Win7 slow logon, xperf troubleshooting RRS feed


All replies

  • Hi,

    Here is a discussion can be referred to.

    Windows 7 Enterprise. Very Slow Logon/Logoff in Domain


    Another suggestion is to have a clean boot and check it again.

    How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7


    In the meantime, you may logon to a domain server before the network is ready with changing the group policy.

    Go to Start -> type in "gpedit.msc" in the run/search field.

    In the Local Group Policy Editor that pops up, go to "Computer Configuration" -> "Administrative Templates" -> "System" -> "Logon" -> "Always wait for the network at computer startup and logon" .  Double click the latter and set it to "Disabled".

    Hope that helps.


    TechNet Community Support

    • Edited by Ivan-Liu Monday, June 11, 2012 2:45 AM
    Monday, June 11, 2012 2:45 AM
  • Hi, thank you for your response and the provided link , but shouldn't my exact issue be evident in the provided xperf traces? Have you perhaps had a chance to look at them?

    I know the issue is during the winlogon phase, but I can't pinpoint a root cause. The issues in our case occurs both on the LAN and out of office.

    Could you please provide some additional details for the "Always wait for the network at computer startup and logon" setting, in particular how will this affect our Folder Redirection/Offline files sync.

    I should add that I'm getting 6005 and 6006 events on most of our machines. Mainly: The winlogon notification subscriber <Profiles> took 70 second(s) to handle the notification event (Logon).

    But sometimes (not often) GPClient is somtimes listed as well. Would "Always wait for the network at computer startup and logon" and/or "Run logon scripts synchronously" help in this case, do the xperf traces help in any way?

    • Edited by CypherMike Monday, June 11, 2012 7:24 AM
    Monday, June 11, 2012 6:19 AM
  • Hi,

    we fixed the slow login and the event's 6005 and 6006 with http://support.microsoft.com/kb/2525332/en and http://support.microsoft.com/kb/2561285/en

    Monday, June 11, 2012 7:42 AM
  • Thank you lehmh, unfortunately this doesn't seem to be the problem in my case. I don't have "Do not automatically make redirected folders available offline" enabled and I've ran netstat -ano on a couple machines and connections to port 389 are not growing.

    Monday, June 11, 2012 7:56 AM
  • It appears the problem is related to users having Home Folder enabled in their profiles as in http://serverfault.com/questions/213032/please-wait-for-user-profile-service-on-windows-7-takes-around-1-2-minutes-to and  http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/613d039b-1754-4978-b535-3fcbd29610f1/ but the setting "Set max wait time for the network if a user has a roaming user profile or remote home folder" set to 2 seconds doesn't have the desired affect.

    If I set the Home folder to Local path the boot time is much improved (it esp. doesn't hang at User Profile Service) although at times it takes quite a while at "Applying User Settings".

    Monday, June 11, 2012 12:21 PM
  • A computer that is running Windows Vista or Windows Server 2008 stops responding and hangs at the "Applying User Settings" stage of the logon process


    (try the cryptsvc dependency workaround)

    The slowdown might be antivirus related, looking at your boot_1.etl.  Of course the $mft has the 2nd most i/o time (28 sec).

    • Edited by JS2010 Monday, June 11, 2012 5:46 PM
    Monday, June 11, 2012 5:16 PM
  • JS2010, thank you. I did some additional testing and it appears "Applying User Settings" only happens once after I change the AD user profile, after that it goes straight from User Profile Service to Desktop...quite fast.

    Is there anyting I can do regarding the antivirus activity at boot, we're using Forefront Client Security:

    Client Version:  1.5.1996.0
    Engine Version: 1.1.8403.0
    Antivirus definition: 1.127.1762.0
    Antispyware definition: 1.127.1762.0

    I have the standard recommendations as far as exclusions (http://support.microsoft.com/kb/822158/en-us), but there seems to be a lot of activity in this folder: C:\ProgramData\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Scans\ with mpcache-*.bin.* files. Does anyone know what these are for, is there a recommendation to exclude these as well?

    What about $mft? The disks are not fragmented at all, are there any additional optimizations that I can do?

    I uploaded a new trace, which seems a lot better.

    Tuesday, June 12, 2012 7:33 AM
  • There might be some Forefront policy that's 'higher performance' but might be less secure technically.

    The $mft is a pet peeve of mine.  The only thing I've done is disable the windows defrag service the next time I reimaged.  Windows boot defrag places the $mft far away from the other boot files, plus the $mft grows without bounds.  In the disk summary table you can drag the file column to the left.  $mft is always on top.

    This is how I usually run xbootmgr:

    xbootmgr.exe" -trace boot -postBootDelay 180 -traceFlags base+cswitch+compact_cswitch -resultpath c:\temp

    Your last trace is missing a lot of events.  This command is a light weight 'timing trace' and waits 180 seconds for the computer to idle.  You can also do this before running the trace:

    reg delete hklm\system\currentcontrolset\services\rdyboost\parameters /va /f

    It will blow away the Readyboost boot plan.  The test computer will temporarily boot slower, but you'll be able to see what's going on with i/o better.  I always check the disk summary table and detail graph for excessive disk seeking.  Reboot the computer a few times to get the boot plan back.

    Make sure you have the intel ahci driver for the hard drive.  Native command queueing cuts down on drive seeking.  Macs with boot camp can't do ahci without some fancy hacking.

    • Edited by JS2010 Tuesday, June 12, 2012 8:02 PM
    Tuesday, June 12, 2012 7:23 PM
  • OK.

    Can you provide some additional links regarding $mft, I'd love to learn a thing or two about it. Similar with xperf.

    I ran it as suggested (also deleted Readyboost boot plan) and uploaded the trace (7z this time).

    As for the driver:

    I went to HP's site for my model notebook 6730b (this is pretty much an exception, most notebooks are Elitebooks 85xx) and can't find anything related, where should I get the driver, which one? My notebook actually has IDE set in BIOS so it does not apply for my model, but what about the Elitebook's?

    Thanks so much for everything.

    Tuesday, June 12, 2012 8:11 PM
  • I took a quick look at your last trace. It was missing some events so its incomplete but enough got through I think.  

    First, is your laptop IDE or SATA? I'm guessing it's SATA so set that in the BIOS to be AHCI.

    Second, The MOM Service is really slowing you down on boot since it's waiting on WMI and preventing other stuff to start up. I've seen this before, set it to delayed start, that should help.

    Third, there is a WMI hotfix you prolly want to apply.


    See how that does. You also seem to have a ton of stuff in startup I'm guessing, use Autoruns and clear that stuff out.

    Mark Morowczynski |PFE-Platforms |http://blogs.technet.com/b/markmoro

    Wednesday, June 13, 2012 3:26 AM
  • While I know I'm only posting traces for my own notebook, I'm basically trying to find out (based on my traces) which settings would benefit all our users. The core software, settings are the same on all.

    I changed it to AHCI (very, very few users have it set to IDE).

    Set to Delayed Start, will change our GPO accordingly.

    Where did you get the information about the WMI hotfix from the trace, how did you come to that suggestion (I haven't applied it yet to my let alone our entire userbase)?

    I cleared up a couple things in Autoruns, but can't find much more that's not needed (please point me to something if you think otherwise), having said that my machine has a lot more on it then most users have (all are Standard users).

    Two of you mentioned that the traces are incomplete. I ran it again with: xbootmgr.exe" -trace boot -postBootDelay 180 -traceFlags base+cswitch+compact_cswitch -resultpath c:\temp

    and uploaded it, let me know if the trace should be changed in some way and please provide some pointers based on the last trace.

    Wednesday, June 13, 2012 6:10 AM
  • I'm aware of the WMI hotfix because I checked your version of that file and it's a known issue, I deal with these traces quite a bit. Schedule a WDRAP and we'll have a PFE come on site and help with this as well as other desktop best practices :).  You also still have SQL Server starting up that is taking 60 seconds. You have IISAdmin starting up. This doesn't look like to be a typical user machine. You also have Adobe ARM starting up, this is taking 5 seconds , some sort of juniper process is taking 10 seconds to start up. You also have 3 different .bat files taking about 15 seconds a piece. To be honest you are better off taking a base image and logging in with the standard user and capturing the delay, your machine is probably not a good test candidate for what everyone else is using, generally.

    Mark Morowczynski |PFE-Platforms |http://blogs.technet.com/b/markmoro

    Wednesday, June 13, 2012 12:25 PM
  • Thank you very much Mark, you're absolutely right this machine wasn't representative. I just put up a new trace (on LAN and at home) of a recently deployed, fully patched machine, I'd appreciate if you could take a quick look. This is an EliteBook 8560p, 4GB RAM, i5-2540M with a traditional SATA HDD, AHCI is enabled.
    Wednesday, June 13, 2012 2:19 PM
  •  Doing a quick look update your NIC drivers, they are taking about 3 seconds. The Bluetooth drivers need to be updated as well, that's probably a good 11 seconds.

    Mark Morowczynski |PFE-Platforms |http://blogs.technet.com/b/markmoro

    Wednesday, June 13, 2012 3:25 PM
  • Wow, I can't imagine where you discovered this from my traces, but am determined to learn (am going through all the posts in my initial post as well as your blog, and looking at the Win8 improvements in this area).

    It appears to me the initial reason (30 sec delay because of the Home folder in the profile) for this post is exhausted and that my newer, representative machines are quite fine (will be updating NIC, Bluetooth as advised). What you think? Also what's the reason that SBSL SDP isn't widely available (it would definitely help us)?

    Wednesday, June 13, 2012 5:29 PM
  • What's SBSL SDP?

    If you're constantly creating new user profiles, another good thing to do is uncheck all the 'active setup' registry entries in autoruns.  I have 18 of them.  You might have to restore the wallpaper though.

    Note that I don't use active directory.

    Wednesday, June 13, 2012 5:44 PM
  • Oh, you have to pay for it?

    Wednesday, June 13, 2012 5:51 PM
  • Yes, MS only provides access to it if you open a case, but it appears to make it a bit easier. Win8 also looks good on this front.
    Wednesday, June 13, 2012 5:54 PM
  • Right, it's part of when you open a case for this type of an issue. We are trying to do more around this area. Watch for updates on my blog as well as on blogs.TechNet.com/b/askpfeplat.  Yes I would still recommend updating your Bluetooth driver.

    Mark Morowczynski |PFE-Platforms |http://blogs.technet.com/b/markmoro

    Wednesday, June 13, 2012 5:57 PM
  • Thank you very much everyone, fixed the issue and learned quite a bit.
    Wednesday, June 13, 2012 5:59 PM
  • What was the solution?
    Wednesday, June 13, 2012 6:01 PM
  • For the inital problem (quite a bit was discovered later with your and Mark's assistance) it was:

    It appears the problem is related to users having Home Folder enabled in their profiles as inhttp://serverfault.com/questions/213032/please-wait-for-user-profile-service-on-windows-7-takes-around-1-2-minutes-to and  http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/613d039b-1754-4978-b535-3fcbd29610f1/ but the setting "Set max wait time for the network if a user has a roaming user profile or remote home folder" set to 2 seconds doesn't have the desired affect.

    If I set the Home folder to Local path the boot time is much improved (it esp. doesn't hang at User Profile Service) although at times it takes quite a while at "Applying User Settings" (only for the first logon after the change).

    • Marked as answer by CypherMike Wednesday, June 13, 2012 6:08 PM
    Wednesday, June 13, 2012 6:03 PM
  • Glad to hear Mike. Mark this as answered and mark anything that is helpful for others to find in the future.

    Mark Morowczynski |PFE-Platforms |http://blogs.technet.com/b/markmoro

    Wednesday, June 13, 2012 6:06 PM