vicka
(VickA)
1
Users have been complaining a lot about slow logons lately and i was wondering if anyone knows of any good boot analysis software for Windows 7 ? I found Soluto but it looks to be a cloud based solution, im looking for something i can install, reboot and read the raw data.
I don’t do a lot of GPOs so i know it cant be that. All i know is that recently i installed Malwarebytes for Business on all of my work computers and then this started happening. As far as my AV products go, i have Malwarebytes and Sophos Endpoint running on all of the PCs at work so it may be that one of these may be conflicting with the other.
Does anyone out there run this combination ? Have you noticed any issues with having both of these running on the same PC ?
@Sophos @ThreatDown_by_Malwarebytes
8 Spice ups
Do you have any logon scripts that run at bootup? Also is the Malwarebytes running any scans at boot? You could also check the following:
Meant to have it view like this.
First thing I would do would be to uninstall it from a machine for testing. If that fixes the issue then you know to look into settings in Malwarebytes and possibly contact their support for help.
3 Spice ups
Having both of those products loaded is going to slow any computer down, regardless of what it’s running for scans at startup. What is the hardware? SSD drives would be a good upgrade to help this situation.
What are you boot times right now and where is the boot process hanging (splash screen, just before the login screen, etc.)
Larry has the good idea if this started happening ever since you installed this software, uninstall it from a couple test machines and see if it helps.
For boot logging you can use sysinternals Process Monitor which has an option for boot logging (instructions half way down the page)
http://www.sophos.com/en-us/support/knowledgebase/119038.aspx
1 Spice up
legoman
(LegoMan)
7
What is your DNS configuration like? End-user devices should be getting the IP of your AD DNS servers ONLY, and the DNS suffix should be correct for your network. When was the last time you rebooted your server or restarted the DNS server service? If end-user devices are having trouble finding the DC, then yes, I’d expect a slow logon after CTRL+ALT+DEL.
1 Spice up
lylel1550
(JARITM)
8
Grab a machine with the issue, run msconfig, start reviewing your services and startup entries.
Beyond that, it is local environment and AD settings
What GPOs do you have set up? You can’t eliminate GPO just because you only have a handful - printer policies are a good example here and are (depending on the environment) well known for causing logon delays.
You should ensure Malwarebytes is configured not to run any scans at boot time as well.
1 Spice up
vicka
(VickA)
10
Thanks everyone for the replies !
It gets stuck at the Welcome screen, just after they enter their AD user credentials, and it stays there for like a good 30 minutes or more at times, which is wayyy too long. Sorry, i forgot to mention that when i wrote up the question.
marc89
(marc89)
11
See what programs are starting with the computer if you still have a problem.
Create a test machine.
Run, msconfig, selective startup [check only load system services].
Is the problem resolved? Yes → $$$$.
No → Uninstall Malwarebytes and/or Sophos. Yes → $$$$
No → Event Viewer to check the times and report back the results
v-s
(V_S)
13
Example for anti-virus exclusions above.
Exclude Sophos and Malwarebytes from each other, and Malwarebytes also suggests firewall exclusions.
Contact support for both vendors if you have further problems after adding exclusions in both for the other.
Since you say it happened after installing Malwarebytes, it’s probably a conflict between their active scanners loading at startup. You can always just disable Malwarebytes active scanner on a test computer at startup and check the difference in boot times, or remote it and clock it.
John5152
(John5152)
14
Try unplugging the machine from the network and see if it logs in quicker. If it does check that MalwareBytes isn’t trying to scan the network shares or that there isn’t a login script that’s getting blocked.
1 Spice up
Boot to Safe Mode, uninstall Malwarebytes. Multiple times I have experienced that the newest software affects the firewall. I have even run into disabling the Windows Firewall and that worked. Multiple virus tools on machine at same time can have hindering effects. Not all the time but many times I have seen that. MWB works in Safe mode allowing the cleaning of systems and then uninstall and reboot.
What V_S wrote sounds like best way, but I have not ever had great results with more than one virus tool active. If it works fine that is within a week then I get sluggish results. I have used Panda, Sophos, MWB, Kapersky, Mcafee, Norton, etc. No matter what I do after more than 1 the system becomes sluggish or non responsive until disabling the firewall and or uninstalling the newest software or uninstalling the unwanted. We use Sophos and have limited problems as it has prevented many issues.
Dec 1, 2014 at 5:52 AM
VirtuallySurreal Tech Services is an IT service provider.
I have had this issue with computers that have incorrect DNS info. Make sure the clients all are using the AD machine for DNS. If the DNS is correct I would see if the roaming profiles are large and taking too long to transfer to each client. This would only happen if you are actually using roaming profiles of course, and not just local profiles.
1 Spice up
vicka
(VickA)
18
I think i may have solved my issue.
I took a machine that was experiencing this exact issue this morning and i set the DNS server settings to statically point to my 2 AD servers and the user was able to log in just fine. As far as my DHCP options for DNS goes, im assigning all PCs my primary DC as the primary DNS and i have a secondary DNS of 8.8.8.8 and a tertiary of 4.2.2.2. Im assuming that for whatever reason, the PCs that are having this issue are jumping over to use the secondary and maybe even tertiary DNS servers but since they are not AD DNS servers, the profile just hangs until it makes it round back to the primary DNS server.
This is the only logical explanation as to why they would hang such a long time, my PC at work has the same anti-malware software as the rest of the company and not once has my pc hung up when logging on, its very likely that its because of the fact that my DNS servers are set statically to point to the DCs.
This kind of behavior now makes me now wonder why they aren’t using the primary DNS server and jumping over to the second and third DNS servers…
1 Spice up
Why are you assigning external DNS entries to your workstations? They should all point to your internal DNS servers only. If you change your second entry from Google DNS to your AD server you should be fine.
vicka
(VickA)
20
I guess its sorta dumb for me to do that but i figured id have some sort of a backup in case the DCs went down. Id hate to get a thousand phone calls from everyone telling me the internet is down when its really just the DC or an internal DNS issue.
