问题:域中的机器,有citrix,重启进系统非常慢,有时开机时在windows徽标界面转圈能转1个多小时,挂SYSTEM注册表也需要1个多小时
分析:通过WinPE排查,发现SYSTEM注册表非常大(超过800MB,正常系统也就几十MB),加载解析注册表时,系统非常卡顿
使用第三方工具和微软自己的注册表分析工具(参考https://cloud.tencent.com/developer/article/2017405 第12部分),找到症结在Services\SharedAccess
进一步展开主要是这2块
Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System
顾名思义涉及防火墙规则
域用户很多的情况下,每个域用户一份防火墙规则,累计下来就非常多了
原因
citrix agent的bug导致,可从citrix官网找到说明
系统里citrix agent是7.11版本,而7.15或更高版本解决了这个bug
详见:
https://discussions.citrix.com/topic/399015-firewall-created-at-each-login-with-upm-enabled/
https://docs.citrix.com/zh-cn/xenapp-and-xendesktop/7-15-ltsr/whats-new/cumulative-update-5/fixed-issues.html
【解决方案】
先找一台机器POC验证,没问题后再应用到生产
1、升级citrix agent
2、打全补丁(实测直接越过这步,直接第3步也可以)
新补丁会逐渐后来居上替代老的补丁,当时的老补丁不一定能下载到了,安装最新的补丁就行
3、执行如下命令清理症结注册表
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules /va /f
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System /va /f
reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules /va /f
reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System /va /f
reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules /va /f
reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System /va /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy" /v DeleteUserAppContainersOnLogoff /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy" /v DeleteUserAppContainersOnLogoff /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy" /v DeleteUserAppContainersOnLogoff /t REG_DWORD /d 1 /f
实际验证,解决方案部分只执行第3步就可以起作用,重启进桌面快速、流畅
这个case非常典型,用到了微软20年前的注册表分析工具Dureg
http://download.microsoft.com/download/win2000platform/WebPacks/1.00.0.1/NT5/EN-US/Dureg.exe
参考
https://support.microsoft.com/en-us/topic/november-27-2018-kb4467684-os-build-14393-2639-7eb61afe-e3de-b34d-0d30-a77670f355fe
https://www.howto-connect.com/kb4467684-for-windows-10-version-1607-build-14393-2639/
https://support.microsoft.com/en-gb/topic/march-26-2019-kb4490481-os-build-17763-402-c323e5c1-d524-dbdb-04a0-c3b5c8c8f2fd
https://learn.microsoft.com/en-us/answers/questions/204147/windows-server-2019-rds-start-search-does-not-work?orderby=helpful
https://community.spiceworks.com/topic/2285411-server2019-rds-hundreds-of-firewall-rules-per-user-per-session
https://social.technet.microsoft.com/Forums/lync/en-US/992e86c8-2bee-4951-9461-e3d7710288e9/windows-servr-2016-rdsh-firewall-rules-created-at-every-login?forum=winserverTS
https://www.phy2vir.com/windows-server-2016-2019-rds-server-black-screen-or-start-menu-not-working/
https://www.matrix7.com.au/remote-desktop/win-2019-rdp-session-host-start-menu-stops-working/
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。