Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Slow Logon on XP at Applying Computer Settings

Posted on 2010-11-23
Medium Priority
Last Modified: 2012-06-27
I have a single domain laptop that takes around 4 minutes to logon after entering domain credentials. The delay occurs at the "Applying Computer Settings" phase of logon. I have read several threads on this topic, but have not been able to find a solution that works on this laptop. Things I tried include:( note: all tests done were from same subnet as DCs, DNS, GC servers, but laptop normally resides in a remote branch, different subnet, with no servers).
Logging on with different domain accounts - slow logon
Logging on with local accounts - normal logon
Removed laptop from domain, deleted computer account in AD, re-joined domain - slow logon
Logging on with no network connection - still took a few minutes, however, no "applying computer settings" screen appeared. Just blank Desktop for a few minutes.
In TCP/IP settings of wireless interface  Enabled NETBIOS over TCP/IP (was set to Default) - slow logon
Enabled user environment debug logging and looked from log file, but couldn't really see anything obvious (not that I knew what i was looking for), except got a lot of these lines:

USERENV(62c.64c) 14:52:19:953 ImpersonateUser: Failed to impersonate user with 5.
USERENV(62c.64c) 14:52:19:953 GetUserDNSDomainName: Failed to impersonate user
USERENV(62c.64c) 14:52:19:953 ProcessAutoexec: Cannot process autoexec.bat.

It would be good to be able to fix this issue without having to re-image. Thanks in advance for any assistance.
Question by:tezza80
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 3
  • +2
LVL 15

Expert Comment

ID: 34202195
What types of logon scripts are you running or are you using any type of GPO to redirect desktops/documents etc?

Author Comment

ID: 34202210
sorry forgot to mention... profiles are local, so no redirection on any folders. no logon script via any GPO, just a simple batch file that maps network drive that's setup in User properties in AD.
LVL 39

Expert Comment

ID: 34202274
So, this is a remote user, trying to logon to the domain, from a remote network, (probably through a VPN tunnel).

When your computer is slow at applying network settings, it means that computer is authenticating with the domain controller, and applying settings to the DNS servers of your domain. So, this computer is not able to see the domain servers with a rapid response.

If there are a bunch of clients at this location, I would recommend a domain server at this location. If not, point this client to your DNS servers for DNS resolution on your VPN connection. REASON being, Your DNS servers hold the SRV records for your domain server for authentication.
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.


Author Comment

ID: 34202289
yes, normally this laptop resides in a remote office, which is part of our private MPLS network, and it's DNS settings are configured to point to our DNS servers in head office.

however, I spent a few hours yesterday trying to troubleshoot the issue, and during this time, the laptop was in head office, the same physical location as the DNS servers, DCs, GCs.
LVL 39

Expert Comment

ID: 34202394
One of the issues you may be experiencing is your IP stacks.

You could have things like IPv6 enabled on an IPv4 network, you could have client services for netware enabled,.... Stack order has a lot to do with applying network settings.

Also, the client may need to release/renew DHCP manually. Remember your DHCP server provides a lease, and that lease duration includes things like DNS and gateway until you go to a new network.

Try an IPconfig /release and IPconfig /renew and IPconfig /flushdns and maybe your ARP cache needs to remove any signs of the old network for routing on the new network, (ARP -A).....

Regardless of the circumstances, it appears the client is confused on how to authenticate and logon to your network. This is a networking issue. Usually when you see a computer hang at "applying network settings" it's a DNS related issue:

IPconfig /all of this client would help a lot.

Author Comment

ID: 34202440
I did actually check out the stack order and can confirm that "Client for Microsoft Networks" was at the top of the list. I don't recall if client for netware was installed though.

IP address got renewed automatically as it's now in a new site with a new DHCP server, and I confirmed that all ip settings were correct.

ip settings below

Windows IP Configuration

        Host Name . . . . . . . . . . . . : LAPTOP-HP
        Primary Dns Suffix  . . . . . . . : domain.com.
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : domain.com.au

Ethernet adapter Wireless Network Connection 2:

        Connection-specific DNS Suffix  . : domain.com.au
        Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
        Physical Address. . . . . . . . . : 00-21-5D-CB-BC-4A
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . :
        Subnet Mask . . . . . . . . . . . :
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . :
        DNS Servers . . . . . . . . . . . :
        Lease Obtained. . . . . . . . . . : Wednesday, 24 November 2010 7:33:13 AM
        Lease Expires . . . . . . . . . . : Monday, 29 November 2010 7:33:13 AM

Ethernet adapter Local Area Connection 2:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connection
        Physical Address. . . . . . . . . : 00-1E-EC-E8-AB-1F

Ethernet adapter Bluetooth Network:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver
        Physical Address. . . . . . . . . : 00-21-86-C3-A2-F4

Author Comment

ID: 34202444
typo above.. primary dns suffix is infact domain.com.au.
LVL 39

Expert Comment

ID: 34202619
OK, that IPconfig looks good:

This is when you want to look at Firewall settings to see if some domain services the client is looking for is blocked.
LVL 66

Expert Comment

ID: 34202625
Post the logs if you like... Search and replace theservername with something non  personal if you like....
LVL 66

Expert Comment

ID: 34202630
In the Userenv.log file, search for the first instance of 'lpusername', that matches the domain user. Thats when the credentials were entered.

Then search for Explorer.exe (when you see teh desktop/taskbar/systray etc..), and look for the large time delays.... Takes abit of investigating, but can often pinpoint the delays.....

Also, Process Monitor can enable boot logging, so you can see whats happening in EXTREME DETAIL............

Troubleshooting with Process Monitor

Options>Select Enable Boot Logging, and reboot.... After reboot, launch Procmon to compile the logs.....

Then you can look at the times to see where your delays are......

LVL 30

Expert Comment

ID: 34205014
Enabling verbose startup, shutdown, logon, and logoff messages can many times point to exactly what the delay is. Follow the steps in this link. It is extremely fast and easy to enable. Now, when the system boots, you will see messages with the files being loaded and actions being taken. See if one of them sits there for an extended period of time. That is the culprit. That may then point to exactly what the problem is.

Instructions are here for domain and standalone systems.


Author Comment

ID: 34208636
here is the userenv logs for the other day when I was doing the testing. I will need to get the laptop back to enable the verbose startup, shutdown, logon an logoff messages.

are these logs helpful?.
LVL 66

Expert Comment

ID: 34249668
Logging starts here..... Notice the times.....

USERENV(5f4.5f8) 14:49:37:625 LibMain: Process Name:  \??\C:\WINDOWS\system32\winlogon.exe

NetworkService account gets logged on (by starting services), and you see the following....

USERENV(3f8.3f4) 14:49:55:640 LibMain: Process Name:  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
USERENV(4e0.4e4) 14:49:55:890 LibMain: Process Name:  C:\Program Files\KACE\KBOX\KBOXSMMPService.exe
USERENV(6ac.6a8) 14:49:55:984 LibMain: Process Name:  C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
USERENV(524.538) 14:49:59:203 LibMain: Process Name:  C:\WINDOWS\system32\svchost.exe
USERENV(81c.820) 14:49:59:750 LibMain: Process Name:  C:\Program Files\RealVNC\VNC4\WinVNC4.exe
USERENV(854.858) 14:49:59:890 LibMain: Process Name:  C:\WINDOWS\system32\SearchIndexer.exe
USERENV(878.87c) 14:49:59:984 LibMain: Process Name:  C:\WINDOWS\system32\mqsvc.exe
USERENV(8ac.8b0) 14:50:00:031 LibMain: Process Name:  C:\WINDOWS\system32\wuauclt.exe
USERENV(6ac.3cc) 14:50:02:031 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(a1c.a20) 14:50:03:546 LibMain: Process Name:  C:\WINDOWS\system32\wbem\wmiprvse.exe    <~~~~~Delay after this one... Maybe one of these apps is having a problem? WMIPRVSE is WMI, maybe a corrupted Repository?

USERENV(5f4.d98) 14:51:08:544 IsSyncForegroundPolicyRefresh: Synchronous, Reason: FirstPolicyRefresh
USERENV(5f4.5f8) 14:51:08:560 LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV(5f4.5f8) 14:51:08:560 =========================================================

User logs on.....
USERENV(5f4.5f8) 14:51:08:560 LoadUserProfile: lpProfileInfo->lpUserName = <user_account>
USERENV(5f4.5f8) 14:51:08:560 LoadUserProfile: NULL central profile path    <<~~~~ User is NOT a Roamer?

His profile was found in the registry....

USERENV(5f4.5f8) 14:51:08:606 GetExistingLocalProfileImage:  Found entry in profile list for existing local profile
USERENV(5f4.5f8) 14:51:08:606 GetExistingLocalProfileImage:  Local profile image filename = <%SystemDrive%\Documents and Settings\user_account>
USERENV(5f4.5f8) 14:51:08:606 GetExistingLocalProfileImage:  Expanded local profile image filename = <C:\Documents and Settings\user_account>
USERENV(5f4.5f8) 14:51:08:606 GetExistingLocalProfileImage:  No local mandatory profile.  Error = 2
USERENV(5f4.5f8) 14:51:08:606 GetExistingLocalProfileImage:  Found local profile image file ok <C:\Documents and Settings\user_account\ntuser.dat>
USERENV(5f4.5f8) 14:51:08:606 GetExistingLocalProfileImage:  Failed to query low profile unload time with error 2
USERENV(5f4.5f8) 14:51:08:622 Local Existing Profile Image is reachable
USERENV(5f4.5f8) 14:51:08:622 Local profile name is <C:\Documents and Settings\user_account>
USERENV(5f4.5f8) 14:51:08:622 RestoreUserProfile:  No central profile.  Attempting to load local profile.

User starts to see the desktop here....
USERENV(948.608) 14:52:14:540 LibMain: Process Name:  C:\WINDOWS\Explorer.EXE

Heres where the machine is probably not really usable/fully loaded..... Not sure if the complaint stops here, or how much more of the delay is the problem. Guess it might help to know how long the delay is before being able to use the pc?

USERENV(ba8.bac) 14:52:21:767 LibMain: Process Name:  C:\WINDOWS\system32\net.exe
USERENV(a00.b38) 14:52:22:518 LibMain: Process Name:  C:\WINDOWS\System32\WScript.exe  <~~~~Whats the login script doing?

USERENV(6ac.66c) 14:52:25:662 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(6ac.66c) 14:52:26:007 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(6ac.66c) 14:52:33:187 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(6ac.66c) 14:52:33:265 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(948.c30) 14:52:38:583 GetProfileType:  Profile already loaded.
USERENV(948.c30) 14:52:38:583 GetProfileType: ProfileFlags is 0
USERENV(948.c30) 14:52:39:084 GetProfileType:  Profile already loaded.
USERENV(948.c30) 14:52:39:084 GetProfileType: ProfileFlags is 0
USERENV(e28.e2c) 14:52:46:295 LibMain: Process Name:  C:\WINDOWS\system32\regsvr32.exe
USERENV(da8.df0) 14:52:46:671 LibMain: Process Name:  C:\WINDOWS\system32\imapi.exe
USERENV(854.a70) 14:52:53:976 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(5f4.618) 14:52:58:919 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(f74.f80) 14:52:59:091 LibMain: Process Name:  C:\WINDOWS\system32\userinit.exe
USERENV(74c.7ac) 14:52:59:529 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(74c.7ac) 14:53:11:746 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(6ac.66c) 14:53:12:231 ProcessAutoexec: Cannot process autoexec.bat.   <~~~ You probably dont even have an autoexec.bat....
USERENV(f94.590) 14:53:15:656 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(f94.590) 14:53:15:672 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(e14.c54) 14:53:17:174 LibMain: Process Name:  C:\WINDOWS\system32\cmd.exe
USERENV(c44.c80) 14:53:20:819 LibMain: Process Name:  C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(ef0.f14) 14:53:20:865 LibMain: Process Name:  C:\WINDOWS\system32\net.exe
USERENV(cd0.cd8) 14:53:26:200 LibMain: Process Name:  C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
USERENV(74c.c78) 14:53:41:389 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(838.d44) 14:53:56:484 LibMain: Process Name:  C:\WINDOWS\system32\notepad.exe
USERENV(f78.d7c) 14:54:21:747 LibMain: Process Name:  C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(854.a70) 14:55:54:152 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(cf4.37c) 14:56:18:146 LibMain: Process Name:  C:\WINDOWS\system32\SearchFilterHost.exe
USERENV(da8.d24) 14:57:33:692 LibMain: Process Name:  C:\WINDOWS\system32\SearchFilterHost.exe
USERENV(da8.d24) 14:57:33:707 GetUserDNSDomainName:  Domain name is NT Authority.  No DNS domain name available.
USERENV(da8.d24) 14:57:33:707 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(da8.d24) 14:57:33:770 GetUserDNSDomainName:  Domain name is NT Authority.  No DNS domain name available.
USERENV(da8.d24) 14:57:33:786 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(854.a70) 14:58:54:240 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(8f4.88c) 14:59:55:421 LibMain: Process Name:  C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(854.a70) 15:01:54:287 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(e8.7f0) 15:04:50:110 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(854.a70) 15:04:54:314 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(f28.bb8) 15:06:18:805 LibMain: Process Name:  C:\WINDOWS\system32\wuauclt.exe
USERENV(eac.b40) 15:06:19:695 LibMain: Process Name:  C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(1a8.fd0) 15:06:50:947 LibMain: Process Name:  C:\WINDOWS\system32\SearchFilterHost.exe
USERENV(720.ea8) 15:07:22:464 LibMain: Process Name:  C:\WINDOWS\system32\SearchFilterHost.exe
USERENV(720.cec) 15:07:25:636 GetUserDNSDomainName:  Domain name is NT Authority.  No DNS domain name available.
USERENV(720.cec) 15:07:25:636 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(720.cec) 15:07:25:682 GetUserDNSDomainName:  Domain name is NT Authority.  No DNS domain name available.
USERENV(720.cec) 15:07:25:682 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(854.a70) 15:07:54:322 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(e98.964) 15:09:21:569 LibMain: Process Name:  C:\WINDOWS\system32\SearchFilterHost.exe

No delays really in policy application. See a few things in ther questionable, but alot of the last part might be slimmed down by simply disabling some satrtup services/msconfig stuff you ABSOLUTELY dont need at boot..... According to this, little over a minute to start to see the desktop..... Like I said, I dont know if thats where the slowness complaint is or not, maybe it is before/after the desktop/CTRL+ALT+DEL screen....
Can you please clarify?
LVL 66

Expert Comment

ID: 34250102
I do know you are referring to the slowness at "Applying Computer Settings", but I am just wondering where that stops for you, and what you are considering to be the point that the machine is ready to use....

I hope that makes sense... Cause I just dont see that long of a delay after the credentials are input......

Author Comment

ID: 34253172
Thanks for going through the logs.

The reason this laptop stands out for slow logon more than others, is the delay on "Applying Computer Settings" stage. After time, a lot of other laptops are slow at logon, but that's usually because of all the start up items. On this laptop, well before posting the problem, I disabled everything from the statup list in msconfig that I didn't think was necessary, but this didn't prevent the delay at "Applying Computer Settings". I also ran disk cleanup tools, defrag, full virus / spyware scan, but still delay.  After that stage, the Desktop still probably takes 2 to 3 minutes until you can actually start using the OS.

now to the logs:

C:\WINDOWS\system32\wbem\wmiprvse.exe    <~~~~~Delay after this one... Maybe one of these apps is having a problem? WMIPRVSE is WMI, maybe a corrupted Repository?

Based on all your notes, that process looks like where the Applying Computer Settings is happening. I tried searching the net for slow log ons related to that process, but didn't seem to find an answer for this situation. Can't exactly disable the service either.  I'll do some more searching later on.

and just to answer your other questions
USERENV(a00.b38) 14:52:22:518 LibMain: Process Name:  C:\WINDOWS\System32\WScript.exe  <~~~~Whats the login script doing?

I'm not even aware of that script? How can I find out?
LVL 66

Accepted Solution

johnb6767 earned 1000 total points
ID: 34254803
Im assuming you have a login script in place. Check an RSOP.msc on this PC, to see what script ios set to run. Assuming thats what it is, as it is being called (part of the Windows Scripting Host). Also, a cmd.exe, and a net.exe, like it is mapping drives.....

Repairing and re-registering the WMI

Give this link a whirl as well...

Author Comment

ID: 34295515
ok thanks for the info.. I'll see if I can get some remote access to the laptop during the week to check out the WMI script.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question