locked
Very slow logons on windows 7 enterprise RRS feed

  • Question

  • Hi We have around 500 machines which are running Windows 7 enterprise 64bites. 

    From time to time when user start they PC on Monday morning it takes PC 45 minutes to come to Ctrl Alt Del screen. When user enter they login details it just hangs on please wait screen for more then 1 hour.

    When you login successfully we have a adobe update.

    Also if I unplug network cable it start in within few minutes.

    This does not happen to same user again and again it just  happens to a single user or few users, it only happen for few days after that it be fine and all working fine this user.

    I have check the log on a PC to see why this be might happening but i could see anything out of order.

    I did see this log.

    Log Name:      Application
    Source:        Microsoft-Windows-Winlogon
    Date:          23/07/2012 08:32:02
    Event ID:      6006
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      pc1
    Description:
    The winlogon notification subscriber <Profiles> took 141 second(s) to handle the notification event (Logon).
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
        <EventID Qualifiers="32768">6006</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2012-07-23T07:32:02.000000000Z" />
        <EventRecordID>13721</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>Application</Channel>
        <Computer>pc1</Computer>
        <Security />
      </System>
      <EventData>
        <Data>Profiles</Data>
        <Data>141</Data>
        <Data>Logon</Data>
        <Binary>02000000</Binary>
      </EventData>
    </Event>
    
    
    Log Name:      Application
    Source:        Microsoft-Windows-Winlogon
    Date:          23/07/2012 08:30:41
    Event ID:      6005
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      pc1
    Description:
    The winlogon notification subscriber <Profiles> is taking long time to handle the notification event (Logon).
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
        <EventID Qualifiers="32768">6005</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2012-07-23T07:30:41.000000000Z" />
        <EventRecordID>13717</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>Application</Channel>
        <Computer>pc1</Computer>
        <Security />
      </System>
      <EventData>
        <Data>Profiles</Data>
        <Data>Logon</Data>
        <Binary>00000000</Binary>
      </EventData>
    </Event>
    Log Name:      Application
    Source:        Microsoft-Windows-Winlogon
    Date:          23/07/2012 08:00:45
    Event ID:      6005
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      pc1
    Description:
    The winlogon notification subscriber <GPClient> is taking long time to handle the notification event (CreateSession).
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
        <EventID Qualifiers="32768">6005</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2012-07-23T07:00:45.000000000Z" />
        <EventRecordID>13695</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>Application</Channel>
        <Computer>pc1</Computer>
        <Security />
      </System>
      <EventData>
        <Data>GPClient</Data>
        <Data>CreateSession</Data>
        <Binary>00000000</Binary>
      </EventData>
    </Event>
    
    Log Name:      System
    Source:        Service Control Manager
    Date:          23/07/2012 08:01:09
    Event ID:      7022
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      pc1
    Description:
    The Internet Connection Sharing (ICS) service hung on starting.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7022</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2012-07-23T07:01:09.278423600Z" />
        <EventRecordID>41413</EventRecordID>
        <Correlation />
        <Execution ProcessID="548" ThreadID="552" />
        <Channel>System</Channel>
        <Computer>pc1</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">Internet Connection Sharing (ICS)</Data>
      </EventData>
    </Event>
    Log Name:      System
    Source:        Service Control Manager
    Date:          23/07/2012 08:28:00
    Event ID:      7011
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      pc1
    Description:
    A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7011</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2012-07-23T07:28:00.420938700Z" />
        <EventRecordID>41438</EventRecordID>
        <Correlation />
        <Execution ProcessID="548" ThreadID="2768" />
        <Channel>System</Channel>
        <Computer>pc1</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">30000</Data>
        <Data Name="param2">wuauserv</Data>
      </EventData>
    </Event>
    
    Log Name:      System
    Source:        Microsoft-Windows-Time-Service
    Date:          23/07/2012 08:29:26
    Event ID:      129
    Task Category: None
    Level:         Warning
    Keywords:      
    User:          LOCAL SERVICE
    Computer:      pc1
    Description:
    NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Time-Service" Guid="{06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}" />
        <EventID>129</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2012-07-23T07:29:26.940830600Z" />
        <EventRecordID>41504</EventRecordID>
        <Correlation />
        <Execution ProcessID="1048" ThreadID="1140" />
        <Channel>System</Channel>
        <Computer>pc1</Computer>
        <Security UserID="S-1-5-19" />
      </System>
      <EventData Name="TMP_EVENT_DOMAIN_PEER_DISCOVERY_ERROR">
        <Data Name="ErrorMessage">The entry is not found. (0x800706E1)</Data>
        <Data Name="RetryMinutes">3473457</Data>
      </EventData>
    </Event>
    
    


    • Edited by lalaJee Monday, July 23, 2012 11:13 AM code style
    Monday, July 23, 2012 10:47 AM

Answers

All replies

  • Hi,

     try to Disable all Startup Using Msconfig.

    Start ---->  Msconfig ----> Startup ----> Disable All ----> ok ----> Restart

    Regards,


    MCT / MCITP / MCTS / MCSA / C|EH

    Monday, July 23, 2012 12:52 PM
  • This happening before we login before seeing Ctrl Alt Del screen.

    Disable all of the service but still it took 45 minutes to log in.

    Start ---->  Msconfig ----> Startup ----> Disable All ----> ok ----> Restart


    • Edited by lalaJee Monday, July 23, 2012 1:57 PM more info
    Monday, July 23, 2012 1:56 PM
  • A very good place to start troubleshooting these kinds of problems are in the Event viewer -> Applications and services logs -> Windows -> Group Policy to see if you have group policies taking a really long time to apply. Look for any event that lists group policy appliance extremely long.

    Also, the Windows Performance Toolkit included in the Windows SDK (or the Windows Performance Assessment now found in ADK) are very good for troubleshooting performance issues during boot and login.


    Blogging about Windows for IT pros at www.theexperienceblog.com

    • Marked as answer by Sabrina Shen Monday, August 6, 2012 5:07 AM
    Monday, July 23, 2012 3:30 PM
  • Hi ,

    If the issue do not occur when network adapter is disabled, you may update NIC driver and see the result. Also, check your client DNS configuration. DNS servers along with other hardware (like switches, routers) could also be the source of the problem.

    There are some TechNet blogs about how to troubleshoot the slow logon for your reference.

    So you have a slow logon…? (Part 1)

    So you have a slow logon…? (Part 2)

    The Case of the Slow Logons


    Tracy Cai

    TechNet Community Support

    Tuesday, July 24, 2012 5:51 AM
  • @ Andreas Stenhall

    I have already download Windows SDK for BSOD which i know I can use this but for slow start for windows 7 I wouldn't know where I can start with this tool.

    Tuesday, July 24, 2012 7:10 AM
  • I did a session on this at TechEd about a month ago, take a look at the first 20 minutes of this video and you will get a kick start on how to use Performance Toolkit to see what is going on during boot and login, http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/WCL326

    Blogging about Windows for IT pros at www.theexperienceblog.com

    • Marked as answer by Sabrina Shen Monday, August 6, 2012 5:07 AM
    Tuesday, July 24, 2012 8:36 AM
  • @ Andreas Stenhall 

    Thank you, i'm justing download the video and watch it later.

    Tuesday, July 24, 2012 8:39 AM
  • Mark Russinovich just did a post about a slow login and troubleshooting with procmon boot logging.  It turned out to be a shared drive that was inaccessible.  

    http://blogs.technet.com/b/markrussinovich/archive/2012/07/02/3506849.aspx


    • Edited by JS2010 Tuesday, July 24, 2012 3:24 PM
    Tuesday, July 24, 2012 3:23 PM
  • Only way we find we could fix by removing the Home Drive Mapping the in the user properties but this leaves without home drive mapping.

    http://jdbausch.blogspot.de/2011/04/slow-logon-with-windows-7-and-winlogon.html

    Kuru

    • Proposed as answer by KONRUE Thursday, November 22, 2012 2:12 PM
    Thursday, November 22, 2012 2:11 PM
  • Hi KONRUE

    We have over 4000 user and its happening randomly to user for e.g one user logs on pc 1 its takes 30 m inutes and when he logs onto pc2 it takes few second but if different user log on to pc 1 it takes few second too.

    We can't remove the home drive from user profile.

    Thursday, November 22, 2012 2:22 PM