Weird PowerShell problem

[Kurt Buff]

All,

I use my laptop for my DA activities, and have recently run across a strange problem.

After the system has been up for a couple of days, I will launch a PowerShell session, and it hangs after telling me how long it took to load the profile. Below is a screencap of two instances showing this.

The only thing that allows me to open PowerShell at that point is to reboot the machine. I've tried killing any open PowerShell instances, including those running under System, and also any conhost.exe instances, but that doesn't help.

Only a reboot helps.

I've checked the event logs (System, Application and a couple for PowerShell), and don't see anything that might indicate a problem.

Once I reboot, PowerShell is happy again.

Has anyone else seen this and know what the problem/fix might be?

Thanks,

Kurt

[Hammer, Erich F]

The notice about how long it takes doesn't come up if loading the profiles is quick. It's basically a warning that your profiles might bogging things down. Something in there must also be hanging based on something that "grows" with uptime/usage.

What happens if you use the -noprofile parameter so they don't load?

Erich


On Friday, February 18, 2022 at 11:50, Kurt Buff eloquently inscribed:

> All,
>
> I use my laptop for my DA activities, and have recently run across a
> strange problem.
>
> After the system has been up for a couple of days, I will launch a PowerShell
> session, and it hangs after telling me how long it took to load the profile.
> Below is a screencap of two instances showing this.
>

[Jeff Kienitz]

Could the problem be associated with a fileless malware issue using the resources undetected - I understand this may be a powershell weakness? The quarterly threat analysis from MIS-ISAC released today claims a significant increase in quarter 4.  

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce5DLo-jLod%3D9LGf_zXxJ-Fo9nN11yMW7y%3DAh3MKbwMJQA%40mail.gmail.com.

--

Jeff Kienitz, M.S. Ed. Tech.

Director of Technology Services
Technology Department
Rockford Area Schools
6051 Ash Street, Rockford, MN  55373 

Office: 763-477-7508

kienitzj@rockford.k12.mn.us
www.rockford.k12.mn.us

This electronic message, including any attachments, contains information from Rockford Area Schools - Independent School District 883, that may be legally privileged and/or classified as private and/or confidential under the Minnesota Government Data Practices Act and/or the Family Educational Rights and Privacy Act (FERPA). If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. If you received this message in error, please delete it and notify us immediately.

[Philip Elder]

Time for ProcessMonitor.

 

I’ve never seen this on any of our PAWs, jump servers, or management servers.

 

Is there a folder redirection thing going on there with %AppData%?

 

Philip Elder MCTS

Senior Technical Architect

Microsoft High Availability MVP

E-mail: Phili...@mpecsinc.ca

Phone: +1 (780) 458-2028

Web: www.mpecsinc.com

Blog: blog.mpecsinc.com

Twitter: Twitter.com/MPECSInc

Skype: MPECSInc.

 

Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Kurt Buff
Sent: Friday, February 18, 2022 09:50
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] Weird PowerShell problem

 

All,

 

I use my laptop for my DA activities, and have recently run across a strange problem.

 

After the system has been up for a couple of days, I will launch a PowerShell session, and it hangs after telling me how long it took to load the profile. Below is a screencap of two instances showing this.

 

 

The only thing that allows me to open PowerShell at that point is to reboot the machine. I've tried killing any open PowerShell instances, including those running under System, and also any conhost.exe instances, but that doesn't help.

 

Only a reboot helps.

 

I've checked the event logs (System, Application and a couple for PowerShell), and don't see anything that might indicate a problem.

 

Once I reboot, PowerShell is happy again.

 

Has anyone else seen this and know what the problem/fix might be?

 

Thanks,

Kurt

--

[Kurt Buff]

Thanks!

That spawns an instance with a prompt, but it's very slow.

The only line in any profile is in C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1:

function prompt {"[$env:USERNAME @ $env:COMPUTERNAME] $PWD $(Get-Date -format "yyyy-MM-dd_HH:mm:ss") `r`n# "}

I wouldn't think that would slow things down, nor grow any files.

Kurt

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/MN2PR04MB64163C3EA3A3C871ED573276CC379%40MN2PR04MB6416.namprd04.prod.outlook.com.

[Kurt Buff]

Hmmm...

I'm using my standard user credentials to access OneDrive for Business - my DA account doesn't have an O/M 365 license. But I've been using that for many months, and this is just in the past 2 weeks or so.

ProcMon might be in my future.

Kurt

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/0c50360fb2cc472c8146111791e4cff3%40MPECSInc.Ca.

[Michael B. Smith]

That would lead me to believe that something is wrong with your PATH or PSModulePath (possible network share going offline?).

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Kurt Buff

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce5N8Cdha-9db3dkziLg3yFBJ3TE54mKwY1%3D_hRUxHZ%2BrA%40mail.gmail.com.

[Kurt Buff]

These look OK to me:

PATH:

C:\Program Files (x86)\VMware\VMware Workstation\bin\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\Microsoft VS Code\bin;C:\Program Files\PuTTY\;C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common

PModulePath

%ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules

Perhaps OneDrive is hanging.

Kurt

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/9fb965ef31044d79a5d6d6072f220bf6%40smithcons.com.

[Michael B. Smith]

If you try the full path to a cmd is it as fast as it should be? Or still slow? For example:

 

               Microsoft.PowerShell.Utility\Get-Date

               Microsoft.PowerShell.Utility\Get-Host

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce6APcAQJGq_DBdUkWZFuEkprWKoS3xeqHMgrU2RyovjTw%40mail.gmail.com.

[Kurt Buff]

Nope - that just hangs.

Ran "pwershell -noprofile" and got the prompt, but trying to run either of them just hangs the instance.

If all I do is hit enter, without any commands, it does accept  that and return the prompt.

Kurt

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/4b458e3de6864619a16aa2b624bb84f7%40smithcons.com.

[Michael B. Smith]

Definitely time for procmon.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce4a7gRtZWhDtVeGqB5gGo9AFSiuXrJkX3OmMhLPG4tfWQ%40mail.gmail.com.

[Markus Klocker]

Yes have that too once and a while.
After ~ 5 minutes it works.
Also happens during a session. Suddenly ~ 5 minutes just simply no response at all after that completely normal.

    Markus

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce5DLo-jLod%3D9LGf_zXxJ-Fo9nN11yMW7y%3DAh3MKbwMJQA%40mail.gmail.com.