So we have a branch office that is connected via 10Mb fiber to the main office. Logging on a Windows 7 (pro, 32 bit) domain pc is very slow. The first time it takes up to 7 minutes. After that, it takes ~2 minutes to login and ~3-5 minutes to log out.
I checked everything I could and saw nothing special:
- DNS settings
- Tracert to domain
- There are no extreme loads on the server during log in/out
- Downloading a file from the server to the local computer does not show low speeds (1.2MB/s) (or is that too slow?)
- Updated network driver
- GPO settings such as
- wait for network at startup and logon
- use a clean GPO (with no roaming profiles options set)
- set max wait time
- only allow local user profiles
- disabled Offline files on the roaming profile share
- disabled IPv6 on local PC
- disabled firewall on local PC
- disabled indexing services on local PC
- the computer does have a wallpaper (see http://support.microsoft.com/kb/977346)
The event log shows warnings with event ID 6005 and 6006:
The winlogon notification subscriber
took 284 second(s) to
handle the notification event (Logon)
So I did a boot logging as mentioned here and it showed a lot of NotifyChangeDirectory operations that took a long time.
I've run out of options. Is there anything else that might fix this?
Update
I think the problem is more bandwidth related. Copying a 100mb file from the server to the client takes about 3 minutes. Copying from a win 7 client in the main office to the client in the branch office takes 1.5 minutes. So there are most likely some performance issues with the win2003 server.
Update 1 year later
I've now disabled roaming profiles for these users. This has given a huge speed boost. This works for us since users have their own workstation.
Best Answer
A network packet capture at the client would probably help here. It would show you the total amount of data transferred during logon, and for sysvol/gpo operations, you could determine if the client is spending an unusual amount of time on a specific gpo(s).
After installing Microsoft Network Monitor 3.4, save the following to a cmd file, and run it as a scheduled task at system startup. That will create a capture file that you can analyze after the logon has completed.
Here are some registry settings that you can test on the client workstation to determine if they help:
More information:
319440 - Logon delays occur over a slow connection if opportunistic locking is not granted for the policy file in Windows
http://support.microsoft.com/kb/319440
http://blogs.technet.com/b/mrsnrub/archive/2009/09/03/windows-server-2003-x86-tuning-for-performance-based-on-role.aspx
Microsoft Network Monitor 3.4 Open Source Windows Parsers 3.4.2654
http://nmparsers.codeplex.com/
After downloading and installing the Windows Parsers, in Network Monitor, under Tools > Options > Parser Profiles, select Windows, and click Set As Active.
When viewing the capture, in the Frame Summary window, the SMB/SMB2 protocol packets will display the UNC path to the location where the Group Policies are being read. You can further refine the display by applying a filter such as
SMB2 && tcp.DstPort == 445
(or SMB if SMB2 is not being used). This should provide a fairly concise display of the GPO processing.