(Trying to debug) Laptop Latency issues off of domain network

[Guest]

We're having problems with latency on our laptops when off of the domain. In
particular seperatable into three broad groups: (1) bootup: startup to login
screen, (2) login, and (3) gneral while running application latencies. I'm
currently working on solving (1) & (2). Laptops are built off of RIS & ADS
GPOs and are connected to a domain. XP Pro SP2.

To debug this issue i turned on the UserEnvDebugLevel key in registry to log
the details. Differences were taken of <h:m:s:ms> between each record pair.
All the data was sorted by m, s, and ms respectively. Observations were made
for what events took the most amount of time. Many of these events i'm
unfamiliar with and cannot find much details on online. I was wondering if
you all could help me decipher:

1) Why are they occuring (what can be done to further understand where the
problems lie)
2) What do these delay causing events mean
3) What are ways around these delays.

Summary

There are some particular events that stand out when HKLM\...\Winlogon\
UserEnvDebugLevel log files are generated and the records sorted as per
elapsed time. i.e. "moving from each of the below mentioned records to the
next record has large time gaps".

* GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name
available.
* GetUserDNSDomainName: Failed to impersonate user
o Latency (time) ranges: upto 1.5 minutes, multiple occurances.

* MyGetUserName: Retrying call to GetUserNameEx in 1/2 second.
o Latency (time) ranges: upto 1.1 minutes, multiple occurances,
only occurs when logging in on non-domain network.

* GetProfileType: ProfileFlags is 0

* AbleToBypassCSC: tried NPAddConnection3ForCSCAgent. Error 53
* AbleToBypassCSC: Try to bypass CSC
o Latency (time) ranges: upto 20 seconds, 2 occurances per login,
only occurs when logging in off of domain.

* ProcessGPOs: A slow link was detected.
o Latency (time) ranges: upto 1 minute.

* LibMain: Process Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
o Latency (time) ranges: upto 1 minute, 2 occurances per login

* LibMain: Process Name: C:\WINDOWS\System32\SCardSvr.exe
o Latency (time) ranges: upto 8 seconds, 1 occurance per login

* IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync
o Latency (time) ranges: upto 2 seconds.

* EnterCriticalPolicySectionEx: Entering with timeout 600000 and flags 0x0
* EnterCriticalPolicySectionEx: Machine critical section has been
claimed. Handle = 0x900 [, Handle = 0x98c at another session]
* EnterCriticalPolicySectionEx: Leaving successfully.
o No big time issues here. However: "This is a potentially serious
log message. It could indicate that certain portions of the operating system
have become corrupt due to improper shut-down or system crashes. It could
also indicate a system resource problem..." [MS TechNet: "Interpreting
Userenv log files"]




What i COULD find out about each of the above mentioned events & some
observations:

GetUserDNSDomainName:
.... Don't have anything useful, need tonnes of help here!

MyGetUserName:
Event: <MyGetUserName: GetUserNameEx failed with 1722.> always occurs prior
to the problem event (mentioned above). There's a MS support doc on "failed
with 1908" but that has nothing to do with us. No doc on 1722.

GetProfileType:
The GetProfileType function retrieves the type of profile loaded for the
current user. This event alone in some cases collectively takes up ~ 2
minutes. This event occurs multiple times and seems unnecacerry as such:

USERENV(6d0.700) 07:43:59:203 GetProfileType: Profile already loaded.
USERENV(6d0.700) 07:43:59:203 GetProfileType: ProfileFlags is 0
USERENV(6d0.700) 07:44:41:312 GetProfileType: Profile already loaded.
USERENV(6d0.700) 07:44:41:312 GetProfileType: ProfileFlags is 0
USERENV(3a4.3a8) 07:45:11:875 UnloadUserProfile: Entering, hProfile =
<0x918>

[MSDN Library >... > User Profiles Functions: GetProfileType] cover's the
GetProfileType funtion. However searching the web for the 'ProfileFlags'
value gives me nothing. This event, and the maximum delays, often occur right
in the beginning. Some questions:

* Why is it checking multiple times if the profile is loaded.
* (via documentation mentioned above) is a temporary profile being
loaded only?
* Is it possible to turn it off?


A next step would be to use a packet sniffer to find out what excactly is
happening during that gap (any views?).

AbleToBypassCSC:
.... Don't have anything useful, need tonnes of help here!

ProcessGPOs: A slow link was detected:
.... Don't have anything useful, need tonnes of help here!

wmiprvse.exe:
%windir%\system32\wbem\wmiprvse.exe. Windows Management Instrumentation
(WMI). WMI includes an object repository, which is the database of object
definitions, and the WMI Object Manager, which handles the collection and
manipulation of objects in the repository and gathers information from WMI
providers... Basically wmiprvse.exe cannot be closed.

Observations: The event always occurs thus,

USERENV(8d8.8dc) 12:33:02:031 LibMain: Process Name:
C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(3a4.570) 12:33:45:968 MyGetUserName: GetUserNameEx failed with
1722.


on logins off of the domain (where it takes the most amount of time), i.e.
with the <MyGetUserName: GetUserNameEx failed with 1722> event. [Note: the
mentioned event is also discussed as a cause of delay above, however it's an
event that occurs multiple times. Observations show that the occurance after
the wmiprvse.exe event is not the delayed occurance. Debugging issues are
discussed above as well.]

Questions that come to mind are:

* Why does it take 1 min, 40 sec, 35 sec (in different logons) when not
on the domain but only ~ 1 sec when on the domain?
* If we can solve this problem we could save 40 seconds automatically?


SCardSvr.exe:
%windir%\System32\SCardSvr.exe. Microsoft Smartcard-Ressource server. The
scardsvr.exe service is required by windows when working with Smart cards and
Smart card readers. While ~ 8 seconds might not seem long, in a 1 - 2 minute
logon session it is a major chunk of the time.

* Can we turn this off? Anticipated Answer: no.


IsSyncForegroundPolicyRefresh:
.... Don't have anything useful, need tonnes of help here!


The sorts of events/errors/logs i'm seeing seem to be DNS settings related.
I would like you all's opinions.

The log files (and sorted data) are available upon request. Help would be
appreciated.

 

[Adam Leinss]

We're having problems with latency on our laptops when off of the
domain. In particular seperatable into three broad groups: (1)
bootup: startup to login screen, (2) login, and (3) gneral while
running application latencies. I'm currently working on solving
(1) & (2). Laptops are built off of RIS & ADS GPOs and are
connected to a domain. XP Pro SP2.

I would start with running dcdiag and netdiag from the laptop. I
believe these are included in the Windows 2003 Server Resource Kit. It
will help identify any DNS related issues.

Adam

 

[Guest]

I would start with running dcdiag and netdiag from the laptop. I
believe these are included in the Windows 2003 Server Resource Kit. It
will help identify any DNS related issues.

Adam

I ran dcDiag successfully a couple of time (a couple of parameters).
(NetDiag couldn't be run successfully on the XP Pro Tablet PC client).

Here's one of the command and switches that i ran:
dcdiag /s:qatar-dc01.qatar.win.cmu.edu /u:qatar\shamsh-root /p:* /e /v
/f:dcDiagF.txt /ferr:dcDiagFerr.txt
=> DC controllers were not visible. Expected.

note: the machines are off of the domain when i do these tests... that's
when the problems occur. When you have the machines on the corporate network
bootup and logon times are acceptable (approx 1.5 minutes). However take the
same machine off of the corporate network and put it on say a home internet
connection or some external org network and you see emmense delays. Note...
the delays are not that pronounced when there's no network at all.

Event logs show that the same processes are running when on and off the
network during bootup and logon. Some events (>10 mentioned above) are taking
emmense times and hence causing the latency.

I have a feeling it is related to the unavailability of a DC, or possibly
DNS server to register against dynamically, when booting up & logging on.
Moreso an issue of just timing out. For example:

USERENV(150.88c) 12:30:07:281 GetUserDNSDomainName: Domain name is NT
Authority. No DNS domain name available.
USERENV(3a4.3a8) 12:31:44:859 InitializePolicyProcessing: Initialised
Machine Mutex/Events

Why does it take >1.5 minutes between those two events?! Seems like a time
out issue to me.

My next step... that i SERIOUSLY want to avoid is to packet sniff with
EtherReal. i have the equipment setup just really don't want to waste time on
that.

Is there no doc that explains those flags in my original post?¿

 

[Guest]

Here's one particular log event group, from the *collection* above, in the
original UserEnv log file form. Has extremely high latency and is oft
occuring (in the same pattern at every logon attempt). I highlight (by
indentation - '>>>' - & seperation) the delay (1 min 36 seconds). If some one
could provide insight into what is going on here and why i'd appreciate it. I
provide my case for highest latency only.


USERENV(3a8.3d0) 12:30:06:109 IProfileSecurityCallBack: client authenticated.
USERENV(3a8.3d0) 12:30:06:109 ReleaseClientContext: Releasing context
USERENV(3a8.3d0) 12:30:06:109 ReleaseClientContext_s: Releasing context
USERENV(3a8.3d0) 12:30:06:109 MIDL_user_free enter
USERENV(3d4.ab4) 12:30:06:109 ReleaseInterface: Releasing rpc binding handle
USERENV(3d4.ab4) 12:30:06:109 UnloadUserProfile: returning 1
USERENV(150.88c) 12:30:07:281 GetUserNameAndDomain: MyGetUserNameEx failed
for NT4 style name with 1115

USERENV(3a4.3a8) 12:31:45:062 InitializePolicyProcessing: Initialised User
Mutex/Events
USERENV(3a4.3a8) 12:31:45:062 LibMain: Process Name:
\??\C:\WINDOWS\system32\winlogon.exe
USERENV(3a4.3a8) 12:31:46:062 Entering CUserProfile::Initialize ...
USERENV(3a4.3a8) 12:31:46:062 CUserProfile::Initialize called by winlogon
USERENV(3a4.3a8) 12:31:46:062 CUserProfile::Initialize: critical section
initialized
USERENV(3a4.3a8) 12:31:46:062 CSyncManager::Initialize: critical section
initialized
USERENV(3a4.3a8) 12:31:46:062 CUserProfile::Initialize: registry key
Software\Microsoft\Windows NT\CurrentVersion\ProfileList opened


I want to again point out: the same laptop:
Logging into the domain (over wireless): takes maximum 2 minute
Logging out of the domain (e.g. home wireless ADSL connection): can take max
of 15 minutes!

Appreciate anyone's insights & suggestion

 

[Adam Leinss]

note: the machines are off of the domain when i do these tests...
that's when the problems occur. When you have the machines on the
corporate network bootup and logon times are acceptable (approx
1.5 minutes). However take the same machine off of the corporate
network and put it on say a home internet connection or some
external org network and you see emmense delays. Note... the
delays are not that pronounced when there's no network at all.

Well, it's a whole new ballgame then! Are you using roaming profiles?
If so, check out this link: http://tinyurl.com/bre96. In this case,
you can set the "Slow detect" policy which gives the remote user an
option to use a local profile or wait for the roaming profile. It
sounds like these devices wait forever for a roaming profile that they
will never be able to get to because they are off the domain.

Is it possible for these users to login locally to their devices?

Adam

 

[Guest]

Well, it's a whole new ballgame then! Are you using roaming profiles?

We have roaming profiles switched on for users as per machine.
i.e. when they are on Desktops their roaming profiles are active. We have
made sure roaming profile is NOT enabled on the laptops (for obvious reasons).

If so, check out this link: http://tinyurl.com/bre96. In this case,
you can set the "Slow detect" policy which gives the remote user an
option to use a local profile or wait for the roaming profile.

Nice... i will definately take a look at this.

sounds like these devices wait forever for a roaming profile that they
will never be able to get to because they are off the domain.

See that's what is confusing me! (given that i've already established above
user's roaming profile is not enabled for the laptops). At the logon dialogue
the user is trying to connect to a domain. i.e.:

| User Name: xxxx
| Password: *
| Log on to: <our domain>

passwords are cached once when the user logs in while on the network (intial
logon has to be while connected on the domain to cache the password).

What do u think about that? Could this be the reason it's causing the delay?
User details are *related* to some domain and even off of the domain the
laptop tries to obtain (obviously) the details... and in doing so has to wait
till it times out (before using the cached password.. etc...) ???

Is it possible for these users to login locally to their devices?

Not currently. User accounts are all on the domain, AD + Kerberos whether
they logon to a Desktop or their personal Laptop (we don't want to create
seperate accounts to login to laptops). Plus they are Kerberos accounts,
infact the user logs in with Kerberos credentials not AD (we've not gotten
round to that yet). So, no i don't think the user logging in locally is an
option, except if we can do it with the same account & credentials.

ALSO (a big also). I believe most of the slow down is simply due to GPOs
that it's looking for. While on the domain this wouldn't be a problem,
however while off the domain and on some (weakly connected) network it might
feel that it *can* get these GPOs and then just sit there trying.

Is there any view/documentation out there (warning us) on (1) maintaining
laptops off of GPO policies and (2) AD/Kerberos offline authentication/login?


"Setting the 'Slow detect' policy... allowing the user to login locally..."
is this with the same account? i believe that is what we might be doing (and
i'm calling it something else... password chaching et all... I will look into
this and get back to the thread ASAP)

 

[Adam Leinss]

| User Name: xxxx
| Password: *
| Log on to: <our domain>

passwords are cached once when the user logs in while on the
network (intial logon has to be while connected on the domain to
cache the password).

What do u think about that? Could this be the reason it's causing
the delay? User details are *related* to some domain and even off
of the domain the laptop tries to obtain (obviously) the
details... and in doing so has to wait till it times out (before
using the cached password.. etc...) ???

Take a look at this article:

http://support.microsoft.com/kb/q305293/

Setting "Always wait for the network at computer startup and logon" to
Enabled may fix your woes. The funny thing is that the article gives
arguments as to how disabling the policy will make the login process
faster and how enabling the policy will make the login process faster!

When you are off the domain, it should be using cached credentials when
it cannot connect to a DC right away (this feature was created so those
working in remote offices without access to a GC can keep working). I
don't think verfication of the credentials is the delay you are
experiencing. I also don't think the GPO processing should delay the
login process either...GPOs don't get pushed down if the GUIDs don't
change.

Here's a fun experiment: create a test domain user WITHOUT a roaming
profile. Log them in on the domain and off and see what your results
are. That would include or exclude roaming profiles as being the
culprit.

Adam

 

[Guest]

Ok, I've gathered a lot of input (Thanks, not done yet though ). I'm going to
carry out some more tests; I'll post the results as i get them. In brief i
will focus on looking at GPOs and their effects on this problem (i believe we
all gather that may be the source of the problem). Simaltaneuously i would
appreciate anyone's inputs on the following two UsrEnv event entries that (1)
occur consistently and (2) are a massive percentage of the delay in any given
login session (remember: when logging in off the domain). Again, i highlight
the entries between which the delay is logged (in red) & enclose/include some
surrounding entries that occur similarly per login (to give us a better idea
of excactly what is going on).

Case 1: "AbleToBypassCSC: tried NPAddConnection3ForCSCAgent. Error 53"

-->> USERENV(3a4.3a8) 07:45:19:734 AbleToBypassCSC: tried
NPAddConnection3ForCSCAgent. Error 53
-->> USERENV(3a4.3a8) 07:45:40:828 UnLoadUserProfileP: CSC bypassed failed.
Ignoring Roaming profile path
USERENV(3a4.3a8) 07:45:40:828 GetExclusionListFromRegistry: Policy list is
empty, returning user list = <Local Settings;Temporary Internet
Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook>
USERENV(3a4.3a8) 07:45:40:828 CSyncManager::EnterLock
<S-1-5-21-1687723350-4253359750-3876547176-1152>
USERENV(3a4.3a8) 07:45:40:828 CSyncManager::EnterLock: No existing entry found
USERENV(3a4.3a8) 07:45:40:843 CSyncManager::EnterLock: New entry created
USERENV(3a4.3a8) 07:45:40:843 CHashTable::HashAdd:
S-1-5-21-1687723350-4253359750-3876547176-1152 added in bucket 10
USERENV(3a4.3a8) 07:45:40:843 UnloadUserProfileP: Wait succeeded. In
critical section.
USERENV(3a4.3a8) 07:45:40:843 MyRegUnLoadKey: Failed to unmount hive 00000005
USERENV(3a4.3a8) 07:45:40:843 MyRegUnLoadKey: Returning 0.
USERENV(3a4.3a8) 07:45:40:843 DumpOpenRegistryHandle: 4 user registry
Handles leaked from
\Registry\User\S-1-5-21-1687723350-4253359750-3876547176-1152
USERENV(3a4.3a8) 07:45:40:843 UnloadUserProfileP: Didn't unload user profile
<err = 5>
USERENV(3a4.3a8) 07:45:40:859 MyRegUnLoadKey: Returning 1.
USERENV(3a4.3a8) 07:45:40:859 UnLoadClassHive: Successfully unmounted
S-1-5-21-1687723350-4253359750-3876547176-1152_Classes
USERENV(3a4.3a8) 07:45:40:859 UnloadUserProfileP: Successfully unloaded user
classes
USERENV(3a4.3a8) 07:45:40:859 HandleRegKeyLeak: RtlAdjustPrivilege succeeded!
USERENV(3a4.3a8) 07:45:41:546 HandleRegKeyLeak: RegSaveKey succeeded!
USERENV(3a4.3a8) 07:45:41:562 HandleRegKeyLeak: RtlAdjustPrivilege succeeded!
USERENV(3a4.3a8) 07:45:41:562 HandleRegKeyLeak: hkCurrentUser closed
USERENV(3a4.3a8) 07:45:41:562 Entering CUserProfile::WatchHiveRefCount:
S-1-5-21-1687723350-4253359750-3876547176-1152, 1
USERENV(3a4.3a8) 07:45:41:562 CUserProfile::WatchHiveRefCount: In critical
section
USERENV(3a4.3a8) 07:45:41:562 CUserProfile::WatchHiveRefCount: NtUnloadKeyEx
succeeded for \Registry\User\S-1-5-21-1687723350-4253359750-3876547176-1152
USERENV(3a4.3a8) 07:45:41:562 Entering CUserProfile::AddWorkItem:
S-1-5-21-1687723350-4253359750-3876547176-1152
USERENV(3a4.3a8) 07:45:41:562 CHashTable::HashAdd:
S-1-5-21-1687723350-4253359750-3876547176-1152 added in bucket 10
USERENV(3a4.3a8) 07:45:41:562 CUserProfile::AddWorkItem: No thread
available, create a new one.
USERENV(3a4.3a8) 07:45:41:562 CUserProfile::AddWorkItem: Signal event item
inserted

This first example occurs right at the beginning of the login, in logins
where network connectivity is available when not on the domain. Delays are
~21sec (most of the time) == ~7% of total login time in some cases. I can't
find anything useful on this event anywhere (!). I'm sure *someone* out there
must know something about what this means. ANY INFORMATION WOULD BE
APPRECIATED!


Case 2: "LibMain: Process Name: C:\WINDOWS\system32\wbem\wmiprvse.exe"

USERENV(3a8.4c8) 12:23:12:734 LoadUserProfileI: returning 0
USERENV(3d4.2b0) 12:23:12:734 LoadUserProfile: Running as self
USERENV(3d4.2b0) 12:23:12:734 LoadUserProfile: Calling LoadUserProfileI (as
user) succeeded
USERENV(3d4.2b0) 12:23:12:734 LoadUserProfile: Returning success. Final
Information follows:
USERENV(3d4.2b0) 12:23:12:734 lpProfileInfo->UserName = <LocalService>
USERENV(3d4.2b0) 12:23:12:750 lpProfileInfo->lpProfilePath = <>
USERENV(3d4.2b0) 12:23:12:750 lpProfileInfo->dwFlags = 0x9
USERENV(3a8.3c0) 12:23:12:750 IProfileSecurityCallBack: client authenticated.
USERENV(3a8.3c0) 12:23:12:750 ReleaseClientContext: Releasing context
USERENV(3a8.3c0) 12:23:12:750 ReleaseClientContext_s: Releasing context
USERENV(3a8.3c0) 12:23:12:750 MIDL_user_free enter
USERENV(3d4.2b0) 12:23:12:750 ReleaseInterface: Releasing rpc binding handle
USERENV(3d4.2b0) 12:23:12:750 LoadUserProfile: Returning TRUE. hProfile =
<0x3bc>
USERENV(3d4.2b0) 12:23:12:750 GetUserDNSDomainName: Domain name is NT
Authority. No DNS domain name available.
USERENV(1e4.1d8) 12:23:12:875 LibMain: Process Name:
C:\WINDOWS\System32\alg.exe
USERENV(160.1e0) 12:23:13:031 LibMain: Process Name:
C:\WINDOWS\system32\wuauclt.exe
USERENV(324.328) 12:23:13:546 LibMain: Process Name:
C:\WINDOWS\system32\ctfmon.exe
USERENV(604.408) 12:23:14:234 LibMain: Process Name: C:\Program
Files\HPQ\IAM\bin\asghost.exe
-->> USERENV(654.220) 12:23:15:625 LibMain: Process Name:
C:\WINDOWS\system32\wbem\wmiprvse.exe
-->> USERENV(3a8.56c) 12:24:15:281 MyGetUserName: GetUserNameEx failed with
1722.
USERENV(3a8.56c) 12:24:15:281 MyGetUserName: Retrying call to GetUserNameEx
in 1/2 second.
USERENV(a40.a44) 12:24:28:734 LibMain: Process Name:
C:\WINDOWS\system32\userinit.exe
USERENV(3e0.3f4) 12:24:28:875 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(3e0.3f4) 12:24:28:875 GetUserNameAndDomain Failed to impersonate user
USERENV(3e0.3f4) 12:24:28:875 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(3e0.3f4) 12:24:28:875 GetUserDNSDomainName: Failed to impersonate user
USERENV(3e0.3f4) 12:24:28:906 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(3e0.3f4) 12:24:28:906 GetUserNameAndDomain Failed to impersonate user
USERENV(3e0.3f4) 12:24:28:906 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(3e0.3f4) 12:24:28:906 GetUserDNSDomainName: Failed to impersonate user
USERENV(3e0.3f4) 12:24:28:921 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(3e0.3f4) 12:24:28:937 GetUserNameAndDomain Failed to impersonate user
USERENV(3e0.3f4) 12:24:28:937 ImpersonateUser: Failed to impersonate user
with 5.
USERENV(3e0.3f4) 12:24:28:937 GetUserDNSDomainName: Failed to impersonate user
USERENV(a58.a5c) 12:24:29:765 LibMain: Process Name: C:\WINDOWS\Explorer.EXE
USERENV(a58.a70) 12:24:29:859 GetProfileType: Profile already loaded.
USERENV(a58.a70) 12:24:29:859 GetProfileType: ProfileFlags is 0
USERENV(a58.a70) 12:24:29:875 GetProfileType: Profile already loaded.
USERENV(a58.a70) 12:24:29:890 GetProfileType: ProfileFlags is 0
USERENV(adc.ae0) 12:24:34:984 LibMain: Process Name: C:\Program Files\Common
Files\Symantec Shared\ccApp.exe

This second example occurs like thus almost everytime. The highlighted event
concerns the Windows Management Instrumentation (WMI). Delays are ~45secs to
~1min == 10% - 30% of total login time! What i don't understand is that: (1)
When logging on the domain/corporate-network the delays between this and the
next even are minimal versus when logging onto a non-domain network it is
(one of the most) massive; (2) I would say the delay itself can't have
anything to do with the WMI app but log entries show the delay occuring
always after that event; and (3) I observe that the event always occurs thus
on logons in NON-DOMAIN networks:

USERENV(654.220) 12:23:15:625 LibMain: Process Name:
C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(3a8.56c) 12:24:15:281 MyGetUserName: GetUserNameEx failed with 1722.

(and that's when it takes the most amount of time), i.e. with the
"MyGetUserName: GetUserNameEx failed with 1722" event. I can't find any
documentation on this. Why does this occur when logging in off the domain can
be answered intuitively but i feel like understanding this in more detail
would help us understand ( a ) the reason for the massive delay more
technically ( b ) how to turn it off - or give us a good idea if we just need
to change the way we do things completely.

Does anyone have any idea why this event takes so long? Can we shut this
off? (i don't think i clearly understand the need for WMI either)

Thanks