User asked for help with false positive – 400s for Windows Shell, caused by loopback processing mode and RSoP logging not being configured. They used the script from ControlUp’s github repository which worked with parameters provided, however executing it from the console gave a false output. @Member determined it was a bug, which the user eventually figured out. Title: Fixing False Positive for Windows Shell – ControlUp Script Library
Read the entire ” thread below:
Could someone remind me how to fix this false positive? Last time Yair gave me a hint
no warning about some missing events at top or bottom?
What’s the false positive?
@member 400s for Windows Shell
User name : balint.oberrauch
Loopback Processing Mode : Not configured
RSoP Logging : Not configured (Default: Enabled)
Client Address : 192.168.10.105
Client Name : WS2022-TEST-BO
Client Version : 23.3.0.55
VDA Version : 7.37.0.7
Logon start : 03.05.2023 16:39:46
Logon end : 03.05.2023 16:51:40
Duration : 714.6 seconds
Source Phase Duration (s) Start Time End Time
—— —– ———— ———- ——–
Citrix App/Desktop Icon Clicked until ICA File Downloaded 3,1 16:39:46.0 16:39:49.1
Citrix ICA File Opened until Remote Session Commences 5,9 16:39:49.1 16:39:54.9
`Pre-Windows Duration 8,9`
Source Phase Duration (s) Start Time End Time Gap (s)
—— —– ———— ———- ——– ——-
Windows Windows Logon Time 0,0 16:39:56.1 16:39:56.1
Windows Network Providers 1,0 16:39:56.1 16:39:57.1 0,0
Citrix RSOP 0,0 16:39:57.1 16:39:57.2 0,0
FSLogix LoadProfile* 0,9 16:39:57.2 16:39:58.0 0,0
Citrix RSOP 0,0 16:39:58.1 16:39:58.1 0,0
Windows User Profile 0,1 16:39:58.1 16:39:58.2 0,0
Windows Group Policy 0,8 16:39:58.2 16:39:59.0 0,0
FSLogix ShellStart 0,2 16:39:59.3 16:39:59.4 0,3
Windows Pre-Shell (Userinit) 1,0 16:39:59.6 16:40:00.6 0,1
Windows Shell 700,0 16:40:00.6 16:51:40.6 0,0
Shell AppX – Load Packages 6,5 16:40:00.8 16:40:07.3
Shell ActiveSetup 0,0 16:40:03.9 16:40:03.9
`Windows Duration 704,5`
AppX packages loaded during logon
———————————
Package Duration (s) Start Time End Time
——- ———— ———- ——–
Microsoft.BioEnrollment_cw5n1h2txyewy 0,6 16:40:03.9 16:40:04.5
Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy 0,54 16:40:04.0 16:40:04.5
Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy 0,481 16:40:04.5 16:40:05.0
Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy 0,511 16:40:04.5 16:40:05.0
Microsoft.Windows.Search_cw5n1h2txyewy 0,526 16:40:05.0 16:40:05.5
windows.immersivecontrolpanel_cw5n1h2txyewy 0,42 16:40:05.0 16:40:05.4
MicrosoftWindows.Client.CBS_cw5n1h2txyewy 0,616 16:40:05.4 16:40:06.0
Non blocking logon tasks
————————
Logon Scheduled Task Duration (s) Action Name
——————– ———— ———–
\Microsoft\Windows\Plug and Play\Device Install Reboot Required 0.48 Device Installation Reboot Dialog Task
\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon 0.78 SppSvcRestartTaskHandler Class
\Microsoft\Windows\CertificateServicesClient\UserTask 0.38 Certificate Services Client Task Handler
\Microsoft\Windows\TextServicesFramework\MsCtfMonitor 0.08 MsCtfMonitor task handler
Group Policy Client Side Extension Processing
Overall Group Policy Processing Duration: 0,78 Seconds
Source Phase Duration (s) Start Time End Time GPO(s)
—— —– ———— ———- ——– ——
CSE Citrix Group Policy 0,0 16:39:58.9 16:39:59.0 Local Group Policy
CSE Citrix Profile Management 0,0 16:39:59.0 16:39:59.0 None
RSOP Citrix 0,0 16:39:58.9 16:39:59.0 None
2 processed GPO CSEs sorted by the most time spent processing them (seconds)
GPO Time Spent (s)
— ————–
Local Group Policy 0,032
None 0,015
WARNING: Could not find Async Actions events for source VMware DEM
WARNING: Could not find Path-based Import events for source VMware DEM
WARNING: Could not find WEM Policies events for source Citrix
WARNING: Could not find AppX File Associations events for source Shellyou probably need to enable logging tot event logs for dem
no DEM in Usage. It’s a VM in my lab. Standalone CTX Server.
and all other prereqs are in place? Enable Auditing for “Analyze Logon Duration” Script – General (controlup.com)
I’ve executed the SBA.
and rebooted afterwards?
yes but let me try again 😄
still the same thingfresh installed WS2022, VDA 2303 with basic configuration and almost no PoliciesInteresting. When downloading the script from your Github repository it’s working.
Using the following parameters:
& ‘.\Analyze Logon Duration.ps1’ -DomainUser ‘ACX\balintoberrauch’ -SessionName ‘ica-cgp#1’ -SessionID 6
However, executing it from the console gives a false output.
@member have that one few sites didn’t k know it was a bug.
@member I’m wondering whats’s the difference between executing the script manually and from the console.
Using this script: https://github.com/controlup/script-library/blob/master/Analyze%20Logon%20Duration/Analyze%20Logon%20Duration.ps1
Never tried it manually but yes thee would as the console is pass data into the variables from that data gathered via the agents. Where manual you are getting that data direct. I can be corrected by controlup on that if i am wrong
I figured it out. I’m from the future.
Continue reading and comment on the thread ‘How to fix this false positive in ControlUp?’. Not a member? Join Here!
Categories: All Archives, ControlUp for VDI, ControlUp Scripts & Triggers