G
Guest
We're having problems with latency on our laptops when off of the domain. In
particular seperatable into three broad groups: (1) bootup: startup to login
screen, (2) login, and (3) gneral while running application latencies. I'm
currently working on solving (1) & (2). Laptops are built off of RIS & ADS
GPOs and are connected to a domain. XP Pro SP2.
To debug this issue i turned on the UserEnvDebugLevel key in registry to log
the details. Differences were taken of <h:m:s:ms> between each record pair.
All the data was sorted by m, s, and ms respectively. Observations were made
for what events took the most amount of time. Many of these events i'm
unfamiliar with and cannot find much details on online. I was wondering if
you all could help me decipher:
1) Why are they occuring (what can be done to further understand where the
problems lie)
2) What do these delay causing events mean
3) What are ways around these delays.
Summary
There are some particular events that stand out when HKLM\...\Winlogon\
UserEnvDebugLevel log files are generated and the records sorted as per
elapsed time. i.e. "moving from each of the below mentioned records to the
next record has large time gaps".
* GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name
available.
* GetUserDNSDomainName: Failed to impersonate user
o Latency (time) ranges: upto 1.5 minutes, multiple occurances.
* MyGetUserName: Retrying call to GetUserNameEx in 1/2 second.
o Latency (time) ranges: upto 1.1 minutes, multiple occurances,
only occurs when logging in on non-domain network.
* GetProfileType: ProfileFlags is 0
* AbleToBypassCSC: tried NPAddConnection3ForCSCAgent. Error 53
* AbleToBypassCSC: Try to bypass CSC
o Latency (time) ranges: upto 20 seconds, 2 occurances per login,
only occurs when logging in off of domain.
* ProcessGPOs: A slow link was detected.
o Latency (time) ranges: upto 1 minute.
* LibMain: Process Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
o Latency (time) ranges: upto 1 minute, 2 occurances per login
* LibMain: Process Name: C:\WINDOWS\System32\SCardSvr.exe
o Latency (time) ranges: upto 8 seconds, 1 occurance per login
* IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync
o Latency (time) ranges: upto 2 seconds.
* EnterCriticalPolicySectionEx: Entering with timeout 600000 and flags 0x0
* EnterCriticalPolicySectionEx: Machine critical section has been
claimed. Handle = 0x900 [, Handle = 0x98c at another session]
* EnterCriticalPolicySectionEx: Leaving successfully.
o No big time issues here. However: "This is a potentially serious
log message. It could indicate that certain portions of the operating system
have become corrupt due to improper shut-down or system crashes. It could
also indicate a system resource problem..." [MS TechNet: "Interpreting
Userenv log files"]
What i COULD find out about each of the above mentioned events & some
observations:
GetUserDNSDomainName:
.... Don't have anything useful, need tonnes of help here!
MyGetUserName:
Event: <MyGetUserName: GetUserNameEx failed with 1722.> always occurs prior
to the problem event (mentioned above). There's a MS support doc on "failed
with 1908" but that has nothing to do with us. No doc on 1722.
GetProfileType:
The GetProfileType function retrieves the type of profile loaded for the
current user. This event alone in some cases collectively takes up ~ 2
minutes. This event occurs multiple times and seems unnecacerry as such:
USERENV(6d0.700) 07:43:59:203 GetProfileType: Profile already loaded.
USERENV(6d0.700) 07:43:59:203 GetProfileType: ProfileFlags is 0
USERENV(6d0.700) 07:44:41:312 GetProfileType: Profile already loaded.
USERENV(6d0.700) 07:44:41:312 GetProfileType: ProfileFlags is 0
USERENV(3a4.3a8) 07:45:11:875 UnloadUserProfile: Entering, hProfile =
<0x918>
[MSDN Library >... > User Profiles Functions: GetProfileType] cover's the
GetProfileType funtion. However searching the web for the 'ProfileFlags'
value gives me nothing. This event, and the maximum delays, often occur right
in the beginning. Some questions:
* Why is it checking multiple times if the profile is loaded.
* (via documentation mentioned above) is a temporary profile being
loaded only?
* Is it possible to turn it off?
A next step would be to use a packet sniffer to find out what excactly is
happening during that gap (any views?).
AbleToBypassCSC:
.... Don't have anything useful, need tonnes of help here!
ProcessGPOs: A slow link was detected:
.... Don't have anything useful, need tonnes of help here!
wmiprvse.exe:
%windir%\system32\wbem\wmiprvse.exe. Windows Management Instrumentation
(WMI). WMI includes an object repository, which is the database of object
definitions, and the WMI Object Manager, which handles the collection and
manipulation of objects in the repository and gathers information from WMI
providers... Basically wmiprvse.exe cannot be closed.
Observations: The event always occurs thus,
USERENV(8d8.8dc) 12:33:02:031 LibMain: Process Name:
C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(3a4.570) 12:33:45:968 MyGetUserName: GetUserNameEx failed with
1722.
on logins off of the domain (where it takes the most amount of time), i.e.
with the <MyGetUserName: GetUserNameEx failed with 1722> event. [Note: the
mentioned event is also discussed as a cause of delay above, however it's an
event that occurs multiple times. Observations show that the occurance after
the wmiprvse.exe event is not the delayed occurance. Debugging issues are
discussed above as well.]
Questions that come to mind are:
* Why does it take 1 min, 40 sec, 35 sec (in different logons) when not
on the domain but only ~ 1 sec when on the domain?
* If we can solve this problem we could save 40 seconds automatically?
SCardSvr.exe:
%windir%\System32\SCardSvr.exe. Microsoft Smartcard-Ressource server. The
scardsvr.exe service is required by windows when working with Smart cards and
Smart card readers. While ~ 8 seconds might not seem long, in a 1 - 2 minute
logon session it is a major chunk of the time.
* Can we turn this off? Anticipated Answer: no.
IsSyncForegroundPolicyRefresh:
.... Don't have anything useful, need tonnes of help here!
The sorts of events/errors/logs i'm seeing seem to be DNS settings related.
I would like you all's opinions.
The log files (and sorted data) are available upon request. Help would be
appreciated.
particular seperatable into three broad groups: (1) bootup: startup to login
screen, (2) login, and (3) gneral while running application latencies. I'm
currently working on solving (1) & (2). Laptops are built off of RIS & ADS
GPOs and are connected to a domain. XP Pro SP2.
To debug this issue i turned on the UserEnvDebugLevel key in registry to log
the details. Differences were taken of <h:m:s:ms> between each record pair.
All the data was sorted by m, s, and ms respectively. Observations were made
for what events took the most amount of time. Many of these events i'm
unfamiliar with and cannot find much details on online. I was wondering if
you all could help me decipher:
1) Why are they occuring (what can be done to further understand where the
problems lie)
2) What do these delay causing events mean
3) What are ways around these delays.
Summary
There are some particular events that stand out when HKLM\...\Winlogon\
UserEnvDebugLevel log files are generated and the records sorted as per
elapsed time. i.e. "moving from each of the below mentioned records to the
next record has large time gaps".
* GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name
available.
* GetUserDNSDomainName: Failed to impersonate user
o Latency (time) ranges: upto 1.5 minutes, multiple occurances.
* MyGetUserName: Retrying call to GetUserNameEx in 1/2 second.
o Latency (time) ranges: upto 1.1 minutes, multiple occurances,
only occurs when logging in on non-domain network.
* GetProfileType: ProfileFlags is 0
* AbleToBypassCSC: tried NPAddConnection3ForCSCAgent. Error 53
* AbleToBypassCSC: Try to bypass CSC
o Latency (time) ranges: upto 20 seconds, 2 occurances per login,
only occurs when logging in off of domain.
* ProcessGPOs: A slow link was detected.
o Latency (time) ranges: upto 1 minute.
* LibMain: Process Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
o Latency (time) ranges: upto 1 minute, 2 occurances per login
* LibMain: Process Name: C:\WINDOWS\System32\SCardSvr.exe
o Latency (time) ranges: upto 8 seconds, 1 occurance per login
* IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync
o Latency (time) ranges: upto 2 seconds.
* EnterCriticalPolicySectionEx: Entering with timeout 600000 and flags 0x0
* EnterCriticalPolicySectionEx: Machine critical section has been
claimed. Handle = 0x900 [, Handle = 0x98c at another session]
* EnterCriticalPolicySectionEx: Leaving successfully.
o No big time issues here. However: "This is a potentially serious
log message. It could indicate that certain portions of the operating system
have become corrupt due to improper shut-down or system crashes. It could
also indicate a system resource problem..." [MS TechNet: "Interpreting
Userenv log files"]
What i COULD find out about each of the above mentioned events & some
observations:
GetUserDNSDomainName:
.... Don't have anything useful, need tonnes of help here!
MyGetUserName:
Event: <MyGetUserName: GetUserNameEx failed with 1722.> always occurs prior
to the problem event (mentioned above). There's a MS support doc on "failed
with 1908" but that has nothing to do with us. No doc on 1722.
GetProfileType:
The GetProfileType function retrieves the type of profile loaded for the
current user. This event alone in some cases collectively takes up ~ 2
minutes. This event occurs multiple times and seems unnecacerry as such:
USERENV(6d0.700) 07:43:59:203 GetProfileType: Profile already loaded.
USERENV(6d0.700) 07:43:59:203 GetProfileType: ProfileFlags is 0
USERENV(6d0.700) 07:44:41:312 GetProfileType: Profile already loaded.
USERENV(6d0.700) 07:44:41:312 GetProfileType: ProfileFlags is 0
USERENV(3a4.3a8) 07:45:11:875 UnloadUserProfile: Entering, hProfile =
<0x918>
[MSDN Library >... > User Profiles Functions: GetProfileType] cover's the
GetProfileType funtion. However searching the web for the 'ProfileFlags'
value gives me nothing. This event, and the maximum delays, often occur right
in the beginning. Some questions:
* Why is it checking multiple times if the profile is loaded.
* (via documentation mentioned above) is a temporary profile being
loaded only?
* Is it possible to turn it off?
A next step would be to use a packet sniffer to find out what excactly is
happening during that gap (any views?).
AbleToBypassCSC:
.... Don't have anything useful, need tonnes of help here!
ProcessGPOs: A slow link was detected:
.... Don't have anything useful, need tonnes of help here!
wmiprvse.exe:
%windir%\system32\wbem\wmiprvse.exe. Windows Management Instrumentation
(WMI). WMI includes an object repository, which is the database of object
definitions, and the WMI Object Manager, which handles the collection and
manipulation of objects in the repository and gathers information from WMI
providers... Basically wmiprvse.exe cannot be closed.
Observations: The event always occurs thus,
USERENV(8d8.8dc) 12:33:02:031 LibMain: Process Name:
C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(3a4.570) 12:33:45:968 MyGetUserName: GetUserNameEx failed with
1722.
on logins off of the domain (where it takes the most amount of time), i.e.
with the <MyGetUserName: GetUserNameEx failed with 1722> event. [Note: the
mentioned event is also discussed as a cause of delay above, however it's an
event that occurs multiple times. Observations show that the occurance after
the wmiprvse.exe event is not the delayed occurance. Debugging issues are
discussed above as well.]
Questions that come to mind are:
* Why does it take 1 min, 40 sec, 35 sec (in different logons) when not
on the domain but only ~ 1 sec when on the domain?
* If we can solve this problem we could save 40 seconds automatically?
SCardSvr.exe:
%windir%\System32\SCardSvr.exe. Microsoft Smartcard-Ressource server. The
scardsvr.exe service is required by windows when working with Smart cards and
Smart card readers. While ~ 8 seconds might not seem long, in a 1 - 2 minute
logon session it is a major chunk of the time.
* Can we turn this off? Anticipated Answer: no.
IsSyncForegroundPolicyRefresh:
.... Don't have anything useful, need tonnes of help here!
The sorts of events/errors/logs i'm seeing seem to be DNS settings related.
I would like you all's opinions.
The log files (and sorted data) are available upon request. Help would be
appreciated.