Solved

Random Windows 7 Professional Desktops freeze before login

Posted on 2014-04-04
25
708 Views
Last Modified: 2016-11-23
Hey Experts and Gurus,

I am experiencing a rather odd issue in which a Windows 7 desktop computer will halt / freeze before the Ctrl-Alt-Del login prompt.  Only a hand full of our desktops do this out ~100 but those few randomly have this happen.

A power off and on seems to fix the problem until it randomly occurs again.

Background:
OS - Windows 7 Professional OS
OEM - Dell, Lenovo, and white box (custom builds) - Note mostly happens to Dell and Lenovos
Domain - Yes (2 DCs working together)- running in mix mode to service 2003 and 2008 DCs and servers
Network - 2 main Class C subnets routed between a Sonicwall NSA 2400 - note the issue occurs both inside the network and external.  All the cases in the internal network have been on the same subnet as the DC.
Switches - Netgear ProSafe(s) and Cisco(s) - note the users that have this problem are all on different switches

Reviewing the Error log we can see the event with an ID 100, but not much more than that.

I have seen this kind of issue occur before when the machine is looking for the domain controller, which unplugging the ethernet would let the login prompt through, but this has not worked in this case.

Furthermore I have googled quite a bit on the issue which blame too many profiles, but these machines have no more than 5 profiles on them, and occur with as little as 2 profiles.  Also we have tried fresh reload of the OS via images, but no success.

Thank you for any help you may be able to give.
0
Comment
Question by:creativecoop
  • 15
  • 6
  • 4
25 Comments
 
LVL 90

Accepted Solution

by:
John Hurst earned 250 total points
ID: 39979452
Also we have tried fresh reload of the OS via images, but no success.

I have any number of Lenovo Windows 7 Pro 64-bit machines on 1 DC and never any issue like this at all.

Since you have tried the factory image with no success, I suggest the following two possibilities:

1 The Antivirus suite you use. I have heard of Kaspersky causing issues and the solution was to upgrade to the newest version. We use Symantec Endpoint Protection and no issues with it.

2. Try one machine with one user profile and one Domain Controller only.

You could try a different user profile on one problem machine but I do not think this is the cause.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39980060
Describe at what exact point it happens and what exactly happens. Does the cursor remain movable?
0
 

Author Comment

by:creativecoop
ID: 39990263
Thank you guys for your responses.

@John Hurst - We use Symantec Endpoint as well.  Also how can you limit a profile to use only one DC?  

@McKnife - It happens mostly on the Please Wait screen and you can see the loading spinning wheel (god I hate that they changed it from an hour glass because what the heck do you call this thing)  As for the cursor, I can not remember if we still had control of that or not.
0
 

Author Comment

by:creativecoop
ID: 39990269
Please note I would like to add to this issue that it happens on:  Please Wait which is loading before login and the after login on the Welcome screen.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39990318
Please turn on group policy verbose mode: http://support.microsoft.com/kb/325376 (works for win7, too)
0
 

Author Comment

by:creativecoop
ID: 39990332
Lord I think I may have ran into the issue.  

We currently are running our DCs (all for the same domain) in mix-mode which one of the DC is 2003 R2 and the other 2008 R2.  I am now seeing the following Events on the 2003 R2 DC Event 27 on Source KDC, which has to do with Kerbose key generation.

I found a hot fix available to install on the Windows 2008 R2 DC, but I don't see anything for the 2003 R2 DC (which is where the Event 27 is occuring.

I've not patched anything yet, but still reading, as these servers have been online for years, however earlier this year our 2003 R2 DC had some Active Directory/DNS issues and had to be fixed (not via backup) and had to issue some Active Directory repair commands which I've forgotten and would have to lookup in my ticket system.

Does this sounds like this could be the thorn in my side?
0
 

Author Comment

by:creativecoop
ID: 39990372
Well the hotfix KB978055 would not install on the Windows Server 2008 R2 with the message:  "The update is not applicable to your computer." even though it met all the requirements.   *Sighs*

Some people say that Event 27 can be ignored, but I see another Warning event that occurs on our 2008 R2 DC that has to do with is and it is Event 29 "The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.".

So I am now looking at Event 27 and Event 29 things on the internet.  FYI our kerbose is not set to use DEC but is using RC4-HMAC(NT)
0
 

Author Comment

by:creativecoop
ID: 39990452
Actually, after reading and testing the Events 27 and Event 29 are not causing a login issue.  The error/warnings can be ignored until we upgrade out of 2003 DC mode, which I hope is soon.  But you know how that goes... all comes down to money.

So back to the drawing board.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 39990582
Look at this possible solution on a Microsoft forum.:

http://social.technet.microsoft.com/Forums/windowsserver/en-US/24ac15a3-cc65-409d-8cd9-24e9b97d473e/restrict-computers-to-use-specific-domain-controllers?forum=winserverGP

and disable fast logon optimization, and further down to the Domain Controller locator link.
0
 

Author Comment

by:creativecoop
ID: 40002374
We have confirmed both Domain controllers are successfully authenticating the machine (of course when it goes come up).  We turned on verbose logging, but nothing shows up when the machine is stuck at "Please wait" which we did wait about 24 hours, but it never went through and required a power off and on.

Note:  When the machine gets stuck at "Please wait" is never goes through based on our maximum wait time of 24 hours and we allow 15 minutes between tries and watch the hard drive activity LEDs.

Furthermore we did set the company to Diagnostic start up which after many reboots we were unable to get it stuck at "Please wait" but of course this turns off networking as well, so we turned on the Networking portions and the issue appeared again.

We have not tried to disable fast logon optimization yet, but this would be odd to only cause an issue with a few select computers but the rest operate normally all using the same policies.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40002405
Make sure the verbose logging is indeed active. It should display all sorts of policies that are applied at least if those are changed.
By the way: what does eventID 100 stand for, any descriptive text for us?
0
 

Author Comment

by:creativecoop
ID: 40002427
We enabled the verbose logging on the PC via registry entry and nothing is displayed to the screen besides the lovely "Please wait".

EventID 100 did not have any descriptive in it, and it appears not to be apart of the problem as it is not appearing when the issue occurred during our testing.  We just thought it would be worth mentioning since we saw it throw an EventID 100 before.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 40002443
Ok, so both policies mentioned here http://www.thewindowsclub.com/enable-verbose-status-message-windows are set and the regkey at the end is not set, I hope?
0
 

Author Comment

by:creativecoop
ID: 40002458
We did the registry edit but forgot about the policy changes.  Let me get those set.
0
 

Author Comment

by:creativecoop
ID: 40002571
@McKnife,

Okay the local group policy appeared to be what we left off for the Verbose Logging (thank goodness because I am tried of this gremlin problem).

Any who, I was able to get the computer to halt again after a few restarts and the last thing shown to the screen was "Local Session Manager"
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40002615
Ok, if it's one system only, and it's apparently no GPO intereference, then resort to your last working image or do an inplace-upgrade if you would like to avoid a reinstallation.
0
 

Author Comment

by:creativecoop
ID: 40002622
Actually we have a hand full of systems out of about 100 nodes.  All of them using different images.  The one we are testing is fresh from Dell with OEM Windows 7 Pro installed.  We did not reload our images on it.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40002809
Ok, so...? Nevertheless the advice stands.
0
 

Author Comment

by:creativecoop
ID: 40002894
After some review of all the PCs we see with this issue one thing stood out... Malwarebytes Enterprise Ed..  There was an event logged with MBAMM service not being found even though it is there and will run.  We have uninstalled it on a select computer that continually has the hang issue at "Please wait" (with Verbose Logging - Local Session Manager") and after about 20 restarts/shutdowns we have been unable to make it hang.  

I am not going to claim this fix yet until after a few days with the software uninstalled, then we will reinstall and see what happens.  

*Note all our computers are running with Malwarebytes Enterprise, so its odd why it would only cause a hand full of computer to freak out but I've seen similar events in my IT life.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40002900
I asked you about Anti Virus way back at the beginning (as that has been an issue for some computers).

But you said you were using Symantec Endpoint Protection. I use this with no hanging at all.

So now, are you saying you are using TWO antivirus applications on the same computers?  I do not recommend that.
0
 

Author Comment

by:creativecoop
ID: 40004249
I use two security applications which attack two different problems. Ive ran with anti virus and anti malware applications for 10 plus years and it has been accepted by the community due to the nature of what each of the applications look for.

Malwarebytes is for malware protection as symantec falls short on this.

Please know the difference.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40004338
I find SEP to be very good overall, but no matter what suite, no one anti virus catches everything.

So if I need to run Malwarebytes, I install, run and uninstall again.

If is best just to have one antivirus suite running at any one time.
0
 

Author Comment

by:creativecoop
ID: 40023775
Malwarebytes was the culprit but it was a currupted installation.
After uninstalling the agent then reinstalling the agent there have been no more issues.

We have run Malwarebytes Pro and Enterprise Editions for years without having this issue. I would never run two true antivirus suites as that does cause issues. Malwarebytes doesn't work the way a true antivirus program does therefore I have no problem running it in conjuction with SEP.

Thanks for everyone's suggestions.
0
 

Author Comment

by:creativecoop
ID: 40027559
I've requested that this question be closed as follows:

Accepted answer: 0 points for creativecoop's comment #a40023775

for the following reason:

Issue resolved by following the proceedure posted
0
 

Author Comment

by:creativecoop
ID: 40027556
Okay the problem has been finally verified.

It appears Malwarebytes was causing the issue but a reinstallation fixed the problem.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

One of the features I've come to appreciate about Windows 7 and Windows Server 2008 R2 is the ability to pin applications to the task bar. As useful a feature as I've found this, it does have some quirks.  For example, have you ever tried pinning an…
First some basics on Windows 7 Backup.  It has 2 components one is a file based backup which is stored in .zip files each zip is split at around 200 Megabytes and there is the Image Backup which is as the name implies a total image of the partition …
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now