none
Windows 7 Rechner in stehen beim Hochfahren sporadisch auf "bitte warten" RRS feed

  • Allgemeine Diskussion

  • Liebe Comunity,

    da dies das deutsche Forum ist nochmal in unserer Muttersprache:

    seit einigen Wochen, haben wir das Problem, dass verschiedene Windows 7 PCs in unserer Domäne sehr lange brauchen, um zum Anmeldebildschirm zu kommen. Es wird nur "bitte warten" angezeigt. Wenn man die Systeme einfach machen lässt, dauert es bis zu 2,5 Stunden, bis sie beim Anmeldebildschirm sind. Wenn man das Netzwerkkabel rauszieht und den PC neu startet, läuft alles normal. Startet man den PC neu, ohne das Netzwerkkabel abzuziehen, startet er manchmal normal, aber nicht immer, manchmal steht er auch wieder auf "bitte warten".

    Das Problem tritt insgesamt sehr sporadisch auf.

    Wenn man den Rechner machen lässt, bis der PC von selbst zum Anmeldebildschirm kommt, steht im Anwendungslog: "Der Anmeldebenachrichtigungsabonnent <GPClient> hat xxxx Sekunden benötigt, um dieses Benachrichtigungsereignis (Create Session) zu bearbeiten.

    Ich habe die erweiterte Statusanzeige an einigen Systemen über die Registry aktiviert und als bei einem System der Fehler aufgetreten ist, wurde "Richtlinie "Group Policy Folders" wird geladen" angezeigt, als das der PC stand.

    Wir haben keine sonderlich komplizierten GPOs und auch keine kompexen WMI Abfragen. Die Systeme sind wenn sie hängen übers Netzwerk erreichbar, auch die Computerverwaltung usw., wenn ich aber über die Gruppenrichtlinienverwaltung-Gruppenrichtlinienergebisse einen Report für das System erstellen will, ist es nicht erreichbar. Wenn der PC wieder normal läuft und ich erstelle einen Report, sieht alles normal aus.

    Hat irgendjemand noch eine Idee für mich, wo das Haken könnte?

    Danke und Grüße

    Franz

    -----------------------------------------------------------

    Dear comunity,

    since several weeks, we have the problem, that some of our Windows 7 pc's in our domain need very long time, to get to the log on screen. It only shows "please wait" If you just leave them it needs up to 2,5 hours to get to the logon. If you detach the Network cable and restart the PC everything is normal. If you just restart the PC without detaching the LAN it may go fast too, but not always, sometimes its stays on "please wait" again.

    The hole problem occurs very sporadically.

    If you let the pc do until the logonscreen appears, there is an entry in the application log,  wich says that GPclient needed very long to execute the "create session" messagingevent.

    I activated the verbosestatus on some systems to get more info at the startup and when one of the systems hang, it said "Policy "Group Policy Folders" gets loaded. but I couldn't find anything on that status.

    Our Group Policies arent very complicated or complex, and our wmi Filters aren't too. When a PC hangs, I can reach it over the network look at the applicationprotocols and everything, but when I go to the GPO-mmc to make an report for the system, its not reachable. When the systems behaviour is normal again (after reboot eg) I get the report and averything looks normal.

    Sorry if the notifications arent precise, they are translated from german.

    Does anyone of you have any suggestions for me?

    Thanks

    Franz


    Donnerstag, 28. Juni 2012 11:52

Alle Antworten

  • Hallo Franz,

    aktiviere doch einmal das Tracing der Group Policy Preferences:

    http://blogs.technet.com/b/askds/archive/2008/07/18/enabling-group-policy-preferences-debug-logging-using-the-rsat.aspx

    Zusätzlich solltest du auch das "normale" Logging des gpsvc einschalten.

    Dazu den Order "usermode" in C:\Windows\debug anlegen.
    Dann den Schlüssel "Diagnostics" in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion anlegen.


    Jetzt diese *.reg Datei ausführen:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics]
    "GPsvcDebugLevel"=dword:00030002


    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!


    Donnerstag, 28. Juni 2012 13:18
    Beantworter
  • Vielen Dank für den Tip, das werde ich morgen Vormittag ausprobieren, muss aber vorher noch das Group Policy Preferences ADMX file set integrieren, die Option hab ich nicht in meinen Gruppenrichtlinien. Ich melde mich wirder, wenn ich logs hab.

    Danke und Grüße

    Franz

    Donnerstag, 28. Juni 2012 13:57
  • Am 28.06.2012 schrieb Franz Julius:

    seit einigen Wochen, haben wir das Problem, dass verschiedene Windows 7 PCs in unserer Domäne sehr lange brauchen, um zum Anmeldebildschirm zu kommen. Es wird nur "bitte warten" angezeigt. Wenn man die Systeme einfach machen lässt, dauert es bis zu 2,5 Stunden, bis sie beim Anmeldebildschirm sind. Wenn man das Netzwerkkabel rauszieht und den PC neu startet, läuft alles normal. Startet man den PC neu, ohne das Netzwerkkabel abzuziehen, startet er manchmal normal, aber nicht immer, manchmal steht er auch wieder auf "bitte warten".

    Verschieb den Client doch in eine OU, auf der keine GPO verlinkt ist,
    ausser der Default Domain Policy, gpupdate und zweimal neu starten.
    Geht es jetzt besser?

    Du kannst auch zusätzlich die Ausführlichen Meldungen anzeigen lassen,
    ist eine Einstellung in den GPOs, dann siehst Du zumindest was der
    Rechner gerade macht. Ansonsten die Tipps von Matthias ausführen.

    Servus
    Winfried


    Connect2WSUS: http://www.grurili.de/tools/Connect2WSUS.exe
    GPO's: http://www.gruppenrichtlinien.de
    Community Forums NNTP Bridge: http://communitybridge.codeplex.com/

    Donnerstag, 28. Juni 2012 20:07
  • Danke für die Tips, Winfried, aber wenn der Rechner einmal angemeldet war tritt das Problem vorerst nicht mehr auf. gpupdate kann ich ohne Anmeldung nicht ausführen. Wenn dann müsste ich alle 700 Clients in eine OU verschieben, auf die keine GPO wirkt und schauen, ob das Problem in den nächsten Tagen noch auftritt, aber das ist nicht praktikabel.

    Die ausführlichen Meldungen (verbosestatus in der Registry, falls Du die meinst) lasse ich mir bereits anzeigen, daher kam ich ja auf die Meldung "Group Policy Folders" wird geladen" mit der ich nichts anfangen kann. Bei dieser Meldung bleiben die Rechner stehen, wenn sie hängen.

    Ich werd mich heute mal an das Aktivieren der Logs machen, muss dummerweise gleichzeitig unter anderem eine SAP-Installation betreunen, könnte also etwas dauern, bis ich Ergebnisse liefern kann.

    Danke & Gruß

    Franz

    Freitag, 29. Juni 2012 06:39
  • Erstell doch mal einen Ergebnissatz (Admin-Commandline: gpresult /h
    report.html) und schau, was Du in den GPP Folders so definiert hast. Ist
    da was dabei, das mit UNC-Pfaden zu tun hat? DIe Zeit, die die GPP
    FOlders benötigt haben, siehst Du übrigens im Eventlog (Anwendungs- und
    Dienstprotokolle/Microsoft/Gruppenrichtlinie).
     
    mfg Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Samstag, 30. Juni 2012 12:31
    Beantworter
  • Am 29.06.2012 schrieb Franz Julius:

    Danke für die Tips, Winfried, aber wenn der Rechner einmal angemeldet war tritt das Problem vorerst nicht mehr auf. gpupdate kann ich ohne Anmeldung nicht ausführen.

    Du kannst GPUPDATE in ein Computerstartupscript einbauen. Dann läuft
    das vor der Anmeldung.

    Wenn dann müsste ich alle 700 Clients in eine OU verschieben, auf die keine GPO wirkt und schauen, ob das Problem in den nächsten Tagen noch auftritt, aber das ist nicht praktikabel.

    Natürlich ist es nicht praktikabel 700 Clients zu verschieben. Evtl.
    hast Du ein paar Poweruser die beim testen hilfreich sein können. Dann
    diese Clients in Absprache verschieben.

    Die ausführlichen Meldungen (verbosestatus in der Registry, falls Du die meinst) lasse ich mir bereits anzeigen, daher kam ich ja auf die Meldung "Group Policy Folders" wird geladen" mit der ich nichts anfangen kann. Bei dieser Meldung bleiben die Rechner stehen, wenn sie hängen.

    OK, dann ist es ein GPP. Das muss sich doch herausfinden lassen,
    welche GPPs es gibt.

    Ich werd mich heute mal an das Aktivieren der Logs machen, muss dummerweise gleichzeitig unter anderem eine SAP-Installation betreunen, könnte also etwas dauern, bis ich Ergebnisse liefern kann.

    OK, wir warten auf Ergebnisse. ;)

    Servus
    Winfried


    Connect2WSUS: http://www.grurili.de/tools/Connect2WSUS.exe
    GPO's: http://www.gruppenrichtlinien.de
    Community Forums NNTP Bridge: http://communitybridge.codeplex.com/

    Sonntag, 1. Juli 2012 15:14
  • Um eine Gruppe mit Poweruser zu bilden, tritt der Fehler viel zu sporadisch und chaotisch auf. Selbst wenn die Gruppe drei Wochen sauber läuft, kann ich nicht sagen, ob es an den fehlenden GPOs liegt. 

    Die Rechner hängen ärgerlicherweise nicht einmal konsequent bei "Group Policy Folders" wird geladen" sondern auch mal an anderen Stellen.

    Unten der Auszug eines Logs von einem PC der beim Hochfahren hing. Diesmal die Meldung: "Sicherheitsrichtlinien des Computers werden übernommen"

    Im von Martin genannten GPO LOG steht bei 06.07.2012.07.24.28:

    Die Gruppenrichtlinienabhängigkeiten (NLA (Network Location Awareness)) konnten nicht gestartet werden. Die netzwerkbezogenen Funktionen der Gruppenrichtlinien [Schätzung der Bandweite und Antwort auf Netzwerkveränderungen] funktionieren daher nicht.

    Danach macht er aber fleißg weiter und es ist unter anderem der Eintrag:

    Die Verarbeitung der Group Policy Folders-Erweiterung wurde in 484 Millisekunden abgeschlossen.

    Der letzte Eintrag vor dem Restart lautet:

    Die Gruppenrichtlinie hat die Benachrichtigung CreateSession von Winlogon für Sitzung 1 empfangen.

    Ein Auszug aus dem LOG, eben genau der hängengebliebene Systemstart:

    2012-07-06 07:24:34.732 [pid=0x3c8,tid=0x538] Entering ProcessGroupPolicyExFolders()
    2012-07-06 07:24:34.904 [pid=0x3c8,tid=0x538] SOFTWARE\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}
    2012-07-06 07:24:34.904 [pid=0x3c8,tid=0x538] BackgroundPriorityLevel ( 0 )
    2012-07-06 07:24:34.904 [pid=0x3c8,tid=0x538] DisableRSoP ( 0 )
    2012-07-06 07:24:34.904 [pid=0x3c8,tid=0x538] LogLevel ( 3 )
    2012-07-06 07:24:34.904 [pid=0x3c8,tid=0x538] Command subsystem initialized. [SUCCEEDED(S_FALSE)]
    2012-07-06 07:24:34.904 [pid=0x3c8,tid=0x538] Client context subsystem initialized.
    2012-07-06 07:24:34.904 [pid=0x3c8,tid=0x538] Configuration subsystem initialized.
    2012-07-06 07:24:34.904 [pid=0x3c8,tid=0x538] Licensing subsystem initialized.
    2012-07-06 07:24:34.904 [pid=0x3c8,tid=0x538] User information initialized.
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %ComSpec% = "C:\Windows\system32\cmd.exe"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %FP_NO_HOST_CHECK% = "NO"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %OS% = "Windows_NT"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %Path% = "C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Services\IPT\"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %PATHEXT% = ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %PROCESSOR_ARCHITECTURE% = "x86"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %TEMP% = "C:\Users\Default\Local Settings\Temp"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %TMP% = "C:\Users\Default\Local Settings\Temp"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %USERNAME% = "FLY-0743$"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %windir% = "C:\Windows"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %PSModulePath% = "C:\Windows\system32\WindowsPowerShell\v1.0\Modules\"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %NUMBER_OF_PROCESSORS% = "4"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %PROCESSOR_LEVEL% = "6"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %PROCESSOR_IDENTIFIER% = "x86 Family 6 Model 42 Stepping 7, GenuineIntel"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %PROCESSOR_REVISION% = "2a07"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %windows_tracing_logfile% = "C:\BVTBin\Tests\installpackage\csilogfile.log"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %windows_tracing_flags% = "3"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %ALLUSERSPROFILE% = "C:\ProgramData"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %APPDATA% = "C:\Windows\system32\config\systemprofile\AppData\Roaming"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %CommonProgramFiles% = "C:\Program Files\Common Files"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %COMPUTERNAME% = "FLY-0743"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %LOCALAPPDATA% = "C:\Windows\system32\config\systemprofile\AppData\Local"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %ProgramData% = "C:\ProgramData"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %ProgramFiles% = "C:\Program Files"
    2012-07-06 07:24:34.951 [pid=0x3c8,tid=0x538] Variable %PUBLIC% = "C:\Users\Public"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %SystemDrive% = "C:"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %SystemRoot% = "C:\Windows"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %USERDOMAIN% = "TOWERGROUP"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %USERPROFILE% = "C:\Users\Default"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %LogonUser% = ""
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %LogonDomain% = ""
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %LogonUserSid% = "S-1-5-21-3576547694-2988280012-2039117460-17739"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %BinaryUserSid% = "0000454B798A7694B21D88CCD52DC96E000000150500000000000501"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %LdapUserSid% = "\01\05\00\00\00\00\00\05\15\00\00\00\6E\C9\2D\D5\CC\88\1D\B2\94\76\8A\79\4B\45\00\00"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %ReversedUserSid% = "0105000000000005150000006EC92DD5CC881DB294768A794B450000"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %BinaryComputerSid% = "0000454B798A7694B21D88CCD52DC96E000000150500000000000501"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %ReversedComputerSid% = "0105000000000005150000006EC92DD5CC881DB294768A794B450000"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %LdapComputerSid% = "\01\05\00\00\00\00\00\05\15\00\00\00\6E\C9\2D\D5\CC\88\1D\B2\94\76\8A\79\4B\45\00\00"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %OsVersion% = "Windows 7"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %LocalTimeEx% = "2012-07-06 07:24:34.920"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %LocalTime% = "2012-07-06 07:24:34"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %LocalTimeXmlEx% = "2012-07-06T07:24:34.920"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %LocalTimeXml% = "2012-07-06T07:24:34"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %DateTimeEx% = "2012-07-06 05:24:34.920"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %DateTime% = "2012-07-06 05:24:34"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %MacAddress% = "d2-e4-20-52-41-53"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %TempDir% = "C:\Windows\system32\config\systemprofile\AppData\Local\Temp"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %WindowsDir% = "C:\Windows"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %SystemDir% = "C:\Windows\system32"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %DomainName% = "TOWERGROUP"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %ProgramFilesDir% = "C:\Program Files"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %AppDataDir% = "C:\Users\Default\AppData\Roaming"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %DesktopDir% = "C:\Users\Default\Desktop"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %StartMenuDir% = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %ProgramsDir% = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %StartUpDir% = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %FavoritesDir% = "C:\Users\Default\Favorites"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %SendToDir% = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo"
    2012-07-06 07:24:34.966 [pid=0x3c8,tid=0x538] Variable %RecentDocumentsDir% = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent"
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Variable %NetPlacesDir% = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts"
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Variable %CommonAppdataDir% = "C:\ProgramData"
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Variable %CommonDesktopDir% = "C:\Users\Public\Desktop"
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Variable %CommonStartMenuDir% = "C:\ProgramData\Microsoft\Windows\Start Menu"
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Variable %CommonProgramsDir% = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs"
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Variable %CommonStartUpDir% = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Variable %CommonFavoritesDir% = "C:\Windows\system32\config\systemprofile\Favorites"
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Variable %CurrentProcessId% = "968"
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Variable %CurrentThreadId% = "1336"
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Variable %GroupPolicyVersion% = "6.1.7601.17514"
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Variable %TraceFile% = "C:\ProgramData\GroupPolicy\Preference\Trace\Computer.log"
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Variable %LastError% = "0x00000000"
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Variable %LastErrorText% = "Der Vorgang wurde erfolgreich beendet."
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Variables subsystem initialized.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] ----- Parameters
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] CSE GUID : {6232C319-91AC-4931-9385-E70C2B099F0E}
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Flags : ( X ) GPO_INFO_FLAG_MACHINE - Apply machine policy rather than user policy
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_BACKGROUND - Background refresh of policy (ok to do slow stuff)
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_SLOWLINK - Policy is being applied across a slow link
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_VERBOSE - Verbose output to the eventlog
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538]         ( X ) GPO_INFO_FLAG_NOCHANGES - No changes were detected to the Group Policy Objects
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_LINKTRANSITION - A change in link speed was detected between previous policy application and current policy application
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_LOGRSOP_TRANSITION - A change in RSoP logging was detected between the application of the previous policy and the application of the current policy.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_FORCED_REFRESH - Forced Refresh is being applied. redo policies.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_SAFEMODE_BOOT - windows safe mode boot flag
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_ASYNC_FOREGROUND - Asynchronous foreground refresh of policy
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Token (computer or user SID): S-1-5-18
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Abort Flag : Yes (0x001cf340)
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] HKey Root : Yes (0x80000002)
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Deleted GPO List : No
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Changed GPO List : Yes
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Asynchronous Processing : Yes
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Status Callback : Yes (0x7351aaa8)
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] WMI namespace : No (0x00000000)
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] RSoP Status : Yes (0x00ebfac0)
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Planning Mode Site : (none)
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Computer Target : No (0x00000000)
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] User Target : No (0x00000000)
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Calculated session relevance.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Completed CSE pre-processing.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Calculated list relevance. [SUCCEEDED(S_FALSE)]
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Deleted GPO list is not relevant to the CSE.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Calculated list relevance.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Planning mode not detected.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Processing changed list.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Processing computer policy.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Got WMI namespace for logging mode.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Completed get GPO list.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Initialized internal RSoP storage.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Completed GPO list pre-processing.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] ----- Changed - 0
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Options : (   ) GPO_FLAG_DISABLE - This GPO is disabled.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538]           ( X ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Options (raw) : 0x00000002
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] Version : 7798903 (0x00770077)
    2012-07-06 07:24:35.169 [pid=0x3c8,tid=0x538] GPC : LDAP://CN=Machine,cn={434FB1C6-D750-45B1-AC62-B77AFF039202},cn=policies,cn=system,DC=Towergroup,DC=local
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] GPT : \\Towergroup.local\SysVol\Towergroup.local\Policies\{434FB1C6-D750-45B1-AC62-B77AFF039202}\Machine
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] GPO Display Name : Logonscreen
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] GPO Name : {434FB1C6-D750-45B1-AC62-B77AFF039202}
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] GPO Link : (   ) GPLinkUnknown - No link information is available.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538]            (   ) GPLinkMachine - The GPO is linked to a computer (local or remote).
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538]            (   ) GPLinkSite - The GPO is linked to a site.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538]            ( X ) GPLinkDomain - The GPO is linked to a domain.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538]            (   ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538]            (   ) GP Link Error
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] lParam : 0x00000000
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Prev GPO : No
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Next GPO : No
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Extensions : [{00000000-0000-0000-0000-000000000000}{3BAE7E51-E3F4-41D0-853D-9BB9FD47605F}{3EC4E9D3-714D-471F-88DC-4DD4471AAB47}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{6232C319-91AC-4931-9385-E70C2B099F0E}{3EC4E9D3-714D-471F-88DC-4DD4471AAB47}][{7150F9BF-48AD-4DA4-A49C-29EF4A8369BA}{3BAE7E51-E3F4-41D0-853D-9BB9FD47605F}][{B087BE9D-ED37-454F-AF9C-04291E351182}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}]
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] lParam2 : 0x016b85cc
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Link : LDAP://DC=Towergroup,DC=local
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Variable %GPHPATH% = "C:\ProgramData\Microsoft\Group Policy\History\{434FB1C6-D750-45B1-AC62-B77AFF039202}\Machine"
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Completed get GPH path.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Completed set extensions.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Completed get GPO is relevant.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Variable %GPTPATH% = "\\Towergroup.local\SysVol\Towergroup.local\Policies\{434FB1C6-D750-45B1-AC62-B77AFF039202}\Machine"
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Completed get GPT path.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Completed RSoP init.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Completed get next GPO.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Completed check GPO license usage.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Completed GPO pre-processing.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Started removing policy.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Read GPH data file.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Completed parse of GPH XML.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Completed get tree root.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Deleted GPH data file.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Started package execution.
    2012-07-06 07:24:35.185 [pid=0x3c8,tid=0x538] Set package timestamp variable (2012-07-06 05:24:34).
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Starting class <Folders>.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] RunOnce value created [SUCCEEDED(S_FALSE)]
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Handle Children.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] {07DA02F5-F9CD-4397-A550-4AE21B6B4BD3}
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Starting class <Folder> - backgrounds.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Policy is not flagged for removal.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Completed class <Folder> - backgrounds.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Completed class <Folders>.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Completed package execution.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Completed execution of removal package.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Completed remove GPH.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Started applying policy.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Opened file.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Got file size.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Created file buffer.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Completed read file data.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Terminated file buffer.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Closed file handle.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Read GPE XML data file (627 bytes total).
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Completed parse of GPE XML data.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Completed loading of package.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Completed get tree root.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Started package execution.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Set package timestamp variable (2012-07-06 05:24:34).
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Starting class <Folders>.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] RunOnce value created [SUCCEEDED(S_FALSE)]
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Handle Children.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] {07DA02F5-F9CD-4397-A550-4AE21B6B4BD3}
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Starting class <Folder> - backgrounds.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Starting filter [AND FilterRunOnce].
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Adding child elements to RSOP.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] RunOnce value found [SUCCEEDED(S_FALSE)]
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Failed hidden filter [FilterRunOnce].
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Starting filter [AND FilterOs].
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Adding child elements to RSOP.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Passed filter [FilterOs].
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Filters not passed.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Completed class <Folder> - backgrounds.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Completed class <Folders>.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Completed package execution.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Completed execution of apply package.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Update GPH : apmCreateFoldersEx
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Update GPH : xmlRemovalPackage
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Update GPH : apmWriteFile
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Updated GPH.
    2012-07-06 07:24:35.200 [pid=0x3c8,tid=0x538] Completed apply GPO.
    2012-07-06 07:24:35.216 [pid=0x3c8,tid=0x538] Completed GPO post-processing.
    2012-07-06 07:24:35.216 [pid=0x3c8,tid=0x538] Completed get next GPO. [SUCCEEDED(S_FALSE)]
    2012-07-06 07:24:35.216 [pid=0x3c8,tid=0x538] RSoP namespace not initialized.
    2012-07-06 07:24:35.216 [pid=0x3c8,tid=0x538] Completed GPO list post-processing.
    2012-07-06 07:24:35.216 [pid=0x3c8,tid=0x538] Completed get GPO list. [SUCCEEDED(S_FALSE)]
    2012-07-06 07:24:35.216 [pid=0x3c8,tid=0x538] Completed CSE post-processing.
    2012-07-06 07:24:35.216 [pid=0x3c8,tid=0x538] User impersonation uninitialized.
    2012-07-06 07:24:35.216 [pid=0x3c8,tid=0x538] Leaving ProcessGroupPolicyExFolders() returned 0x00000000
    2012-07-06 07:24:35.216 [pid=0x3c8,tid=0x538]
    2012-07-06 07:24:35.232 [pid=0x3c8,tid=0x538] Entering ProcessGroupPolicyExFiles()
    2012-07-06 07:24:35.232 [pid=0x3c8,tid=0x538] SOFTWARE\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}
    2012-07-06 07:24:35.232 [pid=0x3c8,tid=0x538] BackgroundPriorityLevel ( 0 )
    2012-07-06 07:24:35.232 [pid=0x3c8,tid=0x538] DisableRSoP ( 0 )
    2012-07-06 07:24:35.232 [pid=0x3c8,tid=0x538] LogLevel ( 3 )
    2012-07-06 07:24:35.232 [pid=0x3c8,tid=0x538] Command subsystem initialized. [SUCCEEDED(S_FALSE)]
    2012-07-06 07:24:35.232 [pid=0x3c8,tid=0x538] Client context subsystem initialized.
    2012-07-06 07:24:35.232 [pid=0x3c8,tid=0x538] Configuration subsystem initialized.
    2012-07-06 07:24:35.232 [pid=0x3c8,tid=0x538] Licensing subsystem initialized.
    2012-07-06 07:24:35.232 [pid=0x3c8,tid=0x538] User information initialized.
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %ComSpec% = "C:\Windows\system32\cmd.exe"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %FP_NO_HOST_CHECK% = "NO"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %OS% = "Windows_NT"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %Path% = "C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Services\IPT\"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %PATHEXT% = ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %PROCESSOR_ARCHITECTURE% = "x86"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %TEMP% = "C:\Users\Default\Local Settings\Temp"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %TMP% = "C:\Users\Default\Local Settings\Temp"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %USERNAME% = "FLY-0743$"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %windir% = "C:\Windows"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %PSModulePath% = "C:\Windows\system32\WindowsPowerShell\v1.0\Modules\"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %NUMBER_OF_PROCESSORS% = "4"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %PROCESSOR_LEVEL% = "6"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %PROCESSOR_IDENTIFIER% = "x86 Family 6 Model 42 Stepping 7, GenuineIntel"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %PROCESSOR_REVISION% = "2a07"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %windows_tracing_logfile% = "C:\BVTBin\Tests\installpackage\csilogfile.log"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %windows_tracing_flags% = "3"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %ALLUSERSPROFILE% = "C:\ProgramData"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %APPDATA% = "C:\Windows\system32\config\systemprofile\AppData\Roaming"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %CommonProgramFiles% = "C:\Program Files\Common Files"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %COMPUTERNAME% = "FLY-0743"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %LOCALAPPDATA% = "C:\Windows\system32\config\systemprofile\AppData\Local"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %ProgramData% = "C:\ProgramData"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %ProgramFiles% = "C:\Program Files"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %PUBLIC% = "C:\Users\Public"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %SystemDrive% = "C:"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %SystemRoot% = "C:\Windows"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %USERDOMAIN% = "TOWERGROUP"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %USERPROFILE% = "C:\Users\Default"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %LogonUser% = ""
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %LogonDomain% = ""
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %LogonUserSid% = "S-1-5-21-3576547694-2988280012-2039117460-17739"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %BinaryUserSid% = "0000454B798A7694B21D88CCD52DC96E000000150500000000000501"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %LdapUserSid% = "\01\05\00\00\00\00\00\05\15\00\00\00\6E\C9\2D\D5\CC\88\1D\B2\94\76\8A\79\4B\45\00\00"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %ReversedUserSid% = "0105000000000005150000006EC92DD5CC881DB294768A794B450000"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %BinaryComputerSid% = "0000454B798A7694B21D88CCD52DC96E000000150500000000000501"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %ReversedComputerSid% = "0105000000000005150000006EC92DD5CC881DB294768A794B450000"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %LdapComputerSid% = "\01\05\00\00\00\00\00\05\15\00\00\00\6E\C9\2D\D5\CC\88\1D\B2\94\76\8A\79\4B\45\00\00"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %OsVersion% = "Windows 7"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %LocalTimeEx% = "2012-07-06 07:24:35.232"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %LocalTime% = "2012-07-06 07:24:35"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %LocalTimeXmlEx% = "2012-07-06T07:24:35.232"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %LocalTimeXml% = "2012-07-06T07:24:35"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %DateTimeEx% = "2012-07-06 05:24:35.232"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %DateTime% = "2012-07-06 05:24:35"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %MacAddress% = "d2-e4-20-52-41-53"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %TempDir% = "C:\Windows\system32\config\systemprofile\AppData\Local\Temp"
    2012-07-06 07:24:35.263 [pid=0x3c8,tid=0x538] Variable %WindowsDir% = "C:\Windows"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %SystemDir% = "C:\Windows\system32"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %DomainName% = "TOWERGROUP"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %ProgramFilesDir% = "C:\Program Files"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %AppDataDir% = "C:\Users\Default\AppData\Roaming"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %DesktopDir% = "C:\Users\Default\Desktop"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %StartMenuDir% = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %ProgramsDir% = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %StartUpDir% = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %FavoritesDir% = "C:\Users\Default\Favorites"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %SendToDir% = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %RecentDocumentsDir% = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %NetPlacesDir% = "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %CommonAppdataDir% = "C:\ProgramData"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %CommonDesktopDir% = "C:\Users\Public\Desktop"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %CommonStartMenuDir% = "C:\ProgramData\Microsoft\Windows\Start Menu"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %CommonProgramsDir% = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %CommonStartUpDir% = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %CommonFavoritesDir% = "C:\Windows\system32\config\systemprofile\Favorites"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %CurrentProcessId% = "968"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %CurrentThreadId% = "1336"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %GroupPolicyVersion% = "6.1.7601.17514"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %TraceFile% = "C:\ProgramData\GroupPolicy\Preference\Trace\Computer.log"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %LastError% = "0x00000000"
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %LastErrorText% = "Der Vorgang wurde erfolgreich beendet."
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variables subsystem initialized.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] ----- Parameters
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] CSE GUID : {7150F9BF-48AD-4da4-A49C-29EF4A8369BA}
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Flags : ( X ) GPO_INFO_FLAG_MACHINE - Apply machine policy rather than user policy
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_BACKGROUND - Background refresh of policy (ok to do slow stuff)
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_SLOWLINK - Policy is being applied across a slow link
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_VERBOSE - Verbose output to the eventlog
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538]         ( X ) GPO_INFO_FLAG_NOCHANGES - No changes were detected to the Group Policy Objects
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_LINKTRANSITION - A change in link speed was detected between previous policy application and current policy application
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_LOGRSOP_TRANSITION - A change in RSoP logging was detected between the application of the previous policy and the application of the current policy.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_FORCED_REFRESH - Forced Refresh is being applied. redo policies.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_SAFEMODE_BOOT - windows safe mode boot flag
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538]         (   ) GPO_INFO_FLAG_ASYNC_FOREGROUND - Asynchronous foreground refresh of policy
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Token (computer or user SID): S-1-5-18
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Abort Flag : Yes (0x001cf340)
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] HKey Root : Yes (0x80000002)
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Deleted GPO List : No
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Changed GPO List : Yes
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Asynchronous Processing : Yes
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Status Callback : Yes (0x7351aaa8)
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] WMI namespace : No (0x00000000)
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] RSoP Status : Yes (0x00ebfac0)
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Planning Mode Site : (none)
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Computer Target : No (0x00000000)
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] User Target : No (0x00000000)
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Calculated session relevance.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Completed CSE pre-processing.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Calculated list relevance. [SUCCEEDED(S_FALSE)]
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Deleted GPO list is not relevant to the CSE.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Calculated list relevance.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Planning mode not detected.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Processing changed list.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Processing computer policy.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Got WMI namespace for logging mode.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Completed get GPO list.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Initialized internal RSoP storage.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Completed GPO list pre-processing.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] ----- Changed - 0
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Options : (   ) GPO_FLAG_DISABLE - This GPO is disabled.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538]           ( X ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Options (raw) : 0x00000002
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Version : 7798903 (0x00770077)
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] GPC : LDAP://CN=Machine,cn={434FB1C6-D750-45B1-AC62-B77AFF039202},cn=policies,cn=system,DC=Towergroup,DC=local
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] GPT : \\Towergroup.local\SysVol\Towergroup.local\Policies\{434FB1C6-D750-45B1-AC62-B77AFF039202}\Machine
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] GPO Display Name : Logonscreen
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] GPO Name : {434FB1C6-D750-45B1-AC62-B77AFF039202}
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] GPO Link : (   ) GPLinkUnknown - No link information is available.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538]            (   ) GPLinkMachine - The GPO is linked to a computer (local or remote).
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538]            (   ) GPLinkSite - The GPO is linked to a site.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538]            ( X ) GPLinkDomain - The GPO is linked to a domain.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538]            (   ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538]            (   ) GP Link Error
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] lParam : 0x00000000
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Prev GPO : No
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Next GPO : No
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Extensions : [{00000000-0000-0000-0000-000000000000}{3BAE7E51-E3F4-41D0-853D-9BB9FD47605F}{3EC4E9D3-714D-471F-88DC-4DD4471AAB47}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{6232C319-91AC-4931-9385-E70C2B099F0E}{3EC4E9D3-714D-471F-88DC-4DD4471AAB47}][{7150F9BF-48AD-4DA4-A49C-29EF4A8369BA}{3BAE7E51-E3F4-41D0-853D-9BB9FD47605F}][{B087BE9D-ED37-454F-AF9C-04291E351182}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}]
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] lParam2 : 0x016b85cc
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Link : LDAP://DC=Towergroup,DC=local
    2012-07-06 07:24:35.278 [pid=0x3c8,tid=0x538] Variable %GPHPATH% = "C:\ProgramData\Microsoft\Group Policy\History\{434FB1C6-D750-45B1-AC62-B77AFF039202}\Machine"
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed get GPH path.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed set extensions.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed get GPO is relevant.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Variable %GPTPATH% = "\\Towergroup.local\SysVol\Towergroup.local\Policies\{434FB1C6-D750-45B1-AC62-B77AFF039202}\Machine"
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed get GPT path.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed RSoP init.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed get next GPO.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed check GPO license usage.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed GPO pre-processing.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Started removing policy.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Read GPH data file.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed parse of GPH XML.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed get tree root.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Deleted GPH data file.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Started package execution.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Set package timestamp variable (2012-07-06 05:24:35).
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Starting class <Files>.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] RunOnce value created [SUCCEEDED(S_FALSE)]
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Handle Children.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] {50BE44C8-567A-4ed1-B1D0-9234FE1F38AF}
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Starting class <File> - backgrounds.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Policy is not flagged for removal.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed class <File> - backgrounds.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed class <Files>.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed package execution.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed execution of removal package.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed remove GPH.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Started applying policy.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Opened file.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Got file size.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Created file buffer.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed read file data.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Terminated file buffer.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Closed file handle.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Read GPE XML data file (605 bytes total).
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed parse of GPE XML data.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed loading of package.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Completed get tree root.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Started package execution.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Set package timestamp variable (2012-07-06 05:24:35).
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Starting class <Files>.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] RunOnce value created [SUCCEEDED(S_FALSE)]
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Handle Children.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] {50BE44C8-567A-4ed1-B1D0-9234FE1F38AF}
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Starting class <File> - backgrounds.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Starting filter [AND FilterOs].
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Adding child elements to RSOP.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Passed filter [FilterOs].
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Filters passed.
    2012-07-06 07:24:35.294 [pid=0x3c8,tid=0x538] Adding child elements to RSOP.
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Source file '\\towergroup.local\NETLOGON\logonscreen\Windows7\backgrounddefault.jpg' was copied to 'C:\Windows\System32\oobe\INFO\backgrounds\backgrounddefault.jpg'.
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Properties handled.
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] RunOnce value created [SUCCEEDED(S_FALSE)]
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Handle Children.
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] EVENT : Das Computer "backgrounds"-Einstellungselement im Gruppenrichtlinienobjekt "Logonscreen {434FB1C6-D750-45B1-AC62-B77AFF039202}" wurde erfolgreich übernommen.
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Completed class <File> - backgrounds.
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Completed class <Files>.
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Completed package execution.
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Completed execution of apply package.
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Update GPH : apmCreateFoldersEx
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Update GPH : xmlRemovalPackage
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Update GPH : apmWriteFile
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Updated GPH.
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Completed apply GPO.
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Completed GPO post-processing.
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Completed get next GPO. [SUCCEEDED(S_FALSE)]
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] RSoP namespace not initialized.
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Completed GPO list post-processing.
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Completed get GPO list. [SUCCEEDED(S_FALSE)]
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] Completed CSE post-processing.
    2012-07-06 07:24:35.325 [pid=0x3c8,tid=0x538] User impersonation uninitialized.
    2012-07-06 07:24:35.341 [pid=0x3c8,tid=0x538] Leaving ProcessGroupPolicyExFiles() returned 0x00000000
    2012-07-06 07:24:35.341 [pid=0x3c8,tid=0x538]

    Fällt Euch zu diesen Infos vielleicht schon was ein?

    Danke und Grüße

    Franz

    Freitag, 6. Juli 2012 06:59
  • Hallo Franz.
     
    Nein, das gibt nicht wirklich was her... Wenn die Rechner an immer
    wieder anderen Stellen hängen bleiben, dann "kann" die WMI-Datenbank
    damit zu tun haben (in der werden alle Einstellungen protokolliert, um
    einen Ergebnissatz erstellen zu können).
     
    Dann würdest Du in dem Log bei "RSOP-Data" Zeitlücken sehen, die hier
    aber nicht vorhanden sind.
     
    mfg Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Freitag, 6. Juli 2012 11:17
    Beantworter
  • Hallo allerseits

    Ich habe einen neuen Anhaltspunkt. Ich vermute sehr stark, dass der WSUS verantwortlich ist.

    Am Freitag stand ein Rechner eine ganze Weile während des Hochfahrens und das WindowsUpdatelog schaut folgendermaßen aus:

    2012-07-06    07:37:12:705     996    708    Misc    ===========  Logging initialized (build: 7.5.7601.17514, tz: +0200)  ===========
    2012-07-06    07:37:12:720     996    708    Misc      = Process: C:\Windows\system32\svchost.exe
    2012-07-06    07:37:12:720     996    708    Misc      = Module: c:\windows\system32\wuaueng.dll
    2012-07-06    07:37:12:705     996    708    Service    *************
    2012-07-06    07:37:12:720     996    708    Service    ** START **  Service: Service startup
    2012-07-06    07:37:12:720     996    708    Service    *********
    2012-07-06    07:37:12:861     996    708    Agent      * WU client version 7.5.7601.17514
    2012-07-06    07:37:12:861     996    708    Agent      * Base directory: C:\Windows\SoftwareDistribution
    2012-07-06    07:37:12:861     996    708    Agent      * Access type: No proxy
    2012-07-06    07:37:12:861     996    708    Agent      * Network state: Connected
    2012-07-06    07:37:58:413     996    708    Report    CWERReporter::Init succeeded
    2012-07-06    07:37:58:413     996    708    Agent    ***********  Agent: Initializing Windows Update Agent  ***********
    2012-07-06    07:37:58:413     996    708    Agent    ***********  Agent: Initializing global settings cache  ***********
    2012-07-06    07:37:58:413     996    708    Agent      * WSUS server: http://srv-wsus
    2012-07-06    07:37:58:413     996    708    Agent      * WSUS status server: http://srv-wsus
    2012-07-06    07:37:58:413     996    708    Agent      * Target group: Windows7
    2012-07-06    07:37:58:413     996    708    Agent      * Windows Update access disabled: No
    2012-07-06    07:37:58:428     996    708    DnldMgr    Download manager restoring 0 downloads
    2012-07-06    07:37:58:444     996    708    AU    ###########  AU: Initializing Automatic Updates  ###########
    2012-07-06    07:37:58:444     996    708    AU    AU setting next detection timeout to 2012-07-06 05:37:58
    2012-07-06    07:37:58:444     996    708    AU      # WSUS server: http://srv-wsus
    2012-07-06    07:37:58:444     996    708    AU      # Detection frequency: 22
    2012-07-06    07:37:58:444     996    708    AU      # Target group: Windows7
    2012-07-06    07:37:58:444     996    708    AU      # Approval type: Scheduled (Policy)
    2012-07-06    07:37:58:444     996    708    AU      # Scheduled install day/time: Every day at 6:00
    2012-07-06    07:37:58:444     996    708    AU      # Auto-install minor updates: Yes (Policy)
    2012-07-06    07:37:58:444     996    708    AU      # Power management is turned off through policy
    2012-07-06    07:37:58:459     996    708    AU    Initializing featured updates
    2012-07-06    07:37:58:459     996    708    AU    Found 0 cached featured updates
    2012-07-06    07:37:58:584     996    708    Report    ***********  Report: Initializing static reporting data  ***********
    2012-07-06    07:37:58:584     996    708    Report      * OS Version = 6.1.7601.1.0.65792
    2012-07-06    07:37:58:584     996    708    Report      * OS Product Type = 0x00000030
    2012-07-06    07:37:58:600     996    708    Report      * Computer Brand = Dell Inc.
    2012-07-06    07:37:58:600     996    708    Report      * Computer Model = OptiPlex 380                 
    2012-07-06    07:37:58:600     996    708    Report      * Bios Revision = A03
    2012-07-06    07:37:58:600     996    708    Report      * Bios Name = Phoenix ROM BIOS PLUS Version 1.10 A03
    2012-07-06    07:37:58:600     996    708    Report      * Bios Release Date = 2010-12-06T00:00:00
    2012-07-06    07:37:58:600     996    708    Report      * Locale ID = 1031
    2012-07-06    07:37:58:615     996    708    AU    Successfully wrote event for AU health state:0
    2012-07-06    07:37:58:631     996    708    AU    Successfully wrote event for AU health state:0
    2012-07-06    07:37:58:631     996    708    AU    AU finished delayed initialization
    2012-07-06    07:37:58:631     996    708    AU    #############
    2012-07-06    07:37:58:631     996    708    AU    ## START ##  AU: Search for updates
    2012-07-06    07:37:58:631     996    708    AU    #########
    2012-07-06    07:37:58:740     996    708    AU    <<## SUBMITTED ## AU: Search for updates [CallId = {B2D69EF3-FB84-45A6-BC64-C31462C5357A}]
    2012-07-06    07:37:59:832     996    4b4    Agent    *************
    2012-07-06    07:37:59:832     996    4b4    Agent    ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
    2012-07-06    07:37:59:832     996    4b4    Agent    *********
    2012-07-06    07:37:59:832     996    4b4    Agent      * Online = No; Ignore download priority = No
    2012-07-06    07:37:59:832     996    4b4    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2012-07-06    07:37:59:832     996    4b4    Agent      * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2012-07-06    07:37:59:832     996    4b4    Agent      * Search Scope = {Machine}
    2012-07-06    07:38:05:635     996    4b4    Agent      * Found 0 updates and 69 categories in search; evaluated appl. rules of 872 out of 1632 deployed entities
    2012-07-06    07:38:05:635     996    4b4    Agent    *********
    2012-07-06    07:38:05:635     996    4b4    Agent    **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
    2012-07-06    07:38:05:635     996    4b4    Agent    *************
    2012-07-06    07:38:05:651     996    cf0    AU    >>##  RESUMED  ## AU: Search for updates [CallId = {B2D69EF3-FB84-45A6-BC64-C31462C5357A}]
    2012-07-06    07:38:05:651     996    cf0    AU      # 0 updates detected
    2012-07-06    07:38:05:651     996    cf0    AU    #########
    2012-07-06    07:38:05:651     996    cf0    AU    ##  END  ##  AU: Search for updates [CallId = {B2D69EF3-FB84-45A6-BC64-C31462C5357A}]
    2012-07-06    07:38:05:651     996    cf0    AU    #############
    2012-07-06    07:38:05:651     996    cf0    AU    Featured notifications is disabled.
    2012-07-06    07:38:05:651     996    cf0    AU    Successfully wrote event for AU health state:0
    2012-07-06    07:38:05:651     996    708    AU    #############
    2012-07-06    07:38:05:651     996    708    AU    ## START ##  AU: Search for updates
    2012-07-06    07:38:05:651     996    708    AU    #########
    2012-07-06    07:38:05:651     996    708    AU    <<## SUBMITTED ## AU: Search for updates [CallId = {1E4060FD-6637-4956-AA5B-234CC98792D0}]
    2012-07-06    07:38:05:651     996    4b4    Report    REPORT EVENT: {F0160F66-5B85-425B-A4CF-EC106ADDEAD0}    2012-07-06 07:37:58:631+0200    1    202    102    {00000000-0000-0000-0000-000000000000}    0    0    AutomaticUpdates    Success    Content Install    Reboot completed.
    2012-07-06    07:38:05:713     996    4b4    Report    CWERReporter finishing event handling. (00000000)
    2012-07-06    07:38:05:713     996    4b4    Agent    *************
    2012-07-06    07:38:05:713     996    4b4    Agent    ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
    2012-07-06    07:38:05:713     996    4b4    Agent    *********
    2012-07-06    07:38:05:713     996    4b4    Agent      * Online = Yes; Ignore download priority = No
    2012-07-06    07:38:05:713     996    4b4    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2012-07-06    07:38:05:713     996    4b4    Agent      * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2012-07-06    07:38:05:713     996    4b4    Agent      * Search Scope = {Machine}
    2012-07-06    07:38:05:713     996    4b4    Setup    Checking for agent SelfUpdate
    2012-07-06    07:38:05:713     996    4b4    Setup    Client version: Core: 7.5.7601.17514  Aux: 7.5.7601.17514
    2012-07-06    07:38:05:713     996    4b4    Misc    Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
    2012-07-06    07:38:05:791     996    4b4    Misc     Microsoft signed: Yes
    2012-07-06    07:38:08:412     996    4b4    Misc    Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
    2012-07-06    07:38:08:412     996    4b4    Misc     Microsoft signed: Yes
    2012-07-06    07:38:08:459     996    4b4    Misc    Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
    2012-07-06    07:38:08:490     996    4b4    Misc     Microsoft signed: Yes
    2012-07-06    07:38:08:490     996    4b4    Misc    Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
    2012-07-06    07:38:08:490     996    4b4    Misc     Microsoft signed: Yes
    2012-07-06    07:38:08:537     996    4b4    Setup    Determining whether a new setup handler needs to be downloaded
    2012-07-06    07:38:08:553     996    4b4    Misc    Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe:
    2012-07-06    07:38:08:568     996    4b4    Misc     Microsoft signed: Yes
    2012-07-06    07:38:08:568     996    4b4    Setup    SelfUpdate handler update NOT required: Current version: 7.4.7600.226, required version: 7.4.7600.226
    2012-07-06    07:38:08:568     996    4b4    Setup    Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.4.7600.226"
    2012-07-06    07:38:08:568     996    4b4    Setup    Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.4.7600.226" is already installed.
    2012-07-06    07:38:08:568     996    4b4    Setup    Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226"
    2012-07-06    07:38:08:584     996    4b4    Setup    Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226" is already installed.
    2012-07-06    07:38:08:584     996    4b4    Setup    Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226"
    2012-07-06    07:38:08:615     996    4b4    Setup    Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226" is already installed.
    2012-07-06    07:38:08:615     996    4b4    Setup    SelfUpdate check completed.  SelfUpdate is NOT required.
    2012-07-06    07:38:08:787     996    4b4    PT    +++++++++++  PT: Synchronizing server updates  +++++++++++
    2012-07-06    07:38:08:787     996    4b4    PT      + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://srv-wsus/ClientWebService/client.asmx
    2012-07-06    07:38:08:802     996    4b4    PT    WARNING: Cached cookie has expired or new PID is available
    2012-07-06    07:38:08:802     996    4b4    PT    Initializing simple targeting cookie, clientId = b2ce9354-e3e7-4e87-9cf6-b0832d3b0175, target group = Windows7, DNS name = fly-0605.towergroup.local
    2012-07-06    07:38:08:802     996    4b4    PT      Server URL = http://srv-wsus/SimpleAuthWebService/SimpleAuth.asmx
    2012-07-06    07:38:10:830     996    4b4    PT    +++++++++++  PT: Synchronizing extended update info  +++++++++++
    2012-07-06    07:38:10:830     996    4b4    PT      + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://srv-wsus/ClientWebService/client.asmx
    2012-07-06    07:38:11:127     996    4b4    Agent      * Found 0 updates and 69 categories in search; evaluated appl. rules of 1146 out of 1632 deployed entities
    2012-07-06    07:38:11:127     996    4b4    Agent    *********
    2012-07-06    07:38:11:127     996    4b4    Agent    **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
    2012-07-06    07:38:11:127     996    4b4    Agent    *************
    2012-07-06    07:38:11:142     996    4b4    Report    CWERReporter finishing event handling. (00000000)
    2012-07-06    07:38:11:142     996    cf0    AU    >>##  RESUMED  ## AU: Search for updates [CallId = {1E4060FD-6637-4956-AA5B-234CC98792D0}]
    2012-07-06    07:38:11:142     996    cf0    AU      # 0 updates detected
    2012-07-06    07:38:11:142     996    cf0    AU    #########
    2012-07-06    07:38:11:142     996    cf0    AU    ##  END  ##  AU: Search for updates [CallId = {1E4060FD-6637-4956-AA5B-234CC98792D0}]
    2012-07-06    07:38:11:142     996    cf0    AU    #############
    2012-07-06    07:38:11:142     996    cf0    AU    Successfully wrote event for AU health state:0
    2012-07-06    07:38:11:142     996    cf0    AU    Featured notifications is disabled.
    2012-07-06    07:38:11:142     996    cf0    AU    AU setting next detection timeout to 2012-07-07 00:54:33
    2012-07-06    07:38:11:142     996    cf0    AU    Successfully wrote event for AU health state:0
    2012-07-06    07:38:16:134     996    4b4    Report    REPORT EVENT: {66CE0FEC-1B54-45B2-B000-D33A44FD82E0}    2012-07-06 07:38:11:127+0200    1    147    101    {00000000-0000-0000-0000-000000000000}    0    0    AutomaticUpdates    Success    Software Synchronization    Windows Update Client successfully detected 0 updates.
    2012-07-06    07:38:16:134     996    4b4    Report    REPORT EVENT: {CC9A2889-B7DE-4507-B67C-A3B4C352C553}    2012-07-06 07:38:11:127+0200    1    156    101    {00000000-0000-0000-0000-000000000000}    0    0    AutomaticUpdates    Success    Pre-Deployment Check    Reporting client status.
    2012-07-06    07:38:16:134     996    4b4    Report    CWERReporter finishing event handling. (00000000)
    2012-07-06    07:38:22:858     996    708    AU    Forced install timer expired for scheduled install
    2012-07-06    07:38:22:858     996    708    AU    UpdateDownloadProperties: 0 download(s) are still in progress.
    2012-07-06    07:38:22:858     996    708    AU    Setting AU scheduled install time to 2012-07-07 04:00:00
    2012-07-06    07:38:22:858     996    708    AU    Successfully wrote event for AU health state:0
    2012-07-06    07:38:27:866     996    4b4    Report    CWERReporter finishing event handling. (00000000)
    2012-07-06    07:39:44:010     996    708    AU    AU setting next sqm report timeout to 2012-07-07 05:39:44
    2012-07-06    07:50:12:134     996    708    Shutdwn    user declined update at shutdown
    2012-07-06    07:50:12:134     996    708    AU    Successfully wrote event for AU health state:0
    2012-07-06    07:50:12:134     996    708    AU    AU initiates service shutdown
    2012-07-06    07:50:12:134     996    708    AU    ###########  AU: Uninitializing Automatic Updates  ###########
    2012-07-06    07:50:12:196     996    708    Report    CWERReporter finishing event handling. (00000000)
    2012-07-06    07:50:12:305     996    708    Service    *********
    2012-07-06    07:50:12:305     996    708    Service    **  END  **  Service: Service exit [Exit code = 0x240001]
    2012-07-06    07:50:12:305     996    708    Service    *************

    Fällt auch irgendwas aussagekräftiges auf?

    Wenn die Rechner während sie hängen einen Reset bekommen, endet das log an dieser Stelle:

    2012-07-06    07:38:27:866     996    4b4    Report    CWERReporter finishing event handling. (00000000)

    Danke und Grüße

    Franz

    Montag, 9. Juli 2012 09:51
  • Ich habe den starken Verdacht, dass es mit der Zeitsynchronisation in Verbindung mit Kerberos Probleme gibt. So wie es aussieht, synchronisieren unsere Clients sich nicht mit dem NTP. Ich werde das weiter nachvollziehen und Euch dann wieder informieren.

    Grüße

    Franz

    Montag, 9. Juli 2012 10:28
  • Am 09.07.2012 schrieb Franz Julius:

    Ich habe den starken Verdacht, dass es mit der Zeitsynchronisation in Verbindung mit Kerberos Probleme gibt. So wie es aussieht, synchronisieren unsere Clients sich nicht mit dem NTP. Ich werde das weiter nachvollziehen und Euch dann wieder informieren.

    Innerhalb einer Domain machst Du das ein besten via GPO. Es gibt ein
    HowTo zu dem Thema:
    http://www.gruppenrichtlinien.de/HowTo/Zeitserver_per_GPO.htm

    Servus
    Winfried


    Connect2WSUS: http://www.grurili.de/tools/Connect2WSUS.exe
    GPO's: http://www.gruppenrichtlinien.de
    Community Forums NNTP Bridge: http://communitybridge.codeplex.com/

    Montag, 9. Juli 2012 19:40
  • Die Rechner synchronisieren jetzt anständig ihre Zeit. Angenehmer Nebeneffekt, aber das Problem besteht nach wie vor.

    Ich melde mich wieder, wenn ich auf etwas interessantes stoße.

    Donnerstag, 12. Juli 2012 13:06
  • Also ich hatte mal wieder etwas Zeit der Sache auf den Grund zu gehen und einen Rechner zur Verfügung, der nicht sporadisch hing, sondern ganz konsequent.

    Wenn ich an den GPO's das ein oder andere veränder habe fuhr er hoch, dabei spielte es keine Rolle was. Nach einigen Neustarts hing er dann wieder.

    Ich hab am Rechner WMI repariert, die lokalen GPOs resetet, den Windows Update Dienst repariert (Bei der Online-Auto-Repair-Funktion wurde auch ein Fehler erkannt und angeblich behoben) alles ohne Erfolg. Ich habe den Client letztendlich neu aufgesetzt und seit dem läuft er wie geschmiert. Arbeitet alle GPOs innerhalb weniger Sekunden ab.

    Was könnte an den betroffenen Systemen denn noch lokal zerschossen sein, was man reparieren kann? Oder soll ich jetzt tatsächlich jeden Rechner auf dem das Problem hin und wieder auftritt, oder mal aufgetreten ist neu aufsetzen lassen?

    Was mir noch aufgefallen ist, war ein seltsames Verhalten, als ich den Rechner aus der Domäne geschmissen und wieder reingenommen hab. Erst tauchte das System, nachdem ich es problemlos in der Domäne aufgenommen hab nicht unter Computers auf. Ich konnte mich aber trotzdem mit meinem Domänenkonto anmelden. Nach mehrmaligen Hochfahrens konnte ich mich dann nicht mehr anmelden, Weil die Sicherheitskonfiguration der Domäne nicht geladen werden könne. Dann hab ich ihn wieder raus aus der Domäne, wieder rein und plötzlich taucht er in der AD auf und alles funzt. Dann dachte ich eine Weile, das Problem sei behoben, aber nach einigen Neustarts und gpupdates, war wieder alles beim alten und er Hing auf "Richtlinie "Group Policy Folders" wird geladen".

    Soviel dazu, evtl fällt jemanden was ein.

    Danke und Grüße

    Franz

    Mittwoch, 25. Juli 2012 13:15
  •  
    > rein und plötzlich taucht er in der AD auf und alles funzt. Dann
    > dachte ich eine Weile, das Problem sei behoben, aber nach einigen
    > Neustarts und gpupdates, war wieder alles beim alten und er Hing auf
    > "Richtlinie "Group Policy Folders" wird geladen".
     
    Hat Deine Domäne ein Problem? dcdiag, repadmin, sysvol-Replikation etc...
     
    mfg Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Mittwoch, 25. Juli 2012 14:52
    Beantworter
  • Ich hab die entsprechenden Diagnosetools mal laufen lassen und nichts auffälliges feststellen können.


    Ich habe allerdings in dem Log eines Clients, der heute Morgen betroffen war folgende Zeilen entdeckt:


    2012-07-30 08:22:42.248 [pid=0x14c,tid=0x6e8] Entering ProcessGroupPolicyExFolders()
    2012-07-30 08:22:42.264 [pid=0x14c,tid=0x6e8] SOFTWARE\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}


    Das interessante ist, dass keine GPO mit der ID existiert. Die Verzeichnisse GroupPolicy und GroupPolicyUsers auf dem Client sind leer, unter C:\Windows\SYSVOL\sysvol\......\Policies gibt es keine GPO mit der ID. Das könnte doch ein Hinweis auf ein entsprechendes Verhalten sein wenn da irgendwo im System eine nicht mehr existente GPO steckt. Die Frage ist nur wo. Das würde jedenfalls auch erklären, warum es nach einer Neuinstalltion keine Probleme mehr gibt.

    Grüße

    Franz




    Montag, 30. Juli 2012 08:12
  • Am 30.07.2012 schrieb Franz Julius:

    Das interessante ist, dass keine GPO mit der ID existiert. Die Verzeichnisse GroupPolicy und GroupPolicyUsers auf dem Client sind leer, unter C:\Windows\SYSVOL\sysvol\......\Policies gibt es keine GPO mit der ID. Das könnte doch ein Hinweis auf ein entsprechendes Verhalten sein wenn da irgendwo im System eine nicht mehr existente GPO steckt. Die Frage ist nur wo. Das würde jedenfalls auch erklären, warum es nach einer Neuinstalltion keine Probleme mehr gibt.

    GPO-FAQ No. 21, alle GPOs löschen:
    http://www.gruppenrichtlinien.de/Grundlagen/faq.htm

    Servus
    Winfried


    Connect2WSUS: http://www.grurili.de/tools/Connect2WSUS.exe
    GPO's: http://www.gruppenrichtlinien.de
    Community Forums NNTP Bridge: http://communitybridge.codeplex.com/

    Montag, 30. Juli 2012 18:42
  • Ich habe nun wochenlang die GPOs komplett bereinigt und neu aufgebaut.

    Bei betroffenen Rechnern löschen wir das Verzeichnis C:\ProgramData\Microsoft\Group Policy\History und den entsprechenden Schlüssel aus der Registrierungsdatenbank löschenführen anschließend gpupdate/force  aus. So scheinen wir es in den Griff zu bekommen.

    Bislang ist bei den Rechnern zumindest anschließend nichts mehr aufgetreten. Es lag wohl an einer Kombination von vielen Fehlern in den GPOs, die ich nach und nach beseitigt habe. Das Chaos habe ich bei meinen Neuantritt in diesem Unternehmen so vorgefunden und es ist aus vielen Jahren häufig wechselnder Admins entstanden, die in den Gruppenrichtlinien rumgepfuscht haben.

    Ich melde mich wieder, sollte dieser so schwer fassbare Fehler wieder auftreten, bis dahin ... vielen Dank für Eure Unterstützung.

    Grüße

    Franz

    Freitag, 24. August 2012 11:57
  • Am 24.08.2012 schrieb Franz Julius:

    Bei betroffenen Rechnern löschen wir das Verzeichnis C:\ProgramData\Microsoft\Group Policy\History und den entsprechenden Schlüssel aus der Registrierungsdatenbank löschenführen anschließend gpupdate/force  aus. So scheinen wir es in den Griff zu bekommen.



    Bislang ist bei den Rechnern zumindest anschließend nichts mehr aufgetreten. Es

    Na wunderbar, freut mich für Dich und Danke für die Rückmeldung. ;)

    Servus
    Winfried


    Connect2WSUS: http://www.grurili.de/tools/Connect2WSUS.exe
    GPO's: http://www.gruppenrichtlinien.de
    Community Forums NNTP Bridge: http://communitybridge.codeplex.com/

    Freitag, 24. August 2012 13:52