Troubleshooting Slow Logons

Troubleshooting Slow Logons

On the DCs perform the following tests:

1)run netdiag /v /debug > netdiag.log

2)run dcdiag /e /v > dcdiag.log

Enabling Userenv Logging

Because Userenv tracks the Group Policy engine and registry-based Group Policy, it is the most frequently used log file for Group Policy troubleshooting. Userenv is especially useful in a Windows 2000 environment because you don't have the benefit of using Resultant Set of Policy (RSoP). Most of the questions that RSoP answers, are in the userenv log.

To use userenv.log you need to first enable verbose logging.

  1. Log onto the client computer as the administrator and run Regedit.
  2. Locate the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon.
  3. Right click Winlogon, select New, and then click DWORD Value.
  4. Enter the following name for the DWORD Value: ExtensionDebugLevel.
  5. Enter 2 as the hexadecimal value. This writes the debug info into userenv.log, located in the \%windir%\debug directory.
  6. Run "gpupdate /force" to ensure a full listing of total Group Policy processing.

Enabling verbose logging of security CSE GPO extension

  1. Log onto the client computer as the administrator and run Regedit.
  2. Locate the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions\{827d319e-6eac-11d2-a4ea-00c04f79f83a}.
  3. Right click {827d319e-6eac-11d2-a4ea-00c04f79f83a}, select New, and then click DWORD Value.
  4. Enter the following name for the DWORD Value: UserEnvDebugLevel.
  5. Enter 30002 as the hexadecimal value. This writes the debug info into winlogon.log, located in the %windir%\security\logs\ directory.
  6. Run "gpupdate /force" to ensure a full listing of total Group Policy processing.

Enabling Netlogon service logging

To enable debug logging, set the debug flag that you want in the registry and restart the service by using the following steps:

  1. Start the Regedt32 program.
  2. Delete the Reg_SZ value of the following registry entry, create a REG_DWORD value with the same name, and then add the 2080FFFF hexadecimal value. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag
  3. At a command prompt, type net stop netlogon, and then type net start netlogon. This enables debug logging and writes the netlogon debug info into into netlogon.log, located in the %windir%\debug\directory.
  4. To disable debug logging, change the data value to 0x0 in the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag
  5. Quit Regedt32.
  6. Stop Net Logon, and then restart Net Logon.

Note: On Windows Server 2003-based computers, you can use the following Group Policy to configure the log file size:

\Computer Configuration\Administrative Templates\System\Net Logon\Maximum Log File Size

Note: As an alternate method, you can set the dbflag without using the registry. To do this run the following command from a command prompt:

nltest /dbflag:0x2080ffff

After you finish debugging, you can run the nltest /dbflag:0x0 command from a command prompt to reset the debug flag to 0.

Top View