ctrlaltdelis
IS-IT--Management
We're having problems with latency on our laptops when off of the domain. In particular seperatable into three broad groups: (1) bootup: startup to login screen, (2) login, and (3) gneral while running application latencies. I'm currently working on solving (1) & (2). Laptops are built off of RIS & ADS GPOs and are connected to a domain. XP Pro SP2.
To debug this issue i turned on the UserEnvDebugLevel key in registry to log the details. Differences were taken of <h:m:s:ms> between each record pair. All the data was sorted by m, s, and ms respectively. Observations were made for what events took the most amount of time. Many of these events i'm unfamiliar with and cannot find much details on online. I was wondering if you all could help me decipher:
1) Why are they occuring (what can be done to further understand where the problems lie)
2) What do these delay causing events mean
3) What are ways around these delays.
Summary
There are some particular events that stand out when HKLM\...\Winlogon\ UserEnvDebugLevel log files are generated and the records sorted as per elapsed time. i.e. "moving from each of the below mentioned records to the next record has large time gaps".
[ul][li]GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.[/li]
[li]GetUserDNSDomainName: Failed to impersonate user[/li]
[ul][li] Latency (time) ranges: upto 1.5 minutes, multiple occurances.[/li][/ul][/ul]
[ul][li]MyGetUserName: Retrying call to GetUserNameEx in 1/2 second.[/li]
[ul][li] Latency (time) ranges: upto 1.1 minutes, multiple occurances, only occurs when logging in on non-domain network.[/li][/ul][/ul]
[ul][li]GetProfileType: ProfileFlags is 0[/li][/ul]
[ul][li]AbleToBypassCSC: tried NPAddConnection3ForCSCAgent. Error 53[/li]
[li]AbleToBypassCSC: Try to bypass CSC[/li]
[ul][li] Latency (time) ranges: upto 20 seconds, 2 occurances per login, only occurs when logging in off of domain.[/li][/ul][/ul]
[ul][li]ProcessGPOs: A slow link was detected.[/li]
[ul][li] Latency (time) ranges: upto 1 minute. [/li][/ul][/ul]
[ul][li]LibMain: Process Name: C:\WINDOWS\system32\wbem\wmiprvse.exe[/li]
[ul][li] Latency (time) ranges: upto 1 minute, 2 occurances per login[/li][/ul][/ul]
[ul][li]LibMain: Process Name: C:\WINDOWS\System32\SCardSvr.exe[/li]
[ul][li] Latency (time) ranges: upto 8 seconds, 1 occurance per login[/li][/ul][/ul]
[ul][li]IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync[/li]
[ul][li] Latency (time) ranges: upto 2 seconds.[/li][/ul][/ul]
[ul][li]EnterCriticalPolicySectionEx: Entering with timeout 600000 and flags 0x0[/li]
[li]EnterCriticalPolicySectionEx: Machine critical section has been claimed. Handle = 0x900 [, Handle = 0x98c at another session][/li]
[li]EnterCriticalPolicySectionEx: Leaving successfully.[/li]
[ul][li] No big time issues here. However: "This is a potentially serious log message. It could indicate that certain portions of the operating system have become corrupt due to improper shut-down or system crashes. It could also indicate a system resource problem..." [MS TechNet: "Interpreting Userenv log files"][/li][/ul][/ul]
What i COULD find out about each of the above mentioned & some observations:
GetUserDNSDomainName:
... Don't have anything useful, need tonnes of help here!
MyGetUserName:
Event: <MyGetUserName: GetUserNameEx failed with 1722.> always occurs prior to the problem event (mentioned above). There's a MS support doc on "failed with 1908" but that has nothing to do with us. No doc on 1722.
GetProfileType:
The GetProfileType function retrieves the type of profile loaded for the current user. This event alone in some cases collectively takes up ~ 2 minutes. This event occurs multiple times and seems unnecacerry as such:
[MSDN Library >... > User Profiles Functions: GetProfileType] cover's the GetProfileType funtion. However searching the web for the 'ProfileFlags' value gives me nothing. This event, and the maximum delays, often occur right in the beginning. Some questions:
[ul][li] Why is it checking multiple times if the profile is loaded.[/li]
[li] (via documentation mentioned above) is a temporary profile being loaded only?[/li]
[li] Is it possible to turn it off?[/li][/ul]
A next step would be to use a packet sniffer to find out what excactly is happening during that gap (any views?).
AbleToBypassCSC:
... Don't have anything useful, need tonnes of help here!
ProcessGPOs: A slow link was detected:
... Don't have anything useful, need tonnes of help here!
wmiprvse.exe:
%windir%\system32\wbem\wmiprvse.exe. Windows Management Instrumentation (WMI). WMI includes an object repository, which is the database of object definitions, and the WMI Object Manager, which handles the collection and manipulation of objects in the repository and gathers information from WMI providers... Basically wmiprvse.exe cannot be closed.
Observations: The event always occurs thus,
on logins off of the domain (where it takes the most amount of time), i.e. with the <MyGetUserName: GetUserNameEx failed with 1722> event. [Note: the mentioned event is also discussed as a cause of delay above, however it's an event that occurs multiple times. Observations show that the occurance after the wmiprvse.exe event is not the delayed occurance. Debugging issues are discussed above as well.]
Questions that come to mind are:
[ul][li] Why does it take 1 min, 40 sec, 35 sec (in different logons) when not on the domain but only ~ 1 sec when on the domain?[/li]
[li] If we can solve this problem we could save 40 seconds automatically?[/li][/ul]
SCardSvr.exe:
%windir%\System32\SCardSvr.exe. Microsoft Smartcard-Ressource server. The scardsvr.exe service is required by windows when working with Smart cards and Smart card readers. While ~ 8 seconds might not seem long, in a 1 - 2 minute logon session it is a major chunk of the time.
[ul][li] Can we turn this off? Anticipated Answer: no. [/li][/ul]
IsSyncForegroundPolicyRefresh:
... Don't have anything useful, need tonnes of help here!
The sorts of events/errors/logs i'm seeing seem to be DNS settings related. I would like you all's opinions.
The log files (and sorted data) are available upon request. Help would be appreciated.
To debug this issue i turned on the UserEnvDebugLevel key in registry to log the details. Differences were taken of <h:m:s:ms> between each record pair. All the data was sorted by m, s, and ms respectively. Observations were made for what events took the most amount of time. Many of these events i'm unfamiliar with and cannot find much details on online. I was wondering if you all could help me decipher:
1) Why are they occuring (what can be done to further understand where the problems lie)
2) What do these delay causing events mean
3) What are ways around these delays.
Summary
There are some particular events that stand out when HKLM\...\Winlogon\ UserEnvDebugLevel log files are generated and the records sorted as per elapsed time. i.e. "moving from each of the below mentioned records to the next record has large time gaps".
[ul][li]GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.[/li]
[li]GetUserDNSDomainName: Failed to impersonate user[/li]
[ul][li] Latency (time) ranges: upto 1.5 minutes, multiple occurances.[/li][/ul][/ul]
[ul][li]MyGetUserName: Retrying call to GetUserNameEx in 1/2 second.[/li]
[ul][li] Latency (time) ranges: upto 1.1 minutes, multiple occurances, only occurs when logging in on non-domain network.[/li][/ul][/ul]
[ul][li]GetProfileType: ProfileFlags is 0[/li][/ul]
[ul][li]AbleToBypassCSC: tried NPAddConnection3ForCSCAgent. Error 53[/li]
[li]AbleToBypassCSC: Try to bypass CSC[/li]
[ul][li] Latency (time) ranges: upto 20 seconds, 2 occurances per login, only occurs when logging in off of domain.[/li][/ul][/ul]
[ul][li]ProcessGPOs: A slow link was detected.[/li]
[ul][li] Latency (time) ranges: upto 1 minute. [/li][/ul][/ul]
[ul][li]LibMain: Process Name: C:\WINDOWS\system32\wbem\wmiprvse.exe[/li]
[ul][li] Latency (time) ranges: upto 1 minute, 2 occurances per login[/li][/ul][/ul]
[ul][li]LibMain: Process Name: C:\WINDOWS\System32\SCardSvr.exe[/li]
[ul][li] Latency (time) ranges: upto 8 seconds, 1 occurance per login[/li][/ul][/ul]
[ul][li]IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync[/li]
[ul][li] Latency (time) ranges: upto 2 seconds.[/li][/ul][/ul]
[ul][li]EnterCriticalPolicySectionEx: Entering with timeout 600000 and flags 0x0[/li]
[li]EnterCriticalPolicySectionEx: Machine critical section has been claimed. Handle = 0x900 [, Handle = 0x98c at another session][/li]
[li]EnterCriticalPolicySectionEx: Leaving successfully.[/li]
[ul][li] No big time issues here. However: "This is a potentially serious log message. It could indicate that certain portions of the operating system have become corrupt due to improper shut-down or system crashes. It could also indicate a system resource problem..." [MS TechNet: "Interpreting Userenv log files"][/li][/ul][/ul]
What i COULD find out about each of the above mentioned & some observations:
GetUserDNSDomainName:
... Don't have anything useful, need tonnes of help here!
MyGetUserName:
Event: <MyGetUserName: GetUserNameEx failed with 1722.> always occurs prior to the problem event (mentioned above). There's a MS support doc on "failed with 1908" but that has nothing to do with us. No doc on 1722.
GetProfileType:
The GetProfileType function retrieves the type of profile loaded for the current user. This event alone in some cases collectively takes up ~ 2 minutes. This event occurs multiple times and seems unnecacerry as such:
Code:
USERENV(6d0.700) 07:43:59:203 GetProfileType: Profile already loaded.
USERENV(6d0.700) 07:43:59:203 GetProfileType: ProfileFlags is 0
USERENV(6d0.700) 07:44:41:312 GetProfileType: Profile already loaded.
USERENV(6d0.700) 07:44:41:312 GetProfileType: ProfileFlags is 0
USERENV(3a4.3a8) 07:45:11:875 UnloadUserProfile: Entering, hProfile = <0x918>[ul][li] Why is it checking multiple times if the profile is loaded.[/li]
[li] (via documentation mentioned above) is a temporary profile being loaded only?[/li]
[li] Is it possible to turn it off?[/li][/ul]
A next step would be to use a packet sniffer to find out what excactly is happening during that gap (any views?).
AbleToBypassCSC:
... Don't have anything useful, need tonnes of help here!
ProcessGPOs: A slow link was detected:
... Don't have anything useful, need tonnes of help here!
wmiprvse.exe:
%windir%\system32\wbem\wmiprvse.exe. Windows Management Instrumentation (WMI). WMI includes an object repository, which is the database of object definitions, and the WMI Object Manager, which handles the collection and manipulation of objects in the repository and gathers information from WMI providers... Basically wmiprvse.exe cannot be closed.
Observations: The event always occurs thus,
Code:
USERENV(8d8.8dc) 12:33:02:031 LibMain: Process Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(3a4.570) 12:33:45:968 MyGetUserName: GetUserNameEx failed with 1722.Questions that come to mind are:
[ul][li] Why does it take 1 min, 40 sec, 35 sec (in different logons) when not on the domain but only ~ 1 sec when on the domain?[/li]
[li] If we can solve this problem we could save 40 seconds automatically?[/li][/ul]
SCardSvr.exe:
%windir%\System32\SCardSvr.exe. Microsoft Smartcard-Ressource server. The scardsvr.exe service is required by windows when working with Smart cards and Smart card readers. While ~ 8 seconds might not seem long, in a 1 - 2 minute logon session it is a major chunk of the time.
[ul][li] Can we turn this off? Anticipated Answer: no. [/li][/ul]
IsSyncForegroundPolicyRefresh:
... Don't have anything useful, need tonnes of help here!
The sorts of events/errors/logs i'm seeing seem to be DNS settings related. I would like you all's opinions.
The log files (and sorted data) are available upon request. Help would be appreciated.