SBSL: TOOLS: SDP: Executing the SBSL SDP Manifest to capture a slow logon

Summary

This article describes how to execute the slow boot/slow logon (SBSL) SDP manifest to capture ETL tracing and supporting data for a slow user logon.

The SBSL SDP Manifest runs on Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 computers. Data collected includes:

  • An ETL trace of the slow boot and logon events for review in XPERFVIEW.EXE
  • Application event log in .csv, .txt and .evtx formats
  • GroupPolicy-Operational log in .csv, .txt and .evtx formats
  • System event log in .csv, .txt and .evtx formats
  • GPResult in.txt and htm formats
  • NETLOGON.LOG
  • AppliedSectempl.txt
  • Profilesvc ETL log

To view ETL trace data collected by the SBSL SDP, see

Bemis 2688614 SBSL: XPERF: Installing the public version of XPERF and public symbols to view ETL trace data

More Information

Note: screen shots have been resized for brevity

  1. Click on the http://support.microsoft.com link in the SBSL SDP package email.   Save or copy the package to the slow boot or slow logon computer.

    From: <MSFT case owner>@microsoft.com [mailto:<MSFT case owner>@microsoft.com]
    Sent: <day>, <Month> <DD>, YYYY HH:MM AM|PM
    To: <customer name>
    Subject: Microsoft support incident: < MSS Case # >

    Dear Customer,

    To allow us to better support you please click the web link below or copy and paste the HTTP line below into your Internet browser's address bar to run the Microsoft Support Diagnostic Tool. The tool gathers diagnostic information useful in resolving your issue. From a computer that is connected to the internet:

    1. Click on the link below
    http://support.microsoft.com/sdp/<30 character alpha-numeric GUID>

    2. Click on the Run Now button (recommended) to start the diagnostic process

    3. Follow the onscreen instructions to run the diagnostics on this computer, or a different computer.

    Please note that this support key can be used to submit <value entered in # of times to execute field> time(s) the diagnostics results back to Microsoft until time(UTC) :YYYY-MM-DDTHH:MM:SS.msZ.

    For frequently asked questions about diagnostic data collection and uploading tools click the link below:
    http://support.microsoft.com/kb/2598970

    Thank you

  2. Log onto the slow logon computer with a user account that is a member of the local machine Administrators group.

    Execute the SBSL SDP downloaded in step 1 and follow the on-screen instructions.








    Selecting “This computer” and clicking Next downloads the packages

               
                                                                                    


  3. While still logged on as the local machine admin , click "Start" then run the "Slow Logon" manifest.





    Specifying custom data collection allow you to specify were the SBSL SDP places temporary files. A page later in the manifest lets administrators save a local copy of all data collected by the manifest. This option only specifies where temporary files are place on the local computer. If Disk Utilization is suspect and an alternate physical drive exists in the computer than this option will reduce load on the OS drive caused by tracing.


    -

    If you do specify a "custom data collection location", here's what the dialog looks like:



  4. Specify how you want to capture ETL tracing for the slow logon

    The best practice is to logon on to the slow logon computer with a user account that is a member of the local machine administrators security group, start the SBSL SDP, the choose the "Use Fast User Switching feature to logon with a different user on this machine". If “Fast User Switching” is disabled in group policy then select “Logon with an affected user on this session”





    Click "Next" on the following dialog and tracing will be begin. The administrative session remains logged in while the CTRL+ALT+DEL screen appears. Enter valid user name, domain name and password for the slow logon user account.



  5. Tracing will stop 30 seconds after the slow logon session reaches the desktop. If you want to stop the trace before 30 seconds do not close this window; instead click the command line window and press any key.




    Once data has been collected from the powershell window, click "OK", then log on with the same local machine admin used to start the SBSL Manifest back in Step 2.



    Log onto with the same local machine administrator used to start the trace back in step 2.

  6. Once logged back in as the local machine administrator, re-run the SBSL Manifest. This 2nd execution of the SBSL SDP manifest will aggregate ETL and other supporting files collected during the slow logon session, and give you a summary of the data collected.





    Clicking "Save a copy" in the "Send diagnostic data to Microsoft" save a local copy of all collected data in an admin-specified path with a default file name of "Results_<computer name>_<date>_<time>.cab" AND sends a copy of that data to Microsoft for analysis.

     



  7. The END 

 

Text version of instructions to execute the SBSL SDP 

1.       Logon to a workstation as an administrator and click the link in the SBSL manifest email to start the wizard.

2.       If the slow logons happen any time then select Slow Logon in the manifest when prompted.

NOTE: If the computer is x64 then you will be prompted to have the wizard configure the DisablePagingExecutive registry setting (Recommended).  This must be selected to get useful data. It will reboot the computer and you will have to start the SBSL manifest all over again.

3.       Once you select Slow Logon you will be asked to either logoff or do Fast user Switching.  If Fast User Switching is not disabled then use this.  If it is disabled select logoff.

4.       Log on with a user that is slow to reproduce the issue

NOTE: Two powershell scripts will launch, one will generate a gpresult for the logged on user and the other will prompt for elevation to stop the trace.

5.       As soon as these are done log the user off or "Switch User" back to the Admin session that first ran the SBSL manifest.

NOTE: A powershell command will run and throw a pop-up indicating the SBSL manifest must be run once more to Collect and Upload the data.

6.       Once you are logged back on as the Administrator run the SBSL manifest once more. Several screens later it will discover there is trace data and you will be prompted to “Collect and Upload”. 

IMPORTANT:  If the slow logons only occur immediately following a reboot then you must choose the Slow Boot option instead of Slow Logon.  Just be certain to login as soon as the CTRL+ALT+DEL screen appears to reproduce the slow logon.  You will have to log off and back on as the Admin who first ran the SBSL manifest, run it once more and it will Collect and Upload the trace data.

Properties

Article ID: 2695431 - Last Review: 10/14/2015 16:29:00 - Revision: 19.0

  • KB2695431
Feedback