Understanding &Troubleshooting the Windows Logon Process
•
5 j'aime•6,339 vues
How Windows Logon process works and event tracing.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (8)
Similaire à Understanding &Troubleshooting the Windows Logon Process
Similaire à Understanding &Troubleshooting the Windows Logon Process (20)
Dernier
Dernier (20)
Understanding &Troubleshooting the Windows Logon Process
- 1. Diving into the Windows Logon Process Yoni Avital (VDI Geek) Eugene Kalayev (Cloud and PowerShell Geek)
- 2. Agenda • Logon process overview • Logon process breakdown • Tools of the trade • Event log (is your friend) • Process Monitor • Advanced (Geek) stuff • Event Tracing for Windows • PowerShell Scripts • Live demo
- 3. Logon Process Overview Session Initialization Authentication User Profile Group Policy UserInit Shell
- 4. Logon Process - Optional Phases • Network Providers (RDS) • Mpnotify.exe loads network providers (e.g. pnsso) • 3rd party profile solutions (e.g. UPM) • UPM loads before the User Profile Service and can delay the logon process • Group Policy Scripts • Will affect logon duration if runs synchronously • Citrix Printer Mapping • Can delay the logon process if apps are waiting for printer mapping. Handled by wfshell.exe (part of the UserInit phase)
- 9. User Profile
- 10. Group Policy
- 12. Shell
- 13. Advanced (Geek) stuff • Event Tracing for Windows • PowerShell Scripts
- 14. Event Tracing for Windows • High speed kernel & user mode event tracing • Steps • Create and start new ETW trace • Reproduce the slow logon issue • Stop the trace • Convert the ETL log file to XML format • Analyze log with Notepad ++ • Example – Analyze logon processes
- 15. Event Tracing for Windows
- 16. Event Tracing for Windows
- 17. Event Tracing for Windows
- 18. PowerShell – Analyze Logon Duration Get-LogonPhaseTime -Username UserName – UserDomain Domain -CUDesktopLoadTime $args[1] User name: cuupm Logon Time: 09:46:37 PM Logon Duration: 107 seconds Logon Phase Duration (s) Start Time End Time Interim Delay ----------- ------------ ---------- -------- ------------- Network Providers 1.0 09:46:37.1 09:46:38.1 Citrix Profile Mgmt 82.3 09:46:42.0 09:48:04.2 3.815 User Profile 0.9 09:48:04.2 09:48:05.1 0 Group Policy 9.7 09:48:05.1 09:48:14.8 0.005 GP Scripts (sync) 2.4 09:48:16.2 09:48:18.6 1.398 Pre-Shell (Userinit) 2.3 09:48:18.6 09:48:20.9 0.04 Shell 3 09:48:20.9 09:48:23.9 0
- 19. PowerShell - Analyzing GP CSE Load Times Get-GPUserCSE -Username MyDomainMyUser Lists every loaded CSE by name and processing time CSE Name Time (in ms) -------- ------------ Group Policy Environment 1514 Registry 4477 Group Policy Drive Maps 936 Scripts 421 Group Policy Registry 1825 Folder Redirection 6895 Group Policy Files 2418 Group Policy Start Menu Settings 842 Citrix Group Policy 1310 Total time of 20.64 seconds Total errors: 1 Folder Redirection failed with 'ErrorCode' 1003
- 20. Live Demo • Slow logon – Group Policy • Slow Logon – Citrix UPM
- 21. Links • Xperf - http://blogs.technet.com/b/askpfeplat/archive/2012/0 6/09/slow-boot-slow-logon-sbsl-a-tool-called-xperf- and-links-you-need-to-read.aspx • Windows Logon and Authentication - https://technet.microsoft.com/en- us/library/dn169016(v=ws.10).aspx • Analyze Logon Duration PowerShell script - TBS • Analyze CSE load time PowerShell script - http://www.controlup.com/logon-gpo-analysis-via- powershell/ • ETW - https://support.microsoft.com/en- us/kb/2593157