lacroix_al
asked on
long start up in windows
Hi,
I have a W2K3 server/client network.
I have many GPOs created for different OUs.
the client machines take a long time (5-8 min) to get to a login screen.
they sit on the applying computer policy screen the longest
how should I start to troubleshoot this?
what is the issue?
Thank you
AL
I have a W2K3 server/client network.
I have many GPOs created for different OUs.
the client machines take a long time (5-8 min) to get to a login screen.
they sit on the applying computer policy screen the longest
how should I start to troubleshoot this?
what is the issue?
Thank you
AL
MISOperations
Run some malware scans, defragment the hard drive.
go to start>run>msconfig>then to startup tab, uncheck all items except antivirus and try
Do the workstations have their DNS servers set to local dns servers on your DC(s)?
Cases like this can be due to so many things and can be hard to "fix" over a forum.
Here are some excelent blog entries that may help you solve the problem:
http://blogs.technet.com/b/askperf/archive/2008/10/14/help-i-m-stuck-at-applying-computer-settings.aspx
http://blogs.technet.com/b/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-1.aspx
http://blogs.technet.com/b/askds/archive/2009/09/24/so-you-have-a-slow-logon-part-2.aspx
http://blogs.technet.com/b/instan/archive/2008/04/17/troubleshooting-the-intermittent-slow-logon-or-slow-startup.aspx
Here are some excelent blog entries that may help you solve the problem:
http://blogs.technet.com/b/askperf/archive/2008/10/14/help-i-m-stuck-at-applying-computer-settings.aspx
http://blogs.technet.com/b/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-1.aspx
http://blogs.technet.com/b/askds/archive/2009/09/24/so-you-have-a-slow-logon-part-2.aspx
http://blogs.technet.com/b/instan/archive/2008/04/17/troubleshooting-the-intermittent-slow-logon-or-slow-startup.aspx
Get a copy of Autoruns from Microsoft and search for the C:\documents
http://download.sysinternals.com/Files/Autoruns.zip
Remove it once found, or else if you face any difficulty working with the autoruns then you could just save the autorun entries of you system and post it here. To save the autorun entries do the following:
Click --> File --> Save.
Name the file "filename.arn" (filename could be any name)
Post the .arn file here for further analysis
Sudeep
http://download.sysinternals.com/Files/Autoruns.zip
Remove it once found, or else if you face any difficulty working with the autoruns then you could just save the autorun entries of you system and post it here. To save the autorun entries do the following:
Click --> File --> Save.
Name the file "filename.arn" (filename could be any name)
Post the .arn file here for further analysis
Sudeep
ASKER
Thank you all for the replies
MISOperations:
We run malwarebytes, and Deepfreeze on these systems.
an older version of deepfreeze had insuses with fragmanting the HD.
I'll have to look at that
houssam_ballout:
good tip. will try it
DedPoet:
the systems are set for DCHP and yes the DNS is a local DC
snusgubben:
yes, I agree that is why I posted the question, hoping someone could point me in the right direction.
SSharma:
could you explain this more
Thank you
Al
MISOperations:
We run malwarebytes, and Deepfreeze on these systems.
an older version of deepfreeze had insuses with fragmanting the HD.
I'll have to look at that
houssam_ballout:
good tip. will try it
DedPoet:
the systems are set for DCHP and yes the DNS is a local DC
snusgubben:
yes, I agree that is why I posted the question, hoping someone could point me in the right direction.
SSharma:
could you explain this more
Thank you
Al
Well all the meant was to get the copy of the Autoruns from Micorosoft website and run it. It would tell you what is it loading on startup, so by analyzing the it we would be able to see if there is something fishy we should be bother about.
I explained you the process of saving your startup items from autoruns in my previous post.
Sudeep
I explained you the process of saving your startup items from autoruns in my previous post.
Sudeep
ASKER
SSharma:
thank you for the clarification.
this is what I thought you meant but wanted to be sure.
Al
thank you for the clarification.
this is what I thought you meant but wanted to be sure.
Al
ASKER
snusgubben:
great blogs!
I think these are the steps that will help me troubleshoot this issue.
having a baseline and realistic expectations are a must.
just a question-
what do you feel is a reasonable start up time?
this would be from the time you push the power button to the time you could be on the internet at your home page.
Is 3 - 5 minutes unreasonable or should it be closer to 8 - 10? I know every network is diff, I am just wondering what you guys think?
great blogs!
I think these are the steps that will help me troubleshoot this issue.
having a baseline and realistic expectations are a must.
just a question-
what do you feel is a reasonable start up time?
this would be from the time you push the power button to the time you could be on the internet at your home page.
Is 3 - 5 minutes unreasonable or should it be closer to 8 - 10? I know every network is diff, I am just wondering what you guys think?
Those blogs gives you a good place to start and will probably help you solve the problem.
I think 8-10 minutes is way too long but it all depends on many factors (startup programs, hw and drivers, disc, GPOs, asyncron/syncron GPO etc.)
I feel 1-4 minutes is a acceptable baseline.
If the "basic" troubleshooting steps don't bring you any closer, you could enable USERENV logging on a client (XP). Then you'll see if ie. a GPO takes a long time to deploy.
http://support.microsoft.com/kb/221833
and a "must have tool" to read the log: http://www.sysprosoft.com/policyreporter.shtml
I think 8-10 minutes is way too long but it all depends on many factors (startup programs, hw and drivers, disc, GPOs, asyncron/syncron GPO etc.)
I feel 1-4 minutes is a acceptable baseline.
If the "basic" troubleshooting steps don't bring you any closer, you could enable USERENV logging on a client (XP). Then you'll see if ie. a GPO takes a long time to deploy.
http://support.microsoft.com/kb/221833
and a "must have tool" to read the log: http://www.sysprosoft.com/policyreporter.shtml
ASKER
Wow! 1 - 4 min ???
I tested my PC this morning and it took 6 mins from the push of the power button until outlook was open.
Thanks for the policy reporter
I tested my PC this morning and it took 6 mins from the push of the power button until outlook was open.
Thanks for the policy reporter
Well, I would say "Wow!" to 6 minutes. If I was a domain user and it took 6 minutes before my startpage in IE was ready, I would complain.
I think around 50 seconds is the fastest I have clocked my PC (XP, workstation). My laptop, Lenovo T-series w/Win7 takes around 3 minutes.
If you're dealing with laptops you should increase the baseline.
The policy reporter is handy since it splits User settings from the Computer settings and with a time stamp on each "event".
Happy hunting :)
I think around 50 seconds is the fastest I have clocked my PC (XP, workstation). My laptop, Lenovo T-series w/Win7 takes around 3 minutes.
If you're dealing with laptops you should increase the baseline.
The policy reporter is handy since it splits User settings from the Computer settings and with a time stamp on each "event".
Happy hunting :)
ASKER
Yes,
They are complaining.
ok, so I just went and disabled all services and startups except MS stuff.
here is what I found
BIOS completes - 1 min
Network connection - 15 sec
appling computer settings - 3 minutes
logon - 3-5 sec
desktop - 10-15 sec
Outlook - 30 sec
I think I see the issue or a good place to start.
I have multiple GPOs in this domain, so I will see if I can consolodate them.
if I can get the GPO to load within 1 min I think that will help a lot
They are complaining.
ok, so I just went and disabled all services and startups except MS stuff.
here is what I found
BIOS completes - 1 min
Network connection - 15 sec
appling computer settings - 3 minutes
logon - 3-5 sec
desktop - 10-15 sec
Outlook - 30 sec
I think I see the issue or a good place to start.
I have multiple GPOs in this domain, so I will see if I can consolodate them.
if I can get the GPO to load within 1 min I think that will help a lot
Three minutes for processing computer GPOs is much.
It's easy to track down to which GPO is stalling *IF* you don't have all settings in one huge Computer GPO (or all put down in the Default domain policy).
You should check to see how many GPOs you got and create a test OU with block inheritance, move a test computer in it, and link the GPOs one by one.
Also if you have multiple GPO, the userenv.log will show you the GPO that is eating the time.
It's easy to track down to which GPO is stalling *IF* you don't have all settings in one huge Computer GPO (or all put down in the Default domain policy).
You should check to see how many GPOs you got and create a test OU with block inheritance, move a test computer in it, and link the GPOs one by one.
Also if you have multiple GPO, the userenv.log will show you the GPO that is eating the time.
By the way. The Group Management Consol is a "must have tool" to generate a report of which setting a GPO have.
http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en
(If you have 2008 DCs you already have it installed)
http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en
(If you have 2008 DCs you already have it installed)
ASKER
Yes, That is the plan.
I enabled userenv.log
I have the Group Management Console installed on a Vista machine
I enabled userenv.log
I have the Group Management Console installed on a Vista machine
ASKER
ok I have been reading blogs on slow login times.
one blog I read said to add the domain computer group to the permissions tab of the GPO with read access.
does this make since to anyone?
one blog I read said to add the domain computer group to the permissions tab of the GPO with read access.
does this make since to anyone?
That is not a default setting. As long as the Authenticated Users and the DCs have read you should be fine.
ASKER
that is what I was thinking.
I did find the following GPO on my system
696FED8A-263C-44C8-8195-A0
this GPO isn't on either of my AD servers.
I think it was from an old AD server that no longer exists.
by deleteing it my logon time from bootup went from 6 min to 2 1/2.
I have created an seperate OU with blocked inharitance, placed my PC into it.
I am adding the GPOs one at a time and rebooting my system.
Correct me if I am wrong, but doesn't it take three reboots for the GPO to take affect?
I know I can use gpupdate /force but does that also take more then one reboot?
I did find the following GPO on my system
696FED8A-263C-44C8-8195-A0
this GPO isn't on either of my AD servers.
I think it was from an old AD server that no longer exists.
by deleteing it my logon time from bootup went from 6 min to 2 1/2.
I have created an seperate OU with blocked inharitance, placed my PC into it.
I am adding the GPOs one at a time and rebooting my system.
Correct me if I am wrong, but doesn't it take three reboots for the GPO to take affect?
I know I can use gpupdate /force but does that also take more then one reboot?
GPOs are refreshed every 90 minutes on a domain member. No need for three reboots.
When you start your computer the Computer settings are applied. When it's finished the "CTRL+ALT+DEL" will appear. When the user authenticates, the User settings are applied.
This happens every time you reboot.
"gpupdate /force" will apply the GPOs without the need for a reboot. Run the command followed by a "gpresult /v" to see what is applied.
When you start your computer the Computer settings are applied. When it's finished the "CTRL+ALT+DEL" will appear. When the user authenticates, the User settings are applied.
This happens every time you reboot.
"gpupdate /force" will apply the GPOs without the need for a reboot. Run the command followed by a "gpresult /v" to see what is applied.
ASKER
snusgubben:
Thank you for the clarification.
on my machine with a 2 1/2 min login time 1 min of that is the BIOS completing POST.
I found two GPOs that were conflicting with each other.
after finding these two GPO, I desided to see how many I could consolidate.
It turns out that I was able to consolidate 6 of them into one.
after consolidation I linked this GPO to an OU for a moble lab.
the mobile lab has thirty laptops in it all running 802.11b and connecting to one AP.
I tested one of the laptops, it booted to login prompt within 1 1/2 min.
I am still testing to see how it does when all thirty of the laptops come on.
I hope it is much faster then the 5 - 13 min login before.
I'll keep you posted
Al
Thank you for the clarification.
on my machine with a 2 1/2 min login time 1 min of that is the BIOS completing POST.
I found two GPOs that were conflicting with each other.
after finding these two GPO, I desided to see how many I could consolidate.
It turns out that I was able to consolidate 6 of them into one.
after consolidation I linked this GPO to an OU for a moble lab.
the mobile lab has thirty laptops in it all running 802.11b and connecting to one AP.
I tested one of the laptops, it booted to login prompt within 1 1/2 min.
I am still testing to see how it does when all thirty of the laptops come on.
I hope it is much faster then the 5 - 13 min login before.
I'll keep you posted
Al
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.