Avatar of Cymbaline65
 asked on

Slow and/or Inconsistent GPO Processing

Hello all-
I'm performing an eDirectory to AD (Server 2012) migration using the Quest migrator toolset. This is a school system that is predominantly Windows XP SP3 (99%) for clients - only IT Staff has Windows 7.
I've deployed 2 GPOs: One to map specific network drives and the other to deploy a custom wallpaper. I've deployed the CSE's for Windows XP (including the CSE hotfix 974266).
Bottom line: about 50% of the time, my drives map and logon times are respectable (<30 sec from logon to desktop). Other times, it can take 8-10 minutes to get to the desktop.
Turning on verbose logging, I found these entries:

USERENV(2e0.d2c) 09:09:49:866 ProcessGPOs: -----------------------
USERENV(2e0.d2c) 09:09:49:866 ProcessGPOs: Processing extension Group Policy Drive Maps
USERENV(2e0.d2c) 09:09:49:866 ReadStatus: Read Extension's Previous status successfully.
USERENV(2e0.d2c) 09:09:49:866 CompareGPOLists:  The lists are the same.
USERENV(2e0.d2c) 09:09:49:866 CompareGPOLists:  The lists are the same.
USERENV(2e0.d2c) 09:09:49:866 CheckGPOs: No GPO changes but called in force refresh flag or extension Group Policy Drive Maps needs to run force refresh in foreground processing
USERENV(2e0.d2c) 09:09:49:866 ProcessGPOList: Entering for extension Group Policy Drive Maps
USERENV(2e0.d2c) 09:09:49:882 UserPolicyCallback: Setting status UI to Applying Group Policy Drive Maps policy...
USERENV(2e0.d2c) 09:09:49:882 ProcessGPOList: Passing in the force refresh flag to Extension Group Policy Drive Maps
USERENV(2e0.d2c) 09:09:49:882 GetWbemServices: CoCreateInstance succeeded
USERENV(2e0.d2c) 09:09:49:963 ConnectToNameSpace: ConnectServer returned 0x0
USERENV(2e0.d2c) 09:09:50:027 LogExtSessionStatus: Successfully logged Extension Session data
USERENV(f44.f48) 09:14:24:605 LibMain: Process Name:  C:\WINDOWS\system32\wuauclt.exe

USERENV(f8c.f90) 09:14:25:458 LibMain: Process Name:  C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(2e0.d2c) 09:18:10:377 ProcessGPOList: Extension Group Policy Drive Maps returned 0x0.
USERENV(2e0.d2c) 09:18:10:377 ProcessGPOList: Extension Group Policy Drive Maps was able to log data. RsopStatus = 0x0, dwRet = 0, Clearing the dirty bit
USERENV(2e0.d2c) 09:18:10:439 ProcessGPOs: -----------------------
USERENV(2e0.d2c) 09:18:10:439 ProcessGPOs: -----------------------

Note the time difference after wmiprvse and Drive maps returning 0x0 - almost 4 minutes elapsed. This happens 50% of the time - sometimes the drives process in milliseconds.

Other items to note:
  *  I'm not seeing any CPU spikes with wmiprvse (read articles where this can happen).
  * I don't see any DNS errors
  * I've turned on Desktop wallpaper and enabled Active Desktop for my wallpaper GPO using User Configuration/Admin Templates/Desktop/Desktop/...
  * This issue occurs on multiple workstation builds indicating that it is probably environmental

This is driving  me nuts as it is not consistent but happens enough where it's keeping from starting our pilot migrations until it's resolved. Are there any issues with XP SP3 CSE's and Server 2012?

Any and all help is greatly appreciated.
Windows XPWindows Server 2012Active Directory

Avatar of undefined
Last Comment
Joseph O'Loughlin

8/22/2022 - Mon

Further comments:
* When the drive do NOT map upon logon, no error message is generated in the Event Log
* USER.ENV shows that the GPO processes but the message is: "Extension Group Policy Drive Maps skipped with flags 0x1000e
Neil Russell

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Hello Neilsr-
DHCP environment with all DNS servers being AD domain controllers/Global Catalog servers.

FYI Neilsr - I found the NIC drivers to be two years old on one system, and 7 (yes, SEVEN) years old on another..Updating and will report back results.
Your help has saved me hundreds of hours of internet surfing.

Updating NICs did not improve situation. Even got worse for the system with the oldest drivers.
Joseph O'Loughlin

If you are using a managed switch and a wired network, configure one port as a mirrored port of a problem xp machine, and install wireshark on a 3rd system, connect to the mirror port and sniff the traffic during boot, login until the profile is loaded.  How many errors (corrupted packets) are there.  

Why, because slow logins are often caused by udp traffic being dropped on a poorly configured network, where on the managed switch, the ports should be configured as edge ports unless connected to another hub, switch or router.

If you have unmanaged switches, expressidly in the network card's properties change link speed and duplex from auto to 100 full.  Review the messages from the system eventlog for network card messages before and after.  You can use eventid.net to interpret the various events, e.g. from e100b an intel network card.  

Also on the server and xp client type, at the command prompt,
net statistics server
net statistics workstation
and review the results.  What is the rate of network errors and dropped connections.  One possibility is that additional user licences are needed on the server, and the delays are waiting for another connection to idle timeout.

Thanks for the reply, Athiest-
I've arranged port mirroring for tomorrow so we'll what happens there.
I've tried changing the NIC connection settings and getting the same results with 3 different systems using 3 different builds. I'm re-imaging the test systems as they were acting rather unstable.
Stay tuned.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Joseph O'Loughlin

Do you do the re-imaging over the same network?  How long dose joining the reimaged machine to the domain take?

There could be other network configuration problems.  The 8 to 10 minute delay could be WINS being used with WINS gone, and waiting for the server service to recognise the domain controller as the browse master.

The delay seems to be around authentication.  To test this on it's own, use

You may need to first disconnect established connections, as displayed by NET USE

One approach if drive letters are not carefully tracked, is to add /PERSISTENT:NO so that there isn't a conflict on next boot, alternatively in the login script preceded mapping a drive letter with NET USE X: /DEL

Ok Atheist-
Anwers to your questions:
1. Imaging take about 45 min. 20GB image size plus some updates. My test segment is just 100mb/s - not 1GB.
2.  No WINS is deployed nor is WINS in the DHCP scope
3. Simple authentication always works and in a timely manner.

Now for some updates:
1. have not performed Wireshark sniff yet as other things got in my way but boot times are now pretty good. I <think> it was related to resolving redirected "My Documents" that were getting mapped to a network (DFS) share.
2. All GPOs seem to behave EXCEPT my shortcuts to MS Office (Word,Excel etc..) I keep getting a "unable to find the file specified" no matter what I do.
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.