We had an interesting problem recently with a Windows 2003 server, the server had become unusable it took around 10 minutes to log on and when on the server it was extremely slow.
First thing we started to troubleshoot was the login issues, we did this by monitoring the USERENV.log on the machine and then trying to log on.
We spotted the below in the Log:
USERENV(8e8.1a7c) 13:09:08:801 LibMain: Process Name: ??C:WINDOWSsystem32winlogon.exe
USERENV(8e8.1a7c) 13:10:44:240 LoadUserProfile: Yes, we can impersonate the user. Running as self
As you can see in the above log the “C:WINDOWSsystem32winlogon.exe” process seems to hang for about 90 seconds doing nothing. So we had a research around this process and delays and we came across this article http://blogs.technet.com/b/instan/archive/2008/04/03/the-case-of-the-mysterious-2-minute-logon-delay.aspx
That article was actually relating to Citrix, but we thought we would check what network providers that are part of WinLogon , by looking at the below registry keys
On the effected server the registry key was set to “RDPNP, LanmanWorkstation,WebClient,Nfsnp”
We compared this to a working server which was set to “RDPNP, LanmanWorkstation,WebClient”
So we spotted a network provide called NFSNP , we found out this was in fact the “Client for NFS” service.
As part of troubleshooting we stopped this service and instantly performance had increased on the box and the server was responding as expected. We then tested logging on and the delay had disappeared J
So now we had narrowed what the issue was. (Client for NFS description “With Client for NFS, you can access files in a mixed environment of computers, operating systems, and networks.”
We then opened up “Windows Services for UNIX” mmc, we then went to the settings tab and we spotted the User Name Mapping Server, we then spoke to the customer and found out this server no longer existed J
We then removed the server and the problem disappeared !!!