#StackBounty: #windows-10-v1809 #powershell-5.0 #powershell-6.1 PowerShell 64-bit hanging on new machine

Bounty: 100

I recently got a new computer with plenty of horsepower and its works very fast everywhere except PowerShell.

Environment:

  • Dell XPS 8930 (i7-8700K, 32GB RAM, 1TB NVMe SSD)
  • Windows 10 Pro with latest updates (1809/10.0.17763)
  • PowerShell 5.1.17763.316 and PowerShell Core 6.1.1
  • I have plenty of memory left (>16GB) and CPU is near idle while it’s hanging.
  • Only Windows Defender (no other antivirus)

Some of the symptoms, which seem to be consistent:

  • Opening PowerShell shows the copyright info and hangs there for 2 minutes before showing the prompt.
  • I start typing a command and it takes almost a minute for the text to appear
  • Once the text appears I can modify the command and it’s responsive.
  • I enter a simple command such as echo 'hello' and hit enter, it takes about 45 seconds for ‘hello’ to appear on the screen and another 45 seconds to return to the prompt.
  • Once at the prompt typing a command is responsive, but the running it is slow again.
  • Run the dir command in my home directory (few files/folders): about 2:30 before listing the directory, another 15 seconds to go back to the prompt.

Some attempted troubleshooting:

  • PowerShell ISE: Takes about 5 minutes to get to prompt.
  • PowerShell ISE (x86): It works fast!
  • PowerShell (x86): Also works fast!
  • PowerShell Core: Also very slow.
  • PowerShell legacy console: No change.
  • Opening up a regular command line and running powershell -NoProfile: No change.
  • sfc /scannow: No problems found, rebooting doesn’t help.
  • Disable network connections: No change.
  • Run Sysinternals procmon: Nothing obvious, but it always seems to hang right after some of the “Thread Exit” operations.
  • Look at thread stacks in Sysinternals procexp: When it’s hanging the main thread is always at ntdll.dll ZwWaitForMultipleObjects.
  • Uninstall WSL/Hyper-V: No change.
  • Ran “Microsoft .NET Framework Repair Tool” and rebooted, no change.
  • Check C:UsersUSERNAMEAppDataRoamingMicrosoftWindowsPowerShellPSReadline, only one 4KB file.
  • $PSModuleAutoloadingPreference = 'none': no change. I wouldn’t imagine running one of the basic commands such as echo multiple times would always try to load modules.
  • netsh http show iplist:

IP addresses present in the IP listen list:

127.0.0.1
  • Enable WinRM (winrm quickconfig): The service starts, but then it can’t connect.
    • I can see port 5985 is being listened to by PID 4 when the service is started.
    • The Windows Firewall has the two “Windows Remote Management (HTTP-In)” entries for port 5985 (allow any remote address when in a private network/profile).
    • I can successfully telnet localhost 5985
    • After the WinRM service starts it takes about 7 minutes for it to respond with:

WSManFault

Error number: -2144108250 0x80338126
WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the
network, and that a firewall exception for the WinRM service is
enabled and allows access from this computer. By default, the WinRM
firewall exception for public profiles limits access to remote
computers within the same local subnet.

The consistency in the delays makes me think there is some type of attempted connection and timeout, but I’m at a loss as to what that may be. Any gurus out there with ideas?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.