Terminal Server Login Times

[Guest John R]

Hello all.

 

Hopefully, someone here can answer my question.

 

I am having issues with extreamly long log in times on terminal servers

(2003). I am being told that sometimes (not always) it takes almost 10

minutes to get to a desktop. Our customers access a cluster of terminal

servers. For example, one particular customer has 22 terminal servers in a

cluster that only they access. I enabled the USERENV logging. I have

verified that subnets are defined in Active Directory Sites, and that local

domain controllers are being accessed. I can explain some of the delays

such as when a new profile needs to be created, etc. However, there are

certain places I do not understand (simply to my lack of experience in this

area).

 

Below is a snipit from the USERENV.LOG file on one of our terminal servers.

 

USERENV(13f4.13f0) 21:26:10:044 LibMain: Process Name:

C:\WINDOWS\system32\shmgrate.exe

USERENV(13f4.13f0) 21:26:15:655 GetProfileType: Profile already loaded.

USERENV(13f4.13f0) 21:26:15:668 GetProfileType: ProfileFlags is 0

USERENV(1520.151c) 21:26:16:584 LibMain: Process Name:

C:\WINDOWS\system32\regsvr32.exe

USERENV(1520.151c) 21:26:16:584 GetProfileType: Profile already loaded.

USERENV(1520.151c) 21:26:16:584 GetProfileType: ProfileFlags is 0

USERENV(10c0.13a4) 21:27:57:887 GetProfileType: Profile already loaded.

USERENV(10c0.13a4) 21:27:57:900 GetProfileType: ProfileFlags is 0

USERENV(10c0.13a4) 21:27:57:900 GetProfileType: Profile already loaded.

USERENV(10c0.13a4) 21:27:57:913 GetProfileType: ProfileFlags is 0

 

You can see that at 21:26:16:584 to 21:27:57:887, there is a 101 second

delay. To my knowledge, I was the only person logging on or using the TS at

this time.

 

One of my questions is with the two numers after USERENV, for example

(10c0.13a4). I assume this is a process number of some sort? Is there a

way to tie this number to a process after the logon has completed?

 

Another question is that the 'Profile already loaded' messages appear

probably 30 times for a single logon. Is this normal? Does this point to a

problem that I can actually do anything about?

 

And, of course, is there a way I can snoop further into this particular 101

second delay? Can someone point me to some debugging methods that if I

reproduce this I can get more information?

 

Thank you in advance for your time and attention.

 

John R

[Guest Vera Noest [MVP]]

Re: Terminal Server Login Times

 

From:

Interpreting Userenv log files

http://technet2.microsoft.com/WindowsServer/en/Library/ccd7b430-

99a5-40fd-b68a-6c1979e565a21033.mspx

 

LibMain: Process Name: %s"

This is an informational message. This message appears in the

userenv.log when an application loads Userenv.dll within its space.

Userenv has many exported functions that deal with loading and

unloading the user’s profile. Therefore, many application need to

go through Userenv to get the profile of the currently logged on

user for application specific settings. This message indicates

which application is loading an instance of Userenv.dll.

 

Your first line:

> USERENV(13f4.13f0) 21:26:10:044 LibMain: Process Name:

> C:\WINDOWS\system32\shmgrate.exe

 

means that shmgrate.exe is loading userenv.dll.

 

shmgrate.exe is the User Data Migration Tool. Are you aware that

you are running this? A search for shmgrate.exe on Google shows a

lot of links which report this application as a target for a

trojan.

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"John R" <jsr^^^813@zoom^^^internet.net> wrote on 23 apr 2008 in

microsoft.public.windows.terminal_services:

> Hello all.

>

> Hopefully, someone here can answer my question.

>

> I am having issues with extreamly long log in times on terminal

> servers (2003). I am being told that sometimes (not always) it

> takes almost 10 minutes to get to a desktop. Our customers

> access a cluster of terminal servers. For example, one

> particular customer has 22 terminal servers in a cluster that

> only they access. I enabled the USERENV logging. I have

> verified that subnets are defined in Active Directory Sites, and

> that local domain controllers are being accessed. I can explain

> some of the delays such as when a new profile needs to be

> created, etc. However, there are certain places I do not

> understand (simply to my lack of experience in this area).

>

> Below is a snipit from the USERENV.LOG file on one of our

> terminal servers.

>

> USERENV(13f4.13f0) 21:26:10:044 LibMain: Process Name:

> C:\WINDOWS\system32\shmgrate.exe

> USERENV(13f4.13f0) 21:26:15:655 GetProfileType: Profile already

> loaded. USERENV(13f4.13f0) 21:26:15:668 GetProfileType:

> ProfileFlags is 0 USERENV(1520.151c) 21:26:16:584 LibMain:

> Process Name: C:\WINDOWS\system32\regsvr32.exe

> USERENV(1520.151c) 21:26:16:584 GetProfileType: Profile already

> loaded. USERENV(1520.151c) 21:26:16:584 GetProfileType:

> ProfileFlags is 0 USERENV(10c0.13a4) 21:27:57:887

> GetProfileType: Profile already loaded. USERENV(10c0.13a4)

> 21:27:57:900 GetProfileType: ProfileFlags is 0

> USERENV(10c0.13a4) 21:27:57:900 GetProfileType: Profile already

> loaded. USERENV(10c0.13a4) 21:27:57:913 GetProfileType:

> ProfileFlags is 0

>

> You can see that at 21:26:16:584 to 21:27:57:887, there is a 101

> second delay. To my knowledge, I was the only person logging on

> or using the TS at this time.

>

> One of my questions is with the two numers after USERENV, for

> example (10c0.13a4). I assume this is a process number of some

> sort? Is there a way to tie this number to a process after the

> logon has completed?

>

> Another question is that the 'Profile already loaded' messages

> appear probably 30 times for a single logon. Is this normal?

> Does this point to a problem that I can actually do anything

> about?

>

> And, of course, is there a way I can snoop further into this

> particular 101 second delay? Can someone point me to some

> debugging methods that if I reproduce this I can get more

> information?

>

> Thank you in advance for your time and attention.

>

> John R

[Guest John R]

Re: Terminal Server Login Times

 

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9A89DD4577A77veranoesthemutforsse@207.46.248.16...

> Your first line:

>> USERENV(13f4.13f0) 21:26:10:044 LibMain: Process Name:

>> C:\WINDOWS\system32\shmgrate.exe

>

> means that shmgrate.exe is loading userenv.dll.

>

> shmgrate.exe is the User Data Migration Tool. Are you aware that

> you are running this? A search for shmgrate.exe on Google shows a

> lot of links which report this application as a target for a

> trojan.

 

First, thank you very much for the link to the technet article. I don't

know why I wasn't able to find that on my own.

 

The shmgrate.exe in c:\windows\system32 matches the one in the

c:\windows\servicepackfiles\i386 folder for date and time and size, and

appears to be legit. There are no other copies of it anywhere on the

system. I don't see it in the system configuration utility anywhere. I do

find it in HKLM\SOFTWARE\Clients\Mail\Outlook Express\InstallInfo under the

HideIconsCommand with the value "%SystemRoot%\system32\shmgrate.exe

OCInstallHideOE". It is not a running process after the session log in is

complete. I am pretty sure that it is not part of the w32.gaster malware.

 

Well, I am off to read the technet article now and see if I can make any

more sense of this.

 

If anyone else has anything to contribute, I'd appreciate it very much.

 

John R

[Guest John R]

Re: Terminal Server Login Times

 

 

"John R" <jsr^^^813@zoom^^^internet.net> wrote in message

news:Our3D8UpIHA.4112@TK2MSFTNGP03.phx.gbl...

> Hello all.

>

> Hopefully, someone here can answer my question.

>

> I am having issues with extreamly long log in times on terminal servers

> (2003). I am being told that sometimes (not always) it takes almost 10

 

Some progress. We have completely uninstalled Outlook Express on the

terminal servers which has reduced our login times significantly. Not all

the problem, but it looks like a big part.

 

John R