- SmartDeploy: Rethinking software deployment to remote workers in times of a pandemic - Thu, Jul 30 2020
- Outlook attachments now blocked in Office 365 - Tue, Nov 19 2019
- PolicyPak MDM Edition: Group Policy and more for BYOD - Tue, Oct 29 2019
Your Baseline Trace
On a clean machine that matches or closely matches your traditional hardware and image, install the Windows Performance Toolkit. Ensure that the machine has all applicable Windows Updates and reboot one final time. If you are using a VM, take a snapshot now. This machine will be used for our reference trace.
On this machine, open up regedit and configure an automatic logon. The user should be a local administrator of this machine. Just to refresh you, set (or create) these four keys:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
- AutoAdminLogon (REG_SZ) = 1
- DefaultUsername (REG_SZ) = Username
- DefaultPassword (REG_SZ)= Password
- DefaultDomainName (REG_SZ) = Domain Name
Reboot once to test the automatic logon. Next, launch the Windows Performance Recorder (WPR). Under Performance scenarios, select Reboot Cycle. Change the Number of iterations to 1. Then press start.
Creating our baseline trace
Next, enter in the save location for the general trace. To make life easier, I prefer to create a folder in C:\ named trace and to save the file there. I also like renaming the ETL file to a common name (like Restart or Baseline). Either way, be sure to type in a detailed description, such as Baseline Boot Trace. Hit Save and Ok. Your baseline machine will reboot once and will automatically login.
WPR will start and continue tracing for 2 minutes. This provides enough time for any delayed services to start, memory/CPU usage to level out, and disk utilization to steady.
By default, WPR records for 2 minutes after a reboot
Once finished, WPR will compress the trace into a single package and present any warnings or error messages it received. The only issue that I’ve ever had was running out of memory on a VM. Adding memory eliminated the error. As you can see in the picture below, our trace was successful!
Windows Performance Recorder
Back to your administrative machine
Although you can certainly load and analyze the trace from the baseline machine, using an administrative machine will make troubleshooting much easier. If you have multiple monitors, you will find comparing different traces (and the many graphs contained) simpler.
Launch the Windows Performance Analyzer (WPA). Open and browse to your saved trace file. Once loaded, expand the System Activity center. Double click on the Boot Phases graph to load it into the graph explorer (center window).
The Boot Phases Graph
If you are anything like me, this simple graph is really impressive! Right away, we can see some very useful data. Because this is a normal machine, we don’t have any glaring issues. The Post Boot phase is long but that is due to the two minute timer at the end of the trace. After that, the Winlogon phase is our second longest. To take a closer look on at the WinLogon phase, double click on the phase. Then right click and select Zoom.
Zooming to the Winlogon phase
Now that we are zoomed, let’s see what was running on our baseline trace. To do this, add the System\Activity Processes graph to the graph explorer pane.
A few of all processes running in the Winlogon phase
Again, this normal machine doesn’t have any problems. Still, it is good practice to note the services that are running in this stage and their running time. To see the running time, just hover over the color bar (in the center of the screen). A popup will show you the start, end, and duration of any process.
The duration popup for the wininit process
Finally, start playing around with the other graphs (especially the services and disk utilization graphs). The more familiar you are with a normal trace, the easier troubleshooting will be in the future! In our next post, we are going to troubleshooting a slow starting machine and compare it to our baseline trace.
Very interesting article, looking forward to the follow-ups!
For those interested in performance monitoring I recommend taking a look at our monitoring solution EventSentry (http://www.eventsentry.com, we have a free trial of course), which collects most relevant system metrics from the beginning. It makes it much easier to detect performance abnormalities and helps with capacity planning.
It doesn’t analyze the boot phase as outlined here, but since we collect performance data over long periods of time current performance data can easily be compared with historical data (which will serve as the baseline data).