Trace Windows 7 boot/shutdown/hibernate/standby/resume issues
This is an updated tutorial of the one cluberti posted here.
To get started you need the Windows Performance Tools Kit. Read here how to install it:
http://www.msfn.org/board/index.php?showtopic=146919
Now open a command prompt with admin rights and run the following commands:
For boot tracing: xbootmgr -trace boot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP
Attention: Some users reported that they get a bugcheck (BSOD) when using the DRIVERS flag in the boot trace command. If you get this, use system restore to go back to a working Windows and run the command without DRIVERS xbootmgr -trace boot -traceFlags BASE+CSWITCH+POWER -resultPath C:\TEMP Also change the name in the command to generate the XML.
I've send some dumps to Microsoft, they look at the issue right now.
For shutdown tracing:
xbootmgr -trace shutdown -noPrepReboot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP For Standby+Resume: xbootmgr -trace standby -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP For Hibernate+Resume: xbootmgr -trace hibernate -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP replace C:\TEMP with any temp directory on your machine as necessary to store the output files
All of these will shutdown, hibernate, or standby your box, and then reboot to finish tracing. Once Vista/Server 2008(R2) or Windows 7 does reboot, log back in as necessary and once the countdown timer finishes, you should now have some tracing files in C:\TEMP. If asked, upload or provide the file(s) generated in C:\TEMP (or the directory you chose) on a download share for analysis.
Analyses of the boot trace:
To start create a summary xml file, run this command (replace the name with the name of your etl file)
xperf /tti -i boot_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_boot.xml -a boot Now you see this picture.:
You have too look at the timing node. All time values are in ms.
The value timing bootDoneViaExplorer shows the time, Windows needs to boot to the desktop.
The value bootDoneViaPostBoot is the time (+10s idle detection) which Windows needs to boot completly after finishing all startup applications.
those values show you a summary.
The MainPathBoot Phase
PreSMSS Subphase
So if the time takes too long for you, look inside the <PNP> node which driver is loading too slowly.
SMSSInit Subphase
So if the SMSSInit Phase takes too long, try to get an graphic card driver update.
WinLogonInit Subphase
If you have too long WinLogonInit Time, open the etl file and scroll to the service graph and look for a long delay.
In this example the service SavService (Sophos Anti-Virus\SavService.exe) is part of the Plug and Play group and causes a delay because the service takes too long to start. Try to get an update for the hanging service or remove the software.
ExplorerInit Subphase
So if the ExplorerInit phase takes too long, make sure you minimize the services which use a lot of CPU power and make sure your AV Tool doesn't hurt too much. If it doesn't change the tool and try a different.
The PostBoot Phase
If post boot takes too long, reduce the number of running applications at startup with the help of msconfig.exe or AutoRuns.
When you have a HDD (no SSD!) and you want to speedup the boot, run the optimization from this guide:
http://www.msfn.org/board/index.php?showtopic=140262
Analyses of the shutdown trace:
The shutdown is divided into this 3 parts:
To generate an XML summary of shutdown, use the -a shutdown action with Xperf:
xperf /tti -i shutdown_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_shutdown.xml -a shutdown Open the XML and you see this:
It shows you the most relevant data.
<timing shutdownTime="23184" servicesShutdownDuration="1513"> The shutdownTime is in this example 23s. Stopping the services takes 1.5s which is fast.
Next you have an entry for all sessions. Starting with Vista, all services run in Session 0 (Session 0 Isolation) and each user gets his one Session (1,2,..,n).
sessionShutdown sessionID="1" duration="3321"> shows the time which it takes to stop all applications which the user is running. In this example it takes 3.3seconds.
UserSession Phase
sessionShutdown sessionID="0" duration="1513"> The value sessionShutdown sessionID="0" shows the servicesShutdownDuration. So you can see which service takes too long to stop.
SystemSession Phase
In both cases expand the node and look at the shutdownDuration value.
It helps you to identify a hanging application are service.
KernelShutdown Phase
To calculate the time spent in KernelShutdown, subtract the time that is required to shut down the system and user sessions from shutdownTime.
In my example:
KernelShutdown = 23184 - 3321 - 1513 = 18350
In this case the 18.35 seconds are very slow. In the <interval> you see an entry ZeroHiberFile which takes too long. In this expample the user enabled the Option ClearPageFileAtShutdown under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management to 1. This overrides the hiberbation file with 0 to delete personal data. This causes the huge slowdown. Setting this option to 0 would save 12.64 seconds of shutdown time.
That is all you need to analyze slow shutdown issues.
Analyses of the Hibernation trace::
To generate the XML, run this command:
xperf /tti -i hibernate_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_hibernation.xml -a suspend Analyses of the Sleep/Resume trace::
xperf /tti -i standby_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_sleep.xml -a suspend Open the XMLs and look for long BIOS init times and services/application which take very long to suspend and resume.
For deeper analysis refer to the Sleep and Hibernate Transitions part of theWindows On/Off Transition Performance Analysis Guide from Microsoft.
The pictures Shutdown_cancel.png, Shutdown_picture.png and Boot_MainPathBoot.png were taken from this Windows On/Off Transition Performance Analysis Guide. Read it if you need more information.
// Edit: 2010-11-28
Add the explanation of the boot process
// Edit: 2010-10-11
added the optimization guide
// Edit: 2010-10-09
If you get a BSOD (Bug Check 0x7E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED) while making traces, REMOVE ALL USB DEVICES and reboot! When making a new trace remove the DRIVERS flag from the command line!
// Edit: 2010-02-04
Added the -noPrepReboot command at shutdown tracing to prevent the preparatory reboot during a shutdown/rebootCycle trace. Usually, the reboot is required to ensure a consistent machine state before the first shutdown if multiple traces are being taken.
// Edit: 2010-05-08
Added the link to the Visual Studio 2010 Diagnostic Tool as alternative download to get the Windows Performance Toolkit Installers.
Added some pictures.
To get started you need the Windows Performance Tools Kit. Read here how to install it:
http://www.msfn.org/board/index.php?showtopic=146919
Now open a command prompt with admin rights and run the following commands:
For boot tracing: xbootmgr -trace boot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP
Attention: Some users reported that they get a bugcheck (BSOD) when using the DRIVERS flag in the boot trace command. If you get this, use system restore to go back to a working Windows and run the command without DRIVERS xbootmgr -trace boot -traceFlags BASE+CSWITCH+POWER -resultPath C:\TEMP Also change the name in the command to generate the XML.
I've send some dumps to Microsoft, they look at the issue right now.
For shutdown tracing:
xbootmgr -trace shutdown -noPrepReboot -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP For Standby+Resume: xbootmgr -trace standby -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP For Hibernate+Resume: xbootmgr -trace hibernate -traceFlags BASE+CSWITCH+DRIVERS+POWER -resultPath C:\TEMP replace C:\TEMP with any temp directory on your machine as necessary to store the output files
All of these will shutdown, hibernate, or standby your box, and then reboot to finish tracing. Once Vista/Server 2008(R2) or Windows 7 does reboot, log back in as necessary and once the countdown timer finishes, you should now have some tracing files in C:\TEMP. If asked, upload or provide the file(s) generated in C:\TEMP (or the directory you chose) on a download share for analysis.
Analyses of the boot trace:
To start create a summary xml file, run this command (replace the name with the name of your etl file)
xperf /tti -i boot_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_boot.xml -a boot Now you see this picture.:
You have too look at the timing node. All time values are in ms.
The value timing bootDoneViaExplorer shows the time, Windows needs to boot to the desktop.
The value bootDoneViaPostBoot is the time (+10s idle detection) which Windows needs to boot completly after finishing all startup applications.
those values show you a summary.
The MainPathBoot Phase
PreSMSS Subphase
So if the time takes too long for you, look inside the <PNP> node which driver is loading too slowly.
SMSSInit Subphase
So if the SMSSInit Phase takes too long, try to get an graphic card driver update.
WinLogonInit Subphase
If you have too long WinLogonInit Time, open the etl file and scroll to the service graph and look for a long delay.
In this example the service SavService (Sophos Anti-Virus\SavService.exe) is part of the Plug and Play group and causes a delay because the service takes too long to start. Try to get an update for the hanging service or remove the software.
ExplorerInit Subphase
So if the ExplorerInit phase takes too long, make sure you minimize the services which use a lot of CPU power and make sure your AV Tool doesn't hurt too much. If it doesn't change the tool and try a different.
The PostBoot Phase
If post boot takes too long, reduce the number of running applications at startup with the help of msconfig.exe or AutoRuns.
When you have a HDD (no SSD!) and you want to speedup the boot, run the optimization from this guide:
http://www.msfn.org/board/index.php?showtopic=140262
Analyses of the shutdown trace:
The shutdown is divided into this 3 parts:
To generate an XML summary of shutdown, use the -a shutdown action with Xperf:
xperf /tti -i shutdown_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_shutdown.xml -a shutdown Open the XML and you see this:
It shows you the most relevant data.
<timing shutdownTime="23184" servicesShutdownDuration="1513"> The shutdownTime is in this example 23s. Stopping the services takes 1.5s which is fast.
Next you have an entry for all sessions. Starting with Vista, all services run in Session 0 (Session 0 Isolation) and each user gets his one Session (1,2,..,n).
sessionShutdown sessionID="1" duration="3321"> shows the time which it takes to stop all applications which the user is running. In this example it takes 3.3seconds.
UserSession Phase
sessionShutdown sessionID="0" duration="1513"> The value sessionShutdown sessionID="0" shows the servicesShutdownDuration. So you can see which service takes too long to stop.
SystemSession Phase
In both cases expand the node and look at the shutdownDuration value.
It helps you to identify a hanging application are service.
KernelShutdown Phase
To calculate the time spent in KernelShutdown, subtract the time that is required to shut down the system and user sessions from shutdownTime.
In my example:
KernelShutdown = 23184 - 3321 - 1513 = 18350
In this case the 18.35 seconds are very slow. In the <interval> you see an entry ZeroHiberFile which takes too long. In this expample the user enabled the Option ClearPageFileAtShutdown under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management to 1. This overrides the hiberbation file with 0 to delete personal data. This causes the huge slowdown. Setting this option to 0 would save 12.64 seconds of shutdown time.
That is all you need to analyze slow shutdown issues.
Analyses of the Hibernation trace::
To generate the XML, run this command:
xperf /tti -i hibernate_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_hibernation.xml -a suspend Analyses of the Sleep/Resume trace::
xperf /tti -i standby_BASE+CSWITCH+DRIVERS+POWER_1.etl -o summary_sleep.xml -a suspend Open the XMLs and look for long BIOS init times and services/application which take very long to suspend and resume.
For deeper analysis refer to the Sleep and Hibernate Transitions part of theWindows On/Off Transition Performance Analysis Guide from Microsoft.
The pictures Shutdown_cancel.png, Shutdown_picture.png and Boot_MainPathBoot.png were taken from this Windows On/Off Transition Performance Analysis Guide. Read it if you need more information.
// Edit: 2010-11-28
Add the explanation of the boot process
// Edit: 2010-10-11
added the optimization guide
// Edit: 2010-10-09
If you get a BSOD (Bug Check 0x7E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED) while making traces, REMOVE ALL USB DEVICES and reboot! When making a new trace remove the DRIVERS flag from the command line!
// Edit: 2010-02-04
Added the -noPrepReboot command at shutdown tracing to prevent the preparatory reboot during a shutdown/rebootCycle trace. Usually, the reboot is required to ensure a consistent machine state before the first shutdown if multiple traces are being taken.
// Edit: 2010-05-08
Added the link to the Visual Studio 2010 Diagnostic Tool as alternative download to get the Windows Performance Toolkit Installers.
Added some pictures.