+ Post New Thread
Results 1 to 7 of 7
Windows Server 2000/2003 Thread, User logon debugging in Technical; Does anyone know of a tool or similar that can log and debug every step from the user entering their ...
  1. #1

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,489
    Thank Post
    1,575
    Thanked 479 Times in 302 Posts
    Rep Power
    215

    User logon debugging

    Does anyone know of a tool or similar that can log and debug every step from the user entering their password to the point of a working desktop?

    So it can log which server it goes to to get different things, where its being delayed and obviously whats causing the bottleneck.

  2. #2
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    37
    i would start out with wireshark to see whats happening "on the wire"

    bio..

  3. #3

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,489
    Thank Post
    1,575
    Thanked 479 Times in 302 Posts
    Rep Power
    215
    Yeh, where do you install it tho? On both DCs or somewhere else?

  4. #4

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,489
    Thank Post
    1,575
    Thanked 479 Times in 302 Posts
    Rep Power
    215
    I ran it on the PDCE and got these weird file lookups for things that dont exist -

    smbeh..JPG

    This is a pupil account and the files its looking for are in the home area, anyone know why its doing this?

    Another file it looks for earlier in the logon is system.mdb, again in the home area and again not finding it.

  5. #5

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123
    You can turn on user environment debug logging - there's some info here What is logged to the Userenv.log file? - AD Troubleshooting - Site Home - TechNet Blogs - about how to do this and the info you get.

    You will see all sorts of stuff which looks wrong if you use wireshark (or process monitor) - often it's not wrong; just not ideal.

    For example, when Windows goes to load an executable file it will try each folder in the path until it finds it. If you've got network folders in your path ahead of the actual file location then these will appear on the Wireshark trace.

    On a fairly clean machine path might look something like this:
    Code:
    PATH=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\ic-utils
    On a machine with more stuff installed it can look like this:
    Code:
    PATH=C:\Program Files (x86)\NAG\FL22\fldll224ml\batch;C:\Program Files (x86)\NAG\FL22\fldll224ml\bin;C:\Program Files (x86)\NAG\FL22\fldll224ml\MKL_ia32_10.1\bin;C:\Program Files (x86)\Intel\Compiler\11.1\065\mkl\em64t\bin;C:\Program Files (x86)\Intel\ICTCE\4.0.0.022\mpi\em64t\bin;C:\Program Files (x86)\Intel\ICTCE\4.0.0.022\Compiler\lib\Intel64;C:\Program Files (x86)\Intel\ICTCE\4.0.0.022\Compiler\lib\ia32;C:\Program Files (x86)\Intel\ICTCE\4.0.0.022\Compiler\lib\Intel64;C:\Program Files (x86)\Intel\ICTCE\4.0.0.022\Compiler\lib\ia32;C:\Program Files (x86)\Intel\ICTCE\4.0.0.022\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\ic-utils;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Enterprise Vault\EVClient\;c:\MATLAB\r2010a\runtime\win64;c:\MATLAB\r2010a\bin;c:\mingw\bin;c:\msys\1.0\bin;c:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files (x86)\Common Files\Intel\Shared Files\IDVC;C:\Program Files\NAG\FL22\flw6i22dcl\bin;C:\Program Files\NAG\FL22\flw6i22dcl\bin
    This can lead to a slow down - a file which is actually in c:\windows\system32 could be checked in quite a few folders before it's found (and, yes, we should fix our build process to tidy this up - but it's down to some bad packages which prepend their own folder instead of appending it)

  6. #6

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,489
    Thank Post
    1,575
    Thanked 479 Times in 302 Posts
    Rep Power
    215
    My Path just has 4 entries, nothing too major.

    Only ENV errors are -

    USERENV(2c8.38c) 10:21:56:670 ReadMembershipList: Group S-1-5-21-937451352-3369531182-3383592120-1009 not in current list of token groups
    USERENV(2c8.38c) 10:21:57:701 ProcessGPORegistryPolicy: Failed to move archive file to temporary file due to error: 2.
    USERENV(2c8.8e4) 10:55:27:091 ProcessGPOs: Forced option changed policy mode.
    USERENV(2c8.2cc) 10:56:36:156 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2c8.2cc) 10:56:36:156 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2c8.2cc) 10:56:36:156 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2c8.820) 10:59:28:233 PolicyChangedThread: UpdateUser failed with 6.
    USERENV(2c8.af0) 11:15:06:718 PolicyChangedThread: UpdateUser failed with 6.
    USERENV(2c8.c58) 11:18:49:576 ReadMembershipList: Group S-1-5-21-937451352-3369531182-3383592120-1009 not in current list of token groups
    USERENV(2c8.c58) 11:18:49:998 ProcessGPORegistryPolicy: Failed to move archive file to temporary file due to error: 2.
    USERENV(2c8.9c4) 11:25:38:123 PolicyChangedThread: UpdateUser failed with 6.
    USERENV(2c8.d4c) 11:27:41:139 PolicyChangedThread: UpdateUser failed with 6.
    USERENV(2c8.a70) 11:28:36:420 PolicyChangedThread: UpdateUser failed with 6.
    USERENV(2c8.2e0) 11:29:38:482 PolicyChangedThread: UpdateUser failed with 6.
    USERENV(2c8.3a0) 11:34:18:722 PolicyChangedThread: UpdateUser failed with 6.
    Last edited by CHR1S; 21st January 2011 at 12:07 PM.

  7. #7

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,489
    Thank Post
    1,575
    Thanked 479 Times in 302 Posts
    Rep Power
    215
    Right, im getting this sorted now, but there is one last thing thats bothering me.
    When a user logs in several seconds of the proccess is used to look for SMB information on mplayrc.exe.

    mplac.JPG

    Now the only reference to it is a shortcut that points to an application drive where it runs. Why would this file be queried so much at logon and more specificley the exe from which the shortcut points?

    Thanks

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 19
    Last Post: 22nd March 2012, 11:45 AM
  2. User keeps getting 'Filename too long' and can't logon!
    By marsdenprimary in forum Wireless Networks
    Replies: 20
    Last Post: 1st April 2010, 01:53 PM
  3. Moodle and Debugging
    By faza in forum Virtual Learning Platforms
    Replies: 0
    Last Post: 28th January 2009, 12:52 PM
  4. User cannot logon wirelessly but...
    By Nozza in forum Wireless Networks
    Replies: 7
    Last Post: 2nd December 2008, 12:49 PM
  5. fast user logon
    By strawberry in forum Windows
    Replies: 0
    Last Post: 21st November 2007, 09:11 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •