Recently, I had an enterprise customer who was experiencing intermittent and random slow logins across the network by users with Windows XP workstations on a Windows 2003 network. The customer had been fighting this issue for over 2 years and had allocated plenty of different resources towards it throughout that time frame.
Upon first diagnosing the issue, corrupt profiles, corrupt group policy objects, or even network infrastructure all came to mind. The first course of action was to actually find a user who was experiencing the issue with some regularity and to enable verbose logging for the user environment during logon.
To enable verbose logging of the user environment, you have make a registry change.
Insert warning about editing the windows registry and the potential harm it can cause nonsense here
Create a DWORD entry UserEnvDebugLevel at
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon .
Set the value of UserEnvDebugLevel to 0x00000002 (hexidecimal)
For anyone who’s ever looked at a verbose log for the first time and tried to make sense of it, it might as well be written in ancient Sanskrit. Thankfully Microsoft’s Directory Services team has a great post about making sense of a verbose user environment log here: Understanding How to Read a Userenv Log
After reviewing the logs of a few login attempts, I ran across the infamous Failed to Impersonate User 5 error. This is a pretty common userenv error and can be extremely difficult to track down because it has so many causes. Possible causes are
- DNS Issues either with the DNS server itself or on the workstation (The most common culprit)
- Group policy issues with with permissions or file corruption
- Network communication between the workstation and active directory
- Flaky SPN for the computer
- Trust relationship between the computer and the domain
In the next part, I’ll go through the troubleshooting process.