Hello, is there a way to monitor Windows Group Policy Client traffic with Wireshark, while a Windows 7 workstation is shutting down? For the past week or so, my PC has been taking a long time to shut down. A blue screen with a cursor appears after ten minutes or so, then the mysterious "Please wait for the Group Policy Client..." message. Any help would be much appreciated. PS This article on Internet gave me the idea of monitoring Group Policy traffic to try to pinpoint the issue causing the shutdown delay. http://trentent.blogspot.fr/2013/03/slow-group-policy-client-side.html asked 27 Aug '15, 01:56  phiroc |
2 Answers:
Unfortunately when a shutdown is commenced, user space applications get the chop first, so I don't know how long into the shutdown the capture will keep running. Maybe you could try that and report back. There are also other capturing mechanism, e.g. netsh trace that may run a little longer. You'll have to use NetMon or Message Analyzer to convert the netsh captures to a format Wireshark can read. Maybe you could capture the traffic externally to the machine, maybe on the DC it's communicating with, or via a mirror or span port on a switch. answered 27 Aug '15, 04:04  grahamb ♦ |
Sure, add a sniffer to your network and go ahead. See Capture Setup instructions in the Wiki how to go about it. answered 27 Aug '15, 04:23  Jaap ♦ |
