Windows 7 Slow Boot

trelstadtech · 2014-11-30T20:25:25.000Z

Having both of those products loaded is going to slow any computer down, regardless of what it’s running for scans at startup. What is the hardware? SSD drives would be a good upgrade to help this situation.

anon595438 · 2014-11-30T21:46:29.000Z

What are you boot times right now and where is the boot process hanging (splash screen, just before the login screen, etc.)

LarryG.:

First thing I would do would be to uninstall it from a machine for testing. If that fixes the issue then you know to look into settings in Malwarebytes and possibly contact their support for help.

Larry has the good idea if this started happening ever since you installed this software, uninstall it from a couple test machines and see if it helps.

For boot logging you can use sysinternals Process Monitor which has an option for boot logging (instructions half way down the page)
http://www.sophos.com/en-us/support/knowledgebase/119038.aspx

legoman · 2014-11-30T22:33:34.000Z

What is your DNS configuration like? End-user devices should be getting the IP of your AD DNS servers ONLY, and the DNS suffix should be correct for your network. When was the last time you rebooted your server or restarted the DNS server service? If end-user devices are having trouble finding the DC, then yes, I’d expect a slow logon after CTRL+ALT+DEL.

lylel1550 · 2014-11-30T22:46:32.000Z

Grab a machine with the issue, run msconfig, start reviewing your services and startup entries.

Beyond that, it is local environment and AD settings

brettfranklin · 2014-12-01T03:05:44.000Z

What GPOs do you have set up? You can’t eliminate GPO just because you only have a handful - printer policies are a good example here and are (depending on the environment) well known for causing logon delays.

You should ensure Malwarebytes is configured not to run any scans at boot time as well.

vicka · 2014-12-01T06:13:16.000Z

Thanks everyone for the replies !

It gets stuck at the Welcome screen, just after they enter their AD user credentials, and it stays there for like a good 30 minutes or more at times, which is wayyy too long. Sorry, i forgot to mention that when i wrote up the question.

marc89 · 2014-12-01T10:02:18.000Z

See what programs are starting with the computer if you still have a problem.

maxbrotherwood · 2014-12-01T10:13:33.000Z

Create a test machine.

Run, msconfig, selective startup [check only load system services].

Is the problem resolved? Yes → $$$$.

No → Uninstall Malwarebytes and/or Sophos. Yes → $$$$

No → Event Viewer to check the times and report back the results

v-s · 2014-12-01T10:52:56.000Z

Malwarebytes Forums

Malwarebytes Anti-Malware v1.x FAQ

Section A Common Issues, Questions, and their Solutions B - Command Line Support C - Error Codes D - Error Code 732 - Automatically Detect Settings in IE & Note for NetZero Users E - McAfee VirusScan Enterprise 8.x F - Trend Internet Security Pro...

Example for anti-virus exclusions above.

Exclude Sophos and Malwarebytes from each other, and Malwarebytes also suggests firewall exclusions.

Contact support for both vendors if you have further problems after adding exclusions in both for the other.

Since you say it happened after installing Malwarebytes, it’s probably a conflict between their active scanners loading at startup. You can always just disable Malwarebytes active scanner on a test computer at startup and check the difference in boot times, or remote it and clock it.

John5152 · 2014-12-01T11:10:30.000Z

Try unplugging the machine from the network and see if it logs in quicker. If it does check that MalwareBytes isn’t trying to scan the network shares or that there isn’t a login script that’s getting blocked.

kevinsatterfield3368 · 2014-12-01T14:51:04.000Z

Boot to Safe Mode, uninstall Malwarebytes. Multiple times I have experienced that the newest software affects the firewall. I have even run into disabling the Windows Firewall and that worked. Multiple virus tools on machine at same time can have hindering effects. Not all the time but many times I have seen that. MWB works in Safe mode allowing the cleaning of systems and then uninstall and reboot.

What V_S wrote sounds like best way, but I have not ever had great results with more than one virus tool active. If it works fine that is within a week then I get sluggish results. I have used Panda, Sophos, MWB, Kapersky, Mcafee, Norton, etc. No matter what I do after more than 1 the system becomes sluggish or non responsive until disabling the firewall and or uninstalling the newest software or uninstalling the unwanted. We use Sophos and have limited problems as it has prevented many issues.

Dec 1, 2014 at 5:52 AM

VirtuallySurreal Tech Services is an IT service provider.

lendeamer7575 · 2014-12-01T15:01:34.000Z

As someone already mentioned, uninstall MalwareBytes and see if the problem persists.
Enable verbose logging. Enable verbose startup, shutdown, logon, and logoff status messages in Windows Server 2003 - Windows Server | Microsoft Learn I have this set throughout the domain. It’s nice to narrow down exactly where it’s hanging during logon. Apply computer settings, setting up desktop, folder redirection, etc…
Soluto may have added some cloud features, but it’s actually very good at telling you what’s going on during logon. It breaks down each service/process and tells you how long it took to complete. Very useful tool.

grahamcoterwas · 2014-12-01T17:49:06.000Z

I have had this issue with computers that have incorrect DNS info. Make sure the clients all are using the AD machine for DNS. If the DNS is correct I would see if the roaming profiles are large and taking too long to transfer to each client. This would only happen if you are actually using roaming profiles of course, and not just local profiles.

vicka · 2014-12-01T18:02:37.000Z

I think i may have solved my issue.

I took a machine that was experiencing this exact issue this morning and i set the DNS server settings to statically point to my 2 AD servers and the user was able to log in just fine. As far as my DHCP options for DNS goes, im assigning all PCs my primary DC as the primary DNS and i have a secondary DNS of 8.8.8.8 and a tertiary of 4.2.2.2. Im assuming that for whatever reason, the PCs that are having this issue are jumping over to use the secondary and maybe even tertiary DNS servers but since they are not AD DNS servers, the profile just hangs until it makes it round back to the primary DNS server.

This is the only logical explanation as to why they would hang such a long time, my PC at work has the same anti-malware software as the rest of the company and not once has my pc hung up when logging on, its very likely that its because of the fact that my DNS servers are set statically to point to the DCs.

This kind of behavior now makes me now wonder why they aren’t using the primary DNS server and jumping over to the second and third DNS servers…

DragonsRule · 2014-12-01T18:05:20.000Z

Why are you assigning external DNS entries to your workstations? They should all point to your internal DNS servers only. If you change your second entry from Google DNS to your AD server you should be fine.

vicka · 2014-12-01T18:13:39.000Z

I guess its sorta dumb for me to do that but i figured id have some sort of a backup in case the DCs went down. Id hate to get a thousand phone calls from everyone telling me the internet is down when its really just the DC or an internal DNS issue.

DragonsRule · 2014-12-01T18:16:38.000Z

Well, you’re seeing now why it’s not such a good idea. If you have more than one DC (and you should) it isn’t too likely that they’ll all go down at the same time, right? I suppose you could put the external in as a tertiary if you really want to, but due to AD/DNS internal issues it’s generally considered best practice to set the clients to only point to your internal servers.

legoman · 2014-12-02T01:09:44.000Z

The “why does Windows not always pick the primary DNS server” “fiasco” is coincidently being discussed in this other thread: DNS and small environments

…this “feature” has been the way it is for a long time.

…my take on it, if I’m not being obvious enough, is you should NEVER specify non-AD-integrated-DNS-servers on end-user devices - because of the chance they will pick another one (2nd, 3rd, 4th, etc.) and then not able to resolve any internal FQDN’s from that point on.

…and your internal DNS server(s) should ALWAYS be “given” to the client via DHCP or via Group Policy - setting the DNS server IPs statically can cause you problems if the end-user device visits other networks (especially wireless hotspots or public networks) and this can also be considered a security risk.

As an aside, mixing different DNS providers (8.8.8.8 vs. 4.4.4.2 vs. your ISP vs. something else) under the forwarders tab on your AD-integrated-DNS-server, I don’t like that either - sure, everyone thinks the more you add makes it “more fault tolerant” which I suppose is true, but your also introducing problems with geo-location and global server load balancing. For example 8.8.8.8 will usually be the best bet to accurately route your YouTube traffic to the nearest Google datacenter, making videos stream the fastest, but your ISP, or 4.4.4.2 (who is probably NOT your ISP BTW) won’t necessary make the best choice, and you can be directed to a geographically further datacenter, and thus adversely affect load times. I would test your upstream DNS server using GRC's | DNS Nameserver Performance Benchmark or Google Code Archive - Long-term storage for Google Code Project Hosting. and stick with whatever provider is fastest.

jamescallahan · 2014-12-02T02:43:13.000Z

I’d remove both antivirus and see if its fine… if so then put on just one of them and see if its ok… then remove and put the other on to see how it is… could be just one of the two causing the issue… generally never a best practice to have 2 antivirus programs running though malware bytes can sometimes be fine with AV.

strange that these could be causing DNS issues… or its a coincidence that your having DNS issues at the time of the installs.

da-schmoo · 2014-12-02T02:49:29.000Z

Slow logons on multiple domain machines is almost always a DNS issue.