Fragensteller
Group Policy braucht lange bei Benutzeranmeldungen
Allgemeine Diskussion
-
<p>Wir haben 2 Win2012 R2 Server in derselben OU (somit mit denselben GPOs). Wenn sich der Administrator an einem der beiden Anmeldet, dann dauert die Anmeldung sehr lange, auf dem anderen nicht. Lt. Protokoll schaut es so aus als ober 2x je eine komplette Minute wartet ohne etwas zu tun. Was können wir tun?</p><p></p><p>Die betreffenden Wartezeiten sind bei 11:26:05:973 und 11:27:05:056</p><p></p><p></p>
<p>
GPSVC(2c4.a4c) 11:25:25:654 CGPEventSubSystem::GroupPolicyEndShell::++ (SessionId: 2)
GPSVC(2c4.a4c) 11:25:25:655 CGPApplicationService::HandleEndShellNotification::++ (SessionId: 2)
GPSVC(2c4.a4c) 11:25:25:655 User SID = <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.a4c) 11:25:25:655 CGPApplicationService::HandleEndShellNotification ExecuteGPOScriptsForThePrincipal for session 2.
GPSVC(2c4.a4c) 11:25:25:655 CGroupPolicySession::ExecuteGPOScriptsForThePrincipal (WaitForTheApplyGroupPolicyEventCompletedToBeSignaled) started.
GPSVC(2c4.a4c) 11:25:25:655 CGroupPolicySession::ExecuteGPOScriptsForThePrincipal (WaitForTheApplyGroupPolicyEventCompletedToBeSignaled) completed.
GPSVC(2c4.a4c) 11:25:25:655 CGroupPolicySession::ExecuteGPOScriptsForThePrincipal - User started.
GPSVC(2c4.a4c) 11:25:25:655 CGroupPolicySession::ExecuteGPOScriptsForThePrincipal - get token for session 2 - 0.
GPSVC(2c4.a4c) 11:25:25:655 CGroupPolicySession::ExecuteGPOScriptsForThePrincipal - processing user scripts.
GPSVC(2c4.a4c) 11:25:25:655 CGPApplicationService::HandleEndShellNotification::-- (Status: 0)
GPSVC(2c4.a4c) 11:25:25:655 CGPEventSubSystem::GroupPolicyOnEndShell::-- (Status: 0)
GPSVC(2c4.b04) 11:25:25:693 CGPEventSubSystem::GroupPolicyOnLogoff::++ (SessionId: 2)
GPSVC(2c4.b04) 11:25:25:693 CGPApplicationService::UserLogoffEvent::++ (SessionId: 2)
GPSVC(2c4.b04) 11:25:25:693 CGroupPolicySession::DeleteSession: Beginning WaitForSingleObject.
GPSVC(2c4.b04) 11:25:25:693 CGroupPolicySession::DeleteSession: Completed WaitForSingleObject.
GPSVC(2c4.b04) 11:25:25:693 CGPUserCollection::DeleteUserFromUserList WaitForGroupPolicySessionThreadsToTerminate Starting.
GPSVC(2c4.b04) 11:25:25:693 WaitForGroupPolicySessionThreadsToTerminate() checked.
GPSVC(2c4.b04) 11:25:25:693 WaitForGroupPolicySessionThreadsToTerminate() WaitForSingleObject released.
GPSVC(2c4.b04) 11:25:25:693 CGPUserCollection::DeleteUserFromUserList WaitForGroupPolicySessionThreadsToTerminate Completed.
GPSVC(2c4.b04) 11:25:25:693 CGroupPolicySession::CleanupEnvironment:++
GPSVC(2c4.b04) 11:25:25:694 Waiting for user group policy thread to terminate.
GPSVC(2c4.b04) 11:25:25:694 CGroupPolicySession::CleanupEnvironment: Beginning WaitForSingleObject.
GPSVC(2c4.12c8) 11:25:25:694 GPOThread(User): Done waiting, shutdown
GPSVC(2c4.12c8) 11:25:25:694 GPOThread(User): lpGPOInfo->lpGPInfoHandle->dwExtnCount is 0.
GPSVC(2c4.b04) 11:25:25:694 CGroupPolicySession::CleanupEnvironment: Completed WaitForSingleObject.
GPSVC(2c4.b04) 11:25:25:694 User group policy thread has terminated.
GPSVC(2c4.b04) 11:25:25:694 CGroupPolicySession::CleanupEnvironment:--
GPSVC(2c4.b04) 11:25:25:694 User SID = <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.b04) 11:25:25:695 CGPApplicationService::CheckAndDeleteCriticalPolicySection.
GPSVC(2c4.b04) 11:25:25:695 User SID = <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.b04) 11:25:25:695 CPolicyCriticalSectionCollection: Did not find the critical section
GPSVC(2c4.b04) 11:25:25:695 CGPApplicationService::UserLogoffEvent::-- (Status: 0)
GPSVC(2c4.b04) 11:25:25:695 CGPEventSubSystem::GroupPolicyOnLogoff::-- (Status: 0)
GPSVC(2c4.d20) 11:25:25:701 EnterCriticalPolicySectionEx: User sid S-1-5-18 from process 708.
GPSVC(2c4.d20) 11:25:25:701 Client_LockPolicySection: Entering with usersid = S-1-5-18, timeout 600000 and flags 0x30000000
GPSVC(2c4.d20) 11:25:25:701 Client_LockPolicySection: Making Aync RPC LockPolicySection call
GPSVC(2c4.d20) 11:25:25:701 Client_LockPolicySection: Beginning WaitForSingleObject.
GPSVC(2c4.1014) 11:25:25:702 LockPolicySection[User] from session 0. Requesting console lock.
GPSVC(2c4.d20) 11:25:25:702 Client_LockPolicySection: Completed WaitForSingleObject.
GPSVC(2c4.d20) 11:25:25:702 Client_LockPolicySection: User critical section has been claimed. Handle = 0xd0a4ffc0
GPSVC(2c4.d20) 11:25:25:702 Client_LockPolicySection: Leaving successfully.
GPSVC(2c4.d20) 11:25:25:702 Client_UnLockPolicySection: Starting UnLock Call
GPSVC(2c4.1014) 11:25:25:702 Setting lock state as notLocked
GPSVC(2c4.d20) 11:25:25:702 Client_UnLockPolicySection: Unlocked successfully
GPSVC(2c4.d20) 11:25:25:702 LeaveCriticalPolicySectionInternal: Critical section 0xd0a4ffc0 has been released.
GPSVC(2c4.a4c) 11:25:28:838 CGPEventSubSystem::GroupPolicyCreateSession::++ (SessionId: 2)
GPSVC(2c4.a4c) 11:25:28:839 CGPApplicationService::CreateSessionEvent::++ (SessionId: 2)
GPSVC(2c4.a4c) 11:25:28:839 CGPApplicationService::CheckAndCreateCriticalPolicySection.
GPSVC(2c4.a4c) 11:25:28:839 User SID = MACHINE SID
GPSVC(2c4.a4c) 11:25:28:839 bMachine = 1
GPSVC(2c4.a4c) 11:25:28:839 Setting GPsession state = 1
GPSVC(2c4.a4c) 11:25:28:839 User SID = MACHINE SID
GPSVC(2c4.a4c) 11:25:28:839 CGPApplicationService::CreateSessionEvent::-- (Status: 0)
GPSVC(2c4.a4c) 11:25:28:839 CGPEventSubSystem::GroupPolicyCreateSession::-- (Status: 0)
GPSVC(2c4.1014) 11:25:29:129 CGPEventSubSystem::GroupPolicyOnLogon::++ (SessionId: 2)
GPSVC(2c4.1014) 11:25:29:129 CGPApplicationService::UserLogonEvent::++ (SessionId: 2, ServiceRestart: 0)
GPSVC(2c4.1014) 11:25:29:129 CGPApplicationService::CheckAndCreateCriticalPolicySection.
GPSVC(2c4.1014) 11:25:29:129 User SID = <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.1014) 11:25:29:129 SID = S-1-5-21-135220595-341862767-2025350087-500
GPSVC(2c4.1014) 11:25:29:130 bMachine = 0
GPSVC(2c4.1014) 11:25:29:130 Setting GPsession state = 1
GPSVC(2c4.1014) 11:25:29:130 CGroupPolicySession::InitializeGPSession ::(dwTimeOut: 3600000)
GPSVC(2c4.1014) 11:25:29:130 CGroupPolicySession::SetForegroundPolicyApplicationState::++ (bMachine= 0, bServiceRestart= 0)
GPSVC(2c4.1014) 11:25:29:130 CGroupPolicySession::SetForegroundPolicyApplicationState::-- (User, m_PolicyProcessingMode = Sync)
GPSVC(2c4.1014) 11:25:29:130 User SID = <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.1014) 11:25:29:130 CGPApplicationService::GetMachinePolicyProcessingCompletionEvent.
GPSVC(2c4.1014) 11:25:29:130 CGPApplicationService::GetMachinePolicyWaitForNetworkCompletionEvent.
GPSVC(2c4.1014) 11:25:29:130 CGroupPolicySession::QueueItemForPolicyApplication::++ (bTriggered: 0, bConsole: 0)
GPSVC(2c4.1014) 11:25:29:131 PolicyApplicationState is False.
GPSVC(2c4.1014) 11:25:29:131 AsyncThreadsProcessing is False.
GPSVC(2c4.1014) 11:25:29:131 PolicyApplicationState is False.
GPSVC(2c4.1014) 11:25:29:131 AsyncThreadsProcessing is False.
GPSVC(2c4.1014) 11:25:29:131 CGroupPolicySession::QueueItemForPolicyApplication::Applying policy in Sync
GPSVC(2c4.1014) 11:25:29:131 CStatusMessage::UpdateWinlogonStatusMessage::++ (bMachine: 0)
GPSVC(2c4.1014) 11:25:29:131 Message Status = <Benutzereinstellungen werden übernommen...>
GPSVC(2c4.1014) 11:25:29:131 CStatusMessage::UpdateWinlogonStatusMessage::-- (Status: 997)
GPSVC(2c4.1014) 11:25:29:131 CGroupPolicySession::QueueItemForPolicyApplication::-- (Status: 997)
GPSVC(2c4.1014) 11:25:29:131 CGPApplicationService::UserLogonEvent::-- (Status: 997)
GPSVC(2c4.1014) 11:25:29:131 CGPEventSubSystem::GroupPolicyOnLogon::-- (Status: 997)
GPSVC(2c4.a4c) 11:25:29:133 CGPEventSubSystem::GroupPolicyOnLogon::++ (SessionId: 2)
GPSVC(2c4.a4c) 11:25:29:133 CGPApplicationService::UserLogonEvent::++ (SessionId: 2, ServiceRestart: 0)
GPSVC(2c4.a4c) 11:25:29:133 CGPApplicationService::CheckAndCreateCriticalPolicySection.
GPSVC(2c4.a4c) 11:25:29:133 User SID = <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.a4c) 11:25:29:133 Setting GPsession state = 1
GPSVC(2c4.a4c) 11:25:29:133 User SID = <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.a4c) 11:25:29:133 CGPApplicationService::GetMachinePolicyProcessingCompletionEvent.
GPSVC(2c4.a4c) 11:25:29:134 CGPApplicationService::GetMachinePolicyWaitForNetworkCompletionEvent.
GPSVC(2c4.a4c) 11:25:29:134 CGroupPolicySession::QueueItemForPolicyApplication::++ (bTriggered: 0, bConsole: 0)
GPSVC(2c4.a4c) 11:25:29:134 PolicyApplicationState is True.
GPSVC(2c4.a4c) 11:25:29:134 AsyncThreadsProcessing is False.
GPSVC(2c4.a4c) 11:25:29:134 CGroupPolicySession::QueueItemForPolicyApplication::Applying policy in Sync
GPSVC(2c4.a4c) 11:25:29:134 CStatusMessage::UpdateWinlogonStatusMessage::++ (bMachine: 0)
GPSVC(2c4.28c) 11:25:29:135 CGroupPolicySession::ApplyGroupPolicyForPrincipal::++ (bTriggered: 0, bConsole: 0)
GPSVC(2c4.28c) 11:25:29:135 CanStartFromLocalDataStore:++
GPSVC(2c4.28c) 11:25:29:136 CanLoadGPOsFromLocalCache:++
GPSVC(2c4.28c) 11:25:29:136 CanLoadGPOsFromLocalCache: Server SKU runs Sync mode.
GPSVC(2c4.28c) 11:25:29:136 CanStartFromLocalDataStore:-- (FALSE)
GPSVC(2c4.28c) 11:25:29:136 CGroupPolicySession::ApplyGroupPolicyForPrincipal: Beginning Wait AsyncInitializationCompletedEvent.
GPSVC(2c4.28c) 11:25:29:136 CGroupPolicySession::ApplyGroupPolicyForPrincipal: Ending Wait AsyncInitializationCompletedEvent.
GPSVC(2c4.28c) 11:25:29:136 CGPApplicationService::GetTimeToWaitOnNetwork.
GPSVC(2c4.28c) 11:25:29:136 CGPMachineStartupConnectivity::CalculateWaitTimeoutFromHistory: Average is 97.
GPSVC(2c4.28c) 11:25:29:136 CGPMachineStartupConnectivity::CalculateWaitTimeoutFromHistory: Current is -1.
GPSVC(2c4.28c) 11:25:29:137 CGPMachineStartupConnectivity::CalculateWaitTimeoutFromHistory: Taking min of 194 and 120000.
GPSVC(2c4.28c) 11:25:29:137 CGPApplicationService::GetStartTimeForNetworkWait.
GPSVC(2c4.28c) 11:25:29:137 StartTime For network wait: 15781ms
GPSVC(2c4.28c) 11:25:29:137 Current Time: 394558718ms
GPSVC(2c4.28c) 11:25:29:137 MaxTimeToWaitForNetwork: 194ms
GPSVC(2c4.28c) 11:25:29:137 TimeRemainingToWaitForNetwork: 0ms
GPSVC(2c4.28c) 11:25:29:137 UserPolicy: Waiting for machine policy wait for network event with timeout 0 ms
GPSVC(2c4.28c) 11:25:29:137 GetAOACConfig: dwAOACConfig was 0, setting to 600.
GPSVC(2c4.28c) 11:25:29:137 CGroupPolicySession::ApplyGroupPolicyForPrincipal: Check if machine is a domain controller starts.
GPSVC(2c4.28c) 11:25:29:138 CGroupPolicySession::ApplyGroupPolicyForPrincipal::ApplyGroupPolicy (dwFlags: 6).
GPSVC(2c4.28c) 11:25:29:138 ApplyGroupPolicy: flags=0x6, Tick=394558718., ResumeTick=0.
GPSVC(2c4.28c) 11:25:29:138 CanStartFromLocalDataStore:++
GPSVC(2c4.28c) 11:25:29:138 CanLoadGPOsFromLocalCache:++
GPSVC(2c4.28c) 11:25:29:138 CanLoadGPOsFromLocalCache: Server SKU runs Sync mode.
GPSVC(2c4.28c) 11:25:29:138 CanStartFromLocalDataStore:-- (FALSE)
GPSVC(2c4.28c) 11:25:29:139 ResetDfsClientInfoIfRequired: dwResetDfsClientInfo is 0 (RegGetValue status was 2).
GPSVC(2c4.28c) 11:25:29:140 NlaQueryNetSignatures returned 1 networks
GPSVC(2c4.28c) 11:25:29:140 NSI Information (Network GUID) : {72D362BD-8DB9-11E3-80B3-806E6F6E6963}
GPSVC(2c4.28c) 11:25:29:140 NSI Information (CompartmentId) : 1
GPSVC(2c4.28c) 11:25:29:140 NSI Information (SiteId) : 134217728
GPSVC(2c4.28c) 11:25:29:140 NSI Information (Network Name) :
GPSVC(2c4.28c) 11:25:29:140 Found a intranet+auth network
GPSVC(2c4.28c) 11:25:29:140 # of interfaces : 1
GPSVC(2c4.28c) 11:25:29:140 Interface ID: {F5F1DC41-1F97-4147-9853-7774ADFA98B7}
GPSVC(2c4.28c) 11:25:29:140 Compartment ID: 1 selected
GPSVC(2c4.28c) 11:25:29:141 Setting the CompartmentId [1] on the current thread
GPSVC(2c4.28c) 11:25:29:159 GPLockPolicySection: Sid = (null), dwTimeout = 30000, dwFlags = 0x12
GPSVC(2c4.28c) 11:25:29:159 Registry Sync Lock Called
GPSVC(2c4.28c) 11:25:29:159 Registry Lock taken successfully
GPSVC(2c4.28c) 11:25:29:159 Setting lock state as notLocked
GPSVC(2c4.28c) 11:25:29:159 CPolicyCriticalSectionCollection: Deleting critical section for UserSid <(null)>
GPSVC(2c4.28c) 11:25:29:159 Deleting machine
GPSVC(2c4.28c) 11:25:29:163 GetDomainControllerConnectionInfo: Enabling bandwidth estimate.
GPSVC(2c4.28c) 11:25:29:464 Started bandwidth estimation successfully
GPSVC(2c4.28c) 11:25:29:465 GetDomainControllerConnectionInfo: Getting Ldap Handles.
GPSVC(2c4.28c) 11:25:29:465 GetLdapHandle: Getting ldap handle for host: DC2.koenig-kg.at in domain: KOENIG-KG.AT.
GPSVC(2c4.28c) 11:25:29:465 GetLdapHandle: Server connection established.
GPSVC(2c4.28c) 11:25:29:469 GetLdapHandle: Bound successfully.
GPSVC(2c4.28c) 11:25:29:469 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\dskquota.dll.
GPSVC(2c4.28c) 11:25:29:470 ReadGPExtensions: Rsop entry point not found for gptext.dll.
GPSVC(2c4.28c) 11:25:29:470 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll.
GPSVC(2c4.28c) 11:25:29:470 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\iedkcs32.dll.
GPSVC(2c4.28c) 11:25:29:470 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\tsworkspace.dll.
GPSVC(2c4.28c) 11:25:29:470 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\iedkcs32.dll.
GPSVC(2c4.28c) 11:25:29:471 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\cscobj.dll.
GPSVC(2c4.28c) 11:25:29:471 ReadGPExtensions: Rsop entry point not found for gptext.dll.
GPSVC(2c4.28c) 11:25:29:471 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\iedkcs32.dll.
GPSVC(2c4.28c) 11:25:29:471 ReadGPExtensions: Rsop entry point not found for gptext.dll.
GPSVC(2c4.28c) 11:25:29:471 ReadGPExtensions: Rsop entry point not found for gptext.dll.
GPSVC(2c4.28c) 11:25:29:472 GetGPOInfo: ********************************
GPSVC(2c4.28c) 11:25:29:472 GetGPOInfo: Entering...
GPSVC(2c4.28c) 11:25:29:473 SearchDSObject: Searching <OU=System-User,OU=Users,OU=IT,OU=RANKWEIL,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:473 SearchDSObject: Found GPO(s): < >
GPSVC(2c4.28c) 11:25:29:474 SearchDSObject: Searching <OU=Users,OU=IT,OU=RANKWEIL,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:474 SearchDSObject: Found GPO(s): < >
GPSVC(2c4.28c) 11:25:29:474 SearchDSObject: Searching <OU=IT,OU=RANKWEIL,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:474 SearchDSObject: Found GPO(s): <[LADP ://cn={608BA8F8-2324-4BC6-8A69-59E6734F9DFF},cn=policies,cn=system,DC=koenig-kg,DC=at;0][LADP ://CN={BD7539B0-3F25-4FF7-B27B-0CA5FEA56F11},CN=Policies,CN=System,DC=koenig-kg,DC=at;0]>
GPSVC(2c4.28c) 11:25:29:474 ProcessGPO(User): ==============================
GPSVC(2c4.28c) 11:25:29:474 ProcessGPO(User): Deferring search for <LADP ://cn={608BA8F8-2324-4BC6-8A69-59E6734F9DFF},cn=policies,cn=system,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:474 ProcessGPO(User): ==============================
GPSVC(2c4.28c) 11:25:29:474 ProcessGPO(User): Deferring search for <LADP ://CN={BD7539B0-3F25-4FF7-B27B-0CA5FEA56F11},CN=Policies,CN=System,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:474 SearchDSObject: Searching <OU=RANKWEIL,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:474 SearchDSObject: Found GPO(s): <[LADP ://cn={A12D9A64-2F4B-40A5-8F74-045B94FFFEFD},cn=policies,cn=system,DC=koenig-kg,DC=at;0][LADP ://cn={76613B22-F9A3-4B9B-A18F-7FA899CE1E19},cn=policies,cn=system,DC=koenig-kg,DC=at;0][LADP ://cn={EEB36A82-D902-4539-9560-BE5C796F0277},cn=policies,cn=system,DC=koenig-kg,DC=at;0][LADP ://cn={E40182E8-24B1-4962-AE4E-386162AE2D73},cn=policies,cn=system,DC=koenig-kg,DC=at;0][LADP ://cn={8976262F-6D05-47FA-8621-C9FFE76789CA},cn=policies,cn=system,DC=koenig-kg,DC=at;0][LADP ://cn={9AB79A3D-2D81-4DB2-B073-B66F603B440F},cn=policies,cn=system,DC=koenig-kg,DC=at;0][LADP ://cn={E23013E1-4D16-4FE8-9F9E-2BD682B7F38E},cn=policies,cn=system,DC=koenig-kg,DC=at;0][LADP ://cn={34FC0E7F-6390-457D-AC47-E8E83DFCFDCE},cn=policies,cn=system,DC=koenig-kg,DC=at;0][LADP ://cn={7B44A2F8-1212-40D4-A8B9-CC006953F2F1},cn=policies,cn=system,DC=koenig-kg,DC=at;0][LADP ://cn={8F220786-8024-4D16-BB20-D88D3FD24F54},cn=policies,cn=system,DC=koenig-kg,DC=at;1]>
GPSVC(2c4.28c) 11:25:29:474 ProcessGPO(User): ==============================
GPSVC(2c4.28c) 11:25:29:475 ProcessGPO(User): Deferring search for <LADP ://cn={A12D9A64-2F4B-40A5-8F74-045B94FFFEFD},cn=policies,cn=system,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:475 ProcessGPO(User): ==============================
GPSVC(2c4.28c) 11:25:29:475 ProcessGPO(User): Deferring search for <LADP ://cn={76613B22-F9A3-4B9B-A18F-7FA899CE1E19},cn=policies,cn=system,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:475 ProcessGPO(User): ==============================
GPSVC(2c4.28c) 11:25:29:475 ProcessGPO(User): Deferring search for <LADP ://cn={EEB36A82-D902-4539-9560-BE5C796F0277},cn=policies,cn=system,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:475 ProcessGPO(User): ==============================
GPSVC(2c4.28c) 11:25:29:475 ProcessGPO(User): Deferring search for <LADP ://cn={E40182E8-24B1-4962-AE4E-386162AE2D73},cn=policies,cn=system,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:475 ProcessGPO(User): ==============================
GPSVC(2c4.28c) 11:25:29:475 ProcessGPO(User): Deferring search for <LADP ://cn={8976262F-6D05-47FA-8621-C9FFE76789CA},cn=policies,cn=system,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:475 ProcessGPO(User): ==============================
GPSVC(2c4.28c) 11:25:29:475 ProcessGPO(User): Deferring search for <LADP ://cn={9AB79A3D-2D81-4DB2-B073-B66F603B440F},cn=policies,cn=system,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:475 ProcessGPO(User): ==============================
GPSVC(2c4.28c) 11:25:29:476 ProcessGPO(User): Deferring search for <LADP ://cn={E23013E1-4D16-4FE8-9F9E-2BD682B7F38E},cn=policies,cn=system,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:476 ProcessGPO(User): ==============================
GPSVC(2c4.28c) 11:25:29:476 ProcessGPO(User): Deferring search for <LADP ://cn={34FC0E7F-6390-457D-AC47-E8E83DFCFDCE},cn=policies,cn=system,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:476 ProcessGPO(User): ==============================
GPSVC(2c4.28c) 11:25:29:476 ProcessGPO(User): Deferring search for <LADP ://cn={7B44A2F8-1212-40D4-A8B9-CC006953F2F1},cn=policies,cn=system,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:476 SearchDSObject: The link to GPO LADP ://cn={8F220786-8024-4D16-BB20-D88D3FD24F54},cn=policies,cn=system,DC=koenig-kg,DC=at is disabled. It will be skipped for processing.
GPSVC(2c4.28c) 11:25:29:476 SearchDSObject: Searching <DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:476 SearchDSObject: Found GPO(s): <[LADP ://cn={F80ED54A-AC95-4B4C-8AEB-1EC9D961C73C},cn=policies,cn=system,DC=koenig-kg,DC=at;0][LADP ://CN={4E28A1F2-79E5-4920-940F-A06D0082CAE9},CN=Policies,CN=System,DC=koenig-kg,DC=at;0][LADP ://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=koenig-kg,DC=at;0]>
GPSVC(2c4.28c) 11:25:29:476 ProcessGPO(User): ==============================
GPSVC(2c4.28c) 11:25:29:476 ProcessGPO(User): Deferring search for <LADP ://cn={F80ED54A-AC95-4B4C-8AEB-1EC9D961C73C},cn=policies,cn=system,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:476 ProcessGPO(User): ==============================
GPSVC(2c4.28c) 11:25:29:476 ProcessGPO(User): Deferring search for <LADP ://CN={4E28A1F2-79E5-4920-940F-A06D0082CAE9},CN=Policies,CN=System,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:477 ProcessGPO(User): ==============================
GPSVC(2c4.28c) 11:25:29:477 ProcessGPO(User): Deferring search for <LADP ://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:480 SearchDSObject: Searching <CN=RANKWEIL,CN=Sites,CN=Configuration,DC=koenig-kg,DC=at>
GPSVC(2c4.28c) 11:25:29:480 SearchDSObject: No GPO(s) for this object.
GPSVC(2c4.28c) 11:25:29:480 EvaluateDeferredGPOs: Searching for GPOs in cn=policies,cn=system,DC=koenig-kg,DC=at
GPSVC(2c4.28c) 11:25:29:480 EvaluateDeferredGPOs: Adding filters (&(!(flags:1.2.840.113556.1.4.803:=1))(gPCUserExtensionNames=[*])((|(distinguishedName=cn={F80ED54A-AC95-4B4C-8AEB-1EC9D961C73C},cn=policies,cn=system,DC=koenig-kg,DC=at)(distinguishedName=CN={4E28A1F2-79E5-4920-940F-A06D0082CAE9},CN=Policies,CN=System,DC=koenig-kg,DC=at)(distinguishedName=CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=koenig-kg,DC=at)(distinguishedName=cn={A12D9A64-2F4B-40A5-8F74-045B94FFFEFD},cn=policies,cn=system,DC=koenig-kg,DC=at)(distinguishedName=cn={76613B22-F9A3-4B9B-A18F-7FA899CE1E19},cn=policies,cn=system,DC=koenig-kg,DC=at)(distinguishedName=cn={EEB36A82-D902-4539-9560-BE5C796F0277},cn=policies,cn=system,DC=koenig-kg,DC=at)(distinguishedName=cn={E40182E8-24B1-4962-AE4E-386162AE2D73},cn=policies,cn=system,DC=koenig-kg,DC=at)(distinguishedName=cn={8976262F-6D05-47FA-8621-C9FFE76789CA},cn=policies,cn=system,DC=koenig-kg,DC=at)(distinguishedName=cn={9AB79A3D-2D81-4DB2-B073-B66F603B440F},cn=policies,cn=system,DC=koenig-kg,DC=at)(distinguishedName=cn={E23013E1-4D16-4FE8-9F9E-2BD682B7F38E},cn=policies,cn=system,DC=koenig-kg,DC=at)(distinguishedName=cn={34FC0E7F-6390-457D-AC47-E8E83DFCFDCE},cn=policies,cn=system,DC=koenig-kg,DC=at)(distinguishedName=cn={7B44A2F8-1212-40D4-A8B9-CC006953F2F1},cn=policies,cn=system,DC=koenig-kg,DC=at)(distinguishedName=cn={608BA8F8-2324-4BC6-8A69-59E6734F9DFF},cn=policies,cn=system,DC=koenig-kg,DC=at)(distinguishedName=CN={BD7539B0-3F25-4FF7-B27B-0CA5FEA56F11},CN=Policies,CN=System,DC=koenig-kg,DC=at))))
GPSVC(2c4.28c) 11:25:29:782 NlaQueryNetSignatures returned 1 networks
GPSVC(2c4.28c) 11:25:29:783 Signature Source : Length = 4
GPSVC(2c4.28c) 11:25:29:783 Signature Source : State = 0
GPSVC(2c4.28c) 11:25:29:783 Signature Source : 0xa0
GPSVC(2c4.28c) 11:25:29:783 NlaGetIntranetCapability : Intranet Capable = 1 and Authenticated = 1
GPSVC(2c4.28c) 11:25:29:783 NlaGetInternetCapability : Internet Capable = 0
GPSVC(2c4.28c) 11:25:29:783 # of interfaces : 1
GPSVC(2c4.28c) 11:25:29:783 Interface ID : Length = 78
GPSVC(2c4.28c) 11:25:29:783 Interface ID : State = 0
GPSVC(2c4.28c) 11:25:29:783 Interface ID : {F5F1DC41-1F97-4147-9853-7774ADFA98B7}
GPSVC(2c4.28c) 11:25:29:783 Query for Interface Type.
GPSVC(2c4.28c) 11:25:29:783 Interface Type : Length = 4
GPSVC(2c4.28c) 11:25:29:784 Interface Type : State = 0
GPSVC(2c4.28c) 11:25:29:784 Interface Type : Type = 0x6
GPSVC(2c4.28c) 11:25:29:784 Query for Connection Cost.
GPSVC(2c4.28c) 11:25:29:784 Connection Cost : Length = 4
GPSVC(2c4.28c) 11:25:29:784 Connection Cost : State = 0
GPSVC(2c4.28c) 11:25:29:784 Connection Cost : Cost = 0
GPSVC(2c4.28c) 11:25:29:784 Query for Profile Data.
GPSVC(2c4.28c) 11:25:29:784 Profile Data : Length = 40.
GPSVC(2c4.28c) 11:25:29:784 Profile Data : State = 0.
GPSVC(2c4.28c) 11:25:29:784 Profile Data : 4 = 0xffffffff.
GPSVC(2c4.28c) 11:25:29:784 Profile Data : UpdateTime = 0.0.
GPSVC(2c4.28c) 11:25:29:785 Profile Data : Cap = 0xffffffff.
GPSVC(2c4.28c) 11:25:29:785 Profile Data : Inbound Bandwidth = 0xffffffff.
GPSVC(2c4.28c) 11:25:29:785 Profile Data : Outbound Bandwidth = 0xffffffff.
GPSVC(2c4.28c) 11:25:29:785 Profile Data : ResetTime = 0.0.
GPSVC(2c4.28c) 11:25:29:785 DHCP Stable State : 1
GPSVC(2c4.28c) 11:25:29:785 LINK Stable State : 1
GPSVC(2c4.28c) 11:25:29:785 WWAN Stable State : 3
GPSVC(2c4.28c) 11:25:29:785 WLAN Stable State : 3
GPSVC(2c4.28c) 11:25:29:785 ONEX Stable State : 3
GPSVC(2c4.28c) 11:25:29:785 DS Info : ForestName = koenig-kg.at
GPSVC(2c4.28c) 11:25:29:785 DS Info : DomainName = koenig-kg.at
GPSVC(2c4.28c) 11:25:29:786 Estimated bandwidth : DestinationIP = 10.0.1.35
GPSVC(2c4.28c) 11:25:29:786 Estimated bandwidth : SourceIP = 10.0.1.6
GPSVC(2c4.28c) 11:25:29:786 Estimated bandwidth : Length = 280
GPSVC(2c4.28c) 11:25:29:786 Estimated bandwidth : State = 1
GPSVC(2c4.28c) 11:25:29:786 Estimated bandwidth : InboundPeaked = 0
GPSVC(2c4.28c) 11:25:29:786 Estimated bandwidth : OutboundPeaked = 0
GPSVC(2c4.28c) 11:25:29:786 Estimated bandwidth : Inbound 5340 kbps
GPSVC(2c4.28c) 11:25:29:786 Estimated bandwidth : Outbound 47359 kbps
GPSVC(2c4.28c) 11:25:29:787 IPv4 Table contains 373 entries.
GPSVC(2c4.28c) 11:25:29:787 IPv4 Table entry 0 State 2....
GPSVC(2c4.28c) 11:25:30:264 ReadGPOList:++
GPSVC(2c4.28c) 11:25:30:264 CheckGPOs: ReadGPOList count = 0 for user: S-1-5-21-135220595-341862767-2025350087-500
GPSVC(2c4.28c) 11:25:30:264 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:25:30:264 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:25:30:265 CheckGPOs: No GPO changes but couldn't read extension Group Policy Scheduled Tasks's status or policy time.
GPSVC(2c4.28c) 11:25:30:265 ProcessGPOs(User): Extension Group Policy Scheduled Tasks skipped because both deleted and changed GPO lists are empty.
GPSVC(2c4.28c) 11:25:30:265 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:25:30:265 ProcessGPOs(User): Processing extension Group Policy Registry
GPSVC(2c4.28c) 11:25:30:265 ReadStatus: Read Extension's Previous status successfully.
GPSVC(2c4.28c) 11:25:30:265 ReadGPOList:++
GPSVC(2c4.28c) 11:25:30:265 ReadGPOList: Read Key:0
GPSVC(2c4.28c) 11:25:30:265 ReadGPOList:-- (Result:TRUE)
GPSVC(2c4.28c) 11:25:30:265 CheckGPOs: ReadGPOList count = 1
GPSVC(2c4.28c) 11:25:30:265 ReadGPOList:++
GPSVC(2c4.28c) 11:25:30:265 ReadGPOList: Read Key:0
GPSVC(2c4.28c) 11:25:30:266 ReadGPOList:-- (Result:TRUE)
GPSVC(2c4.28c) 11:25:30:266 CheckGPOs: ReadGPOList count = 1 for user: S-1-5-21-135220595-341862767-2025350087-500
GPSVC(2c4.28c) 11:25:30:266 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:25:30:266 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:25:30:266 GPLockPolicySection: Sid = S-1-5-21-135220595-341862767-2025350087-500, dwTimeout = 30000, dwFlags = 0x0
GPSVC(2c4.28c) 11:25:30:267 SID = S-1-5-21-135220595-341862767-2025350087-500
GPSVC(2c4.28c) 11:25:30:267 bMachine = 0
GPSVC(2c4.28c) 11:25:30:267 Global Sync Lock Called
GPSVC(2c4.28c) 11:25:30:267 Writer Lock got immediately.
GPSVC(2c4.28c) 11:25:30:267 Global Lock taken successfully
GPSVC(2c4.28c) 11:25:30:267 ProcessGPOList:++ Entering for extension Group Policy Registry
GPSVC(2c4.28c) 11:25:30:267 UserPolicyCallback: Setting status UI to Richtlinie "Group Policy Registry" wird übernommen...
GPSVC(2c4.a4c) 11:25:30:267 Message Status = <Richtlinie "Group Policy Registry" wird übernommen...>
GPSVC(2c4.a4c) 11:25:30:267 CStatusMessage::UpdateWinlogonStatusMessage::-- (Status: 997)
GPSVC(2c4.a4c) 11:25:30:267 CGroupPolicySession::QueueItemForPolicyApplication::-- (Status: 997)
GPSVC(2c4.a4c) 11:25:30:268 CGPApplicationService::UserLogonEvent::-- (Status: 997)
GPSVC(2c4.a4c) 11:25:30:268 CGPEventSubSystem::GroupPolicyOnLogon::-- (Status: 997)
GPSVC(2c4.28c) 11:25:30:268 ProcessGPOList: lpGPOInfo->lpGPInfoHandle->dwExtnCount is 2 for Group Policy Registry.
GPSVC(2c4.a4c) 11:25:30:269 CGPEventSubSystem::GroupPolicyOnLogon::++ (SessionId: 2)
GPSVC(2c4.a4c) 11:25:30:269 CGPApplicationService::UserLogonEvent::++ (SessionId: 2, ServiceRestart: 0)
GPSVC(2c4.a4c) 11:25:30:269 CGPApplicationService::CheckAndCreateCriticalPolicySection.
GPSVC(2c4.a4c) 11:25:30:269 User SID = <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.a4c) 11:25:30:269 Setting GPsession state = 1
GPSVC(2c4.a4c) 11:25:30:269 User SID = <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.a4c) 11:25:30:269 CGPApplicationService::GetMachinePolicyProcessingCompletionEvent.
GPSVC(2c4.a4c) 11:25:30:269 CGPApplicationService::GetMachinePolicyWaitForNetworkCompletionEvent.
GPSVC(2c4.a4c) 11:25:30:269 CGroupPolicySession::QueueItemForPolicyApplication::++ (bTriggered: 0, bConsole: 0)
GPSVC(2c4.a4c) 11:25:30:270 PolicyApplicationState is True.
GPSVC(2c4.a4c) 11:25:30:270 AsyncThreadsProcessing is False.
GPSVC(2c4.a4c) 11:25:30:270 CGroupPolicySession::QueueItemForPolicyApplication::Applying policy in Sync
GPSVC(2c4.a4c) 11:25:30:270 CStatusMessage::UpdateWinlogonStatusMessage::++ (bMachine: 0)
GPSVC(2c4.28c) 11:26:05:973 ProcessGroupPolicyCompletedExInternal: Entering. Extension = {B087BE9D-ED37-454F-AF9C-04291E351182}, dwStatus = 0x0
GPSVC(2c4.28c) 11:26:05:973 ReadGPOList:++
GPSVC(2c4.28c) 11:26:05:973 ReadGPOList: Read Key:0
GPSVC(2c4.28c) 11:26:05:973 ReadGPOList:-- (Result:TRUE)
GPSVC(2c4.28c) 11:26:05:974 GetWbemServices: CoCreateInstance succeeded
GPSVC(2c4.28c) 11:26:05:975 ConnectToNameSpace: ConnectServer returned 0x0
GPSVC(2c4.28c) 11:26:05:975 ProcessGroupPolicyCompletedExInternal: Extension {B087BE9D-ED37-454F-AF9C-04291E351182} was able to log data. Error = 0x0, dwRet = 0. Clearing the dirty bit
GPSVC(2c4.28c) 11:26:05:977 CExtSessionLogger::Log: Didn't find an instance of the extension object when trying to set the dirty flag.
GPSVC(2c4.28c) 11:26:05:977 ProcessGroupPolicyCompletedExInternal: Finished processing extension <Group Policy Registry> at 394595546 ticks (ms)
GPSVC(2c4.28c) 11:26:05:977 ProcessGroupPolicyCompletedExInternal: Leaving. Extension = {B087BE9D-ED37-454F-AF9C-04291E351182}, Return status dwRet = 0x0
GPSVC(2c4.28c) 11:26:05:977 ProcessGPOList: Extension Group Policy Registry returned 0x0.
GPSVC(2c4.28c) 11:26:05:977 ProcessGPOList: Extension Group Policy Registry status was not updated because there was no changes and no transition or rsop wasn't enabled
GPSVC(2c4.28c) 11:26:05:977 ProcessGPOList:--
GPSVC(2c4.28c) 11:26:05:977 CPolicyCriticalSectionCollection: Deleting critical section for UserSid <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.28c) 11:26:05:977 Deleting sidString <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.28c) 11:26:05:978 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:26:05:978 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:26:05:978 ProcessGPOs(User): Processing extension 802.3 Group Policy
GPSVC(2c4.28c) 11:26:05:978 ReadGPOList:++
GPSVC(2c4.28c) 11:26:05:978 CheckGPOs: ReadGPOList count = 0
GPSVC(2c4.28c) 11:26:05:978 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:26:05:979 CheckGPOs: No GPO changes but couldn't read extension 802.3 Group Policy's status or policy time.
GPSVC(2c4.28c) 11:26:05:979 ProcessGPOs(User): Extension 802.3 Group Policy skipped with flags 0x6.
GPSVC(2c4.28c) 11:26:05:979 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:26:05:979 ProcessGPOs(User): Processing extension Group Policy Printers
GPSVC(2c4.28c) 11:26:05:979 ReadGPOList:++
GPSVC(2c4.28c) 11:26:05:979 CheckGPOs: ReadGPOList count = 0
GPSVC(2c4.28c) 11:26:05:979 ReadGPOList:++
GPSVC(2c4.28c) 11:26:05:979 CheckGPOs: ReadGPOList count = 0 for user: S-1-5-21-135220595-341862767-2025350087-500
GPSVC(2c4.28c) 11:26:05:979 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:26:05:979 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:26:05:980 CheckGPOs: No GPO changes but couldn't read extension Group Policy Printers's status or policy time.
GPSVC(2c4.28c) 11:26:05:980 ProcessGPOs(User): Extension Group Policy Printers skipped because both deleted and changed GPO lists are empty.
GPSVC(2c4.28c) 11:26:05:980 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:26:05:980 ProcessGPOs(User): Processing extension Group Policy Shortcuts
GPSVC(2c4.28c) 11:26:05:980 ReadGPOList:++
GPSVC(2c4.28c) 11:26:05:980 CheckGPOs: ReadGPOList count = 0
GPSVC(2c4.28c) 11:26:05:980 ReadGPOList:++
GPSVC(2c4.28c) 11:26:05:980 CheckGPOs: ReadGPOList count = 0 for user: S-1-5-21-135220595-341862767-2025350087-500
GPSVC(2c4.28c) 11:26:05:980 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:26:05:980 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:26:05:981 CheckGPOs: No GPO changes but couldn't read extension Group Policy Shortcuts's status or policy time.
GPSVC(2c4.28c) 11:26:05:981 ProcessGPOs(User): Extension Group Policy Shortcuts skipped because both deleted and changed GPO lists are empty.
GPSVC(2c4.28c) 11:26:05:981 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:26:05:981 ProcessGPOs(User): Processing extension Microsoft Offline Files
GPSVC(2c4.28c) 11:26:05:981 ReadGPOList:++
GPSVC(2c4.28c) 11:26:05:981 CheckGPOs: ReadGPOList count = 0
GPSVC(2c4.28c) 11:26:05:981 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:26:05:981 CheckGPOs: No GPO changes but couldn't read extension Microsoft Offline Files's status or policy time.
GPSVC(2c4.28c) 11:26:05:981 ProcessGPOs(User): Extension Microsoft Offline Files skipped because both deleted and changed GPO lists are empty.
GPSVC(2c4.28c) 11:26:05:981 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:26:05:981 ProcessGPOs(User): Processing extension Software Installation
GPSVC(2c4.28c) 11:26:05:982 ReadGPOList:++
GPSVC(2c4.28c) 11:26:05:982 CheckGPOs: ReadGPOList count = 0
GPSVC(2c4.28c) 11:26:05:982 ReadGPOList:++
GPSVC(2c4.28c) 11:26:05:982 CheckGPOs: ReadGPOList count = 0 for user: S-1-5-21-135220595-341862767-2025350087-500
GPSVC(2c4.28c) 11:26:05:982 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:26:05:982 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:26:05:982 CheckGPOs: No GPO changes but couldn't read extension Software Installation's status or policy time.
GPSVC(2c4.28c) 11:26:05:982 ProcessGPOs(User): Extension Software Installation skipped because both deleted and changed GPO lists are empty.
GPSVC(2c4.28c) 11:26:05:982 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:26:05:982 ProcessGPOs(User): Processing extension TCPIP
GPSVC(2c4.28c) 11:26:05:982 ReadGPOList:++
GPSVC(2c4.28c) 11:26:05:983 CheckGPOs: ReadGPOList count = 0
GPSVC(2c4.28c) 11:26:05:983 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:26:05:983 CheckGPOs: No GPO changes but couldn't read extension TCPIP's status or policy time.
GPSVC(2c4.28c) 11:26:05:983 ProcessGPOs(User): Extension TCPIP skipped with flags 0x6.
GPSVC(2c4.28c) 11:26:05:983 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:26:05:983 ProcessGPOs(User): Processing extension Internet Explorer Machine Accelerators
GPSVC(2c4.28c) 11:26:05:983 ReadGPOList:++
GPSVC(2c4.28c) 11:26:05:983 CheckGPOs: ReadGPOList count = 0
GPSVC(2c4.28c) 11:26:05:983 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:26:05:983 CheckGPOs: No GPO changes but couldn't read extension Internet Explorer Machine Accelerators's status or policy time.
GPSVC(2c4.28c) 11:26:05:984 ProcessGPOs(User): Extension Internet Explorer Machine Accelerators skipped because both deleted and changed GPO lists are empty.
GPSVC(2c4.28c) 11:26:05:984 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:26:05:984 ProcessGPOs(User): Processing extension IP Security
GPSVC(2c4.28c) 11:26:05:984 ReadGPOList:++
GPSVC(2c4.28c) 11:26:05:984 CheckGPOs: ReadGPOList count = 0
GPSVC(2c4.28c) 11:26:05:984 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:26:05:984 CheckGPOs: No GPO changes but couldn't read extension IP Security's status or policy time.
GPSVC(2c4.28c) 11:26:05:984 ProcessGPOs(User): Extension IP Security skipped with flags 0x6.
GPSVC(2c4.28c) 11:26:05:984 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:26:05:984 ProcessGPOs(User): Processing extension Group Policy Internet Settings
GPSVC(2c4.28c) 11:26:05:984 ReadStatus: Read Extension's Previous status successfully.
GPSVC(2c4.28c) 11:26:05:984 ReadGPOList:++
GPSVC(2c4.28c) 11:26:05:985 ReadGPOList: Read Key:0
GPSVC(2c4.28c) 11:26:05:985 ReadGPOList:-- (Result:TRUE)
GPSVC(2c4.28c) 11:26:05:985 CheckGPOs: ReadGPOList count = 1
GPSVC(2c4.28c) 11:26:05:985 ReadGPOList:++
GPSVC(2c4.28c) 11:26:05:985 ReadGPOList: Read Key:0
GPSVC(2c4.28c) 11:26:05:985 ReadGPOList:-- (Result:TRUE)
GPSVC(2c4.28c) 11:26:05:985 CheckGPOs: ReadGPOList count = 1 for user: S-1-5-21-135220595-341862767-2025350087-500
GPSVC(2c4.28c) 11:26:05:985 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:26:05:985 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:26:05:986 GPLockPolicySection: Sid = S-1-5-21-135220595-341862767-2025350087-500, dwTimeout = 30000, dwFlags = 0x0
GPSVC(2c4.28c) 11:26:05:986 SID = S-1-5-21-135220595-341862767-2025350087-500
GPSVC(2c4.28c) 11:26:05:986 bMachine = 0
GPSVC(2c4.28c) 11:26:05:986 Global Sync Lock Called
GPSVC(2c4.28c) 11:26:05:986 Writer Lock got immediately.
GPSVC(2c4.28c) 11:26:05:986 Global Lock taken successfully
GPSVC(2c4.28c) 11:26:05:986 ProcessGPOList:++ Entering for extension Group Policy Internet Settings
GPSVC(2c4.28c) 11:26:05:987 UserPolicyCallback: Setting status UI to Richtlinie "Group Policy Internet Settings" wird übernommen...
GPSVC(2c4.a4c) 11:26:05:987 Message Status = <Richtlinie "Group Policy Internet Settings" wird übernommen...>
GPSVC(2c4.a4c) 11:26:05:987 CStatusMessage::UpdateWinlogonStatusMessage::-- (Status: 997)
GPSVC(2c4.a4c) 11:26:05:987 CGroupPolicySession::QueueItemForPolicyApplication::-- (Status: 997)
GPSVC(2c4.a4c) 11:26:05:987 CGPApplicationService::UserLogonEvent::-- (Status: 997)
GPSVC(2c4.a4c) 11:26:05:987 CGPEventSubSystem::GroupPolicyOnLogon::-- (Status: 997)
GPSVC(2c4.28c) 11:26:05:988 ProcessGPOList: No changes. CSE will not be passed in the IwbemServices intf ptr
GPSVC(2c4.28c) 11:26:05:988 ProcessGPOList: lpGPOInfo->lpGPInfoHandle->dwExtnCount is 2 for Group Policy Internet Settings.
GPSVC(2c4.a4c) 11:26:05:988 CGPEventSubSystem::GroupPolicyOnLogon::++ (SessionId: 2)
GPSVC(2c4.a4c) 11:26:05:989 CGPApplicationService::UserLogonEvent::++ (SessionId: 2, ServiceRestart: 0)
GPSVC(2c4.a4c) 11:26:05:989 CGPApplicationService::CheckAndCreateCriticalPolicySection.
GPSVC(2c4.a4c) 11:26:05:989 User SID = <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.a4c) 11:26:05:989 Setting GPsession state = 1
GPSVC(2c4.a4c) 11:26:05:989 User SID = <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.a4c) 11:26:05:989 CGPApplicationService::GetMachinePolicyProcessingCompletionEvent.
GPSVC(2c4.a4c) 11:26:05:989 CGPApplicationService::GetMachinePolicyWaitForNetworkCompletionEvent.
GPSVC(2c4.a4c) 11:26:05:989 CGroupPolicySession::QueueItemForPolicyApplication::++ (bTriggered: 0, bConsole: 0)
GPSVC(2c4.a4c) 11:26:05:989 PolicyApplicationState is True.
GPSVC(2c4.a4c) 11:26:05:990 AsyncThreadsProcessing is False.
GPSVC(2c4.a4c) 11:26:05:990 CGroupPolicySession::QueueItemForPolicyApplication::Applying policy in Sync
GPSVC(2c4.a4c) 11:26:05:990 CStatusMessage::UpdateWinlogonStatusMessage::++ (bMachine: 0)
GPSVC(2c4.28c) 11:27:05:056 ProcessGroupPolicyCompletedExInternal: Entering. Extension = {E47248BA-94CC-49C4-BBB5-9EB7F05183D0}, dwStatus = 0x0
GPSVC(2c4.28c) 11:27:05:057 ReadGPOList:++
GPSVC(2c4.28c) 11:27:05:057 ReadGPOList: Read Key:0
GPSVC(2c4.28c) 11:27:05:057 ReadGPOList:-- (Result:TRUE)
GPSVC(2c4.28c) 11:27:05:058 GetWbemServices: CoCreateInstance succeeded
GPSVC(2c4.28c) 11:27:05:059 ConnectToNameSpace: ConnectServer returned 0x0
GPSVC(2c4.28c) 11:27:05:059 ProcessGroupPolicyCompletedExInternal: Extension {E47248BA-94CC-49C4-BBB5-9EB7F05183D0} was able to log data. Error = 0x0, dwRet = 0. Clearing the dirty bit
GPSVC(2c4.28c) 11:27:05:060 CExtSessionLogger::Log: Didn't find an instance of the extension object when trying to set the dirty flag.
GPSVC(2c4.28c) 11:27:05:060 ProcessGroupPolicyCompletedExInternal: Finished processing extension <Group Policy Internet Settings> at 394654640 ticks (ms)
GPSVC(2c4.28c) 11:27:05:060 ProcessGroupPolicyCompletedExInternal: Leaving. Extension = {E47248BA-94CC-49C4-BBB5-9EB7F05183D0}, Return status dwRet = 0x0
GPSVC(2c4.28c) 11:27:05:061 ProcessGPOList: Extension Group Policy Internet Settings returned 0x0.
GPSVC(2c4.28c) 11:27:05:061 ProcessGPOList: Extension Group Policy Internet Settings status was not updated because there was no changes and no transition or rsop wasn't enabled
GPSVC(2c4.28c) 11:27:05:061 ProcessGPOList:--
GPSVC(2c4.28c) 11:27:05:061 CPolicyCriticalSectionCollection: Deleting critical section for UserSid <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.28c) 11:27:05:061 Deleting sidString <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.28c) 11:27:05:062 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:27:05:062 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:27:05:062 ProcessGPOs(User): Processing extension Group Policy Start Menu Settings
GPSVC(2c4.28c) 11:27:05:062 ReadGPOList:++
GPSVC(2c4.28c) 11:27:05:062 CheckGPOs: ReadGPOList count = 0
GPSVC(2c4.28c) 11:27:05:062 ReadGPOList:++
GPSVC(2c4.28c) 11:27:05:062 CheckGPOs: ReadGPOList count = 0 for user: S-1-5-21-135220595-341862767-2025350087-500
GPSVC(2c4.28c) 11:27:05:062 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:27:05:062 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:27:05:062 CheckGPOs: No GPO changes but couldn't read extension Group Policy Start Menu Settings's status or policy time.
GPSVC(2c4.28c) 11:27:05:063 ProcessGPOs(User): Extension Group Policy Start Menu Settings skipped because both deleted and changed GPO lists are empty.
GPSVC(2c4.28c) 11:27:05:063 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:27:05:063 ProcessGPOs(User): Processing extension Group Policy Regional Options
GPSVC(2c4.28c) 11:27:05:063 ReadGPOList:++
GPSVC(2c4.28c) 11:27:05:063 CheckGPOs: ReadGPOList count = 0
GPSVC(2c4.28c) 11:27:05:063 ReadGPOList:++
GPSVC(2c4.28c) 11:27:05:063 CheckGPOs: ReadGPOList count = 0 for user: S-1-5-21-135220595-341862767-2025350087-500
GPSVC(2c4.28c) 11:27:05:063 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:27:05:063 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:27:05:063 CheckGPOs: No GPO changes but couldn't read extension Group Policy Regional Options's status or policy time.
GPSVC(2c4.28c) 11:27:05:063 ProcessGPOs(User): Extension Group Policy Regional Options skipped because both deleted and changed GPO lists are empty.
GPSVC(2c4.28c) 11:27:05:064 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:27:05:064 ProcessGPOs(User): Processing extension Group Policy Power Options
GPSVC(2c4.28c) 11:27:05:064 ReadGPOList:++
GPSVC(2c4.28c) 11:27:05:064 CheckGPOs: ReadGPOList count = 0
GPSVC(2c4.28c) 11:27:05:064 ReadGPOList:++
GPSVC(2c4.28c) 11:27:05:064 CheckGPOs: ReadGPOList count = 0 for user: S-1-5-21-135220595-341862767-2025350087-500
GPSVC(2c4.28c) 11:27:05:064 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:27:05:064 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:27:05:064 CheckGPOs: No GPO changes but couldn't read extension Group Policy Power Options's status or policy time.
GPSVC(2c4.28c) 11:27:05:064 ProcessGPOs(User): Extension Group Policy Power Options skipped because both deleted and changed GPO lists are empty.
GPSVC(2c4.28c) 11:27:05:064 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:27:05:065 ProcessGPOs(User): Processing extension Audit Policy Configuration
GPSVC(2c4.28c) 11:27:05:065 ReadGPOList:++
GPSVC(2c4.28c) 11:27:05:065 CheckGPOs: ReadGPOList count = 0
GPSVC(2c4.28c) 11:27:05:065 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:27:05:065 CheckGPOs: No GPO changes but couldn't read extension Audit Policy Configuration's status or policy time.
GPSVC(2c4.28c) 11:27:05:065 ProcessGPOs(User): Extension Audit Policy Configuration skipped with flags 0x6.
GPSVC(2c4.28c) 11:27:05:065 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:27:05:065 ProcessGPOs(User): Processing extension Group Policy Applications
GPSVC(2c4.28c) 11:27:05:065 ReadGPOList:++
GPSVC(2c4.28c) 11:27:05:065 CheckGPOs: ReadGPOList count = 0
GPSVC(2c4.28c) 11:27:05:065 ReadGPOList:++
GPSVC(2c4.28c) 11:27:05:065 CheckGPOs: ReadGPOList count = 0 for user: S-1-5-21-135220595-341862767-2025350087-500
GPSVC(2c4.28c) 11:27:05:066 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:27:05:066 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:27:05:066 CheckGPOs: No GPO changes but couldn't read extension Group Policy Applications's status or policy time.
GPSVC(2c4.28c) 11:27:05:066 ProcessGPOs(User): Extension Group Policy Applications skipped because both deleted and changed GPO lists are empty.
GPSVC(2c4.28c) 11:27:05:066 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:27:05:066 ProcessGPOs(User): Processing extension Enterprise QoS
GPSVC(2c4.28c) 11:27:05:066 ReadGPOList:++
GPSVC(2c4.28c) 11:27:05:066 CheckGPOs: ReadGPOList count = 0
GPSVC(2c4.28c) 11:27:05:066 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:27:05:066 CheckGPOs: No GPO changes but couldn't read extension Enterprise QoS's status or policy time.
GPSVC(2c4.28c) 11:27:05:066 ProcessGPOs(User): Extension Enterprise QoS skipped because both deleted and changed GPO lists are empty.
GPSVC(2c4.28c) 11:27:05:067 ProcessGPOs(User): -----------------------
GPSVC(2c4.28c) 11:27:05:067 ProcessGPOs(User): Processing extension CP
GPSVC(2c4.28c) 11:27:05:067 ReadGPOList:++
GPSVC(2c4.28c) 11:27:05:067 CheckGPOs: ReadGPOList count = 0
GPSVC(2c4.28c) 11:27:05:067 CompareGPOLists: The lists are the same.
GPSVC(2c4.28c) 11:27:05:067 CheckGPOs: No GPO changes but couldn't read extension CP's status or policy time.
GPSVC(2c4.28c) 11:27:05:067 ProcessGPOs(User): Extension CP skipped with flags 0x6.
GPSVC(2c4.28c) 11:27:05:067 GetFgPolicySettingImpl: Mode: 1, Reason: 5
GPSVC(2c4.28c) 11:27:05:067 ProcessGPOs(User): SKU is SYNC: Mode: 1, Reason: 7
GPSVC(2c4.28c) 11:27:05:067 gpGetFgPolicyRefreshInfo (User): Mode: Synchronous, Reason: 7
GPSVC(2c4.28c) 11:27:05:067 gpSetFgPolicyRefreshInfo (bPrev: 1, szUserSid: S-1-5-21-135220595-341862767-2025350087-500, info.mode: Synchronous)
GPSVC(2c4.28c) 11:27:05:068 SetFgRefreshInfo: Previous User Fg policy Synchronous, Reason: SKU.
GPSVC(2c4.28c) 11:27:05:068 gpSetFgPolicyRefreshInfo (bPrev: 0, szUserSid: S-1-5-21-135220595-341862767-2025350087-500, info.mode: Synchronous)
GPSVC(2c4.28c) 11:27:05:068 SetFgRefreshInfo: Next User Fg policy Synchronous, Reason: SKU.
GPSVC(2c4.28c) 11:27:05:068 ProcessGPOs(User): No WMI logging done in this policy cycle.
GPSVC(2c4.28c) 11:27:05:068 ProcessGPOs(User): Boot/Logon Policy processing - checking if UBPM trigger events need to be fired
GPSVC(2c4.28c) 11:27:05:068 CheckAndFireGPTriggerEvent: Fired Policy present UBPM trigger event for User.
GPSVC(2c4.28c) 11:27:05:069 Application complete with bConnectivityFailure = 0.
GPSVC(2c4.28c) 11:27:05:069 ApplyGroupPolicy: Getting ready to create background thread GPOThread.
GPSVC(2c4.28c) 11:27:05:069 CGroupPolicySession::ApplyGroupPolicyForPrincipal Setting m_pPolicyInfoReadyEvent
GPSVC(2c4.950) 11:27:05:069 GPOThread(User)
GPSVC(2c4.28c) 11:27:05:069 Application complete with bConnectivityFailure = 0.
GPSVC(2c4.950) 11:27:05:069 GPOThread: registering for NLA when GPService is running
GPSVC(2c4.a4c) 11:27:05:070 CStatusMessage::UpdateWinlogonStatusMessage::-- (Status: 0)
GPSVC(2c4.950) 11:27:05:070 GPOThread(User): dwOffset=1200000., dwTimeout=6600000.
GPSVC(2c4.a4c) 11:27:05:070 CGPEventSubSystem::GroupPolicyOnLogon::-- (Status: 0)
GPSVC(2c4.950) 11:27:05:070 RecentlyResumed: dwNow=394654640. dwSinceResume=394654640. recentlyResumed=0.
GPSVC(2c4.950) 11:27:05:070 GPOThread(User): Waiting 6600000.
GPSVC(2c4.1014) 11:27:05:166 CGPEventSubSystem::GroupPolicyOnStartShell::++ (SessionId: 2)
GPSVC(2c4.1014) 11:27:05:166 CGPApplicationService::HandleStartShellNotification::++ (SessionId: 2)
GPSVC(2c4.1014) 11:27:05:166 User SID = <S-1-5-21-135220595-341862767-2025350087-500>
GPSVC(2c4.1014) 11:27:05:166 CGPApplicationService::HandleStartShellNotification ExecuteLogonGPOScriptsForUser for session 2.
GPSVC(2c4.1014) 11:27:05:166 CGroupPolicySession::ExecuteLogonGPOScriptsForUser - Async.
GPSVC(2c4.1014) 11:27:05:166 CGroupPolicySession::ExecuteLogonGPOScriptsForUser - GetSetting ASYNC_SCRIPT_DELAY value:0 minutes.
GPSVC(2c4.1014) 11:27:05:166 CGPApplicationService::HandleStartShellNotification::-- (Status: 0)
GPSVC(2c4.1014) 11:27:05:167 CGPEventSubSystem::GroupPolicyOnStartShell::-- (Status: 0)
GPSVC(2c4.360) 11:27:05:167 CGroupPolicySession::ExecuteLogonScriptsAsync: Adding script delay handle.
GPSVC(2c4.360) 11:27:05:167 CGroupPolicySession::ExecuteLogonScriptsAsync: Delaying 5.
GPSVC(2c4.360) 11:27:05:172 CGroupPolicySession::ExecuteLogonScriptsAsync: Completed script delay.
GPSVC(2c4.360) 11:27:05:172 CGroupPolicySession::ExecuteGPOScriptsForThePrincipal (WaitForTheApplyGroupPolicyEventCompletedToBeSignaled) started.
GPSVC(2c4.360) 11:27:05:173 CGroupPolicySession::ExecuteGPOScriptsForThePrincipal (WaitForTheApplyGroupPolicyEventCompletedToBeSignaled) completed.
GPSVC(2c4.360) 11:27:05:173 CGroupPolicySession::ExecuteGPOScriptsForThePrincipal - User started.
GPSVC(2c4.360) 11:27:05:173 CGroupPolicySession::ExecuteGPOScriptsForThePrincipal - get token for session 2 - 0.
GPSVC(2c4.360) 11:27:05:173 CGroupPolicySession::ExecuteGPOScriptsForThePrincipal - processing user scripts.
GPSVC(2c4.13bc) 11:47:06:812 CGPNotify::UnregisterNotification: Entering with event 0x186c
GPSVC(2c4.13bc) 11:47:06:812 CGPNotify::UnregisterNotification: Exiting with dwStatus = 0x0</p>
- Typ geändert Alex Pitulice Montag, 14. Juli 2014 07:49 Warten auf Feedback
Alle Antworten
-
> Was können wir tun?Besorg Dir mal http://sysprosoft.com/policyreporter.shtml undanalysiere, warum GPP Registry und Internet Settings bei Dir so lange läuft.
Martin
Mal ein GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Hab ich gemacht.
Wenn ich mir die Analyse für den defekten Server ansehe, dann braucht er für die GPP ca. 1 Minute und auf dem anderen Server mit dem selben User nur 0,4 Sekunden.
GPSVC(2c4.a4c) 11:25:30:270 CStatusMessage::UpdateWinlogonStatusMessage::++ (bMachine: 0)
GPSVC(2c4.28c) 11:26:05:973 ProcessGroupPolicyCompletedExInternal: Entering. Extension = {B087BE9D-ED37-454F-AF9C-04291E351182}, dwStatus = 0x0Wie komme ich drauf was er da gerade macht?
-
-
> Wenn ich mir die Analyse für den defekten Server ansehe, dann braucht er> für die GPP ca. 1 Minute und auf dem anderen Server mit dem selben User> nur 0,4 Sekunden.Ja, soweit waren wir im letzten Post schon :)> Wie komme ich drauf was er da gerade macht?Aktiviere das Debug Logging für GPP Registry und schau in dieses DebugLog rein (Policy Reporter zeigt Dir das auch an):
Martin
Mal ein GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Gibt es auch eine Möglichkeit die Einträge aus dem Reporter zu extrahieren oder hier Bilder hoch zu laden?Beim Debuggen fällt leider auch nichts speziell auf. Es wird mit
Processing extensions Group Policy Registry gestartet (08:42:28)
dann kommt ein Eintrag Sid = S-1-5...-500, dwTimeout = 30000, dwFalgs = 0x0 zur selben Sekunde
dann später No changes. CSE will not be passed in the lwbemServices intf ptr
997)
997)
2)
2, ServiceRestart:0)dann lpGOPInfo->lpGPInfoHandle->dwExtnCount is 2 for Group Policy Registry.
User SID = <S-1-5-21-...-500>
Setting GPsession state = 1
User SID = <S-1-5-21-...-500>
CPGApplicationService::GetMachinePolicyProcessingCompletionEvent.
CGPApplicationService::GetMachinePolicyWaitForNetworkCompletiontEvent.
0,bconsole:0)
PolicyApplicationState is True.
AxyncThreadsProcessing is False.
CGropuPolicySession::QueueItemForPolicyApplication::Applying policy in Sync 0)Dann kommt von 8:42:28 - 8:43:15 nichts mehr (ist das das 30sekündige Timeout?)
dann Entering. Extension = {B087....}, dwStatus = 0x0
ReadPOList++
...
ConnectServer returned 0x0
Extension {B087...} was albe to log data. Error = 0x0, dwRet = 0, crlearing dirty bit
Didn't find an instance of the Extension object when tryinng to set the dirty flag.
Finished processing Extension <Group Policy Registry> at 72842468 ticks (MS)
Leaving Extension ... Status dwRet = 0x0Ich werde daraus leider nicht schlau, wo der Fehler liegen könnte...
-
Moin,
noch mal ne kleine Frage am Rande:
Wie ist DNS konfiguriert?
- Auf beiden Servern (so sie denn Domänencontroller sind), DNS-Server eingerichtet, AD integriert? Server A zeigt in den TCP/IP-Eigenschaften primär auf die IP-Adresse von Server B und umgekehrt?
- Kein Server ist multihomed, sprich mit mehreren aktiven Netzwerkadaptern unterwegs?
- Falls die Server keine DCs sind, verweisen sie allein auf einen oder zwei DCs, der/die gleichzeitig DNS-Server sind und nicht auf irgendwelche Adressen außerhalb der Domäne (Router, Google DNS und dergleichen)?
Bei mehreren Domänencontrollern: Funktioniert die Replikation korrekt?
Viele Grüße
Olaf- Bearbeitet Olaf Engelke Montag, 7. Juli 2014 07:42
-
Morgen Olaf,
Die Umgebung ist denkbar einfach: 2 Domain-Controller, 1xPrimary, 1xSecondary, beide betroffenen Server sind in der Domain, haben nur eine Netzwerkverbindung, somit kann es natürlich sein, dass der eine auf dem Primary und der andere auf dem Secondary landet, sollte aber durch die Syncronisierung ja kein Thema darstellen, vorallem, weil wir auf den restlichen Servern ja die Themen auch nicht haben.
Schöne Grüße,
Martin -
> Processing extensions Group Policy Registry gestartet (08:42:28)Das ist immer noch das gpsvc.log - das NUTZT hier nix. Du brauchst dasDebug Log von GPP Registry - siehe mein voriger Post...
Martin
Mal ein GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Moin Martin,
ich frage deshalb, weil es in Umgebungen mit mehreren DCs schon passiert ist, dass diese im eigenen Saft schmorten, weil sie nur auf ihre eigene IP-Adresse verwiesen und keine Replikation in die Gänge kam.
Dass das dann ggf. auch den Zugriff auf Gruppenrichtlinien betrifft, für die der PDC-Emulator die Zentralkoordination übernimmt, würde dann solche Unstimmigkeiten erklären.
Ohne die detaillierten ipconfigs der Domänencontroller und der beteiligten Server sowie ggf. Auswertung der Ereignisanzeige aber schwer aus der Ferne zu prüfen.
Die Systemzeit aller beteiligter Maschinen stimmt überein (Datum, Uhrzeit, Zeitzone)?
Vielleicht auch mal den problematischen Server in eine andere OU verlagern, gpupdate /force, neu starten, zurückverlegen ...
Viele Grüße
Olaf -
Am 07.07.2014 schrieb Mg Smiley:
Die Umgebung ist denkbar einfach: 2 Domain-Controller, 1xPrimary, 1xSecondary, beide betroffenen Server sind in der Domain, haben nur eine Netzwerkverbindung, somit kann es natürlich sein, dass der eine auf dem Primary und der andere auf dem Secondary landet, sollte aber durch die Syncronisierung ja kein Thema darstellen, vorallem, weil wir auf den restlichen Servern ja die Themen auch nicht haben.
Nicht können, sondern müssen. Zeit doch ein ipconfig /all von beiden
DCs. Dann sieht man weiter.
Servus
Winfried
Gruppenrichtlinien
WSUS Package Publisher
HowTos zum WSUS Package Publisher
NNTP-Bridge für MS-Foren -
Jetzt hab ich mal ein User-Log:
2014-07-14 16:46:44.974 [pid=0x2d4,tid=0xd10] Entering ProcessGroupPolicyExInternet()
2014-07-14 16:46:44.974 [pid=0x2d4,tid=0xd10] SOFTWARE\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}
2014-07-14 16:46:44.974 [pid=0x2d4,tid=0xd10] BackgroundPriorityLevel ( 7 )
2014-07-14 16:46:44.974 [pid=0x2d4,tid=0xd10] DisableRSoP ( 0 )
2014-07-14 16:46:44.975 [pid=0x2d4,tid=0xd10] LogLevel ( 2 )
2014-07-14 16:46:44.975 [pid=0x2d4,tid=0xd10] Command subsystem initialized. [SUCCEEDED(S_FALSE)]
2014-07-14 16:46:45.010 [pid=0x2d4,tid=0xd10] ----- Parameters
2014-07-14 16:46:45.010 [pid=0x2d4,tid=0xd10] CSE GUID : {E47248BA-94CC-49c4-BBB5-9EB7F05183D0}
2014-07-14 16:46:45.010 [pid=0x2d4,tid=0xd10] Flags : ( ) GPO_INFO_FLAG_MACHINE - Apply machine policy rather than user policy
2014-07-14 16:46:45.010 [pid=0x2d4,tid=0xd10] ( ) GPO_INFO_FLAG_BACKGROUND - Background refresh of policy (ok to do slow stuff)
2014-07-14 16:46:45.010 [pid=0x2d4,tid=0xd10] ( ) GPO_INFO_FLAG_SLOWLINK - Policy is being applied across a slow link
2014-07-14 16:46:45.010 [pid=0x2d4,tid=0xd10] ( ) GPO_INFO_FLAG_VERBOSE - Verbose output to the eventlog
2014-07-14 16:46:45.010 [pid=0x2d4,tid=0xd10] ( X ) GPO_INFO_FLAG_NOCHANGES - No changes were detected to the Group Policy Objects
2014-07-14 16:46:45.010 [pid=0x2d4,tid=0xd10] ( ) GPO_INFO_FLAG_LINKTRANSITION - A change in link speed was detected between previous policy application and current policy application
2014-07-14 16:46:45.010 [pid=0x2d4,tid=0xd10] ( ) GPO_INFO_FLAG_LOGRSOP_TRANSITION - A change in RSoP logging was detected between the application of the previous policy and the application of the current policy.
2014-07-14 16:46:45.010 [pid=0x2d4,tid=0xd10] ( ) GPO_INFO_FLAG_FORCED_REFRESH - Forced Refresh is being applied. redo policies.
2014-07-14 16:46:45.011 [pid=0x2d4,tid=0xd10] ( ) GPO_INFO_FLAG_SAFEMODE_BOOT - windows safe mode boot flag
2014-07-14 16:46:45.011 [pid=0x2d4,tid=0xd10] ( ) GPO_INFO_FLAG_ASYNC_FOREGROUND - Asynchronous foreground refresh of policy
2014-07-14 16:46:45.011 [pid=0x2d4,tid=0xd10] Token (computer or user SID): S-1-5-21-135220595-341862767-2025350087-500
2014-07-14 16:46:45.011 [pid=0x2d4,tid=0xd10] Abort Flag : Yes (0x07b77630)
2014-07-14 16:46:45.011 [pid=0x2d4,tid=0xd10] HKey Root : Yes (0x00001d20)
2014-07-14 16:46:45.012 [pid=0x2d4,tid=0xd10] Deleted GPO List : No
2014-07-14 16:46:45.012 [pid=0x2d4,tid=0xd10] Changed GPO List : Yes
2014-07-14 16:46:45.012 [pid=0x2d4,tid=0xd10] Asynchronous Processing : Yes
2014-07-14 16:46:45.012 [pid=0x2d4,tid=0xd10] Status Callback : Yes (0x0b3cd0e0)
2014-07-14 16:46:45.012 [pid=0x2d4,tid=0xd10] WMI namespace : No (0x00000000)
2014-07-14 16:46:45.012 [pid=0x2d4,tid=0xd10] RSoP Status : Yes (0x05d9e990)
2014-07-14 16:46:45.012 [pid=0x2d4,tid=0xd10] Planning Mode Site : (none)
2014-07-14 16:46:45.012 [pid=0x2d4,tid=0xd10] Computer Target : No (0x00000000)
2014-07-14 16:46:45.013 [pid=0x2d4,tid=0xd10] User Target : No (0x00000000)
2014-07-14 16:46:45.013 [pid=0x2d4,tid=0xd10] Calculated list relevance. [SUCCEEDED(S_FALSE)]
2014-07-14 16:46:45.013 [pid=0x2d4,tid=0xd10] ----- Changed - 0
2014-07-14 16:46:45.013 [pid=0x2d4,tid=0xd10] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
2014-07-14 16:46:45.013 [pid=0x2d4,tid=0xd10] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
2014-07-14 16:46:45.013 [pid=0x2d4,tid=0xd10] Options (raw) : 0x00000000
2014-07-14 16:46:45.013 [pid=0x2d4,tid=0xd10] Version : 17563916 (0x010c010c)
2014-07-14 16:46:45.013 [pid=0x2d4,tid=0xd10] GPC : LDAP://CN=User,cn={76613B22-F9A3-4B9B-A18F-7FA899CE1E19},cn=policies,cn=system,DC=koenig-kg,DC=at
2014-07-14 16:46:45.014 [pid=0x2d4,tid=0xd10] GPT : \\koenig-kg.at\SysVol\koenig-kg.at\Policies\{76613B22-F9A3-4B9B-A18F-7FA899CE1E19}\User
2014-07-14 16:46:45.014 [pid=0x2d4,tid=0xd10] GPO Display Name : Internet Browser
2014-07-14 16:46:45.014 [pid=0x2d4,tid=0xd10] GPO Name : {76613B22-F9A3-4B9B-A18F-7FA899CE1E19}
2014-07-14 16:46:45.014 [pid=0x2d4,tid=0xd10] GPO Link : ( ) GPLinkUnknown - No link information is available.
2014-07-14 16:46:45.014 [pid=0x2d4,tid=0xd10] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
2014-07-14 16:46:45.014 [pid=0x2d4,tid=0xd10] ( ) GPLinkSite - The GPO is linked to a site.
2014-07-14 16:46:45.014 [pid=0x2d4,tid=0xd10] ( ) GPLinkDomain - The GPO is linked to a domain.
2014-07-14 16:46:45.014 [pid=0x2d4,tid=0xd10] ( X ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
2014-07-14 16:46:45.014 [pid=0x2d4,tid=0xd10] ( ) GP Link Error
2014-07-14 16:46:45.014 [pid=0x2d4,tid=0xd10] lParam : 0x00000000
2014-07-14 16:46:45.014 [pid=0x2d4,tid=0xd10] Prev GPO : No
2014-07-14 16:46:45.014 [pid=0x2d4,tid=0xd10] Next GPO : No
2014-07-14 16:46:45.015 [pid=0x2d4,tid=0xd10] Extensions : [{00000000-0000-0000-0000-000000000000}{5C935941-A954-4F7C-B507-885941ECE5C4}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F73-3407-48AE-BA88-E8213C6761F1}][{B087BE9D-ED37-454F-AF9C-04291E351182}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{E47248BA-94CC-49C4-BBB5-9EB7F05183D0}{5C935941-A954-4F7C-B507-885941ECE5C4}]
2014-07-14 16:46:45.015 [pid=0x2d4,tid=0xd10] lParam2 : 0x07b85858
2014-07-14 16:46:45.015 [pid=0x2d4,tid=0xd10] Link : LDAP://OU=RANKWEIL,DC=koenig-kg,DC=at
2014-07-14 16:46:45.028 [pid=0x2d4,tid=0xd10] Purge GPH : C:\Users\administrator.KOENIG\AppData\Local\Microsoft\Group Policy\History\{76613B22-F9A3-4B9B-A18F-7FA899CE1E19}\S-1-5-21-135220595-341862767-2025350087-500\Preferences\InternetSettings\InternetSettings.xml
2014-07-14 16:46:45.033 [pid=0x2d4,tid=0xd10] Read GPE XML data file (121547 bytes total).
2014-07-14 16:46:45.045 [pid=0x2d4,tid=0xd10] Starting filter [AND FilterFile].
2014-07-14 16:46:45.494 [pid=0x2d4,tid=0xd10] Starting filter [AND FilterFile].
2014-07-14 16:46:45.496 [pid=0x2d4,tid=0xd10] Starting filter [AND FilterFile].
2014-07-14 16:46:45.645 [pid=0x2d4,tid=0xd10] Completed get next GPO. [SUCCEEDED(S_FALSE)]
2014-07-14 16:46:45.645 [pid=0x2d4,tid=0xd10] Completed get GPO list. [SUCCEEDED(S_FALSE)]
2014-07-14 16:46:45.645 [pid=0x2d4,tid=0xd10] IsRsopPlanningMode() [SUCCEEDED(S_FALSE)]
2014-07-14 16:46:45.645 [pid=0x2d4,tid=0xd10] IsWinlogonDesktop() [SUCCEEDED(S_FALSE)]
2014-07-14 16:47:25.243 [pid=0x2d4,tid=0xd10] Leaving ProcessGroupPolicyExInternet() returned 0x00000000...und hier ipconfig /all der dc´s:
DC1:
Windows-IP-Konfiguration
Hostname . . . . . . . . . . . . : DC1
Prim„res DNS-Suffix . . . . . . . : koenig-kg.at
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : koenig-kg.atEthernet-Adapter Ethernet 2:
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physische Adresse . . . . . . . . : 00-0C-29-B0-25-EC
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv4-Adresse . . . . . . . . . . : 10.0.1.25(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.0.0
Standardgateway . . . . . . . . . : 10.0.1.254
DNS-Server . . . . . . . . . . . : 10.0.1.35
10.0.1.25
NetBIOS ber TCP/IP . . . . . . . : AktiviertTunneladapter LAN-Verbindung* 1:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft-Teredo-Tunneling-Adapter
Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : JaTunneladapter isatap.{1F494B79-23EF-4313-936D-B81F5B09EF2F}:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #3
Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : JaDC2:
Windows-IP-KonfigurationHostname . . . . . . . . . . . . : DC2
Prim„res DNS-Suffix . . . . . . . : koenig-kg.at
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : koenig-kg.atEthernet-Adapter Ethernet 2:
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physische Adresse . . . . . . . . : 00-0C-29-C6-15-85
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv4-Adresse . . . . . . . . . . : 10.0.1.35(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.0.0
Standardgateway . . . . . . . . . : 10.0.1.254
DNS-Server . . . . . . . . . . . : 10.0.1.25
10.0.1.35
NetBIOS ber TCP/IP . . . . . . . : AktiviertTunneladapter LAN-Verbindung* 1:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft-Teredo-Tunneling-Adapter
Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : JaTunneladapter isatap.{6800A1C2-DDB7-46EC-9586-1B1134EAC699}:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #2
Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : JaIch denke mal, dass noch weitere Logs nach Server-Neustart folgen...
- Bearbeitet Mg Smiley Montag, 14. Juli 2014 15:21
-
Moin,
die IP-Konfiguration sieht so weit korrekt aus. Nslookup auf die DC funktioniert vom Client aus korrekt? Im DNS ist eine Reverse-Lookup-Zone eingerichtet?Ich sehe gerade (vmxnet3 Ethernet Adapter), dass die Domänencontroller virtuell zu sein scheinen?
Dann kommen auf der Ebene vermutlich noch einige Möglichkeiten dazu, die zur Verlangsamung beitragen können ... Erfahrungen der letzten Jahre sind allerdings zu begrenzt, um hier ins Detail zu gehen. Deshalb nur ein paar allgemeine Fragen: Ist die VM-Software inklusive der Clientkomponenten auf dem aktuellen Stand?
Was wirft denn gpresult /h report.html auf dem langsamen Server aus? Tauchen darin irgendwelche Fehler auf?
Viele Grüße
Olaf
- Bearbeitet Olaf Engelke Dienstag, 15. Juli 2014 07:08
-
> *2014-07-14 16:46:45.645 [pid=0x2d4,tid=0xd10] IsWinlogonDesktop()> [SUCCEEDED(S_FALSE)]*> *2014-07-14 16:47:25.243 [pid=0x2d4,tid=0xd10] Leaving> ProcessGroupPolicyExInternet() returned 0x00000000*Hast Du diesen Gap auch bei einem manuellen GPUpdate? Dann lass paralleldazu Process Monitor mitlaufen und filtere dort anschließend auf diePID/TID aus dem GPP-Log...Mit der IP-Config der DCs hat das eher nichts zu tun - hier bewegen wiruns nur auf dem lokalen Computer.
Martin
Mal ein GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Moin,
die IP-Konfiguration sieht so weit korrekt aus. Nslookup auf die DC funktioniert vom Client aus korrekt? Im DNS ist eine Reverse-Lookup-Zone eingerichtet?Ich sehe gerade (vmxnet3 Ethernet Adapter), dass die Domänencontroller virtuell zu sein scheinen?
Dann kommen auf der Ebene vermutlich noch einige Möglichkeiten dazu, die zur Verlangsamung beitragen können ... Erfahrungen der letzten Jahre sind allerdings zu begrenzt, um hier ins Detail zu gehen. Deshalb nur ein paar allgemeine Fragen: Ist die VM-Software inklusive der Clientkomponenten auf dem aktuellen Stand?
Was wirft denn gpresult /h report.html auf dem langsamen Server aus? Tauchen darin irgendwelche Fehler auf?
Viele Grüße
Olaf
Hallo Olaf,
Nslookup und Reverse-Lookup-Zone, alles ok und normal.
Geschwindigkeitseinbussen aufgrund der Virtualisierung kann ich ausschliessen, da alle Server virtualisiert sind und ansonsten keine Probleme auftauchen. Alle Komponenten auf aktuellem Stand und gpresult wirft keine Fehler aus.Was es jetzt nicht einfach macht... ;o)
Beste Grüße
-
Ja, diesen Gap habe ich auch bei manuellem gpupdate. Das war ein guter Hinweis mit dem ProcessMonitor.
Kann es denn wirklich sein, dass mir hier die Zeitsynchronisation einen Streich spielt?Anbei der Auszug:
09:56:45,2808418 svchost.exe 764 ReadFile C:\Windows\System32\vmictimeprovider.dll SUCCESS Offset: 49.664, Length: 2.048, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal 3344 09:56:45,2860195 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:56:45,2860497 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:56:45,2860634 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:56:45,2860803 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:56:45,2860984 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:56:50,2861316 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:56:50,2861643 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:56:50,2861817 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:56:50,2862028 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:56:50,2862256 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:56:55,2865559 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:56:55,2865711 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:56:55,2865847 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:56:55,2866023 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:56:55,2866191 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:57:00,2867536 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:57:00,2867850 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:57:00,2868012 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:57:00,2868250 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:57:00,2868471 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:57:05,2869720 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:57:05,2869960 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:57:05,2870076 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:57:05,2870254 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:57:05,2870439 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:57:10,2872927 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:57:10,2873174 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:57:10,2873291 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:57:10,2873468 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:57:10,2873654 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:57:15,2875708 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:57:15,2875944 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:57:15,2876062 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:57:15,2876234 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:57:15,2876414 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:57:20,2878418 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:57:20,2878718 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:57:20,2878885 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:57:20,2879134 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:57:20,2879382 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:57:25,2882407 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:57:25,2882671 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:57:25,2882792 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:57:25,2882968 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:57:25,2883158 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:57:30,2885076 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:57:30,2885344 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:57:30,2885487 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:57:30,2885705 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:57:30,2885951 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:57:35,2887412 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:57:35,2887730 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:57:35,2887857 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:57:35,2888098 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:57:35,2888367 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:57:40,2890126 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:57:40,2890448 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:57:40,2890628 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:57:40,2890917 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:57:40,2891200 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:57:45,2892935 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:57:45,2893192 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:57:45,2893310 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:57:45,2893484 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:57:45,2893674 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:57:50,2895817 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:57:50,2896069 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:57:50,2896188 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:57:50,2896365 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:57:50,2896554 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:57:55,2905301 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:57:55,2906015 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:57:55,2906147 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:57:55,2908089 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:57:55,2908303 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:58:00,2911236 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:58:00,2911521 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:58:00,2911663 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:58:00,2911842 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:58:00,2912024 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:58:05,2914188 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:58:05,2914431 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:58:05,2914548 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:58:05,2914729 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:58:05,2914916 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:58:10,2952345 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:58:10,2967151 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:58:10,2967364 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:58:10,2967558 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:58:10,2967749 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:58:15,2973595 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:58:15,2973946 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:58:15,2974115 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:58:15,2974360 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:58:15,2974620 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:58:20,2973332 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:58:20,2973667 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:58:20,2973846 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:58:20,2974103 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:58:20,2974363 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:58:25,2975951 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:58:25,2976271 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:58:25,2976440 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:58:25,2976681 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:58:25,2976925 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:58:30,2978675 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:58:30,2978932 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:58:30,2979050 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:58:30,2979231 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:58:30,2979424 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:58:35,2981289 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:58:35,2981540 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:58:35,2981658 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:58:35,2981836 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:58:35,2982023 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:58:40,3086883 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:58:40,3088834 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:58:40,3089055 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:58:40,3089225 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:58:40,3089395 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:58:45,3087119 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:58:45,3087366 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:58:45,3087484 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:58:45,3087663 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:58:45,3087852 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:58:50,3089872 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:58:50,3090118 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:58:50,3090237 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:58:50,3090414 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:58:50,3090600 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:58:55,3173537 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:58:55,3173782 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:58:55,3173901 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:58:55,3174082 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:58:55,3174269 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:59:00,3178998 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:59:00,3224016 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:59:00,3224799 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:59:00,3224883 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:59:00,3225462 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:59:05,3228833 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:59:05,3229085 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:59:05,3229202 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:59:05,3229375 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:59:05,3229563 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:59:10,3232184 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:59:10,3232492 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:59:10,3232655 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:59:10,3232907 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:59:10,3233155 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344 09:59:15,3234417 svchost.exe 764 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read 3344 09:59:15,3234660 svchost.exe 764 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 3344 09:59:15,3234775 svchost.exe 764 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC REPARSE Desired Access: Read 3344 09:59:15,3234953 svchost.exe 764 RegOpenKey HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC NAME NOT FOUND Desired Access: Read 3344 09:59:15,3235140 svchost.exe 764 RegCloseKey HKLM SUCCESS 3344
-
> Kann es denn wirklich sein, dass mir hier die Zeitsynchronisation einen> Streich spielt?Würde mich extremst wundern :)> 09:56:45,2808418 svchost.exe 764 ReadFile C:\Windows\System32\vmictimeprovider.dll SUCCESS Offset: 49.664, Length: 2.048, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal 3344Die PID hast Du aus dem zugehörigen GPP Log ermittelt? Ich kann mirabsolut nicht vorstellen, dass GPSVC in diesem Gap nix anderes macht alsmit dem Time Service rumzuspielen - das macht "normalerweise" nurW32Time. Aber wenn das natürlich im gleichen SVCHost läuft...Stell den GPSVC mal auf Standalone Service um.
Martin
Mal ein GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Sorry, du hast natürlich recht. Ich hab mich bei der Umrechnung von hex in dec verrechnet... :-(
Gefiltert nach PID 728 (0x2d8) und TID 3016 (0xbc8) lt. GPP-Log erhalte ich folgende Einträge im ProcessMonitor, Zeitraum 09:58:00 bis 09:59:00:
09:58:00,8202381 svchost.exe 728 QueryStandardInformationFile C:\tmp\GroupPolicy\Trace\User.log SUCCESS AllocationSize: 303.104, EndOfFile: 299.715, NumberOfLinks: 1, DeletePending: False, Directory: False 3016 09:58:00,8202519 svchost.exe 728 WriteFile C:\tmp\GroupPolicy\Trace\User.log SUCCESS Offset: 299.715, Length: 88, Priority: Normal 3016 09:58:00,8202838 svchost.exe 728 CloseFile C:\tmp\GroupPolicy\Trace\User.log SUCCESS 3016 09:59:02,9218139 svchost.exe 728 Thread Create SUCCESS Thread ID: 5872 3016 09:59:03,1136559 svchost.exe 728 CreateFile C:\Windows\debug\UserMode\gpsvc.log SUCCESS Desired Access: Write Data/Add File, Append Data/Add Subdirectory/Create Pipe Instance, Read Attributes, Synchronize, Dis, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, OpenResult: Opened 3016 09:59:03,1137230 svchost.exe 728 QueryStandardInformationFile C:\Windows\debug\UserMode\gpsvc.log SUCCESS AllocationSize: 11.214.848, EndOfFile: 11.214.760, NumberOfLinks: 1, DeletePending: False, Directory: False 3016
Hier die Einträge nur nach PID gefiltert (inkl. anderer Threads) - neuer Trace:
13:34:07,7846909 svchost.exe 728 RegEnumValue HKLM\System\CurrentControlSet\Services\LanmanServer\Shares NO MORE ENTRIES Index: 7, Length: 4.094 968 13:34:07,7847022 svchost.exe 728 RegCloseKey HKLM\System\CurrentControlSet\Services\LanmanServer\Shares SUCCESS 968 13:34:35,7677742 svchost.exe 728 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access 5188 13:34:35,7678001 svchost.exe 728 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0 5188
Wie kann ich den GPSVC auf einen Standalone-Service umstellen? Ich kann den Dienst (C:\Windows\system32\svchost.exe -k netsvcs) noch nicht mal manuell neu starten...
-
> Wie kann ich den GPSVC auf einen Standalone-Service umstellen? Ich kann> den Dienst (C:\Windows\system32\svchost.exe -k netsvcs) noch nicht mal> manuell neu starten...
Martin
Mal ein GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Danke für den Hinweis, wieder etwas dazu gelernt (svc sharing, groups, etc.).
Ein Neustart des Servers ist erst heute Nacht möglich. Ich möchte mich aber jetzt schon für Deine bisherige Unterstützung bedanken.
Eine Rückmeldung von mir erfolgt also erst wieder morgen...
-
> Morgen ist jetzt über 2 Jahre her - wir haben gerade ein ähnliches> Problem bei einem kunden, wäre interessant zu wissen ob das Problem> gelöst werden konnte, und wenn ja, wie.Lies Dir den Thread komplett durch und mach die Analyseschritte dazu :-)Dann sehen wir weiter. Und bitte mach dafür dann einen eigenen Thread auf.
-
Hallo Martin,
das habe ich natürlich schon getan - aber hätte das zur Lösung geführt, hätte ich nicht gefragt, wie die Lösung hier aus gesehen hat!
Mein Problem habe ich schon selbst lösen können. Bei uns hing der Logon-Prozess bei "Group Policy Files" für ziemlich genau 30 Sekunden. Schuld waren verwaiste UNC-Pfade in manchden der GPO's, die noch auf eine alte IP zeigten, von einem Server, der kürzlich vom Netz ging - nach Korrektur der Pfade lief alles wieder - leider ist Microsoft ja immer sehr sparsam mit konkreten Fehlermeldungen....selbst im Jahre 2016, sonst hätte das sicher schneller gelöst werden können.
Es wäre trotzdem interesannt zu wissen, ob das Problem des Thread-Erstellers hier gelöst werden konnte oder nicht.
Gruss
Andi
-
> das habe ich natürlich schon getan - aber hätte das zur Lösung geführt,> hätte ich nicht gefragt, wie die Lösung hier aus gesehen hat!Hätte es, denn...> Schuld waren verwaiste UNC-Pfade in manchden der GPO's, die noch auf> eine alte IP zeigten, von einem Server, der kürzlich vom Netz ging -...wenn Du für GPP Files das Debug Logging aktivierst, steht das dadrinne :-)Cheers!
