域中的机器，有citrix，重启进系统非常慢，有时开机时在windows徽标界面转圈能转1个多小时，挂SYSTEM注册表需要1个多小时

问题：域中的机器，有citrix，重启进系统非常慢，有时开机时在windows徽标界面转圈能转1个多小时，挂SYSTEM注册表也需要1个多小时

分析：通过WinPE排查，发现SYSTEM注册表非常大（超过800MB，正常系统也就几十MB），加载解析注册表时，系统非常卡顿

使用第三方工具和微软自己的注册表分析工具（参考https://cloud.tencent.com/developer/article/2017405 第12部分），找到症结在Services\SharedAccess

进一步展开主要是这2块

Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System

顾名思义涉及防火墙规则

域用户很多的情况下，每个域用户一份防火墙规则，累计下来就非常多了

原因

citrix agent的bug导致，可从citrix官网找到说明

系统里citrix agent是7.11版本，而7.15或更高版本解决了这个bug

详见：

https://discussions.citrix.com/topic/399015-firewall-created-at-each-login-with-upm-enabled/

https://docs.citrix.com/zh-cn/xenapp-and-xendesktop/7-15-ltsr/whats-new/cumulative-update-5/fixed-issues.html

【解决方案】

先找一台机器POC验证，没问题后再应用到生产

1、升级citrix agent

2、打全补丁(实测直接越过这步，直接第3步也可以)

新补丁会逐渐后来居上替代老的补丁，当时的老补丁不一定能下载到了，安装最新的补丁就行

3、执行如下命令清理症结注册表

reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules /va /f
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System /va /f

reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules /va /f
reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System /va /f

reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules /va /f
reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System /va /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy" /v DeleteUserAppContainersOnLogoff /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy" /v DeleteUserAppContainersOnLogoff /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy" /v DeleteUserAppContainersOnLogoff /t REG_DWORD /d 1 /f

实际验证，解决方案部分只执行第3步就可以起作用，重启进桌面快速、流畅

这个case非常典型，用到了微软20年前的注册表分析工具Dureg

http://download.microsoft.com/download/win2000platform/WebPacks/1.00.0.1/NT5/EN-US/Dureg.exe

参考

https://support.microsoft.com/en-us/topic/november-27-2018-kb4467684-os-build-14393-2639-7eb61afe-e3de-b34d-0d30-a77670f355fe

https://www.howto-connect.com/kb4467684-for-windows-10-version-1607-build-14393-2639/

https://support.microsoft.com/en-gb/topic/march-26-2019-kb4490481-os-build-17763-402-c323e5c1-d524-dbdb-04a0-c3b5c8c8f2fd

https://learn.microsoft.com/en-us/answers/questions/204147/windows-server-2019-rds-start-search-does-not-work?orderby=helpful

https://community.spiceworks.com/topic/2285411-server2019-rds-hundreds-of-firewall-rules-per-user-per-session

https://social.technet.microsoft.com/Forums/lync/en-US/992e86c8-2bee-4951-9461-e3d7710288e9/windows-servr-2016-rdsh-firewall-rules-created-at-every-login?forum=winserverTS

https://www.phy2vir.com/windows-server-2016-2019-rds-server-black-screen-or-start-menu-not-working/

https://www.matrix7.com.au/remote-desktop/win-2019-rdp-session-host-start-menu-stops-working/