Server 2012 R2 Logon Times

Adam b 1 Reputation point
2021-03-01T22:02:33.737+00:00

I have been having issues for the last few months with logon times in one datacenter. I have tried pretty much every RDP/Logon slow posting I could find but nothing is resolving it. Some bullet points below:

  • Has been occurring since late last year.
  • RDP to member servers is slow, to domain controllers are not having the issue.
  • Environment is fully patched. ( I even tried backing out all updates through Dec 2020 with no difference. )
  • Networking / DNS is good all domain tests come back PASS and local DNS has no errors.
  • Slow RDP logon occurs once every few hours based on usage of the server. So if I login slow and then logoff and right back on it is fine.
  • GPO seems to be processing fine in a gpresult

Found indicators of the slow logon. ( See timestamps ) 

GPSVC(3c4.1220) 16:13:48:104 GPOThread(Machine)
GPSVC(3c4.1220) 16:13:48:104 GPOThread: registering for NLA when GPService is running
GPSVC(3c4.1220) 16:13:48:104 GPOThread(Machine): dwOffset=780000., dwTimeout=6180000.
GPSVC(3c4.1220) 16:13:48:104 RecentlyResumed: dwNow=31843. dwSinceResume=31843. recentlyResumed=0.
GPSVC(3c4.1220) 16:13:48:104 GPOThread(Machine): Waiting 6180000.
GPSVC(1594.1598) 16:14:27:427 CGPNotify::RegisterForNotification: Entering with target Machine and event 0x224
GPSVC(1594.1598) 16:14:27:427 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(1594.1598) 16:14:27:427 CGPNotify::RegisterForNotification: Entering with target User and event 0x278
GPSVC(1594.1598) 16:14:27:427 CGPNotify::RegisterForNotification: Exiting with status = 0
GPSVC(3c4.7c4) 16:18:32:190 CGPEventSubSystem::GroupPolicyCreateSession::++ (SessionId: 2)
GPSVC(3c4.7c4) 16:18:32:190 CGPApplicationService::CreateSessionEvent::++ (SessionId: 2)
GPSVC(3c4.7c4) 16:18:32:190 CGPApplicationService::CheckAndCreateCriticalPolicySection.
GPSVC(3c4.7c4) 16:18:32:190 User SID = MACHINE SID

Does anyone have any ideas?

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,734 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,833 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,233 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fan Fan 15,291 Reputation points Microsoft Vendor
    2021-03-02T00:56:55.107+00:00
    0 comments
  2. Adam b 1 Reputation point
    2021-03-02T03:27:23.52+00:00

    None of this seems to work in my situation.

    • Network topology - All server are on same esxi host on single local subnet.
    • Active Directory topology - Simple, no real special configuration. Have about 8 group policies hitting systems which include STIGs and firewall settings. Nothing changed recently.
    • User and computer group membership - Nothing special here either. Simple admin group assigned to each server for user permissions.
    • Operating System and service pack level - All servers are running on Server 2012 R2 fully updated directly from Microsoft update.
    • Installed Applications - I have thought of this and actually disabled all applications before a reboot.
    • Network bandwidth - It is all 10gbe networking and not having issues.
    • NIC driver - Has the latest vmware tools installed which includes the NIC drivers.
    • UserENV - This is all local no roaming profiles.
    • Network traces - Have performed numerous checks to domain controller for communication pathways. No latency or loss of data.
    • Group Policy information - Same as above about 8 GPOs per system with nothing that has changed within the last 6 months. Processing of gpresult shows all GPOs process within 4 - 5 seconds.

    Delay on RDP login has been up to 15 minutes with an average around 5 - 6 minutes of just a black screen.

    NLA is enabled so the delay is after domain authentication. No failed logins are found in Security log.

    Many of the tools on there are for Windows 7 and server 2008, either way these of government systems and I can not install additional tooling like that.

    The issue seems to be related just to RDP, local login via the VMware console works fine. I can even login to the VMware console and cache my profile that minute then try to login to RDP while still in the console and it takes forever. So it seems to be directly related to RDP in some way. Event viewer has no errors which would indicate an issue.

    I am at a loss, any other ideas?