Pular para o conteúdo principal

Use Windows 7 Event Viewer to track down issues that cause slower boot times

Use Windows 7 Event Viewer to track down issues that cause slower boot times: "

In last week’s blog, Better troubleshooting capabilities with Windows 7 Event Viewer, I introduced you to some of the new features in Microsoft Windows 7’s Event Viewer and told you that these new features make the new tool far superior to its XP predecessor. As I mentioned, in addition to the new interface, Microsoft designed Windows 7’s Event Viewer to provide you with more meaningful, actionable, and well-documented events in order to provide better information for troubleshooting. Recently, I had that opportunity to put Windows 7’s Event Viewer to the test.


A friend mentioned that his one year old Windows 7 system was taking much longer to boot than it used to. I explained to him that Microsoft had done a lot of work to make Windows 7 boot up much faster than previous versions of the operating system but that slightly slower boot times were inevitable. As you add more applications and utilities, it will of course take a bit longer to boot up the system.


While my friend agreed with that statement, he was adamant that his system was taking much longer to boot up than was acceptable - he estimated that on a regular basis it was taking close to two minutes to boot up! While that might have been more common during the Windows 2000 or XP eras, I agreed that what he was enduring was probably longer than it should have been. (Keep in mind that there are hundreds of variables that can come into play that effect boot time, such as processor speed, memory speed, hard disk speed, as well as the types of applications and drivers that run during startup.)


I arranged to come over to his place and help him to troubleshoot and fix his slow booting Windows 7 system. As it turned out, it was a pretty simple procedure and we had his system booting up much quicker in no time at all. All I had to do was delve into Windows 7’s Event Viewer, tap into the correct log, create a Custom View to ferret out the correct Event IDs, and the problem and solution became readily apparent.


In this edition of the Windows Desktop Report, I’ll show you how to use some of the new features in Windows 7’s Event Viewer to investigate the boot time and track down issues that can cause a slowdown in the boot process.


This blog post is also available in the PDF format in a TechRepublic Download.


Overview


Windows 7’s Event Viewer includes a new category of event logs called Applications and Services Logs, which includes a whole host of subcategories that track key elements of the operating system. The majority of these subcategories contain an event log type called Operational that is designed to track events that can be used for analyzing and diagnosing problems. (Other event log types that can be found in these subcategories are Admin, Analytic, and Debug; however, describing them is beyond the scope of this article.)


Now, within the operating system section is a subcategory titled Diagnostic-Performance with an Operational log that contains a set of a Task Category called Boot Performance Monitoring. The Event IDs in this category are 100 through 110. By investigating all the Event ID 100 events you will be able to find out exactly how long it took to boot up your system every time since the day that you installed Windows 7. By investigating all the Event ID 101 thru 110 events you will be able to identify all instances where boot time slowed down.


Getting started


You can find and launch Event Viewer by opening the Control Panel, accessing the System and Security category, selecting the Administrative Tools item, and double-clicking the Event Viewer icon. However, you can also simply click the Start button, type Event in the Start Search box, and press Enter once Event Viewer appears and the top of the results display.


Creating a Custom View


Once you have Event Viewer up and running you can of course drill down through the Applications and Services Logs and locate the Diagnostic-Performance Operational log and begin manually looking through the events recorded in the log. However, you can save yourself time and energy by taking advantage of the new Custom View feature, which is essentially a filter that you can create and save.


To do so, pull down the Action menu and select the Create Custom View command. When you see the Create Custom View dialog box, leave the Logged option set at the default value of Any time and select all of the Event level check boxes. Next, select the By log option button, if it is not already selected, and click the drop down arrow. Then, drill down through the tree following the path: Applications and Services Logs | Microsoft | Windows | Diagnostics-Performance. When you open the Diagnostics-Performance branch, select the Operational check box, as shown in Figure A.


Figure A



When you get to the Diagnostics-Performance branch, select the Operational check box.

To continue, type 100 in the Includes/Excludes Event IDs box as shown in Figure B, and then click OK.


Figure B



Event ID 100 records how long it takes to boot up your system.

When you see the Save Filter to Custom View dialog box, enter a name, as shown in Figure C, and click OK.


Figure C



To save the filter as a Custom View, simply provide an appropriate name, such as Boot Time.

You’ll now repeat these steps and create another Custom View and this time, you’ll type 101-110 in the Includes/Excludes Event IDs box and name it Boot Degradation.


Investigating Boot Time


To investigate your Windows 7 system’s boot time, select Boot Time in the Custom Views tree and then sort the Date and Time column in ascending order. When you do, you’ll see a complete history of every time that you have booted your system since the day that you installed Windows 7. In Figure D, you can see that I have hidden the Console Tree and the Action Pane to focus on the events.


Figure D



By sorting the Date and Time column in ascending order, you’ll see a complete history of every time that you have booted your system since the day that you installed Windows 7.

As you can see, the first recorded Boot Time on my sample system was 67479 milliseconds in October of 2009. Dividing by 1000 tells me that it took around 67 seconds to boot up. Of course this was the first time and a lot was going on right after installation. For example, drivers were being installed, startup programs were being initialized, and the SuperFetch cache was being built. By December of 2009 the average boot time was around 37 seconds.


In any case, by using the Boot Time Custom View, you can scroll through every boot time recorded on your system. Of course, keep in mind that there will be normal occurrences that may lengthen the boot time, such as when updates, drivers, and software is installed.


Now, If you click the Details tab, you’ll see the entire boot process broken down in an incredible amount of detail, as shown in Figure E. (You can find more information about the boot process in the Windows On/Off Transition Performance Analysis white paper.) However, for the purposes of tracking the boot time, we can focus on just three of the values listed on the Details tab.


Figure E



The Details tab contains an incredible amount of detail on the boot time.

MainPathBootTime


MainPathBootTime represents the amount of time that elapses between the time the animated Windows logo first appears on the screen and the time that the desktop appears. Keep in mind that even though the system is usable at this point, Windows is still working in the background loading low priority tasks.


BootPostBootTime


BootPostBootTime represents the amount of time that elapses between the time that the desktop appears and the time that you can actually begin using the system.


BootTime


Of course, Boot Time is the same value that on the General tab is called Boot Duration. This number is the sum of MainPathBootTime and BootPostBootTime. Something that I didn’t tell you before is that Microsoft indicates that your actual boot time is about 10 seconds less that the recorded BootTime. The reason is that it usually takes about 10 seconds for the system to reach an 80 percent idle measurement at which time the BootPostBootTime measurement is recorded.


Investigating Boot Degradation


To investigate instances that cause Windows 7 system’s boot time to slow down, select Boot Degradation in the Custom Views tree and then sort Event ID column in ascending order. Each Event ID, 101 through 110, represents different type of situation that causes degradation of the boot time.


While there are ten different Event IDs here, not all of them occur on all systems and under all circumstances. As such, I’ll focus on the most common ones that I have encountered and explain some possible solutions.


Event ID 101


Event ID 101 indicates that an application took longer than usual to start up. This is typically the result of an update of some sort. As you can see in Figure F, the AVG Resident Shield Service took longer than usual to start up right after and update to the virus database. If you look at the details, you can see that it took about 15 seconds for the application to load (Total Time) and that is about 9 seconds longer than it normally takes (Degradation Time).


Figure F



Event ID 101 indicates that an application took longer than usual to start up.

An occasional degradation is pretty normal; however, if you find that a particular application is being reported on a regular basis or has a large degradation time; chances are that there is a problem of some sort. As such, you may want to look for an updated version, uninstall and reinstall the application, uninstall and stop using the application, or maybe find an alternative.


(In the case of my friend’s Windows 7 system, there were several applications that were identified by Event ID 101 as the cause of his system slowdown. Uninstalling them was the solution and he is currently seeking alternatives.)


Event ID 102


Event ID 102 indicates that a driver took longer to initialize. Again, this could be the result of an update. However, if it occurs regularly for a certain driver or has a large degradation time, you should definitely look into a newer version of the driver. If a new version is not available, you should uninstall and reinstall the driver.


Event ID 103


Event ID 103 indicates that a service took longer than expected to start up, as shown in Figure G.


Figure G



Event ID 103 indicates that a service took longer than expected to start up.

Services can occasionally take longer to start up, but shouldn’t do so on a regular basis. If you encounter a service that is regularly having problems, you can go to the Services tool and experiment with changing the Startup type to Automatic (Delayed Start) or Manual.


Event ID 106


Event ID 106 indicates that a background optimization operation took longer to complete. On all of the Windows 7 systems that I investigated, this event identified the BackgroundPrefetchTime as the culprit, as shown in Figure H. Since the Prefetch cache is a work in progress, this should not really represent a problem.


Figure H



Event ID 106 indicates that a background optimization operation took longer to complete.

If you encounter regular or long degradation times related to Prefetch, you may want to investigate clearing this cache and allowing the operating system to rebuild it from scratch. However bear in mind that doing so can be tricky and instructions on doing so are beyond the scope of this article.


Event ID 109


Event ID 109 indicates that a device too longer to initialize. Again, if this is happening occasionally, there shouldn’t be anything to worry about. But if it is occurring regularly, you should make sure that you regularly backup your hard disk and begin investigating replacing the device in question.


What’s your take?


In addition to providing improved performance and a new user interface, Windows 7’s Event Viewer provides you with the ability to investigate boot time and problems that cause boot degradation. Have you used Windows 7’s Event Viewer to investigate boot problems? Have you encountered other Event IDs in the 101 to 110 range that I didn’t describe? If so, what were they? As always, if you have comments or information to share about this topic, please take a moment to drop by the TechRepublic Community Forums and let us hear from you.


Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic’s Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!





"

Comentários

Postagens mais visitadas deste blog

Favigen, Favicon Generator

Favigen, Favicon Generator : " Favicons are small icons that help identify websites. They are used as a visual representation of a website both in the web browser and at many online services. The three most prominent locations of favicons are the browser’s address bar, the tabbar and the bookmarks folder. Many webmasters like to create custom favicons to add that custom identifier to their website. Favicons can be created in many image and icon editors, but also online. Favigen is a straightforward favicon generator that can turn an image into a favicon. All that it takes is to pick an image from the local hard drive first, select the dimensions of the favicon and click the submit button to make the service generate the favicon. Favigen supports several image formats, including jpg and png, and it does not seem to have size restrictions either. Available image dimensions range are 16×16, 32×32 and 64×64. The generated favicon is displayed directly on the page. A click on do...

A simple rsync script to back up your home directory

A simple rsync script to back up your home directory : " Backing up important data is obviously something we should all do. Unfortunately, it is not always easy to make it happen. We get lazy; we do not have the additional hardware for a backup server; it takes a long time and a lot of CDs to back up to optical media; we do not trust online backup services; backup schemes are difficult to set up and use — any of dozens of reasons can stand in our way. Still, we know we should be backing up our important data. Modern open source Unix-like operating systems offer a plethora of options for incredibly simple, effective backup schemes, however. If the problem is figuring out how to set one up, a simple rsync solution may be exactly what you need. The rsync utility is used to synchronize files between two systems. It does so by way of incremental copies, only copying from the source to the destination what has not already been copied there, saving time, network bandwidth, and syst...

Google Wave now open to the public: faster, Robots and Gadgets aplenty!

Google Wave now open to the public: faster, Robots and Gadgets aplenty! : " Filed under: Internet , Google If you somehow missed it, Google Wave is now a bonafide Labs project: rather than being an invite-only alpha, it's now a public beta test! If you don't already have an account, just head on over to Wave and use your regular Google login details. If you've not seen any of the Google Wave introductory videos , you should check them out -- they explain the whole thing a lot more succinctly than I ever could. Wave has also been enabled for Google Apps domains -- businesses could convert their internal communication to Waves today! Leading up to this public release there have a lot of changes. It's by no means finished, but Google Wave is now a lot faster . It's also more intuitive -- more useful -- and given the large number of Robots and Gadgets now reaching prime-time readiness, it feels like the mass adoption of Wave is imminent. Also, if you're an ol...