How to root-cause MS "Critical" errors on Bootup Performance?

zapp22 · 29 Sep 2015

Anyone well-versed in this obscurity?

Windows keeps track of performance of bootup/startup, standby state & recovery therefrom, Shutdown.
My Thinkpad X120E of late has a very consistent pattern of "Critical" flags in the performance logs but the automated RootCause identification appears to be unproductive.

Where else can I look to see what is hanging the process? When I look under "System" Event logs there is little of interest there and nothing I can easily correlate with the below.

No hardware changes to the laptop. Only Windows 7 updates-du-jour

Example log entry below. This is found in the MMC, Event-Viewer/Application & Services Logs/Microsoft/Windows/Diagnostics-Performance/Operational

Boot Duration / Startup
Log Name: Microsoft-Windows-Diagnostics-Performance/Operational
Source: Microsoft-Windows-Diagnostics-Performance
Date: 9/29/2015 7:06:43 AM
Event ID: 100
Task Category: Boot Performance Monitoring
Level: Critical
Keywords: Event Log
User: LOCAL SERVICE
Computer: Shire-X
Description:
Windows has started up:
Boot Duration : 113499ms
IsDegradation : false
Incident Time (UTC) : ‎2015‎-‎09‎-‎29T12:04:15.890000700Z
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{CFC18EC0-96B1-4EBA-961B-622CAEE05B0A}" />
<EventID>100</EventID>
<Version>2</Version>
<Level>1</Level>
<Task>4002</Task>
<Opcode>34</Opcode>
<Keywords>0x8000000000010000</Keywords>
<TimeCreated SystemTime="2015-09-29T12:06:43.526450100Z" />
<EventRecordID>2854</EventRecordID>
<Correlation ActivityID="{03112C48-F800-0001-2857-66F6AEFAD001}" />
<Execution ProcessID="1388" ThreadID="2148" />
<Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>
<Computer>Shire-X</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="BootTsVersion">2</Data>
<Data Name="BootStartTime">2015-09-29T12:04:15.890000700Z</Data>
<Data Name="BootEndTime">2015-09-29T12:06:42.261377700Z</Data>
<Data Name="SystemBootInstance">367</Data>
<Data Name="UserBootInstance">360</Data>
<Data Name="BootTime">113499</Data>
<Data Name="MainPathBootTime">30699</Data>
<Data Name="BootKernelInitTime">40</Data>
<Data Name="BootDriverInitTime">681</Data>
<Data Name="BootDevicesInitTime">371</Data>
<Data Name="BootPrefetchInitTime">0</Data>
<Data Name="BootPrefetchBytes">0</Data>
<Data Name="BootAutoChkTime">0</Data>
<Data Name="BootSmssInitTime">8130</Data>
<Data Name="BootCriticalServicesInitTime">1088</Data>
<Data Name="BootUserProfileProcessingTime">16413</Data>
<Data Name="BootMachineProfileProcessingTime">209</Data>
<Data Name="BootExplorerInitTime">2440</Data>
<Data Name="BootNumStartupApps">4</Data>
<Data Name="BootPostBootTime">82800</Data>
<Data Name="BootIsRebootAfterInstall">false</Data>
<Data Name="BootRootCauseStepImprovementBits">0</Data>
<Data Name="BootRootCauseGradualImprovementBits">1024</Data>
<Data Name="BootRootCauseStepDegradationBits">0</Data>
<Data Name="BootRootCauseGradualDegradationBits">0</Data>
<Data Name="BootIsDegradation">false</Data>
<Data Name="BootIsStepDegradation">false</Data>
<Data Name="BootIsGradualDegradation">false</Data>
<Data Name="BootImprovementDelta">0</Data>
<Data Name="BootDegradationDelta">0</Data>
<Data Name="BootIsRootCauseIdentified">true</Data>
<Data Name="OSLoaderDuration">1437</Data>
<Data Name="BootPNPInitStartTimeMS">40</Data>
<Data Name="BootPNPInitDuration">411</Data>
<Data Name="OtherKernelInitDuration">541</Data>
<Data Name="SystemPNPInitStartTimeMS">935</Data>
<Data Name="SystemPNPInitDuration">641</Data>
<Data Name="SessionInitStartTimeMS">1594</Data>
<Data Name="Session0InitDuration">5827</Data>
<Data Name="Session1InitDuration">397</Data>
<Data Name="SessionInitOtherDuration">1904</Data>
<Data Name="WinLogonStartTimeMS">9724</Data>
<Data Name="OtherLogonInitActivityDuration">1912</Data>
<Data Name="UserLogonWaitDuration">5769</Data>
</EventData>
</Event>

Resume from Standby state:
Log Name: Microsoft-Windows-Diagnostics-Performance/Operational
Source: Microsoft-Windows-Diagnostics-Performance
Date: 9/29/2015 10:14:47 AM
Event ID: 300
Task Category: Standby Performance Monitoring
Level: Warning
Keywords: Event Log
User: LOCAL SERVICE
Computer: Shire-X
Description:
Windows has resumed from standby:
Standby Duration : 3327ms
Standby Incident Time (UTC) : ‎2015‎-‎09‎-‎29T13:23:46.447226100Z
Resume Duration : 1502ms
Resume Incident Time (UTC) : ‎2015‎-‎09‎-‎29T15:14:36.820865900Z
IsDegradation : false
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{CFC18EC0-96B1-4EBA-961B-622CAEE05B0A}" />
<EventID>300</EventID>
<Version>1</Version>
<Level>3</Level>
<Task>4003</Task>
<Opcode>36</Opcode>
<Keywords>0x8000000000010000</Keywords>
<TimeCreated SystemTime="2015-09-29T15:14:47.097213300Z" />
<EventRecordID>2856</EventRecordID>
<Correlation ActivityID="{03112C40-F800-0000-2A57-66F6AEFAD001}" />
<Execution ProcessID="1388" ThreadID="3048" />
<Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>
<Computer>Shire-X</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="StandbyTsVersion">1</Data>
<Data Name="StandbyAppCount">17</Data>
<Data Name="StandbyServicesCount">17</Data>
<Data Name="StandbyDevicesCount">146</Data>
<Data Name="StandbyStartTime">2015-09-29T13:23:46.447226100Z</Data>
<Data Name="StandbyEndTime">2015-09-29T13:23:49.774226100Z</Data>
<Data Name="StandbySuspendTotal">3327</Data>
<Data Name="StandbySuspendTotalChange">0</Data>
<Data Name="StandbySuspendQueryApps">0</Data>
<Data Name="StandbySuspendQueryAppsChange">0</Data>
<Data Name="StandbySuspendQueryServices">0</Data>
<Data Name="StandbySuspendQueryServicesChange">0</Data>
<Data Name="StandbySuspendApps">2188</Data>
<Data Name="StandbySuspendAppsChange">0</Data>
<Data Name="StandbySuspendServices">31</Data>
<Data Name="StandbySuspendServicesChange">0</Data>
<Data Name="StandbySuspendShowUI">0</Data>
<Data Name="StandbySuspendShowUIChange">0</Data>
<Data Name="StandbySuspendSuperfetchPageIn">9</Data>
<Data Name="StandbySuspendSuperfetchPageInChange">0</Data>
<Data Name="StandbySuspendWinlogon">385</Data>
<Data Name="StandbySuspendWinlogonChange">0</Data>
<Data Name="StandbySuspendLockPageableSections">0</Data>
<Data Name="StandbySuspendLockPageableSectionsChange">0</Data>
<Data Name="StandbySuspendPreSleepCallbacks">0</Data>
<Data Name="StandbySuspendPreSleepCallbacksChange">0</Data>
<Data Name="StandbySuspendSwapInWorkerThreads">1</Data>
<Data Name="StandbySuspendSwapInWorkerThreadsChange">0</Data>
<Data Name="StandbySuspendQueryDevices">1</Data>
<Data Name="StandbySuspendQueryDevicesChange">0</Data>
<Data Name="StandbySuspendFlushVolumes">18</Data>
<Data Name="StandbySuspendFlushVolumesChange">0</Data>
<Data Name="StandbySuspendSuspendDevices">689</Data>
<Data Name="StandbySuspendSuspendDevicesChange">0</Data>
<Data Name="StandbySuspendHibernateWrite">0</Data>
<Data Name="StandbySuspendHibernateWriteChange">0</Data>
<Data Name="ResumeStartTime">2015-09-29T15:14:36.820865900Z</Data>
<Data Name="ResumeEndTime">2015-09-29T15:14:37.565459000Z</Data>
<Data Name="StandbyResumeTotal">1502</Data>
<Data Name="StandbyResumeTotalChange">0</Data>
<Data Name="StandbyResumeHibernateRead">0</Data>
<Data Name="StandbyResumeHibernateReadChange">0</Data>
<Data Name="StandbyResumeS3BiosInitTime">758</Data>
<Data Name="StandbyResumeS3BiosInitTimeChange">0</Data>
<Data Name="StandbyResumeResumeDevices">744</Data>
<Data Name="StandbyResumeResumeDevicesChange">0</Data>
<Data Name="StandbyRootCauseDegradationGradual">0</Data>
<Data Name="StandbyRootCauseImprovementGradual">0</Data>
<Data Name="StandbyRootCauseDegradationStep">0</Data>
<Data Name="StandbyRootCauseImprovementStep">0</Data>
<Data Name="StandbyIsDegradation">false</Data>
<Data Name="StandbyIsTroubleshooterLaunched">true</Data>
<Data Name="StandbyIsRootCauseIdentified">false</Data>
</EventData>
</Event>

ThrashZone · 29 Sep 2015

Hi,
Use Clean boot,
Troubleshoot Application Conflicts by Performing a Clean Startup
Click Start and type in the search box,
msconfig
Click on the suggestion on top or hit the Enter key,
Go to the Startup section and take some screen shots for a complete list,
Go to the Services section and on the bottom left Check the box to Hide All Microsoft services,
Repeat the screen shots,
See the links above my signature on how to take and upload screen shots here,
Cheers.

zapp22 · 30 Sep 2015

thank you for responding.
Read Shawn's post and did. No effect, except it may be a hair worse. The below is after using msconfig and disabling the services. [non-MS]. I also disabled OneDrive, which 'hides'..
result is same: critical error startup threshold exception, no root cause identified

I'll gather the screenshots per your suggestion and do a couple more runs
z

Log Name: Microsoft-Windows-Diagnostics-Performance/Operational
Source: Microsoft-Windows-Diagnostics-Performance
Date: 9/30/2015 7:44:24 AM
Event ID: 100
Task Category: Boot Performance Monitoring
Level: Critical
Keywords: Event Log
User: LOCAL SERVICE
Computer: Shire-X
Description:
Windows has started up:
Boot Duration : 111326ms
IsDegradation : false
Incident Time (UTC) : ‎2015‎-‎09‎-‎30T12:42:00.952400800Z
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{CFC18EC0-96B1-4EBA-961B-622CAEE05B0A}" />
<EventID>100</EventID>
<Version>2</Version>
<Level>1</Level>
<Task>4002</Task>
<Opcode>34</Opcode>
<Keywords>0x8000000000010000</Keywords>
<TimeCreated SystemTime="2015-09-30T12:44:24.834823300Z" />
<EventRecordID>2861</EventRecordID>
<Correlation ActivityID="{036C9C40-F800-0000-2A2F-E5667DFBD001}" />
<Execution ProcessID="1284" ThreadID="1332" />
<Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>
<Computer>Shire-X</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="BootTsVersion">2</Data>
<Data Name="BootStartTime">2015-09-30T12:42:00.952400800Z</Data>
<Data Name="BootEndTime">2015-09-30T12:44:22.760019700Z</Data>
<Data Name="SystemBootInstance">370</Data>
<Data Name="UserBootInstance">363</Data>
<Data Name="BootTime">111326</Data>
<Data Name="MainPathBootTime">29226</Data>
<Data Name="BootKernelInitTime">39</Data>
<Data Name="BootDriverInitTime">672</Data>
<Data Name="BootDevicesInitTime">382</Data>
<Data Name="BootPrefetchInitTime">0</Data>
<Data Name="BootPrefetchBytes">0</Data>
<Data Name="BootAutoChkTime">0</Data>
<Data Name="BootSmssInitTime">8237</Data>
<Data Name="BootCriticalServicesInitTime">1089</Data>
<Data Name="BootUserProfileProcessingTime">15101</Data>
<Data Name="BootMachineProfileProcessingTime">326</Data>
<Data Name="BootExplorerInitTime">2350</Data>
<Data Name="BootNumStartupApps">3</Data>
<Data Name="BootPostBootTime">82100</Data>
<Data Name="BootIsRebootAfterInstall">false</Data>
<Data Name="BootRootCauseStepImprovementBits">0</Data>
<Data Name="BootRootCauseGradualImprovementBits">0</Data>
<Data Name="BootRootCauseStepDegradationBits">0</Data>
<Data Name="BootRootCauseGradualDegradationBits">0</Data>
<Data Name="BootIsDegradation">false</Data>
<Data Name="BootIsStepDegradation">false</Data>
<Data Name="BootIsGradualDegradation">false</Data>
<Data Name="BootImprovementDelta">0</Data>
<Data Name="BootDegradationDelta">0</Data>
<Data Name="BootIsRootCauseIdentified">false</Data>
<Data Name="OSLoaderDuration">1243</Data>
<Data Name="BootPNPInitStartTimeMS">39</Data>
<Data Name="BootPNPInitDuration">422</Data>
<Data Name="OtherKernelInitDuration">403</Data>
<Data Name="SystemPNPInitStartTimeMS">804</Data>
<Data Name="SystemPNPInitDuration">632</Data>
<Data Name="SessionInitStartTimeMS">1458</Data>
<Data Name="Session0InitDuration">5887</Data>
<Data Name="Session1InitDuration">488</Data>
<Data Name="SessionInitOtherDuration">1860</Data>
<Data Name="WinLogonStartTimeMS">9695</Data>
<Data Name="OtherLogonInitActivityDuration">1753</Data>
<Data Name="UserLogonWaitDuration">5953</Data>
</EventData>
</Event>

zapp22 · 30 Sep 2015

one more: i'm grasping here for answers - from yesterday but not repeated today. At least it points to a device...

Lenovo PM [power mgmt] driver has been a sore spot on a number of laptops of theirs. at some point I'm going to uninstall their pile and give it another go to see if any change. after that, uninstall the SATA drivers "to the bone" and start over there.

up to about a month ago, I had acceptable boot times - something around 15 seconds or so INCLUDING me quick-punching my password. now its close to a minute, with the delay AFTER login being the longer stretch .
windows 10 is worse, however... i quickly gave up the effort for this laptop

Log Name: Microsoft-Windows-Diagnostics-Performance/Operational
Source: Microsoft-Windows-Diagnostics-Performance
Date: 9/28/2015 9:47:02 AM
Event ID: 351
Task Category: Standby Performance Monitoring
Level: Warning
Keywords: Event Log
User: LOCAL SERVICE
Computer: Shire-X
Description:
This driver responded slower than expected to the resume request while servicing this device:
Driver File Name : \Driver\ACPI
Driver Friendly Name : ACPI Driver for NT
Driver Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Driver Total Time : 43ms
Driver Degradation Time : 43ms
Incident Time (UTC) : ‎2015‎-‎09‎-‎28T14:46:58.946681500Z
Device Name : ACPI\PNP0B00\4&2a3c4928&0
Device Friendly Name : System CMOS/real time clock
Device Total Time : 43ms
Device Degradation Time : 0ms
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{CFC18EC0-96B1-4EBA-961B-622CAEE05B0A}" />
<EventID>351</EventID>
<Version>1</Version>
<Level>3</Level>
<Task>4003</Task>
<Opcode>35</Opcode>
<Keywords>0x8000000000010000</Keywords>
<TimeCreated SystemTime="2015-09-28T14:47:02.295003200Z" />
<EventRecordID>2850</EventRecordID>
<Correlation ActivityID="{030FFC48-F800-0001-899C-FA2BF0F9D001}" />
<Execution ProcessID="1356" ThreadID="1556" />
<Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>
<Computer>Shire-X</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="StartTime">2015-09-28T14:46:58.946681500Z</Data>
<Data Name="NameLength">13</Data>
<Data Name="Name">\Driver\ACPI</Data>
<Data Name="FriendlyNameLength">19</Data>
<Data Name="FriendlyName">ACPI Driver for NT</Data>
<Data Name="VersionLength">38</Data>
<Data Name="Version">6.1.7600.16385 (win7_rtm.090713-1255)</Data>
<Data Name="TotalTime">43</Data>
<Data Name="DegradationTime">43</Data>
<Data Name="PathLength">37</Data>
<Data Name="Path">C:\Windows\system32\drivers\ACPI.sys</Data>
<Data Name="ProductNameLength">37</Data>
<Data Name="ProductName">Microsoft® Windows® Operating System</Data>
<Data Name="CompanyNameLength">22</Data>
<Data Name="CompanyName">Microsoft Corporation</Data>
<Data Name="DeviceNameLength">26</Data>
<Data Name="DeviceName">ACPI\PNP0B00\4&2a3c4928&0</Data>
<Data Name="DeviceFriendlyNameLength">28</Data>
<Data Name="DeviceFriendlyName">System CMOS/real time clock</Data>
<Data Name="DeviceTotalTime">43</Data>
<Data Name="DeviceDegradationTime">0</Data>
</EventData>
</Event>