A few days ago, I noticed that some of my servers have become really slow. The login process would take close to 5 or 6 minutes just to load user settings, and then navigating through Windows Explorer was agonizingly slow.
I couldn’t figure out what was going on. Since it was happening on multiple servers, and they were production servers, my choices were simple: fix the problem. Rebuilding was out of the question.
In order to troubleshoot this problem, I had to find a way to figure out how to see what is going on behind the scenes. There are some utilities like procmon that would help with the issue, however, even those tools make it a bit hard to decipher what’s happening in the background.
The best tweak that I found for this kind of problem, is to enable the User Environment Logging. This is built in Windows logging, that essentially logs any event that is related to the user environment. so, I enabled that. Here’s how I did it:
- Click Start
- Click Run
- Type: regedit
- Click OK
- Open or browser down to the following location in the registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
- Right click in the right hand pane
- Select New > DWORD value
- Set the DWORD name to UserEnvDebugLevel
- Double-click the UserEnvDebugLevel value, set the data to: 0x00030002
After you add this value, Windows will create the following file:
Now, by logging out and back into Windows, a whole bunch of great information got logged into the userenv.log file.
In my case, the login was being slowed down quite a bit on the userinit.exe, and the explorer.exe. Of course, that didn’t really help me that much unfortunately, at least not by directly looking at that log, but, I knew that I had realtime scanning turned on on my Anti-Virus, so, I tried turning that off, and Bingo! the speed got restored back to normal. So now I have to figure out what I need to tweak in A/V to now allow explorer to be hung up like this.
One word of caution: since userenv.log logs pretty much every action on the computer related to files, it can become quite big. So, be sure to turn if off , by deleting that registry entry in step #5, or you will be dealing with a full hard drive in a couple of days.