Results 1 to 11 of 11
  1. #1
    Ken Kashmarek
    Guest

    Question Windows Live ID Sign-in Assistant

    I have run into a problem with Windows Live Mail (2012 version) that involves the Windows Live ID Sign-in Assistant. This is a manual service that enables Windows Live ID authentication. The base system is Windows 7 32-bit fully patched.

    First, an observation: If this service is disabled, Windows Live Mail will NOT run. I don't have a Windows Live ID nor do I use any services that would require a Live ID. My WLM is configured to my ISP account to access my mail from the server that my ISP provides (my email activity is through my ISP). Why should Live ID have to be an available running service under those circumstances?

    That is not the primary issue for this post. The issue for this post is that the first run of WLM after Windows login, takes 60 to 120 seconds before it begins to function. That is, the spinning wheel (or circle or circle with arrow) lumbers on for that period of time before presenting the dialog to access my ISP email account.

    Does anybody have any idea what is going on in that time frame?

    Is WLM using Live ID to access Microsoft servers first (and getting no response)?

    Subsequent runs of WLM don't have this delay.

    Thanks in advance.

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,594
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    If this is a new issue, have you tried a system restore back to a time when it was working correctly?

    Joe

  3. #3
    Ken Kashmarek
    Guest
    This particular problem has been haunting me for the past couple of months. A system restore to that far back, if one even exists, would be a greater loss than I want to endure.

    When I login and the desktop comes up, 3 different items are at risk for delay if they are invoked immediately. WLM, double-click the Computer icon and bring up FireFox. After 3 minutes, they come alive.

    If I just wait 3 minutes, then open these items, they all work at normal speed. For those 3 minutes, something on the computer is dead (or seemingly dead; no disk I/O, no CPU activity, just seems to be waiting on something).

    Boot trace doesn't reveal anything as it boots normally.

    I should try logging on to a different id, or maybe create a new id and use it.

  4. #4
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,594
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    Do you have any network devices or mapped drives that are not available when you boot? The issue seems like Windows is waiting on a network device to respond, waits for a time period, and then proceeds.

    Joe

  5. #5
    Ken Kashmarek
    Guest
    I have two other computers in my Win7 HomeGroup that are often not there. However, when I use those computers in similar circustances (other two nodes not running), they don't have this delay. I think this is not the issue. Good point however.

    A suggestion I made earlier did not yield any results: logon as a different user. Live Mail has to be configured from scratch for that other user, yet the delay persists when starting Live Mail.

    Finall, I observed in the event logs, Event ID 36885 (too many certificates, list truncated). Data follows:
    -------------------------------------------------------------------------------------------------------------
    Log Name: System
    Source: Schannel
    Date: 12/23/2012 18:01:01
    Event ID: 36885
    Task Category: None
    Level: Warning
    Keywords:
    User: SYSTEM
    Computer: xxxxxx
    Description:
    When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
    <EventID>36885</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2012-12-24T00:01:01.286132800Z" />
    <EventRecordID>454139</EventRecordID>
    <Correlation />
    <Execution ProcessID="1252" ThreadID="5596" />
    <Channel>System</Channel>
    <Computer>xxxxxx</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    <EventData>
    </EventData>
    </Event>
    --------------------------------MORE---------------------------
    event id 36885 Schannel
    http://support.microsoft.com/kb/2464556

    Method 1: Remove some trusted root certificates
    If some trusted root certificates are not used in your environment, you should remove them from the server that is hosting the UC application. To do this, follow these steps.

    Note The steps that are listed here can be performed in Windows Server 2003 and in Windows Server 2008.

    Click Start, click Run, type mmc, and then click OK.
    On the File menu, click Add/Remove Snap-in, and then click Add.
    In the Add Standalone Snap-in dialog box, click Certificates, and then click Add.
    Click Computer account, click Next, and then click Finish.
    Click Close, and then click OK.
    Under Console Root in the Microsoft Management Console (MMC) snap-in, expand Certificates (Local Computer), expand Trusted Root Certification Authorities, and then click Certificates.
    Remove trusted root certificates that you do not have to have. To do this, right-click a certificate, click Delete, and then click Yes to confirm the removal of the certificate.

    Note There are some root certificates that are required by Windows. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

    293781 Trusted root certificates that are required by Windows Server 2008 R2, by Windows 7, by Windows Server 2008, by Windows Vista, by Windows Server 2003, by Windows XP, and by Windows 2000

    http://support.microsoft.com/kb/293781

    -------------------------------------------------------------------------------------------------------------
    While the error seems to indicate a server issue, it lists my computer (xxxxxx above). I had 352 certificates and deleted a bunch of them (a whole mess from Mexico, a shorter list from South Africa, almost all of the expired certificates). Why are expired certificates kept? When deleting expired certificates, there was a message that some may still be required for existing certificates. What the...? How can they be expired but still be required? Why do I have all these foreign certificates? How do they get there? Is there a document or web site that explains all this certificate stuff? If the list gets too long and is truncated, shouldn't that be considered a Windows bug?

    I don't know if cleaning this up will improve anything but most seem to be related to identify of the computer (whose?) and email handling. I recognize several from banks but not all my banks are listed. I recognize some from credit cards but nt all of my credit card issuers are listed. I recognize some from foreign software suppliers but not all...etc. Can I flush all but the necessary Microsoft certificates and then be notified as certificates are added so I can tell which ones I need to keep and which ones to ignore?

    More as the saga continues....

  6. #6
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,594
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    See Certificates: frequently asked questions for answers to some of your questions. The page says is applies to Vista but the general concepts and answers are not specific to any OS.

    Joe

  7. The Following User Says Thank You to JoeP517 For This Useful Post:


  8. #7
    Ken Kashmarek
    Guest
    Thanks for the URL on certificates. Good information, except there is no discussion what certificates I absolutely need, which ones can I get rid of, and what kind of analysis needs to be done when I get the condition about the certificate list being truncated due to an excess number of them on my computer.

    Follow-up: having removed a number of these (expired, unrecognized, etc.), WLM still doesn't start any faster yet and still spins its startup icon for many minutes on first use after logon.

    By the way, one can go to Internet Options to display and remove certificates rather than the suggested mmc usage noted on the Microsoft web site (apparently, the folks at Microsoft don't know how to use Internet Options).

  9. #8
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,594
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    Unfortunately, there is not a generic answer about certificates. It depends on what sites you visit and software you use. The absolute minimum are the Microsoft certificates. The others should be installed automatically. If you are leery about deleting them make an image backup of your system beforehand.

    Joe

  10. #9
    Ken Kashmarek
    Guest
    I have a work in progress Win8RP system (mounted on a virtual hard drive which is located on a USB connected external disk). This system gets stuff installed to see how it all functions before making a decision to purchase a full install of Win8 Pro.

    That Win8RP system has LESS THAN 20 certificates. Of course, it hasn't had more than 3 years of extensive use as a primary tool accessing the internet. Also, Live Mail does not spin for 60-120 seconds when coming up. Given that this Win8RP system has a minimal clean set of certificates, I suspect I can eliminat MOST of the certificates from my long running Win7 system and perhaps get back to something more suitable for a Live Mail startup time.

    By the way, the long (60-120 seconds) Live Mail startup time may be just a symptom of the real problem. After bootup, the network icon on the task bar maintins a red overlay for a significant period of time. This indicates the network is unavailable. I have opened the Network properties and observed a big red X on the internet connection line during this same period, which indicates the network is not yet up and is very slow in coming up. As such, the focus of this problem now becomes the network where Live Mail is just a symptom of the problem.

    Note: at this point, there are no hardware or driver issues for the network, so I believe there is plenty of work to do here. I have a 12 mbps DSL connection good ping times for connected services etc. However, I do have an aging router that is a candidate to be replace.

    At some point, I may look for a tool that can evaluate certificates and determine which ones are necessary, which can be discarded, and maintain a pool of certificates that can be managed for performance and effectiveness.

    For now, I need a packet sniffer and network evaluation tool so I can tell what is going on with network traffic and the how to plus the why so it can be dealt with.
    Last edited by Ken Kashmarek; 2012-12-24 at 20:32.

  11. #10
    Ken Kashmarek
    Guest
    Some progress (I think)...

    I have an image copy of of my Win7 boot partition from 6-8 weeks ago, that I brought up to check out the trusted certificates. That copy has ONLY 33, while my current Win7 had over 300!

    Somehow, more than 300 certificates were loaded in the past month or so, and from the content, most are foreign.

    Today, I set a restore point, deleted all the certificates that did not match those on my old Win7 boot partition, and am moving forward. However, I will be checking these on a regular basis to see what changes.

    Now, since the message about the certificate list being truncated is not that old, this had to be a recent event but unclear as to just what caused it. What is missing here is an effective certificate management tool, or something that indicates WHEN certificates are being add (and maybe WHY they are being added).

  12. #11
    Ken Kashmarek
    Guest
    I have narrowed down the observed delay by examining the System Events, and filtering for these Event IDs

    12 boot
    219 driver not found
    7022 service hang while starting
    7001 logon

    My service hang was with Windows Search. I found a hit on Microsoft.com support pages, applied a change where one deletes the Search directory in ProgramData\Microsoft (disable search service, boot, as admin rmdir /s /q Search; caution - use the instructions found on the Microsoft site). ID 7022 went away.

    The driver not found issue has to do with a Windows Update failure and I haven't done anything with that yet.

    There is also an issue with a multiple minute delay with the .NET Framework NGEN v4 service. Nothing here yet.

    Despite resolving issues, I still have a 4-5 minute delay after boot (most of which is after logon). If I simply leave the system alone for 5 minutes after boot or logon, I have no delays in any programs. Yet, in that time, there is very little disk I/O and very little CPU activity.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •