Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Understanding &Troubleshooting the Windows Logon Process

3 742 vues

Publié le

How Windows Logon process works and event tracing.

Publié dans : Technologie
  • Soyez le premier à commenter

Understanding &Troubleshooting the Windows Logon Process

  1. 1. Diving into the Windows Logon Process Yoni Avital (VDI Geek) Eugene Kalayev (Cloud and PowerShell Geek)
  2. 2. Agenda • Logon process overview • Logon process breakdown • Tools of the trade • Event log (is your friend) • Process Monitor • Advanced (Geek) stuff • Event Tracing for Windows • PowerShell Scripts • Live demo
  3. 3. Logon Process Overview Session Initialization Authentication User Profile Group Policy UserInit Shell
  4. 4. Logon Process - Optional Phases • Network Providers (RDS) • Mpnotify.exe loads network providers (e.g. pnsso) • 3rd party profile solutions (e.g. UPM) • UPM loads before the User Profile Service and can delay the logon process • Group Policy Scripts • Will affect logon duration if runs synchronously • Citrix Printer Mapping • Can delay the logon process if apps are waiting for printer mapping. Handled by wfshell.exe (part of the UserInit phase)
  5. 5. Session Initialization
  6. 6. Session Initialization
  7. 7. Authentication
  8. 8. Authentication
  9. 9. User Profile
  10. 10. Group Policy
  11. 11. Userinit (Pre-Shell)
  12. 12. Shell
  13. 13. Advanced (Geek) stuff • Event Tracing for Windows • PowerShell Scripts
  14. 14. Event Tracing for Windows • High speed kernel & user mode event tracing • Steps • Create and start new ETW trace • Reproduce the slow logon issue • Stop the trace • Convert the ETL log file to XML format • Analyze log with Notepad ++ • Example – Analyze logon processes
  15. 15. Event Tracing for Windows
  16. 16. Event Tracing for Windows
  17. 17. Event Tracing for Windows
  18. 18. PowerShell – Analyze Logon Duration Get-LogonPhaseTime -Username UserName – UserDomain Domain -CUDesktopLoadTime $args[1] User name: cuupm Logon Time: 09:46:37 PM Logon Duration: 107 seconds Logon Phase Duration (s) Start Time End Time Interim Delay ----------- ------------ ---------- -------- ------------- Network Providers 1.0 09:46:37.1 09:46:38.1 Citrix Profile Mgmt 82.3 09:46:42.0 09:48:04.2 3.815 User Profile 0.9 09:48:04.2 09:48:05.1 0 Group Policy 9.7 09:48:05.1 09:48:14.8 0.005 GP Scripts (sync) 2.4 09:48:16.2 09:48:18.6 1.398 Pre-Shell (Userinit) 2.3 09:48:18.6 09:48:20.9 0.04 Shell 3 09:48:20.9 09:48:23.9 0
  19. 19. PowerShell - Analyzing GP CSE Load Times Get-GPUserCSE -Username MyDomainMyUser Lists every loaded CSE by name and processing time CSE Name Time (in ms) -------- ------------ Group Policy Environment 1514 Registry 4477 Group Policy Drive Maps 936 Scripts 421 Group Policy Registry 1825 Folder Redirection 6895 Group Policy Files 2418 Group Policy Start Menu Settings 842 Citrix Group Policy 1310 Total time of 20.64 seconds Total errors: 1 Folder Redirection failed with 'ErrorCode' 1003
  20. 20. Live Demo • Slow logon – Group Policy • Slow Logon – Citrix UPM
  21. 21. Links • Xperf - http://blogs.technet.com/b/askpfeplat/archive/2012/0 6/09/slow-boot-slow-logon-sbsl-a-tool-called-xperf- and-links-you-need-to-read.aspx • Windows Logon and Authentication - https://technet.microsoft.com/en- us/library/dn169016(v=ws.10).aspx • Analyze Logon Duration PowerShell script - TBS • Analyze CSE load time PowerShell script - http://www.controlup.com/logon-gpo-analysis-via- powershell/ • ETW - https://support.microsoft.com/en- us/kb/2593157

×