Just before Christmas holidays, we started receiving calls about sporadic slow logins in our schools. Now slow logins can be a real pain to troubleshoot and somewhat difficult to replicate the issues. We also noticed it was only student logins with the issue. Staff and admin logins were not affected.
We headed to one of the elementary schools and started investigating. I used wire shark to sniff the port of the computer we were testing with and I used the Sysinternal tools. We were able to replicate a slow login and started using gpupdate /force. If it updated with one specific DC, it would take somewhere in the neighbourhood of 10 minutes to update. It would take 45 seconds against the rest of the domain controllers. I also noticed the workstation was receiving the policy file 2 bytes at a time.
This was odd, so we decided to vMotion the virtual machine which is the DC to a different host. This fixed the issue and the updates were about 45 seconds now. So wanting to know if the problem was a host problem, we moved the virtual machine back to the original host and it still worked keeping our logins at 45 seconds. Not entirely sure what was happening but happy to have fixed the problem, we headed back to the office.
We checked in with Tier 1 support and let them know we solved it, not certain it would be a long term fix and wanted to made aware of any further calls.
The next day the calls were back. So I used the IT techs favourite troubleshooting tool.
I found this KB article. http://support.microsoft.com/kb/319440. The machines that were affected were for sure Windows XP machines. I can’t remember now if we saw this behaviour on our Windows 7 computers. But at that point, we had just began our 11,000 seat Windows 7 deployment.
I added the entry I typed up here to the Group Policy preference to the GPO that was applied against the computers being affected.
Registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Entry: BufferPolicyReads
Type: DWORD
Value: 1
Once this change was made, we update Group Policy and then headed to a school. It also had the benefit that good gpupdates went from 45 seconds to 15 seconds.