I wouldn't normally ask this, but I'm kind of at my wits' end. Is there anyone out there who could maybe have a look at a Process Monitor logfile and tell me if they can see any kind of "smoking gun" in there?
The situation is this - we have 2008 R2 Terminal Servers that occasionally will start treading water, resulting in horrendous logon times for users. We've tried disabling just about everything, GPOs, AppSense, EdgeSight, SCOM, antivirus, we have patched them to the hilt with every hotfix we can find for every piece of software, run countless monitors and logs, sent details to various support teams, even had a Citrix consultant on site to offer his opinion, yet still the problem exists. We have carefully monitored the apps in use on the problem systems (which seem to be completely random) and can find no correlation between application usage and the occurrence of this issue. The servers have been monitored by several different tools, native and otherwise, and do not red-line in any way apart from occasional spikes of memory usage and page faults, but nothing happens that seems to justify the terrible performance slowdown that occurs. The servers are physical Compaq DL360 G6 systems with 16GB of RAM and 16 CPUs. Luckily I managed to capture a ProcMon log the last time this problem happened (usually running it causes the server to come to a complete halt, more or less). Rather interestingly, when the logon completed, the ProcMon log was actually running two minutes behind "real-time" - it took two minutes to catch up with what was actually happening "live" on the server! I've had a good hunt through this, but I'm more used to looking for application issues than trying to troubleshoot a logon with ProcMon, and I simply don't know what to look for to try and identify the causes of the slowdown. Microsoft's removal of the user environment debug logging in 2008 and up is a real pain, as it was (fairly) straightforward to troubleshoot the logon process previously. I am fairly sure that the problem is something intrinsic to the system - i.e. not caused by a third-party piece of software. I'm on the verge of recommending that the whole server farm is ripped and replaced but I want to make sure I've covered all my bases before I go down that route. If anyone can help with this, please ping me offline and I'll gladly provide access to the (monstrously large, given that the logon I was monitoring took six minutes) log file. Or if anyone has any pointers that they think might help with the performance, I'll also gladly take them on board. TIA, JRR -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
