What does Event Viewer say?
Whole lotta nothing. I see where they do a scheduled shut down and start up but when it happens all I see is everything starting then an error that points out that I had to hard power off the device "last shutdown was unexpected."
If you expand the applications and services part, you can drill down to a group policy specific log which is awfully verbose.
Another thing it might relate to is if the DC that the client is talking to is busy (this is a long shot, though!).
Once you find the pattern of gpo refresh taking ages and start to map that out (chuck the various phases into a spreadsheet, it's complicated, you're looking for scripts processing took a bazillion seconds - but it could be registry or any of the other components) across a few PCs, you'll be able to validate whether its a single DC
That's during group policy application, isn't it? Run an rsop report against that PC and see if anything sticks out.
Also enable verbose logon messages to see if there's a particular step it gets hung on.
And if you're moving to W11, if you haven't already, you should install the ADMX templates: https://www.anoopcnair.com/administrative-templates-for-windows-11-22h2/
But you should know that MS, in typical fashion, does not make the W11 ADMX templates compatible with W10. You'll probably be fine managing both with just the W11 templates unless you're doing some really specialized stuff. Just something to keep in mind.
I forgot to update this since there was Thanksgiving break and the whole family got covid.
Anyways, seems to be related to Cisco Secure Endpoint. We uninstall that and the issue never happens. Install endpoint and was able to reproduce.
Sysadmin
A community dedicated to the profession of IT Systems Administration
No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world