 16:27:29:009 LoadUserProfile: User sid: S-1-5-21-1186764044-3673671658-1603281846-20956
    USERENV(250.254) 16:27:29:009 CSyncManager::EnterLock <S-1-5-21-1186764044-3673671658-1603281846-20956>

    Tuesday, February 21, 2012 3:36 PM