A slow login can have many reasons, but with newer operating systems, the bloated registry appears to be popular. This short article describes the three most common reasons why the registry is bloated, sometimes massively slowing down logins. Here is the three-step cure when the registry is bloated.
Step1 The UFH start menu bug
Description
Shortcuts from the user's start menu are stored in the registry key, but due to a bug, the entries are added each time the user logs on, thus inflating the key. This can quickly result in thousands of entries. However, the entire key is also read out each time the user logs on, which can take up to minutes.
This error became known with Windows 2008R2 and continues to exist with Windows Server 2016 and 2019.
Solution
To resolve the problem, delete the entire key via group policy at each logon and also exclude the key with the Citrix User Profile Manager.
References
- Slow logon with a blank screen in Windows 7 or Windows 8.1
https://docs.microsoft.com/en-us/troubleshoot/windows-client/user-profiles-and-logon/slow-logon-with-blank-screen - Slow Logon with a Black Screen in XenDesktop Server VDA
https://support.citrix.com/article/CTX212905
Step 2. The notification bug
Description
This problem exists specifically with Microsoft FSLogix and can massively slow down the login. The registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications is massively inflated. I did an export of the key for a customer and it was 30 MB in size! The explorer.exe process reads thousands of values from the Windows Push Notification Platform (WPN) and the Windows Notification Facility (WNF) during the user logon.
Solution
With FSLogix it is quite simple, because Microsoft has reacted to this and set a standard policy in the current FSLogix release CleanOutNotifications
and automatically cleans up outdated entries.
Once again, the error can be rectified by simply deleting the key and creating it again. This can be done via a group policy or via Powershell commands:
Remove-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications" -Recurse
New-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications"
References
- Registry bloat causes slow logons or insufficient system resources error 0x800705AA in Windows 8.1
https://support.microsoft.com/en-us/topic/registry-bloat-causes-slow-logons
Step 3. The firewall-rule bug
Description
With Windows Server 2016/2019, there is a bug that creates local firewall rules every time a user logs on. In the long term, this slows down the logon process, but can also cause the entire system to lose performance. This is often a matter of seconds in the interactive logon in Citrix Director.
Solution
Microsoft released an update for this in March 2019 (KB4490481), but a registry value must also be set manually! Addresses an issue that slows server performance or causes the server to stop responding because of numerous Windows firewall rulesHKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
DeleteUserAppContainersOnLogoff REG_DWORD = 0x00000001
In addition, there could already be thousands of rules and these also need to be cleaned up. The PoSh script below can be used for this.
References
- March 26, 2019—KB4490481 (OS Build 17763.402)
https://support.microsoft.com/en-us/help/4490481/windows-10-update-kb4490481 - Removes unwanted FW rules:
https://github.com/Koetzing/Powershell-Scripts/blob/main/ClearFWRules.ps1