understanding &troubleshooting the windows logon process
TRANSCRIPT
![Page 1: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/1.jpg)
Diving into the
Windows Logon Process
Yoni Avital (VDI Geek)
Eugene Kalayev (Cloud and PowerShell Geek)
![Page 2: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/2.jpg)
Agenda• Logon process overview
• Logon process breakdown
• Tools of the trade
• Event log (is your friend)
• Process Monitor
• Advanced (Geek) stuff
• Event Tracing for Windows
• PowerShell Scripts
• Live demo
![Page 3: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/3.jpg)
Logon Process Overview
Session Initialization Authentication User Profile
Group Policy UserInit Shell
![Page 4: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/4.jpg)
Logon Process - Optional Phases
• Network Providers (RDS)
• Mpnotify.exe loads network providers (e.g. pnsso)
• 3rd party profile solutions (e.g. UPM)
• UPM loads before the User Profile Service and can delay the logon process
• Group Policy Scripts
• Will affect logon duration if runs synchronously
• Citrix Printer Mapping
• Can delay the logon process if apps are waiting for printer mapping. Handled by
wfshell.exe (part of the UserInit phase)
![Page 5: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/5.jpg)
Session Initialization
![Page 6: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/6.jpg)
Session Initialization
![Page 7: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/7.jpg)
Authentication
![Page 8: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/8.jpg)
Authentication
![Page 9: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/9.jpg)
User Profile
![Page 10: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/10.jpg)
Group Policy
![Page 11: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/11.jpg)
Userinit (Pre-Shell)
![Page 12: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/12.jpg)
Shell
![Page 13: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/13.jpg)
Advanced (Geek) stuff
• Event Tracing for Windows
• PowerShell Scripts
![Page 14: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/14.jpg)
Event Tracing for Windows
• High speed kernel & user mode event tracing
• Steps
• Create and start new ETW trace
• Reproduce the slow logon issue
• Stop the trace
• Convert the ETL log file to XML format
• Analyze log with Notepad ++
• Example – Analyze logon processes
![Page 15: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/15.jpg)
Event Tracing for Windows
![Page 16: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/16.jpg)
Event Tracing for Windows
![Page 17: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/17.jpg)
Event Tracing for Windows
![Page 18: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/18.jpg)
PowerShell – Analyze Logon Duration
Get-LogonPhaseTime -Username UserName –UserDomain Domain -CUDesktopLoadTime $args[1]
User name: cuupmLogon Time: 09:46:37 PM Logon Duration: 107 seconds
Logon Phase Duration (s) Start Time End Time Interim Delay----------- ------------ ---------- -------- -------------Network Providers 1.0 09:46:37.1 09:46:38.1 Citrix Profile Mgmt 82.3 09:46:42.0 09:48:04.2 3.815 User Profile 0.9 09:48:04.2 09:48:05.1 0 Group Policy 9.7 09:48:05.1 09:48:14.8 0.005 GP Scripts (sync) 2.4 09:48:16.2 09:48:18.6 1.398 Pre-Shell (Userinit) 2.3 09:48:18.6 09:48:20.9 0.04 Shell 3 09:48:20.9 09:48:23.9 0
![Page 19: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/19.jpg)
PowerShell - Analyzing GP CSE Load Times
Get-GPUserCSE -Username MyDomain\MyUser
Lists every loaded CSE by name and processing time
CSE Name Time (in ms)-------- ------------Group Policy Environment 1514Registry 4477Group Policy Drive Maps 936Scripts 421Group Policy Registry 1825Folder Redirection 6895Group Policy Files 2418Group Policy Start Menu Settings 842Citrix Group Policy 1310
Total time of 20.64 secondsTotal errors: 1Folder Redirection failed with 'ErrorCode' 1003
![Page 20: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/20.jpg)
Live Demo
• Slow logon – Group Policy
• Slow Logon – Citrix UPM
![Page 21: Understanding &Troubleshooting the Windows Logon Process](https://reader034.vdocuments.us/reader034/viewer/2022042500/55ce21f1bb61eba6358b4734/html5/thumbnails/21.jpg)
Links• Xperf -
http://blogs.technet.com/b/askpfeplat/archive/2012/06/09/slow-boot-slow-logon-sbsl-a-tool-called-xperf-and-links-you-need-to-read.aspx
• Windows Logon and Authentication -https://technet.microsoft.com/en-us/library/dn169016(v=ws.10).aspx
• Analyze Logon Duration PowerShell script - TBS• Analyze CSE load time PowerShell script -
http://www.controlup.com/logon-gpo-analysis-via-powershell/
• ETW - https://support.microsoft.com/en-us/kb/2593157