locked
Am i reading this correctly? WPA boottrace RRS feed

  • Question

  • Hi,


    I started looking into WPA and tracing boots. Although there are some general tutorials and guidelines, it's not that clear how to go trough all that data. I believe i found a GPO that takes up to 16 seconds to complete. But i'm not 100% sure that i'm reading this data correct. Can someone confirm that one off GPO takes 16 seconds to complete? (see picture).


    • Edited by CM-kristof Tuesday, February 9, 2016 12:35 PM
    Tuesday, February 9, 2016 12:35 PM

All replies

  • Hi CM-kristof,

    Please upload the log to OneDrive and paste the link here. We will try to analyze it for you.

    Best regards

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Wednesday, February 10, 2016 1:41 PM
  • Hi,

    I'm not authorized to do so by our Sec Officer.

    Any other help you can give me would be appreciated. (links, book, ... )

    A part from not being authorized, i would like to learn it a bit more myself.

    Thanks for taking the time to help.

    Wednesday, February 10, 2016 2:01 PM
  • Hi CM-kristof,

    I hope the following links will be useful.
    How can I analyze performance issues before/during the logon process?
    http://superuser.com/questions/594625/how-can-i-analyze-performance-issues-before-during-the-logon-process

    Troubleshoot slow Group Policy processing
    https://4sysops.com/archives/troubleshoot-slow-group-policy-processing/
    NOTE: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites.

    Best regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, February 15, 2016 6:05 AM
  • Thx. Also what i correct with my interpretation of the image i posted? Was i correct to concluded it took 16sec to go to the next GPO?
    Monday, February 15, 2016 8:27 AM
  • No way to tell from the current snip.

    Wanikiya and Dyami--Team Zigzag Windows IT-PRO (MS-MVP)

    Monday, February 15, 2016 11:13 AM
  • So ordering it by Line# (which i thought to be the sequence in which the events happend) are not representative?

    the time between line 15 and 16 = 16 sec.

    Monday, February 15, 2016 11:38 AM
  • Hi CM-Kristof,

    If it is available to upload the log file, it would be more clear to understand the issue.

    To confirm the issue, we could try to remove the policy to have a troubleshoot. Or capture the boot log with the Process Monitor tool. It would be more straightforward.

    Best regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, February 16, 2016 1:25 AM
  • I wish i was able to upload it, but as said before, i am not allowed to.

    I don't understand why this tool is available if there is almost no information about it? Every forum is kind off "secretive" about it.

    Can't anyone tell me , regarding the printscreen i've posted. That if the line numbers are sequental these GPO's are in fact being enforced in that order and so the time between them is in fact 16 seconds?

    Anyway, thanks for your help, i appreciate you taking the time to respond.

    Tuesday, February 16, 2016 11:36 AM
  • So,

    i did a trace with ProcMon. From what i found searchIndexer.exe is running +20 sec.

    I then disabled the "Windows Search" service and did a retrace.

    Unfortunately the time of shutdown remains the same. 

    When i search for items with a duration more than 1 i have no results. 

    Any ideas to further investigate?


    EDIT:

    I enabled the Searchindex and did anohter trace.

    I went back to the performance analyze.

    I found the following. It seems that McAfee is taking a lot of time (65seconds (total shutdown was only minute and a half!).

    I looket at the timespan of the services, and it seems that the searchindex stays "online" untill the very end. The McAfee stays active aswell, which i suppose is good to avoid malware.

    But, i'm strugling with the reason why it takes so long to shutdown. Why does this service (McAfee) has to stay online for over a minute?

    My question now is, how can i find out what exactly is going on with McAfee?

    I've been looking into diskusage but i don't see much, neighter in CPU activity.

    Any suggestions?



    • Edited by CM-kristof Thursday, February 18, 2016 10:13 AM added info
    Thursday, February 18, 2016 9:14 AM
  • So i've investigated further by testing my hypotheses about McAfee.

    If i disable McAfee, my testcomputer shuts down withing 15 sec (compared to the minute and a half from before).

    So my question now is, how can i figure out exactly what is taking McAfee so long at shutdown ?

    Thursday, February 18, 2016 11:37 AM
  • Hi CM-Kristof,

    "So my question now is, how can i figure out exactly what is taking McAfee so long at shutdown ?"
    Since this issue is related to the third party service, it is recommended to ask for help from the third party support. They are more familiar with their product and they may have more resources to help you.

    Best regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Friday, February 19, 2016 1:35 AM