Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Slow Login

1 view
Skip to first unread message

J. Knapp

unread,
Mar 18, 2005, 11:52:43 AM3/18/05
to
Logging into a Win2K AS terminal server (member server in an AD domain)
takes 10 minutes. Happens either on the console or on the RDP session.

The CTRL-ALT-DEL screen comes right up, but after entering your
credentials, it goes thru the "applying personal settings" and then that
status window disappears, and we look at a blue desktop (no icons) for 10
minutes, then everything comes up.

I'm in the process of trying the "stop print spooler" troubleshooting tip I
read in this group, but that doesn't seem to be doing the trick.

DNS seems to be OK as DCDIAG reports no errors, and netdiag /fix has been
run and whatnot.

Anyone have any ideas?

Thanks,

Jeff

TP

unread,
Mar 18, 2005, 12:05:10 PM3/18/05
to
Any errors logged during the logon?

Is the CPU doing anything during this time?

Have you turned on user environment logging and looked at what is happening?

http://support.microsoft.com/?kbid=221833
http://support.microsoft.com/?kbid=835302

Does this happen with all users, even one that you just created?

Thanks.

-TP


"J. Knapp" <jkn...@nospam.nospam> wrote in message
news:Xns961D78E09F867j...@207.46.248.16...

J. Knapp

unread,
Mar 18, 2005, 1:25:24 PM3/18/05
to
"TP" <tperson....@mailandnews.com> wrote in
news:uQKMvy9K...@TK2MSFTNGP15.phx.gbl:

> Any errors logged during the logon?

Nope -- everything seems normal which is what is so frustrating:-)

> Is the CPU doing anything during this time?

It's a 4 CPU box, and it's not doing much. Hovers between 1-3% (The box
isn't in production yet, so there's nothing else going on beyond my logging
in.)

> Have you turned on user environment logging and looked at what is
> happening?
>
> http://support.microsoft.com/?kbid=221833
> http://support.microsoft.com/?kbid=835302

Yeah -- everything looks normal from a GPO standpoint -- the event viewer
shows all events fire within 2-3 seconds.

The userenv.log looks pretty normal until we get near the end, and we see
the delay:

USERENV(4d0.1c0) 13:12:58:635 PolicyChangedThread: Entering with 0.
USERENV(6cc.670) 13:12:58:728 LibMain: Process Name:
C:\WINNT\system32\userinit.exe
USERENV(bc.5d8) 13:13:15:775 LibMain: Process Name:
C:\WINNT\System32\svchost.exe
USERENV(4d0.1c0) 13:13:18:635 PolicyChangedThread: Leaving
USERENV(4f4.6e8) 13:16:54:947 LibMain: Process Name:
\??\C:\WINNT\system32\winlogon.exe
USERENV(21c.380) 13:22:58:728 LibMain: Process Name:
C:\WINNT\system32\userinit.exe
USERENV(11c.1d4) 13:22:58:885 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(11c.1d4) 13:22:58:885 GetUserNameAndDomain Failed to impersonate
user
USERENV(20c.5a8) 13:22:59:088 LibMain: Process Name: C:\WINNT\Explorer.EXE
USERENV(20c.6f8) 13:22:59:119 GetProfileType: Profile already loaded.
USERENV(20c.6f8) 13:22:59:119 GetProfileType: ProfileFlags is 0


(I can post the rest if anyone needs, but it 300+ lines so for brevity...)

> Does this happen with all users, even one that you just created?

Yes. However, if I don't log on to the domain, just the machine, I log on
as expected. So something is timing out after 600 seconds
when authenticating to the domain, I just don't know what.

Thanks!

Jeff

TP

unread,
Mar 18, 2005, 4:23:06 PM3/18/05
to
Does the log show that critical sections are being released within a
reasonable amount of time? For example, you will find entries that
begin something like this:

USERENV(1840.2374) 13:31:15:387 EnterCriticalPolicySectionEx: Entering with
timeout 600000 and flags 0x0
USERENV(1840.2374) 13:31:15:387 EnterCriticalPolicySectionEx: User critical
section has been claimed. Handle = 0x2dc
USERENV(1840.2374) 13:31:15:387 EnterCriticalPolicySectionEx: Leaving
successfully.

We look at the above and note the handle: 0x2dc Later on in the
listing, we find something like this:

USERENV(1840.2374) 13:31:15:481 LeaveCriticalPolicySection: Critical section
0x2dc has been released.

We see that it took only about 94ms. Are yours all completing
quickly like the above example?

Is there anything special about the configuration of this
machine, or what is running on it? I know, a subjective
question but I don't know much about what you are
running on this thing, or what policies you have set up.

I am guessing you have computer and/or user policies
configured that apply here. Have you tried disabling
them temporarily? Also what about any special security
templates, file/reg permissions that are different than
default that you may have set on this server.

Did you try removing the server from the domain &
then putting it back? I know this is drastic and may
not be feasible for you but I am curious if you
gave it a try. It would be something I might do after
troubleshooting many, many hours with no luck. : )

Hope this helps.

-TP

"J. Knapp" <jkn...@nospam.nospam> wrote in message

news:Xns961D8897AEC8Fj...@207.46.248.16...

J. Knapp

unread,
Mar 18, 2005, 10:16:37 PM3/18/05
to
"TP" <tperson....@mailandnews.com> wrote in
news:uOaXsCAL...@TK2MSFTNGP14.phx.gbl:

> Does the log show that critical sections are being released within a
> reasonable amount of time? For example, you will find entries that
> begin something like this:
>

[...]


> We see that it took only about 94ms. Are yours all completing
> quickly like the above example?

Yes. It's only the last few lines that I posted where there is a big time
gap between entries. The 200+ lines before that were all fired in about 20
seconds...

> Is there anything special about the configuration of this
> machine, or what is running on it? I know, a subjective
> question but I don't know much about what you are
> running on this thing, or what policies you have set up.

It's Win2K AS configured as a terminal server in application mode. 4 PIII
Xeon 700Mhz processors, 4 GB RAM, nothing installed on it right now.
Current patch levels (if there is such a thing). /3GB in boot.ini

However, this same behavior was exhibited the last terminal server I set up
in this domain, so I'm figuring it's more of a domain issue than TS, but
thought I'd ask here in case I was wrong... :-)

> I am guessing you have computer and/or user policies
> configured that apply here. Have you tried disabling
> them temporarily? Also what about any special security
> templates, file/reg permissions that are different than
> default that you may have set on this server.

No, I haven't disabled the policies; I'll give that a whirl.

> Did you try removing the server from the domain &
> then putting it back? I know this is drastic and may
> not be feasible for you but I am curious if you
> gave it a try. It would be something I might do after
> troubleshooting many, many hours with no luck. : )

At this point, I'll try anything. :)

This machine is still in "staging" mode so I have a little more
flexibility, for now, at least. :)

Thanks for the extra set of eyes,

Jeff

TP

unread,
Mar 19, 2005, 9:12:01 AM3/19/05
to

"J. Knapp" <jkn...@nospam.nospam> wrote in message news:Xns961DE2A6E259Fj...@207.46.248.16...

> Yes. It's only the last few lines that I posted where there is a big time
> gap between entries. The 200+ lines before that were all fired in about 20
> seconds...

This is a red flag. Yes, the "huge" delay occurs at the section you
listed, but 20 seconds is a long time, unless you have REALLY slow
equipment, network, or some sort of MEGA group policies.

For example, I have an old machine, single PII 450 384MB ram w/10K
drives. The entire logon including applying group policy for desktop
lockdown, map network drives, etc., takes about 11 seconds.

Current production servers take much less than the example above,
many are less than 3 seconds. Now, in your environment things
may be much more complex, and maybe you have special programs
that need to run during the logon process that I don't have.

My point is why doesn't the ENTIRE logon take less than 10
seconds to complete?

Have you looked at a trace of the network activity that occurs
between your TS & DC during the logon process?

What about if you add a w2k workstation to this domain in the
same OU as your term serv with the same group policies, etc.?
Does logging on to this machine take a long time?

>
> Thanks for the extra set of eyes,

You are welcome. Hopefully my eyes will help you, wait a
sec, I didn't have my glasses on, forget everything I have
said so far. : )

-TP


J. Knapp

unread,
Mar 21, 2005, 12:39:37 AM3/21/05
to
"TP" <tperson....@mailandnews.com> wrote in
news:uFKqX1I...@TK2MSFTNGP15.phx.gbl:

>
> "J. Knapp" <jkn...@nospam.nospam> wrote in message
> news:Xns961DE2A6E259Fj...@207.46.248.16...
>
>> Yes. It's only the last few lines that I posted where there is a big
>> time gap between entries. The 200+ lines before that were all fired
>> in about 20 seconds...
>
> This is a red flag. Yes, the "huge" delay occurs at the section you
> listed, but 20 seconds is a long time, unless you have REALLY slow
> equipment, network, or some sort of MEGA group policies.

Actually, it's me not being able to count. It was less than 1 second.

> What about if you add a w2k workstation to this domain in the
> same OU as your term serv with the same group policies, etc.?
> Does logging on to this machine take a long time?

Blocking group policies makes logon fast. So now we're gonna see which
policy is reponsible for the sloooooowdown.

> You are welcome. Hopefully my eyes will help you, wait a
> sec, I didn't have my glasses on, forget everything I have
> said so far. : )

Damn! ;-)

Jeff

JWMay

unread,
Mar 21, 2005, 9:19:02 AM3/21/05
to
Make sure the DNS settings are pointing to your domain controller.
0 new messages