There and back again…a tale of XP performance tracing…

So back in the day, when Plug and Play was sort of a new concept and auto-negotiating network settings didn’t actually work properly, XP was launched.  It was a fine operating system for its time, and there was much rejoicing….

Now, in the modern era of NOWNOWNOW, venerable XP shows some issues here and there with performance.  Perhaps around boot times, or application launch, etc.

This post is an attempt to guide the technician through the oft’ uncharted waters of performance data collection, and provide a good data set that a performance analyst can analyze and determine the golden “Root Cause”…

Step 1.  Enable UserEnv Logging:

Use Registry Editor to add or to modify the following registry entry:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Entry: UserEnvDebugLevel
Value data: 10002 (Hexadecimal)

( for more information)

Step 2.  Get a Process Monitor log of your boot up.

(Get the tool at


Click Options, Enable Boot Logging, Reboot.

Boot up, Run Process Monitor, and save off the data into PML format using the defaults.  It’s that easy.

Step 3.  Get a Windows 7 machine of the same architecture as your XP host (presumably x86).  Install the Windows SDK 7.1 that has WPT 4.7:

After installing Windows Performance Toolkit onto the Windows 7 machine, copy the Windows Performance Toolkit directory onto the XP host and run the following command in the directory as an administrator (local admin to the box)


xbootmgr –trace boot –traceflags dispatcher+latency


You hit enter and it reboots.  Log back onto the machine ASAP and let it count down for 2 minutes.

At this juncture, one of 3 things will happen:

1)  The trace will stop itself and everything will be cool, you’ll have an ETL file in the directory, grats!

2)  You get an error about a logger not being able to stop.  You look in the directory and see an .etl file with the letters KM in the name.  This trace is pretty much toast.

3)  You get an error about a logger not being able to stop.  You look in the directory and see 2 .etl files with KM and UM in the names, and they are still growing.  Type xperf -d merge.etl at this point and it should stop the traces and merge the file for you.

Step 4.  Zip the userenv.log, the Process Monitor pml log(s) and the xperf log(s) and get them to your support professional for assistance.

Hope this helps!



Leave a comment

Your email address will not be published. Required fields are marked *

Exit mobile version