A slow starting machine is always frustrating, thankfully Windows 7 includes fairly comprehensive troubleshooting logs in the event viewer to enable us to identify and eliminate anything which may be causing undesirable boot times.
The easiest way to use these tools is to set up custom views with event viewer on the computer in question. Open event viewer and then select "Create custom view" from the Action menu. The log that we are looking for is located under Applications and Services Logs - Microsoft - Windows - Diagnostics - Performance - Operational, and the important event IDs for start up are 100 and 101-110.
The first custom view is to monitor the boot time, and looks exclusively at event 100. This event is created every time the system boots up, and tells us how long the boot process took. Save this custom view as "boot up time" or similar, and then create another custom view which is exactly the same but looks at events 101-110. These are the more specific start up times of applications, services, drivers, etc. Save this as boot time degradation or something similar.
Once we have these logs, it is easy to identify when the boot up problem started using the "boot up time" log. This contains 3 important fields to look at -
- The BootTime field represents the total time (ms) for the system to boot up. This will of course vary based on newly installed software, and updates. This is the sum of the following 2 valuies
- The MainPathBootTime is the time (ms) from when the Windows logo appears on screen until the log on prompt is presented. This will normally be the time which increases if there are Windows updates, or new drivers installed.
- The BootPostBootTime is the time (ms) from log on until the system is usable (I believe this is defined as above 80% CPU in the system idle process). This will show if there are problem applications which take up time on entering Windows.
Once a time frame has been identified, we can then look at the boot time degradation log in order to break down the cause of the problems. These are the event IDs which may be causing the problem.
Event 101, is for application degradation. This event shows the total time and the degradation time for applications which run at boot up. The total time is the time that application took to start on the specific boot in question. The degradation time is how much longer this is than the usual time for this application. In the example, we can see that explorer took about 13.5 seconds to start, and that this is about 6 seconds longer than usual. It should be fairly obvious in extreme cases, which application is taking a long time to start up. Once identifying a problem application, it may be worth updating or reinstalling the application, or even removing the application if it is not essential.
Events 102 and 103 are for drivers and services respectively. Again, if a driver is taking a while to start, it could be worth updating. If a service is causing the problem, then the service in question can be set to either a delayed or a manual start.
Events 107 and 108 are related to group policy (computer, and user policy respectively). These should not cause any problems.
Event 109 is related to devices. If a device is taking longer than usual to initialize, it might be worth replacing the device, particularly in the case of hard drives where data could be lost in the event of a device failure.
Hopefully this guide will be helpful to identify potential solutions to poor performance in Windows 7 systems.
No comments:
Post a Comment