none
signout RRS feed

  • Question

  • Hi,

    How to trouble shoot login and signout using procmon .The problem is sometime signout is spinning .......

    Thanks 

    Thursday, February 6, 2020 4:38 AM

All replies

  • Signout spinning rarely happen nowadays.. Windows 10 handle very well the logoff phase and generally terminates whatever is on the path that block the logoff..

    first thing that come to my mind is a long logoff script and secondly an old service which refuse to stop,

    You should logon on with a local administrator account on a session, and start procmon.Then logon normally on another session and perform the logoff while recording from the administartive session. Then go back to that and analyze the trace.

    HTH
    -mario

    Thursday, February 6, 2020 7:58 AM
  • Hi,

    This is not only logoff even logon also . sometimes local account also . And it won't happen always .

    So it is  hard to to reproduce the behaviour 

    Thanks

    Friday, February 7, 2020 8:24 AM
  • well, for the logon it's easier.. I mean, you can run Procmon and configure it to start at boot..

    Unfortunately, if your problem is a timing issue, probably you won't be able to repro because of procmon itself recording on the machine..

    start disabling all the logon/startup and logoff/shutdown policy script and then re-enable them one by one until you constantly repro the issue..

    HTH
    -mario

    Friday, February 7, 2020 8:47 AM
  • Hi,

    There is no logoff script . there was  a logon script . and we removed the logon script still facing issue 

    Thanks

    Friday, February 7, 2020 10:23 AM
  • Looks for mapped drive no longer existing..

    And finally take a procmon log from the boot..

    HTH
    -mario

    Friday, February 7, 2020 11:05 AM
  • Hi,

    Any procmon video tutorial ?

    Thanks

    Friday, February 7, 2020 5:19 PM
  • Hi,

    In my case it is not logging in :) . just spinning  sometimes ...........

    Thanks

    Saturday, February 8, 2020 10:11 AM
  • that doesn't change.. you have to take a Procmon boot log..

    Follow the instructions on the article and always collect a procmon log..

    Another approach is to use autoruns and disable everything that start at user logon, and the re-enable one by one..

    One way or the other..

    HTH
    -mario 

    Saturday, February 8, 2020 10:36 AM