14 minute boot problem

[Todd]

Since the problem occurs after she logs on,

no,no, no. If she wait 14 minutes at the log on, then
put her password in, she get in instantly

what did AutoRuns show added
under the WinLogon event? This is one of those sneaky places that
malware and some okay programs like to hide. When using AutoRuns, make
sure the status bar doesn't still say "scanning". It can take a little
bit of time to compile the complete list of all startup items.

Another sneaky place to hide is the logon script for an account. You
have to look at the details of the problematic account to see if a logon
script was defined for it. As I recall, run "control userpasswords2",
go to Advanced, and look at the account to check if the logon script
field is non-blank.

msconfig doesn't include this but AutoRuns does: Did you check the Task
Scheduler? Some startup items go there and can be configured to run on
login. You could disable the Task Scheduler service and reboot to test
if nothing pops out at you but then you could also just disable every
scheduled event in Task Manager and reboot rather than disable its
service.

I don't remember where is the tweak or config setting but, as I recall,
you can configure Windows to reload all apps on a restart. If, for
example, the user had left open a media viewer trying to play a
corrupted video file then it reloads on Windows restart and hangs again.
Also, a corrupt video file, especially .avi files, can cause a hang in
Windows Explorer (which is the same program used to manage the desktop).
If the user has Windows Explorer open and selects a corrupted .avi, or a
file with a defective or corrupted codec, then Windows Explorer hangs.
Make sure the restart option to reopen windows that were closed on
shutdown is not enabled.

You say the user gets the login prompt, logs in, and then has to wait 14
minutes. Just to be sure it isn't a timing issue where the user thinks
it only occurs after login, have the user restart Windows and then let
it sit at the logon prompt for 20 minutes. Then have her login to see
if the login goes right in or if there the 14-minute delay truly starts
counting after login. Most likely every time Windows has started the
user has logged in right away so it is uncertain if the delay is part of
Windows startup (there's most to load even after the logon prompt
appears) or only starts sometime after logging in.

Thank you for the tip!

 

[Todd]

Hi All,

Windows XP Pro SP3, 32 bit

I am having a both interesting and frustrating troubleshoot
on a customer's computer I would like to run by you guys:

As of about a week ago, her boot suddenly started to take
14 minutes -- this from event log. And it has nothing to
do with logging in the user. The user login screen will
come up and you put your password in, then wait and wait
and wait for the desktop to come up. But, if you let
it sit for 14 minutes at the logon prompt, then put your
password in, up the desktop comes almost instantly.

Initial, I looked at the system events and found a bunch of
red marks. I fix them all. Now, no more red marks. No
symptom change. Rats.

So I booted into safe mode, and no delays. This is a
good sign.

So, msconfig and selective start up. Wait and wait and
wait and wait. No symptom change. Not a good sign.

Tried with the Anti Virus removed. No symptom change.

So, I installed and ran a utility called "bootviz".
This utility graphs for me the delays involved in booting.
Well, bootviz clearly shows the 14 minutes. 13-1/2 minutes
are relegated to a driver called "fltmgr.sys". (Virus
Total says it is not infected.)

On bootviz, if I click on the various segments of fltmgr,
it tells me what it running. Nothing special. Just that each
thing it runs takes 2 minutes to complete. And, I uploaded each
thing fltmgr is running to Virus Total: all are clean.

And, bootviz shows virtually no CPU or hard drive activity
during the 13-1/2 minutes of wait. The only thing that
is running is fltmgr at 0% CPU.

And, once you get past the 14 minutes, the computer is
very, very fast (has an SSD drive). And, it acts totally
normal the rest of the day.

Any thoughts? How would you proceed? Shake fist at it
and accuse its parents of not being married?

Many thanks,
-T

Hi All,

Figured it out!

Did it by opening both regedit and Auto Runs.

Then I located every entry in auto runs that was file not
found and deleted it from the registry. (Deleting from
auto runs only worked half the time.)

Then I went looking for drivers/services I knew did not
belong. I found two backup utilities (exactly as you guys said).
One from Maxtor and one from Seagate. And one remaining win
printer utility. I deleted every entry of those two buzzards
from the registry -- it took a while. And deleted every file
the registry pointed to from the hard drive.

Rebooted. Started timing when rdp disconnected me. Stopped
timing when rdp allowed me to log back in. 2 minutes, 46 seconds.

Thank you all for the tips, suggestions, moral support and
hand holding!

What a Pain in the Ass to find!

-T

 

[VanguardLH]

no,no, no. If she wait 14 minutes at the log on, then put her
password in, she get in instantly

Since waiting at the logon prompt for the 14 minutes allows immediate
login then startup items are not the issue. The following are used for
startup locations AFTER login:

- User and Computer Group Policy settings.
- Startup programs from the following locations:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
<AllUsersProfilePath>\Start Menu\Programs\Startup\
<CurrentUserProfilePath>\Start Menu\Programs\Startup\

Since you can get an immediately login by waiting out the 14 minutes
before entering logon credentials, it's not these startup items causing
the problem.

All the boot and system drivers have been loaded before the session
manager starts (to see the logon prompt). You don't have a delay there.
That is, boot and system drivers are loading okay and are done
*starting* their load before the session manager can show the logon
prompt. That they start doesn't mean they have completed loading into
memory by the time the logon prompt appears.

You said that you used msconfig to disable startup items. Did that also
include disabling [some] Windows services? Have you disabled ONLY the
startup items to see if the delay disappears? If that alone didn't help
then start disabling services. Leave the startup items disabled to keep
them out of the way for now. Have you used the "diagnostic startup
mode" in msconfig to start Windows normally (not in safe mode) but
loading only essential drivers and services? If you're remoting into
the problematic computer, tis likely you won't remote in after the
reboot with non-essential services disabled.

Does this user have Windows configured for automatic Windows Updates?
Or is it configured to only prompt (notify) her of new updates and then
she chooses if and when to install them?

You might want to look at her WU catalog to see if she installed any
hardware updates from the WU site. While there may be ways to look at
the WU catalog on the hard disk, I'd probably first see if just
connecting to the WU site will work to look at the history it sees for
that host to check if "recommended" hardware updates were installed from
there. The drivers that the WU site offers aren't always the correct or
best ones.

As I mentioned before, you might want to use msconfig not specifically
to disable the startup items (although you might to get them out of the
way while troubleshooting the host) but to disable the services. First
start with the non-Microsoft services. If that doesn't help then
disable the non-essential Microsoft services, too. While services are
started when the services.exe process is loaded, they can take a lot
longer to finish from their "start" state. That is, when you get the
logon prompt, services are probably still loaded. They got started
before that but they are still loading and initializing by the time you
get the logon prompt and sometimes for awhile bit after you've already
logged in.

While bootviz shows some info on load times, images I see at Google on
its UI don't show that it measures load time for services; that is, how
long from a service's initial change to 'started' state to when it gets
to 'running' (ready) state. Event Viewer won't help here. It'll show
entries for "<service> entered stop state" and "<service> entered
running state" but it doesn't show "<service> started" (which is before
when it eventually gets into the running state).

 

[Jim]

- this from event log. And it has nothing to
do with logging in the user. The user login screen will
come up and you put your password in, then wait and wait
and wait for the desktop to come up. But, if you let
it sit for 14 minutes at the logon prompt, then put your
password in, up the desktop comes almost instantly.

Initial, I looked at the system events and found a bunch of
red marks. I fix them all. Now, no more red marks. No
symptom change. Rats.

Todd,
Try this program to narrow down the problem
http://www.greatis.com/bootracer/
Jim

 

[J. P. Gilliver (John)]

Todd,
Try this program to narrow down the problem
http://www.greatis.com/bootracer/
Jim

Can you tell us a bit more about that one? I've looked at the website,
but it isn't too clear to me what it does.

 

[Buffalo]

"Todd" wrote in message news:[email protected]...

Hi All,

Figured it out!

Did it by opening both regedit and Auto Runs.

Then I located every entry in auto runs that was file not
found and deleted it from the registry. (Deleting from
auto runs only worked half the time.)

Then I went looking for drivers/services I knew did not
belong. I found two backup utilities (exactly as you guys said).
One from Maxtor and one from Seagate. And one remaining win
printer utility. I deleted every entry of those two buzzards
from the registry -- it took a while. And deleted every file
the registry pointed to from the hard drive.

Rebooted. Started timing when rdp disconnected me. Stopped
timing when rdp allowed me to log back in. 2 minutes, 46 seconds.

Thank you all for the tips, suggestions, moral support and
hand holding!

What a Pain in the Ass to find!

-T

Great detective work and thanks for posting back with the solution.

 

[Todd]

no,no, no. If she wait 14 minutes at the log on, then put her
password in, she get in instantly

Since waiting at the logon prompt for the 14 minutes allows immediate
login then startup items are not the issue. The following are used for
startup locations AFTER login:

- User and Computer Group Policy settings.
- Startup programs from the following locations:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
<AllUsersProfilePath>\Start Menu\Programs\Startup\
<CurrentUserProfilePath>\Start Menu\Programs\Startup\

Since you can get an immediately login by waiting out the 14 minutes
before entering logon credentials, it's not these startup items causing
the problem.

All the boot and system drivers have been loaded before the session
manager starts (to see the logon prompt). You don't have a delay there.
That is, boot and system drivers are loading okay and are done
*starting* their load before the session manager can show the logon
prompt. That they start doesn't mean they have completed loading into
memory by the time the logon prompt appears.

You said that you used msconfig to disable startup items. Did that also
include disabling [some] Windows services? Have you disabled ONLY the
startup items to see if the delay disappears? If that alone didn't help
then start disabling services. Leave the startup items disabled to keep
them out of the way for now. Have you used the "diagnostic startup
mode" in msconfig to start Windows normally (not in safe mode) but
loading only essential drivers and services? If you're remoting into
the problematic computer, tis likely you won't remote in after the
reboot with non-essential services disabled.

Does this user have Windows configured for automatic Windows Updates?
Or is it configured to only prompt (notify) her of new updates and then
she chooses if and when to install them?

You might want to look at her WU catalog to see if she installed any
hardware updates from the WU site. While there may be ways to look at
the WU catalog on the hard disk, I'd probably first see if just
connecting to the WU site will work to look at the history it sees for
that host to check if "recommended" hardware updates were installed from
there. The drivers that the WU site offers aren't always the correct or
best ones.

As I mentioned before, you might want to use msconfig not specifically
to disable the startup items (although you might to get them out of the
way while troubleshooting the host) but to disable the services. First
start with the non-Microsoft services. If that doesn't help then
disable the non-essential Microsoft services, too. While services are
started when the services.exe process is loaded, they can take a lot
longer to finish from their "start" state. That is, when you get the
logon prompt, services are probably still loaded. They got started
before that but they are still loading and initializing by the time you
get the logon prompt and sometimes for awhile bit after you've already
logged in.

While bootviz shows some info on load times, images I see at Google on
its UI don't show that it measures load time for services; that is, how
long from a service's initial change to 'started' state to when it gets
to 'running' (ready) state. Event Viewer won't help here. It'll show
entries for "<service> entered stop state" and "<service> entered
running state" but it doesn't show "<service> started" (which is before
when it eventually gets into the running state).

Thank you!

 

[Jim]

Can you tell us a bit more about that one? I've looked at the website,
but it isn't too clear to me what it does.

Basically it just times the boot process to desktop and records it in a
log. PCWorld just had a review of it.
I found my PC is not really ready to go when BootRacer stops timing.
My desktop repaints the icons several times before it's ready to really go.

Jim

 

[J. P. Gilliver (John)]

Basically it just times the boot process to desktop and records it in a
log. PCWorld just had a review of it.
I found my PC is not really ready to go when BootRacer stops timing.
My desktop repaints the icons several times before it's ready to really go.

Jim

Ah, thanks. I suspect my (or more importantly my blind friend's) PC
would come into the same category.

(Aren't they infuriating when they do that repainting thing!)
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

... but it's princess Leia in /Star Wars/ who retains the throne in terms of
abiding iconography. Ask any teenage boy, including the grown-up ones.
- Andrew Collins, RT 16-22 April 2011