none
Servers take an endless time at applying group policy settings

    Question

  • We have some Windows 2008R2 RDS servers that have been given a syspreped image. After a few day in production, and several nightly reboots, the servers start to hang at applying group policy setting. I have created a gpsvc.log file. What can be wrong with these servers?

    When i reboot the server without network connection, the reboot time is fine. The user login still takes forever.

    GPSVC(fc.4ec) 08:38:21:227 MachinePolicyCallback: Setting status UI to Beleid Group Policy Services toepassen...
    GPSVC(fc.4ec) 08:38:21:227 ProcessGPOList: No changes. CSE will not be passed in the IwbemServices intf ptr
    GPSVC(fc.1a4) 08:38:21:227 Message Status = <Beleid Group Policy Services toepassen...>
    GPSVC(fc.1a4) 08:38:21:227 Setting GPsession state = 1
    GPSVC(fc.5b4) 08:38:21:820 ProcessGroupPolicyCompletedExInternal: Entering. Extension = {827D319E-6EAC-11D2-A4EA-00C04F79F83A}, dwStatus = 0x0
    GPSVC(fc.5b4) 08:38:21:867 GetWbemServices: CoCreateInstance succeeded
    GPSVC(fc.4ec) 08:38:22:475 ProcessGroupPolicyCompletedExInternal: Entering. Extension = {91FBB303-0CD5-4055-BF42-E512A681B325}, dwStatus = 0x0
    GPSVC(fc.4ec) 08:38:22:491 GetWbemServices: CoCreateInstance succeeded
    GPSVC(5dc.5e0) 08:38:24:285 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x2a0
    GPSVC(5dc.5e0) 08:38:24:285 Client_InitialRegisterForNotification: User = machine, changenumber = 0
    GPSVC(fc.1b0) 08:38:24:285 Target = Machine
    GPSVC(5dc.5e0) 08:38:24:285 Client_RegisterForNotification: User = machine, changenumber = 0
    GPSVC(5dc.5e0) 08:38:24:285 CGPNotify::RegisterForNotification: Exiting with status = 0
    GPSVC(fc.1b0) 08:38:24:285 Target = Machine, ChangeNumber 0
    GPSVC(5dc.5e0) 08:38:24:285 CGPNotify::RegisterForNotification: Entering with target S-1-5-18 and event 0x3d4
    GPSVC(5dc.5e0) 08:38:24:285 Client_InitialRegisterForNotification: User = S-1-5-18, changenumber = 0
    GPSVC(fc.1b0) 08:38:24:285 Target = S-1-5-18
    GPSVC(fc.1b0) 08:38:24:285 Could not find user by sid, finding user by session id
    GPSVC(fc.1b0) 08:38:24:285 Caller requesting for user notification/lock is from session 0
    GPSVC(5dc.5e0) 08:38:24:285 Client_RegisterForNotification: User = S-1-5-18, changenumber = 0
    GPSVC(5dc.5e0) 08:38:24:285 CGPNotify::RegisterForNotification: Exiting with status = 0
    GPSVC(fc.1b0) 08:38:24:285 Could not find user by sid, finding user by session id
    GPSVC(fc.1b0) 08:38:24:285 Caller requesting for user notification/lock is from session 0
    GPSVC(62c.64c) 08:38:25:330 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x1d4
    GPSVC(62c.64c) 08:38:25:330 Client_InitialRegisterForNotification: User = machine, changenumber = 0
    GPSVC(fc.1b0) 08:38:25:330 Target = Machine
    GPSVC(62c.64c) 08:38:25:330 Client_RegisterForNotification: User = machine, changenumber = 0
    GPSVC(62c.64c) 08:38:25:330 CGPNotify::RegisterForNotification: Exiting with status = 0
    GPSVC(298.2c0) 08:38:28:310 CGPNotify::RegisterForNotification: Entering with target Machine and event 0xab0
    GPSVC(298.2c0) 08:38:28:310 Client_InitialRegisterForNotification: User = machine, changenumber = 0
    GPSVC(fc.1b0) 08:38:28:310 Target = Machine
    GPSVC(298.2c0) 08:38:28:310 Client_RegisterForNotification: User = machine, changenumber = 0
    GPSVC(298.2c0) 08:38:28:310 CGPNotify::RegisterForNotification: Exiting with status = 0
    GPSVC(fc.1b0) 08:38:28:310 Target = Machine, ChangeNumber 0
    GPSVC(fc.7c0) 08:38:39:401 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x93c
    GPSVC(fc.7c0) 08:38:39:401 Client_InitialRegisterForNotification: User = machine, changenumber = 0
    GPSVC(fc.95c) 08:38:39:401 Target = Machine
    GPSVC(fc.7c0) 08:38:39:401 Client_RegisterForNotification: User = machine, changenumber = 0
    GPSVC(fc.7c0) 08:38:39:401 CGPNotify::RegisterForNotification: Exiting with status = 0
    GPSVC(fc.95c) 08:38:39:401 Target = Machine, ChangeNumber 0
    GPSVC(53c.580) 08:40:20:755 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x608
    GPSVC(53c.580) 08:40:20:755 Client_InitialRegisterForNotification: User = machine, changenumber = 0
    GPSVC(fc.1c4) 08:40:20:755 Target = Machine
    GPSVC(53c.580) 08:40:20:755 Client_RegisterForNotification: User = machine, changenumber = 0
    GPSVC(53c.580) 08:40:20:755 CGPNotify::RegisterForNotification: Exiting with status = 0
    GPSVC(53c.580) 08:40:21:098 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x64c
    GPSVC(53c.580) 08:40:21:098 Client_InitialRegisterForNotification: User = machine, changenumber = 0
    GPSVC(fc.1c4) 08:40:21:113 Target = Machine
    GPSVC(53c.580) 08:40:21:113 Client_RegisterForNotification: User = machine, changenumber = 0
    GPSVC(53c.580) 08:40:21:113 CGPNotify::RegisterForNotification: Exiting with status = 0
    GPSVC(53c.564) 08:40:21:238 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x67c
    GPSVC(53c.564) 08:40:21:238 Client_InitialRegisterForNotification: User = machine, changenumber = 0
    GPSVC(fc.1c4) 08:40:21:238 Target = Machine
    GPSVC(53c.564) 08:40:21:238 Client_RegisterForNotification: User = machine, changenumber = 0
    GPSVC(53c.564) 08:40:21:238 CGPNotify::RegisterForNotification: Exiting with status = 0
    GPSVC(200.f6c) 08:41:11:501 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x350
    GPSVC(200.f6c) 08:41:11:501 Client_InitialRegisterForNotification: User = machine, changenumber = 0
    GPSVC(fc.1c4) 08:41:11:501 Target = Machine
    GPSVC(200.f6c) 08:41:11:501 Client_RegisterForNotification: User = machine, changenumber = 0
    GPSVC(200.f6c) 08:41:11:501 CGPNotify::RegisterForNotification: Exiting with status = 0
    GPSVC(fc.1c4) 08:41:11:891 Target = Machine
    GPSVC(fc.1c4) 08:41:11:891 Target = Machine, ChangeNumber 0
    GPSVC(fc.7d0) 08:41:11:985 Target = Machine
    GPSVC(fc.7d0) 08:41:11:985 Target = Machine, ChangeNumber 0
    GPSVC(fc.7d0) 08:41:11:985 Sid = (null), dwTimeout = 600000, dwFlags = 268435456
    GPSVC(fc.7d0) 08:41:11:985 LockPolicySection called for user <Machine>
    GPSVC(fc.7d0) 08:41:11:985 Async Lock called
    GPSVC(fc.7d0) 08:41:11:985 Reader has to wait for lock. ReaderID : 1.
    GPSVC(fc.7d0) 08:41:11:985 Registering wait for lock notification
    GPSVC(fc.9d8) 08:41:13:015 CGPNotify::RegisterForNotification: Entering with target Machine and event 0xcbc
    GPSVC(fc.9d8) 08:41:13:015 Client_InitialRegisterForNotification: User = machine, changenumber = 0
    GPSVC(fc.7d0) 08:41:13:015 Target = Machine
    GPSVC(fc.9d8) 08:41:13:015 Client_RegisterForNotification: User = machine, changenumber = 0
    GPSVC(fc.9d8) 08:41:13:015 CGPNotify::RegisterForNotification: Exiting with status = 0
    GPSVC(fc.9d8) 08:41:13:015 CGPNotify::RegisterForNotification: Entering with target Machine and event 0xd24
    GPSVC(fc.9d8) 08:41:13:015 Client_InitialRegisterForNotification: User = machine, changenumber = 0
    GPSVC(fc.7d0) 08:41:13:015 Target = Machine
    GPSVC(fc.9d8) 08:41:13:015 Client_RegisterForNotification: User = machine, changenumber = 0
    GPSVC(fc.9d8) 08:41:13:015 CGPNotify::RegisterForNotification: Exiting with status = 0
    GPSVC(200.1060) 08:43:10:223 CGPNotify::UnregisterNotification: Entering with event 0x350
    GPSVC(200.1060) 08:43:10:223 CGPNotify::AbortAsyncRegistration: No asyn registration is pending
    GPSVC(200.1060) 08:43:10:223 CGPNotify::UnregisterNotification: Canceling pending calls
    GPSVC(200.1060) 08:43:10:223 Client_CompleteNotificationCall: failed with 0x71a
    GPSVC(200.1060) 08:43:10:223 CGPNotify::UnregisterNotification: Cancelled pending calls
    GPSVC(200.1060) 08:43:10:223 CGPNotify::UnregisterNotification: Exiting with dwStatus = 0x0
    GPSVC(fc.1054) 08:43:16:252 Target = Machine
    GPSVC(fc.1054) 08:43:16:252 Target = Machine, ChangeNumber 0
    GPSVC(fc.1138) 08:43:24:188 CGPNotify::RegisterForNotification: Entering with target Machine and event 0xeac
    GPSVC(fc.1138) 08:43:24:188 Client_InitialRegisterForNotification: User = machine, changenumber = 0
    GPSVC(fc.7d0) 08:43:24:188 Target = Machine
    GPSVC(fc.1138) 08:43:24:188 Client_RegisterForNotification: User = machine, changenumber = 0
    GPSVC(fc.1138) 08:43:24:188 CGPNotify::RegisterForNotification: Exiting with status = 0
    GPSVC(fc.1054) 08:43:29:418 Target = Machine
    GPSVC(fc.1054) 08:43:29:418 Target = Machine, ChangeNumber 0
    GPSVC(fc.1054) 08:43:50:304 Target = Machine
    GPSVC(fc.1054) 08:43:50:304 Target = Machine, ChangeNumber 0
    GPSVC(fc.1374) 08:51:06:327 Found the Waiting Rpc Reader in the waiting list. Removing it...
    GPSVC(fc.1374) 08:51:06:327 Lock timeout


    Gert MCITP SA, EA & VA


    • Edited by Gert Hylkema Thursday, February 23, 2012 8:21 AM clarification
    Thursday, February 23, 2012 8:17 AM

Answers

  • Hi Gert,

    Can you please try KB 2561285? Here the performance around group policy application has been optimized.

    Thanks

    Sudhir

    Thursday, February 23, 2012 9:12 AM
  • Without knowing more, I'm sure you have a third party WMI provider
    (mostly hardware related) that is causing the issue. I remember such an
    incident with certain HP servers a time ago. Process explorer revealed
    the faulty provider at last.
     
    sincerely, Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    • Marked as answer by Gert Hylkema Monday, March 26, 2012 7:31 AM
    Wednesday, March 21, 2012 8:48 PM

All replies

  • Hi Gert,

    Can you please try KB 2561285? Here the performance around group policy application has been optimized.

    Thanks

    Sudhir

    Thursday, February 23, 2012 9:12 AM
  • Hi,


    1. Please try to verify there is no DNS setting issue.


    For details: http://technet.microsoft.com/en-us/library/cc736535(v=WS.10).aspx


    2. please try to disable the firewall to test.


    3. Please try to disable Always wait for the network at computer startup and logon to test.


    For details: Computer Configuration\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon


    If the issue persist, please try to collect more information for our further analysis:


    Collect GPMC log
    ==============
    1. On domain controller, click Start -> Run, type GPMC.MSC, it will load the GPMC console. If the GPMC snap-in is not installed.
    2. Right click on "Group Policy Result" and choose wizard to generate a report for the problematic computer and user account (please place appropriately). (Choose computer and select the proper user in the wizard)
    3. Right click the resulting group policy result and click the "Save Report…" => save report and upload it to the link I provided.


    Event log
    ==============
    1. Click "Start", click “Run”, input "eventvwr" and press Enter.
    2. Expand the "Windows Logs" node on the left pane, right-click on "System" and click "Save All Events As"; in the pop-up window, click to choose the Desktop icon on the left frame, input "sys" in the "File name" blank, and then click save.
    3. Expand the “Applications and Services Logs”. Click the arrow next to Microsoft, and then Windows, and then Group Policy/Folder Redirection. Click Operational. Click "Save All Events As"; in the pop-up window, click to choose the Desktop icon on the left frame, input "policy" in the "File name" blank, and then click save.
    4. Locate the two saved log files on the Desktop and send them to us.


    Please also upload the unrevised GPSVC.log to us.


    please contact me with my account: v-xchen@microsoft.com to get a workspace to upload the information.

    As there are too many threads, please clearly states the thread name in the email subject, please post the thread link in the email. Thanks for your understanding!

     

    Hope this helps!



    TechNetSubscriber Support



    If you are TechNetSubscription user and have any feedback on our support quality, please send your feedback here.



    Best Regards
    Elytis Cheng


     


    Elytis Cheng

    TechNet Community Support

    Friday, February 24, 2012 6:10 AM
    Moderator
  • I installed the hotfix on the server. If the problem returns I will try the steps above.


    Gert MCITP SA, EA & VA

    Friday, February 24, 2012 10:16 AM
  • Hi,

     

    How is everything going? Could you please tell us the present situation? If you need any further assistance, please do not hesitate to respond back.

     

    Thanks!

    TechNetSubscriber Support

    If you are TechNetSubscription user and have any feedback on our support quality, please send your feedback here.


    Elytis Cheng

    TechNet Community Support

    Monday, February 27, 2012 1:10 AM
    Moderator
  • I applied the hotfix, and until now it is still running fine. Due to holidays the servers have not be used a lot. If there is still no problem at the end of this week it will probable be solved.


    Gert MCITP SA, EA & VA

    Monday, March 05, 2012 9:40 AM
  • The problem did return. I send you a pm to get a workspace.

    Gert MCITP SA, EA & VA

    Thursday, March 15, 2012 8:27 AM
  • Hi,




    From the log you submit, I found the following error:




    GPSVC(f0.13fc) 03:00:18:665 Client_CompleteNotificationCall: failed with 0x525
    GPSVC(2f0.baf4) 03:00:18:665 CGPNotify::OnNotificationTriggered: Completenotification failed with 1317
    GPSVC(518.e980) 03:00:18:665 Client_CompleteNotificationCall: failed with 0x6ba
    GPSVC(f0.13fc) 03:00:18:665 CGPNotify::OnNotificationTriggered: Trying to recover from error 1722
    GPSVC(518.e980) 03:00:18:665 CGPNotify::RegisterNotificationAsynchronously: Starting async registration




    GPSVC(3b8.3e0) 03:04:19:034 Client_RegisterForNotification: CheckRegisterForNotification returned error 0x6d9
    GPSVC(3b8.3e0) 03:04:19:034 CGPNotify::RegisterForNotification: Service not RUNNING. waiting
    GPSVC(3b8.3e0) 03:04:19:034 CGPNotify::RegisterForNotification: Trying to recover from error 1753
    GPSVC(3b8.3e0) 03:04:19:034 CGPNotify::RegisterNotificationAsynchronously: Starting async registration




    GPSVC(100.4c8) 03:05:07:753 ProcessGPOs: OpenThreadToken failed with error 1008, assuming thread is not impersonating
    GPSVC(100.13f4) 07:54:09:864 GetOldSidString:  Failed to open profile profile guid key with error 2




    GPSVC(658.2354) 09:52:41:726 Client_ProcessRefresh: ProcessRefresh returned error 0x5b4
    GPSVC(658.2354) 09:52:41:726 GetGPOList: Client_ProcessRefresh failed with 0x5b4.
    GPSVC(658.2354) 09:52:41:726 Exiting RefreshPolicyForPrincipal with status = 1460




    GPSVC(100.1a7c) 10:48:26:711 CGPAdminEventInitFailure::Initialize(): FormatMessage failed to look up error code (0x4005) due to error 317. Can not log error description.
    GPSVC(100.219c) 10:48:26:711 ProcessGPOList: Extension Internet Explorer Branding was not able to log data. Error = 0x80004005, dwRet = 1252,leaving the log dirty




    GPSVC(100.19b4) 10:48:27:491 ProcessGPOList: Extension Internet Explorer Branding was not able to log data. Error = 0x80004005, dwRet = 1252,leaving the log dirty




    1. Please try to renamed the files on the folder  c:\windows\system32\GroupPolicy to .old and ran Gpupdate /force. 


    2. Please verify the DNS set correctly and DNS Client Service is enabled. Restart the DNS Client Service.




    Hope this helps!




    Best Regards
    Elytis Cheng

    TechNetSubscriber Support



    If you are TechNetSubscription user and have any feedback on our support quality, please send your feedback here.






    Elytis Cheng

    TechNet Community Support

    Friday, March 16, 2012 8:09 AM
    Moderator
  • Hello,

    Thank you for your assistance.

    I checked a server with the problems. The folder c:\windows\system32\grouppolicy was empty.

    DNS is working, and configured correctly (by dhcp). Restarted DNS, and no change.

    Removed the server of the domain, and rebooted. At startup the server again hung at applying computer settings.

    What else can be done?


    Gert MCITP SA, EA & VA

    Friday, March 16, 2012 9:48 AM
  • Hi,


    Removed the server of the domain, and rebooted. At startup the server again hung at applying computer settings.


    >> At this present situation, I'd like to delete the group policy history to test:


    Group Policy History Stored in Registry
    http://support.microsoft.com/kb/201453


    If the issue persist, please try to use clean-boot to troubleshoot this issue:


    How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7
    http://support.microsoft.com/kb/929135


    Hope this helps!

     


    Best Regards
    Elytis Cheng

    TechNetSubscriber Support

    If you are TechNetSubscription user and have any feedback on our support quality, please send your feedback here.


    Elytis Cheng

    TechNet Community Support

    Tuesday, March 20, 2012 9:48 AM
    Moderator
  • Hi,

    I deleted the group policy history and rebooted the machine. The problem still exists

    I did a clean boot. The problem still exists

    I also notices that the svhost.exe (netsvcs) process is using 2.5gB of memory. The process is connected to the profsvc service. Killing the process and restarting does not help. The memory usage crawls back up to 2.5gB in a few minutes.


    Gert MCITP SA, EA & VA

    Wednesday, March 21, 2012 12:34 PM
  • After some more testing I found that disabling the Windows Management Instrumentation services solves the slow logon problems. What can be the cause of this?


    Gert MCITP SA, EA & VA

    Wednesday, March 21, 2012 1:58 PM
  • Hi Gert,

    If you feel WMI is cause of your problems then following KB might help:

    http://support.microsoft.com/kb/2674705

    Thanks

    Sudhir

    Wednesday, March 21, 2012 2:13 PM
  • Without knowing more, I'm sure you have a third party WMI provider
    (mostly hardware related) that is causing the issue. I remember such an
    incident with certain HP servers a time ago. Process explorer revealed
    the faulty provider at last.
     
    sincerely, Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    • Marked as answer by Gert Hylkema Monday, March 26, 2012 7:31 AM
    Wednesday, March 21, 2012 8:48 PM
  • I removed the HP WMI providers and have not had any problems since.

    Thank you for all your help.


    Gert MCITP SA, EA & VA

    Monday, March 26, 2012 7:30 AM
  • Hi Gert,

    i have the same problem. can you avice how did you remove HP WMI?

    Thursday, April 12, 2012 7:04 AM
  • Hi HMalah,

    I did uninstall the HP WBEM providers.

    Please post back if that also solved your problem.


    Gert MCITP SA, EA & VA

    Thursday, April 12, 2012 7:23 PM