Windows 7 slow logon troubleshooting

Hello,

In this article we will discuss how to troubleshoot Windows slow logon using Windows Performance Recorder (WPR) and Windows Performance Analyzer (WPA).

The case:

Windows logon takes about 1 minute to display the desktop, on a DELL Latitude Laptop, with a I7 CPU and SSD hard disk.

To deal with this issue, I first started Windows Performance Recorder to create boot trace.

You can find in this article how to install and use Windows Performance Recorder https://zinetek.wordpress.com/2015/12/16/how-to-use-wpr-to-record-boot-sequence/

Analyzing the trace

After the system reboot, and the trace created I open it in Windows Performance Analyzer (WPA).

First, lets take a look to the system configuration. Go to tab trace, then system and then General.

WPA_sysconfig

Next click storage

WPA_Sysconfig_storage

As we can see, this Laptop is an I7 3Ghz CPU, 8 Gb of RAM, and SSD hard drive. it becomes obvious that with these specs, 1 min is too long to logon.

So now lets go deeper in our analyzis. first, Add Boot phases graph in the analysis Window.

wpa_boot_phase

We can see that the major delay in the boot trace comes from the winlogon phase (59 s).

Many operations can occur during the WinlogonInit phase; PnP services, Network subsystem, Group policies processing, credentials input can all lead to a delay.

Before we dig in the analysis, lets take a look to the computation and storage graph to find out where to look first. Disk and CPU performance are the must popular causes of slow logon.

According to the two graphics, there is no issue in the cpu or disk usage. So we have to look elsewhere.

WPA_Computation

WPA_Storage

Now we are going to add the Generic events graphic and expand the “Microsoft-Windows-Winlogon”

Genericevnt_winlogon

The “DisplayWelcomScreen” aka CTRL+ALT+DEL was available at 6,84 sec of the trace and the user entered the combination in the keyboard at 7,46 sec of the trace (less than 1 sec for the whole operation).

Next in the “RequestCredentials” task, the user entered his username and password in 4,22 sec (11,68 – 7,46).

all others tasks doesn’t took a lot of time except the “RestoringNetCoonections” that took more than 66 sec. I think we caught our culprit.

So the OS tries to reconnect the network drives during the winlogon process.

After the desktop shows up, I opened the windows explorer and we can see for network drives with a red cross which means that windows was unable to reconnect them. Those drives are mapped on a remote shares.So when the VPN connection is disturbed due to a bad Internet connection, then user experience this dekay when logging in.

Lecteurs réseau 02_modif

To be certain that this is the root cause of our logon’s delay, I disconnected all the network drives and made a new boot trace and here is the result:

WPA_Winlogon_afterresolution

Now that the root cause of the delay was found, the question was, how to make the network drives available to the user without causing major delay in the winlogon process?

The answer I came up with, was to create a script that runs after the user has opened his session.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s