• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 627
  • Last Modified:

long start up in windows

Hi,
I have a W2K3 server/client network.
I have many GPOs created for different OUs.
the client machines take a long time (5-8 min) to get to a login screen.
they sit on the applying computer policy screen the longest

how should I start to troubleshoot this?
what is the issue?

Thank you
AL
0
lacroix_al
Asked:
lacroix_al
  • 9
  • 8
  • 2
  • +3
1 Solution
 
MISOperationsCommented:
Run some malware scans, defragment the hard drive.
0
 
houssam_balloutCommented:
go to start>run>msconfig>then to startup tab, uncheck all items except antivirus and try
0
 
DedPoetCommented:
Do the workstations have their DNS servers set to local dns servers on your DC(s)?  
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Sudeep SharmaTechnical DesignerCommented:
Get a copy of Autoruns from Microsoft and search for the C:\documents

http://download.sysinternals.com/Files/Autoruns.zip

Remove it once found, or else if you face any difficulty working with the autoruns then you could just save the autorun entries of you system and post it here. To save the autorun entries do the following:
Click --> File --> Save.
Name the file "filename.arn" (filename could be any name)

Post the .arn file here for further analysis

Sudeep
0
 
lacroix_alAuthor Commented:
Thank you all for the replies

MISOperations:
We run malwarebytes, and Deepfreeze on these systems.
an older version of deepfreeze had insuses with fragmanting the HD.
I'll have to look at that

houssam_ballout:
good tip. will try it

DedPoet:
the systems are set for DCHP and yes the DNS is a local DC

snusgubben:
yes, I agree that is why I posted the question, hoping someone could point me in the right direction.

SSharma:
could you explain this more

Thank you

Al
0
 
Sudeep SharmaTechnical DesignerCommented:
Well all the meant was to get the copy of the Autoruns from Micorosoft website and run it. It would tell you what is it loading on startup, so by analyzing the it we would be able to see if there is something fishy we should be bother about.

I explained you the process of saving your startup items from autoruns in my previous post.

Sudeep
0
 
lacroix_alAuthor Commented:
SSharma:
thank you for the clarification.
this is what I thought you meant but wanted to be sure.

Al
0
 
lacroix_alAuthor Commented:
snusgubben:
great blogs!
I think these are the steps that will help me troubleshoot this issue.
having a baseline and realistic expectations are a must.

just a question-
what do you feel is a reasonable start up time?
this would be from the time you push the power button to the time you could be on the internet at your home page.
Is 3 - 5 minutes unreasonable or should it be closer to 8 - 10? I know every network is diff, I am just wondering what you guys think?
0
 
snusgubbenCommented:
Those blogs gives you a good place to start and will probably help you solve the problem.

I think 8-10 minutes is way too long but it all depends on many factors (startup programs, hw and drivers, disc, GPOs, asyncron/syncron GPO etc.)

I feel 1-4 minutes is a acceptable baseline.

If the "basic" troubleshooting steps don't bring you any closer, you could enable USERENV logging on a client (XP). Then you'll see  if ie. a GPO takes a long time to deploy.

http://support.microsoft.com/kb/221833

and a "must have tool" to read the log: http://www.sysprosoft.com/policyreporter.shtml
0
 
lacroix_alAuthor Commented:
Wow! 1 - 4 min ???
I tested my PC this morning and it took 6 mins from the push of the power button until outlook was open.

Thanks for the policy reporter
0
 
snusgubbenCommented:
Well, I would say "Wow!" to 6 minutes. If I was a domain user and it took 6 minutes before my startpage in IE was ready, I would complain.

I think around 50 seconds is the fastest I have clocked my PC (XP, workstation). My laptop, Lenovo T-series w/Win7 takes around 3 minutes.
If you're dealing with laptops you should increase the baseline.

The policy reporter is handy since it splits User settings from the Computer settings and with a time stamp on each "event".

Happy hunting :)
0
 
lacroix_alAuthor Commented:
Yes,
They are complaining.
ok, so I just went and disabled all services and startups except MS stuff.
here is what I found
BIOS completes - 1 min
Network connection - 15 sec
appling computer settings - 3 minutes
logon - 3-5 sec
desktop - 10-15 sec
Outlook - 30 sec

I think I see the issue or a good place to start.
I have multiple GPOs in this domain, so I will see if I can consolodate them.
if I can get the GPO to load within 1 min I think that will help a lot

0
 
snusgubbenCommented:
Three minutes for processing computer GPOs is much.

It's easy to track down to which GPO is stalling *IF* you don't have all settings in one huge Computer GPO (or all put down in the Default domain policy).

You should check to see how many GPOs you got and create a test OU with block inheritance, move a test computer in it, and link the GPOs one by one.

Also if you have multiple GPO, the userenv.log will show you the GPO that is eating the time.
0
 
snusgubbenCommented:
By the way. The Group Management Consol is a "must have tool" to generate a report of which setting a GPO have.

http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en

(If you have 2008 DCs you already have it installed)
0
 
lacroix_alAuthor Commented:
Yes, That is the plan.
I enabled userenv.log

I have the Group Management Console installed on a Vista machine
0
 
lacroix_alAuthor Commented:
ok I have been reading blogs on slow login times.
one blog I read said to add the domain computer group to the permissions tab of the GPO with read access.
does this make since to anyone?
0
 
snusgubbenCommented:
That is not a default setting. As long as the Authenticated Users and the DCs have read you should be fine.
0
 
lacroix_alAuthor Commented:
that is what I was thinking.

I did find the following GPO on my system
696FED8A-263C-44C8-8195-A016BA48373D
this GPO isn't on either of my AD servers.
I think it was from an old AD server that no longer exists.
by deleteing it my logon time from bootup went from 6 min to 2 1/2.
I have created an seperate OU with blocked inharitance, placed my PC into it.
I am adding the GPOs one at a time and rebooting my system.

Correct me if I am wrong, but doesn't it take three reboots for the GPO to take affect?
I know I can use gpupdate /force but does that also take more then one reboot?
0
 
snusgubbenCommented:
GPOs are refreshed every 90 minutes on a domain member. No need for three reboots.

When you start your computer the Computer settings are applied. When it's finished the "CTRL+ALT+DEL" will appear. When the user authenticates, the User settings are applied.
This happens every time you reboot.

"gpupdate /force" will apply the GPOs without the need for a reboot. Run the command followed by a "gpresult /v" to see what is applied.
0
 
lacroix_alAuthor Commented:
snusgubben:

Thank you for the clarification.
on my machine with a 2 1/2 min login time 1 min of that is the BIOS completing POST.

I found two GPOs that were conflicting with each other.
after finding these two GPO, I desided to see how many I could consolidate.
It turns out that I was able to consolidate 6 of them into one.
after consolidation I linked this GPO to an OU for a moble lab.
the mobile lab has thirty laptops in it all running 802.11b and connecting to one AP.
I tested one of the laptops, it booted to login prompt within 1 1/2 min.
I am still testing to see how it does when all thirty of the laptops come on.
I hope it is much faster then the 5 - 13 min login before.

I'll keep you posted

Al
0
 
snusgubbenCommented:
Objection!

The author had a 5-13 minute delay in startup. In http:#33688277 he was down to 2 1/2 minutes.

I help him with where to look like http:#33631795
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

  • 9
  • 8
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now