Community Pick: Many members of our community have endorsed this article.

Troubleshooting Slow Logons

Shoaib Hayat Software Applications Consultant
CERTIFIED EXPERT
Published:
Updated:
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop.

Interesting thing was the fact that the process for each particular case always took almost exactly the same time and the second interesting observation was that after the logon is processed there is no obvious issue with the session's performance.

So we decided to take on a terminal server to diagnose this situation. I researched about the issue to see what other people have done about this. Also the fact that I deliberately choose terminal server means I have more then one user to compare the log on process.

So the case server was selected, a Quad Processors, 8GB RAM capable of handling 15 users of intense workload.

We went on to do a lots of test, I wanted to share the results but this post is going to get to long for that, may be a second part.

Right now, this post will identify the possible solutions of the slow logon and some steps involved to achieve that.
 
It was identified that Microsoft User Profile Hive Cleanup service is very useful in clearing the memory hive of  users who did not log off properly.

It was identified that the basic command chkdsk /f is important in tool in clearing disk errors that effect the user profile loading at log on.

We used delprof.exe, a very good tool to delete unused profiles on the terminal server which resulted in faster performance. This was a case with roaming profiles.

It was identified that even after all this stuff, the logon process was not pure though it had considerably improved. Also we identified that the exact time halt factor was still there though it was reduced.

When we replicated the process to some problem desktops to expand the border of understanding, we noticed that there was less effect of the above mentioned processes on desktop computers running Windows XP.

We tried with Administrator accounts and normal accounts but the process was more or less the same.

It was then, I came across a very useful blog post by Mark Russinovich on Microsoft Technet about slow log on troubleshooting.

With the help of this post we derived following solution which has helped us many related issues with great success, Here after are the generic troubleshooting steps;

1

Downloading Tools
Go to Technet - Sysinternals and download the following four tools;

procexp.exe
procmon.exe
psexec.exe
autoruns.exe

Even if you already have, download the new versions.

Then put the in a suitable location like c:\tools

2

Using Process Explorer to Identify the Problem ProcessRight after startup go to command prompt

> cd tools
>procexp.exe

Process Explorer shows up

In view menu check Show Unmapped handles and mappings

See if you can find any thing that usual task manager does not show, double click any such entry and review the stack associated. Note down all such processes.

3

Using Process Monitor to access boot logs
On command prompt in tools folder

> psexec -sid c:\tools\procmon.exe

Process Monitor shows up

In options menu select enable boot logging

Then logoff the computer.

Logon again, when you logon process monitor will be running, with the help of psexec we made it run after logoff and thus it will capture boot log.

In this log you can filter with unsuccessful events and see what went unsuccessful at the logon that halted your PC, also from the STEP 2 you noted some unrecognized processes, you can filter for these process to see if these process are creating the discrepancy.

Once you have identified the problem area, you can address to it.

TIP: Usually these slow log on issues are related to either memory or hardware, so what you need to focus on, to make the filters short is to see where a memory exception was thrown OR a hardware fault or lock was logged, for example, it may be a modem driver that is creating the problem, you an update the driver and fix it.

There are situations where you can't find a solution to the problem or there does not exist one, the driver works fine you need it, only its a pain at log on, here is an easy solution in step

4

Using AutoRuns to Disable the Problem Process
On command prompt in tools folder

>autoruns.exe

autoruns pop up

User find menu to find that exe or driver or whatever  it is and un-check it to stop run at logon, that it, it won't disturb you at log on any more.

Remember that there may be multiple things causing the issue.

NOTES
Mark's blog can be access on Technet
Mark's Blog - The Case of the Slow Logons

In case you don't have access to live shares on internet, access Technet and search Sysinternals and download the tools from there.

I have used it many times with great success, hope it works for you too.
4
8,890 Views
Shoaib Hayat Software Applications Consultant
CERTIFIED EXPERT

Comments (1)

1w3

Commented:
Hi

The "process monitor " does not run after logoff and logon.Any ideas ?

Thanks

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.