How to use Wireshark to monitor XP bootup Applying computer settings

In the past few weeks I've noticed that our computers all hang on applying computer settings for 1-2 minutes.  I've checked all the DNS issues in other posts but still not finding anything wrong there.  I've seen a few people recommend to use Wireshark to see what is happening during the 'applying computer settings'.  However, I can't find any documentation on how to setup Wireshark to run during this period.  The only thing I see is the live capture where I have to start it manually.  Any help would be appreciated.  Thanks!
ryanmgreenAsked:
Who is Participating?
 
Darius GhassemConnect With a Mentor Commented:
Most likely a conflict.
0
 
Darius GhassemCommented:
I'm not very experienced with WireShark but maybe I can help with the other issue. Do you have any GPOs running? Make sure your clients only point to internal DNS servers. Are you getting any errors in the Event logs on the clients and server? Can you give me a quick overview of your network setup?
0
 
marce_litoCommented:
>However, I can't find any documentation on how to setup Wireshark to run during this period

I don't know if that's even possible... but you could get a small hub (or a switch capable of replicating traffic on a port) and capture the traffic on another machine...

the setup would be something like this:
net---[hub]---[problem computer]
            |
[functional computer running wireshark]

then again, i don't know if wireshark is the tool for diagnosing that kind of problem...
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
ryanmgreenAuthor Commented:
Dariusg-We do have GPOs running and am starting to think that may be causing the issue-although nothing was changed recently.  We have one for domain computers and one for laptop computers.  Seems that the laptop computers are the only ones have the lag on applying computer settings.  Possibly because of the firewall disable entry being in both policies.  Maybe it is conflicting there?  I turned on verbose logging and attached the file.  You'll notice there's almost a 2 minute delay in this area:
USERENV(470.3f4) 12:27:34:897 PolicyChangedThread: Calling UpdateUser with 1.
USERENV(470.3f4) 12:27:35:022 PolicyChangedThread: Broadcast message for 1.
USERENV(40c.410) 12:27:35:116 LibMain: Process Name:  C:\WINDOWS\System32\alg.exe
USERENV(470.3f4) 12:27:35:789 PolicyChangedThread: Leaving
USERENV(2f8.298) 12:27:41:827 LibMain: Process Name:  C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(ba0.ba4) 12:28:36:095 LibMain: Process Name:  C:\WINDOWS\system32\userinit.exe
USERENV(470.e58) 12:30:44:796 IsSyncForegroundPolicyRefresh: Synchronous, Reason: policy set to SYNC
USERENV(470.474) 12:30:46:360 LoadUserProfile: Yes, we can impersonate the user. Running as self

We don't do anything with WMI and I'm not sure why the userinit.exe would take so long.  Any ideas?
startup.txt
0
 
Darius GhassemCommented:
userinit.exe usually runs the scripts listed in the GPO. See if this link helps out.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Remote_Desktop-Terminal_Services/Q_23683948.html
0
 
ryanmgreenAuthor Commented:
I have uphclean installed on all our laptops here.  So that doesn't appear to be helping.  

Also, I can't disable autocert enrollment as we do use that for email encryption and I believe that needs to be running in order for our local CA to work properly.  
0
 
Darius GhassemCommented:
There is more then one post on EE and google talking about the autoenrollment fixing the issue.
0
 
ryanmgreenAuthor Commented:
Ok well I'll look into it.  Any idea if disabling Autoenrollment would mess with the Exchange encryption from our CA?  I've been googling that but not having any luck.
0
 
Darius GhassemCommented:
Honestly I would think it might but I'm not for sure. You can always test.
0
 
ryanmgreenAuthor Commented:
It does cause problems with encryption and it didn't fix the issue either.  We have a computer policy and a laptop policy.  In the computer policy the domain profile has the firewall disabled.  In the laptop Policy the firewall is disabled on the standard profile, for some in-house wireless issues.  Removing this laptop policy fixes the issue so I guess that is the problem.  Maybe just trying to read from two different policies is slowing it down.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.