As part of my job I often come across various hardware and software related problems that lead to some troubleshooting of sorts. This particular case is no exception to that.
While at work I was configuring a new Windows PC for a user, and just like any other setup this wasn’t much different. I connected the system with a network cable and proceeded to PXE boot over the network, we use Windows Deployment Services to deploy Windows throughout the business.
After installation was complete I logged on, grabbed any outstanding Windows Updates via WSUS, joined the machine to the Domain, activated Microsoft Office and checked everything was functioning normally before allowing the user to logon to their user profile.
All was looking good until I booted the machine back into Windows where it then just sat at a black screen with the cursor just before the logon screen. Thinking that the system may still be in the process of installing updates I left it for well over a minute, then eventually I got to the logon screen. I was also able to reproduce this issue upon every boot into Windows, so something somewhere was causing startup to hang.
It was now time to troubleshoot and examine more closely into what was happening during this time. For this I turned to the Sysinternals tool Process Monitor
Since I knew that the delay was occurring at system startup I enabled Boot Logging in Process Monitor by going to Options > Enable Boot Logging and selected to generate profiling events every second. With this now set I rebooted the system, waiting until I could logon after the delay then launched Process Monitor again to open the trace log.
I knew I would have some digging to do now after all the boot and startup data had been captured and displayed within Process Monitor, so I first started off by setting a filter on duration for anything that was taken longer 1 second during boot time and system startup.
Sadly the result of this didn’t give me much to go on, even after trying various duration sets.
I then reset the filter back and this time turned my attention to the Process Tree where I might get a better view of the start and end times of various processes upon system startup.
After scrolling through the tree looking at lifetime column for each I spotted in one particular that had sat for the longest amount of time.
The process bmpmsvc.exe seemed to be the one taking the longest amount of time, longer than any other within the process tree view. bmpmsvc.exe being Lenovo’s ThinkPad Management Service according to the description. I found this somewhat odd considering the system I was using wasn’t a Lenvo based machine, but a Samsung Series 7 Slate. So what was it doing with Lenovo power management software installed?
Slightly puzzled I fired up another almost identically configured Samsung 7 Slate sitting nearby and tested booting into Windows, this time no 2 minute delay…
Upon enabling Boot Logging and looking at the Process Tree from this machine it became clear that this system did not have the same power management software installed.
Now that I had found the culprit I moved back to the effected system and dived into system services to find the registered power management service, which had crashed attempting to start.
To test that it was this piece of software I set the service startup type to disabled then rebooted the system, and at last the system passed the boot screen and immediately displayed the logon screen! No more 2 minute delay!
Satisfied with the result I proceeded to uninstall the offending software from the system. From there I was now able to have the user log on to their new machine and walk away happy with it.
Case closed thanks to Process Monitor! 😀