We help IT Professionals succeed at work.

Group Policy +WMI Filter Causing LONG!!! Boot times

1,018 Views
Last Modified: 2014-09-13
Started having workstations with a MAJOR lag in booting.   After seeing 6005/6006 Event IDs I applied a policy that enabled verbose GP Logging.  After gathering a good amount of logs from affected machines, I started using Policy Reporter to view these logs and it became clear the time lag in processing began on a certain policy.  Also saw that it happened when it got to the WMI filter.  We had the same thing about the same time on a totally different forest, but on a policy that also has a windows 7 WMI filter.  I removed it but we have other policies with WMI filters now the logs are showing them with these huge gaps in time after they start processing it... Based on the fact it is two separate forests with different policies etc. I am tending to thing there may have been a Windows update (or possibly another pushed out package) that is to blame- I have also seen some 5602 WMI event IDs and messages saying that it is restoring the WMI repository from a backup file.
MachineLog2.png
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2014

Commented:
What is the WMI filter?  Some can take a long time.

Author

Commented:
We have had computers taking 30-120 minutes to get to the logon prompt.  Pretty basic filters the three initial ones in question were: select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1"
and select * from Win32_OperatingSystem WHERE ProductType = "1" AND OSArchitecture = "64-bit"
and select * from Win32_OperatingSystem WHERE ProductType = "1" AND NOT OSArchitecture = "64-bit"
CERTIFIED EXPERT
Top Expert 2014

Commented:
Yeah, I wouldn't expect those to take long at all, but I've heard of even simple ones causing issues.  You may even use something like
select ProductType, OSArchitecture from Win32_OperatingSystem WHERE ProductType = "1" AND OSArchitecture = "64-bit"

Are you saying the GPOs with the WMI filters have been in place for some time with no issue?  I haven't heard of any new issues with that, but I don't use WMI filters in my environment, so a problem related to that could have easily gone unnoticed by me.

Author

Commented:
I have applied these hotfixes and seeing "some" success but not 100% convinced yet.
http://support.microsoft.com/kb/929852, http://support.microsoft.com/default.aspx?scid=kb%3ben-US%3b2545227, http://support.microsoft.com/kb/929852 (50409)

I have started unlinking the policies that have WMI filters or removing the filter where I can.  After that I started seeing the policy choke on "Processing Extensions" . Now I put a GPP in place that adds the registry entry for verbose GP logging- I'm wondering if that is the first thing I see it hitting under extensions and the fact that it is set to update instead of "create". I also set "stop processing extension if error occurs" and "only apply once".  I have since disabled this policy as I hope I have enough verbose logs to  sample from
ProcessingExtensions3.JPGAnother thought is possible windows updates that have applied- I am wondering if one of the list below broke something or some users haven't rebooted yet since they were applied (via SCCM)

Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 (KB2957689) MS14-035            
Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2957689)        
Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB2929437)              MS14-01
Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB2957689)              MS14-03
Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB2963950)              MS14-035      
Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2929437)   MS14-018
Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2957689)     MS14-035  
Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2963950)   MS14-035
Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2936068)              MS14-018        
Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2957689) MS14-035        
Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2957689)  MS14-035                
Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2936068)        MS14-018            
Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2957689) MS14-035        
Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2957689)  MS14-035
CERTIFIED EXPERT
Top Expert 2014

Commented:
You may want to check out http://blogs.technet.com/b/grouppolicy/archive/2013/05/23/group-policy-and-logon-impact.aspx for some recommendations if you haven't seen it yet.
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Top Expert 2014

Commented:
Wish I had more to offer here.  I have some vague recollection of a blog post that I think mentioned SCCM in conjunction with a large number of WMI queries and slowing things down.  But without recalling specifics that's so thin that it's probably not worth mentioning.  If I come up with anything more specific (and it's helpful) I'll post back.

Author

Commented:
no exact solution was found but it appeared to be a bundle of updates from SCCM with a bad one in there, apparently crashing the WMI database

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.