Windows 7 slow logon troubleshooting

Hello,

In this article we will discuss how to troubleshoot Windows slow logon using Windows Performance Recorder (WPR) and Windows Performance Analyzer (WPA).

The case:

Windows logon takes about 1 minute to display the desktop, on a DELL Latitude Laptop, with a I7 CPU and SSD hard disk.

To deal with this issue, I first started Windows Performance Recorder to create boot trace.

You can find in this article how to install and use Windows Performance Recorder https://zinetek.wordpress.com/2015/12/16/how-to-use-wpr-to-record-boot-sequence/

Analyzing the trace

After the system reboot, and the trace created I open it in Windows Performance Analyzer (WPA).

First, lets take a look to the system configuration. Go to tab trace, then system and then General.

WPA_sysconfig

Next click storage

WPA_Sysconfig_storage

As we can see, this Laptop is an I7 3Ghz CPU, 8 Gb of RAM, and SSD hard drive. it becomes obvious that with these specs, 1 min is too long to logon.

So now lets go deeper in our analyzis. first, Add Boot phases graph in the analysis Window.

wpa_boot_phase

We can see that the major delay in the boot trace comes from the winlogon phase (59 s).

Many operations can occur during the WinlogonInit phase; PnP services, Network subsystem, Group policies processing, credentials input can all lead to a delay.

Before we dig in the analysis, lets take a look to the computation and storage graph to find out where to look first. Disk and CPU performance are the must popular causes of slow logon.

According to the two graphics, there is no issue in the cpu or disk usage. So we have to look elsewhere.

WPA_Computation

WPA_Storage

Now we are going to add the Generic events graphic and expand the “Microsoft-Windows-Winlogon”

Genericevnt_winlogon

The “DisplayWelcomScreen” aka CTRL+ALT+DEL was available at 6,84 sec of the trace and the user entered the combination in the keyboard at 7,46 sec of the trace (less than 1 sec for the whole operation).

Next in the “RequestCredentials” task, the user entered his username and password in 4,22 sec (11,68 – 7,46).

all others tasks doesn’t took a lot of time except the “RestoringNetCoonections” that took more than 66 sec. I think we caught our culprit.

So the OS tries to reconnect the network drives during the winlogon process.

After the desktop shows up, I opened the windows explorer and we can see for network drives with a red cross which means that windows was unable to reconnect them. Those drives are mapped on a remote shares.So when the VPN connection is disturbed due to a bad Internet connection, then user experience this dekay when logging in.

Lecteurs réseau 02_modif

To be certain that this is the root cause of our logon’s delay, I disconnected all the network drives and made a new boot trace and here is the result:

WPA_Winlogon_afterresolution

Now that the root cause of the delay was found, the question was, how to make the network drives available to the user without causing major delay in the winlogon process?

The answer I came up with, was to create a script that runs after the user has opened his session.

 

How to use WPR to record Windows boot process

 

In this article I will show you how to use “Windows Performance Toolkit” to make a trace of Windows boot sequence, in order to troubleshoot slow logon.

First of all, you need to download the Software Development Kit (DSK) https://dev.windows.com/en-us/downloads/windows-10-sdk

After running the sdksetup.exe you should select one of the following options:

SDK setup

The first option will install Windows performance tool kit on the computer running the setup. The second one, will allow you to download an offline setup files that can be executed on an other computer.

For our purpose we will chose the first one.

Click next and accept the license agreement.

SDK setup 01

Click on “Windows Performance Toolkit” and then install.

Reboot your computer to finish the setup.

To make a trace of your boot sequence, type “wpr” from the windows start menu and then click on “Windows Performance Recorder”.

run_wpr

wpr01

On the “Performance scenario” menu choose “Boot”.

wpr02
Type “1” for the numbers of iterations and then click the sart button.

wpr03

Select the path where the trace file (.etl) will be saved and click on the “Save” button.

wpr04

After you click on the OK button your system will reboot and “Windows Performance Recorder” will record all the boot phase.

After you open your windows session WPR will end the trace and will save the file in the specified path.

Boot_trace_inprogress

Generaly the trace file will be a hundred of Mb till Giga bytes.

So if you want to share your trace or send it by e-mail, don’t forget to compress it.