Here are some steps to take to troubleshoot slow logons:
- Check event logs to see if there are any errors. If there are any errors, investigate those to see if they might be causing slow logon. Some possible errors could be network errors (can’t reach a DC, or possible kerberos over UDP errors), off-line files/folders or even driver issues.
- We have found that one problem can be that the Kerberos packets are getting fragmented as by default they are sent using UDP. Changing this to TCP can correct some issues. (See http://support.microsoft.com/kb/244474 for details on how to do this.)
- Go to <Start> <Applications> and shift-right-click on <Command Prompt>. Choose <Run As…> from the menu and run it with your WA account. At the prompt, type rsop.msc and enter. This runs resultant set of policies and shows you which group policies are being applied.
- Right click and select properties on both the user and computer configuration.
- Check the error tab for any errors that are being reported. If errors are being reported, investigate those errors. (NOTE: some of the new GPP policies may report errors in logging resultant set of policies. These can be safely ignored.)
- If you have any questions about what you see, either take a screen shot or do a Save as… and send it to the AD team for assistance.
- Do a gpupdate /force to ensure that all group policies are being applied. Reboot to see if you are still having problems with the slow logon times.
- If nothing appears obvious in the event logs, perform the following steps:
- Open Regedit on the problem computer and drill down to
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon.
- Create a REG_DWORD with the value called UserEnvDebugLevel then set the value to 0x10002 in hexadecimal. The value is not case sensitive.
- Logging will start immediately to the Userenv.log file located in the %SystemRoot%\Debug\UserMode folder (no reboot or restart of services is required). If the Userenv.log file is larger than 300 KB, the file is renamed Userenv.bak, and a new Userenv.log file is created. This action occurs when a user logs on locally or by using Terminal Services, and the Winlogon process starts. However, because the size check only occurs when a user logs on, the Userenv.log file may grow beyond the 300 KB limit. If you need to read the log or .bak files then you can simply open them with Notepad. Since you want to see what the computer is doing when it starts, reboot the client computer.
- After successful logon, generate a System Information file by going to Start – Run – Msinfo32 and hit enter. Once the System Information file comes up save the file as a System Information File with a .NFO extension.
- Now you can evaluate the userenv.log and the above system information file. Below I have posted a link to a free tool that will help you evaluate userenv.log file.
There is one additional thing that can sometimes assist you. By default, Windows only displays generic messages during boot-up and logon. You can have it display some additional detail (not necessarily all information) by setting the following group policy:
Computer Configuration | [Policies] | Administrative Templates | System
Verbose vs normal status messages
I would not recommend setting this for all users as you might get some help desk questions (it seems whenever anything changes, people will call and ask if this is normal).
I hope this summary will help you to troubleshoot slow logons.
References:
Understanding How to Read a Userenv Log (Part 1)
Understanding How to Read a Userenv Log (Part 2)
Interpreting Userenv Log Files
http://technet.microsoft.com/en-us/library/cc786775.aspx
Userenv Log Reader