다음을 통해 공유


Userenv vista

In my last post I discussed an issue with paged pool exhaustion and MUP.

One of the pieces of data collect was MUP traces. What's this you say? Never heard of it? Well most folks would never use it since it produces a binary format only translated via internal MS tools. So why am I discussing it?

Well, ETW tracing is not new at all , it's been around since Win2k and is a very useful tool when MS needs to collect low level data from a component ( which hopefully has been instrumented ).

ETW tracing can apply to things like SAM , IIS , Commerce Server , HTTP.SYS and in this case MUP.

In Vista it has been taken a step further, there are dozens of instrumented components.

Winlogon has been re-architected to produce a more stable environment. Things like profiles loading, group policies, and more,  have been moved out or re-designed in Vista. All in all, this is a good thing. However, during the transition some items were lost. One such item, is an all inclusive ( well mostly ) log we had for a logon, in the userenv.log file we used to produce.

This has been replaced with ETW tracing but, is only formatted and readable via internal MS tools. I won't go into the good\badness of this but I want to expose it here so if you know you have a problem with something like profile loading\roaming etc..  then you can proactively gather this trace data  in preparation for your call into PSS.

There is one tool, built in to the OS, which is used to gather the binary log data.

Logman.exe

For Userenv tracing you would do something like this:

Start your log:

"logman -start profiletrace -p {eb7428f5-ab1f-4322-a4cc-1f1a9b2c5e98} 255 3 -ets"

Reproduce the "error" or whatever you want ( user logon etc.. slow, failed, failed unload etc.. )

Stop the log:

"logman -stop profiletrace -ets"

profiletrace.etl will be located in the directory that logman -start was run

This will generate an extended transaction log (ETL), which your Product Support Engineer will be able to parse using the debug symbol set.

More info:

https://msdn2.microsoft.com/en-us/library/ms797199.aspx

There is a tool to enumerate the  LoggerID's but there is not a tool to relate these to specific components. Here is the output from my Vista machine. ( boy there sure are a lot )

 

C:\WINDDK\3790.1830\tools\tracing\i386>tracelog.exe -enumguid
Guid Enabled LoggerId Level Flags
------------------------------------------------------------
16b0aa63-7a88-468e-baea-2ee3c6bc8afc FALSE 0 0 0
417b7ae0-9b8f-4e3f-8fca-19c706eff3d4 FALSE 0 0 0
1a2008cb-f116-43e2-9d52-31ffefb449ff FALSE 0 0 0
c7a7ea08-da1f-4681-bbaa-5522771e0711 FALSE 0 0 0
7e4b70ee-8296-4f0f-a3ba-f58ef7bb4e96 FALSE 0 0 0
b46fa1ad-b22d-4362-b072-9f5ba07b046d FALSE 0 0 0
aba7397f-f033-4c35-9aab-6ec3322ea7a2 FALSE 0 0 0
5d8c8d91-8f81-488d-a278-0d06d32b39d1 FALSE 0 0 0
75638a28-e9ed-42b2-9f8f-c2b1f89cf5ee FALSE 0 0 0
a42c77db-874f-422e-9b44-6d89fe2bd3e5 FALSE 0 0 0
a6bb9ced-e292-473c-91dd-49f2a04a4abd FALSE 0 0 0
72faa295-13ad-4a41-89e3-4e9ea5ed90d8 FALSE 0 0 0
2b240425-3141-43ee-931f-ec9f997c7d7e FALSE 0 0 0
8c50fa6e-394e-4b47-b6d1-a880a5f225a2 FALSE 0 0 0
a0832312-4a19-4aa1-93f4-73f99aa3a659 FALSE 0 0 0
716ab53c-1578-40c7-9798-60d5ecf813f8 FALSE 0 0 0
77db410c-561e-4358-8b0e-af866e91bb89 FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7ea0 FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e9f FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e9e FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e9d FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e9c FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e9b FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e9a FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e99 FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e98 FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e97 FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e96 FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e93 FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e92 FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e91 FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e90 FALSE 0 0 0
0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e94 FALSE 0 0 0
58e8f67d-29e9-456c-b23d-c6489e341bb0 FALSE 0 0 0
6299ff78-88d8-495d-b5b7-ca40ca55c6b4 FALSE 0 0 0
b44aec44-38f4-4b59-8df3-10306abf19b2 FALSE 0 0 0
1ab5ac29-037f-43a1-9484-78c9db61f869 FALSE 0 0 0
11a377e3-be1e-4ee7-abda-81c6eda62e71 FALSE 0 0 0
637a0f36-dff5-4b2f-83dd-b106c1c725e2 FALSE 0 0 0
2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65 FALSE 0 0 0
6da4ddca-0901-4bae-9ad4-7e6030bab531 FALSE 0 0 0
0c5a3172-2248-44fd-b9a6-8389cb1dc56a FALSE 0 0 0
d905ac1d-65e7-4242-99ea-fe66a8355df8 FALSE 0 0 0
7076bf7a-db99-4a63-8afe-0bb2ab92997a FALSE 0 0 0
253f4cd1-9475-4642-88e0-6790d7a86cde FALSE 0 0 0
111ffc99-3987-4bf8-8398-61853120cb3d FALSE 0 0 0
86133982-63d7-4741-928e-ef1349b80219 FALSE 0 0 0
aeebdeb1-6774-4f84-b3ab-f41e9222c79e FALSE 0 0 0
5a966d1c-6b48-11da-8bde-f66bad1e3f3a FALSE 0 0 0
afff9c82-5be3-4205-9b3e-49e014c09a63 FALSE 0 0 0
3e1fd72a-c323-4574-9917-5ce9c936f78c FALSE 0 0 0
8e0e93fb-76ad-42ee-8770-b9dfea596f65 FALSE 0 0 0
66418a2a-72af-4c1a-9c84-42f6865563bd FALSE 0 0 0
ed56cd5c-617b-49a5-9b80-eca3e02414bd FALSE 0 0 0
25bd019c-3858-4ea4-a7b3-55b9ec8977e5 FALSE 0 0 0
779771d9-81ac-437d-8f63-7356f4bf82d2 FALSE 0 0 0
362007f7-6e50-4044-9082-dfa078c63a73 FALSE 0 0 0
7bb5af18-cb16-4007-b813-9d88e9d6f8ef FALSE 0 0 0
d4700b23-6dfe-4316-aee5-6c285db610c8 FALSE 0 0 0
ad8fe36a-0581-4571-a143-5a3f93e30160 FALSE 0 0 0
71dd85bc-d474-4974-b0f6-93ffc5bfbd04 FALSE 0 0 0
9d3a5fa0-29f7-423f-b026-e4456abeef2c FALSE 0 0 0
945a8954-c147-4acd-923f-40c45405a658 TRUE 6 0 0
ea9253c9-35e0-452f-9984-11a2054eba19 FALSE 0 0 0
ea9253ca-35e0-452f-9984-11a2054eba19 FALSE 0 0 0
5857d6ca-9732-4454-809b-2a87b70881f8 FALSE 0 0 0
dd796b8b-056f-494d-a873-16f390391217 FALSE 0 0 0
ea9253cf-35e0-452f-9984-11a2054eba19 FALSE 0 0 0
4a8aaa94-cfc4-46a7-8e4e-17bc45608f0a FALSE 0 0 0
96ab095a-9519-4f5c-81ee-c510b0a45463 FALSE 0 0 0
c9bf4a9e-d547-4d11-8242-e03a18b5beee FALSE 0 0 0
836767a6-af31-4938-b4c0-ef86749a9aef FALSE 0 0 0
f01b7774-7ed7-401e-8088-b576793d7841 FALSE 0 0 0
99f5f45c-fd1e-439f-a910-20d0dc759d28 FALSE 0 0 0
94a984ef-f525-4bf1-be3c-ef374056a592 FALSE 0 0 0
e4c60dfa-ecc5-4889-b406-e9ddd38463c8 TRUE 18 2 0
73c5ec49-c807-489d-9e45-d36d72235f84 FALSE 0 0 0
a29433ba-dfe6-4b52-bb0e-dcbb0a5d2517 FALSE 0 0 0
9b1dd39a-2779-40a0-aa7d-c4427208626e FALSE 0 0 0
c2d79b17-4941-4678-b807-3ed7572ba092 FALSE 0 0 0
1418ef04-b0b4-4623-bf7e-d74ab47bbdaa FALSE 0 0 0
2afffdd7-ed85-4a90-8c52-5da9ebdc9b8f FALSE 0 0 0
3121cf5d-c5e6-4f37-be86-57083590c333 FALSE 0 0 0
7288c9f8-d63c-4932-a345-89d6b060174d FALSE 0 0 0
5a24fcdb-1cf3-477b-b422-ef4909d51223 FALSE 0 0 0
1540ff4c-3fd7-4bba-9938-1d1bf31573a7 FALSE 0 0 0
d9131565-e1dd-4c9e-a728-951999c2adb5 FALSE 0 0 0
e2821408-c59d-418f-ad3f-aa4e792aeb79 FALSE 0 0 0  

<snipped>

 

Anyway - this should be interesting for folks troubleshootng user profile issues in Vista.  It is unfortunate that you cannot parse and view the results externally, perhaps this will change in the future. However, if you know you are looking at a profile issue , now you can have the log in hand when you call PSS.

 

spatdsg

Comments

  • Anonymous
    February 08, 2007
    ouch! Thanks for the warning. I have relied heavily on userenv logging for investigation of logon problems in  the past.  Here's at least one vote for the release of a tool that can provide a little insight into the new logging output.

  • Anonymous
    February 20, 2007
    "logman query providers" will give you the list of registered providers in the system. "logman query providers <provider-guid-or-name>" will give you details about which levels or flags are supported by the provider.

  • Anonymous
    February 20, 2007
    "logman query providers" only shows registered providers ( not all are registered - like userenv stuff ) . I agree that this is helpful for many of them.

  • Anonymous
    May 02, 2007
    In my other post I mentioned that we moved some of the events from Userenv logs to other areas, and that

  • Anonymous
    January 21, 2009
    I discuss the non-availability of user profile logging here: http://blogs.sepago.de/helge/2008/10/23/troubleshooting-user-profile-problems-on-vista-and-server-2008-but-how/ Some might find it useful.

  • Anonymous
    April 29, 2012
    To get providerName/GUID pairs use logman: logman query providers