Horizon Logon Monitor

A hidden Gem integrated as part of the VMware Horizon Suite is the Logon Monitor. This Freelittle addition is an optional install as part of your horizon agent and requires a bit of setup to make this work. But if you are wanting a way to monitor your log on process and get some insight into whats going on, well here is the FREE tool to do so.

Setting up the Horizon Logon Monitor is a pretty simple process. Its installed by default with the Horizon agent since 7.2. The little know thing is you have to enable it. Enabling the Logon Monitor is done so on each of the connection servers. On each of the connection servers open a command prompt and enter the following:

vdmadmin -I -timingProfiler -enable

That will enable the Logon Monitor and if you want to disable just change -enable to -disable.

The next part is you will need to enable the Logon Monitor service on the Master Images. Just change the services from disabled to automatic.

Logon Service

So that is a pretty simple install process. So from this default setup it will save your Logon Monitor logs in the default location of:

C:\ProgramData\VMware\VMware Logon Monitor\Logs

What does this actual capture? Well it captures a wealth of information from your VM.

FQDN, IP, DNS Servers, User Name from the VM its self. Also as it logs on it starts pulling data from things like:

Logon Time, Logon Start to Hive Loaded, Logon Start to Classes Hive Loaded, Profile Sync Time, Windows Folder Redirection Apply Time, Total Logon Script Time, Users Policy Apply Time, Machine Policy Apply Time, Group Policy Software Install Time, and Free Disk space.

A full list of metrics that can be captured please look at the VMware Website located here. This is an excerpt of that.

Logon Monitor Metrics
Metric Parameters Description
Logon time
  • Start
  • End
  • Total Time
Metrics include the time logon starts on the guest, logon is completed and the profile is loaded and the desktop is visible, and the total time spent processing logon on the guest. Excludes any time spent outside of the guest.
Session start to logon start time Total time Time from when Windows created a user session until logon began.
Profile sync time Total time Time Windows spent reconciling user profile during logon.
Shell load
  • Start
  • End
  • Total Time
Windows provides the start time of the user shell load. The end time is when the explorer window is created.
Logon to hive load time Total time Metrics provide total time from when the logon starts to when the user registry hive is loaded.
Windows folder redirection
  • Start
  • End
  • Total Time
Metrics related to the time Windows folder redirection starts and is fully applied, as well as the total time to enable Windows folder redirection. This time can be high for the first time folder redirection has been applied or if new files are being uploaded to the redirected share.
Group policy time
  • User group policy apply time
  • Machine group policy apply time
Metrics related to applying group policy to the guest include the time it took to apply user group policy and machine group policy.
Profile metrics
  • Profile type: local, roaming, temporary
  • Profile size: number of files, number of folders, total megabytes
Metrics related to the user profile indicate the type of user profile and whether it is stored on the local machine, on a central profile store, or deleted after logoff.

The profile size includes metrics on the number of files, the total number of folders, and the total size in MB of the user profile.

Profile size distribution
  • Number of Files Between 0 and 1MB
  • Number of Files Between 1MB and 10MB
  • Number of Files Between 10MB and 100MB
  • Number of Files Between 100MB and 1GB
  • Number of Files Between 1GB and 10GB
A count of the number of files in various size ranges in the user profile.
Processes started during logon
  • Name
  • Process ID
  • Parent process ID
  • Session ID
These values are logged for each process that starts from the time the session starts until the logon is complete.
Group policy logon script time Total time Metrics related to executing group policy logon scripts report total time spent executing group policy logon scripts.
Group policy power shell script time Total time Metrics related to executing group policy power shell scripts indicate time spent executing group policy power shell scripts.
Memory usage
  • Available bytes: min, max, avg
  • Committed bytes: min, max, avg
  • Paged Pool: min, max, avg
WMI metrics related to memory usage during logon. Samplings are takings until logon is complete. Disabled by default.
CPU usage
  • Idle CPU: min, max, avg
  • User CPU: min, max, avg
  • Kernel CPU: min, max, avg
WMI metrics related to CPU usage during logon. Samplings are taken until logon is complete. Disabled by default.
Are logon scripts synchronous? Reports whether group policy logon scripts are executed synchronously or asynchronously to the logon.
Network connection status
  • Dropped
  • Restored
Reports whether the network connection is alive or disconnected.
Group Policy Software Installation
  • Asynchronous: True/False
  • Error Code
  • Total Time
Metrics related to group policy software installation indicate whether the installations are synchronous or asynchronous to the logon, if the installations succeeded or failed, and the total time spent installing software using group policy.
Disk Usage For Profile Volume
  • Disc space available for user
  • Free disk space
  • Total disk space
Metrics related to the disk usage on the volume where the user profile is stored.
Domain Controller Discovery
  • Error code
  • Total time
Domain controller related metrics. Error code indicates if there is a failure reaching the domain controller.
Estimated network bandwidth Bandwidth Value collected from Event ID 5327.
Network connection details
  • Bandwidth
  • Slow link threshold
  • Slow link detected: True/False
Values collected from Event ID 5314.
Settings that can affect logon time
  • Computer\Administrative Templates\Logon\Always wait for network at computer startup and logon
  • Computer\Administrative Templates\Logon\Run these programs at user logon
  • Computer\Administrative Templates\User Profiles\Wait for roaming user profile
  • Computer\Administrative Templates\User Profiles\Set maximum wait time for network if a user has a roaming profile or remote home directory
  • Computer\Administrative Templates\Group Policy\Configure Logon Script Delay
  • User\Admin Templates\System\Logon\Run these programs at user logon
  • User\Admin Templates\System\User Profiles\Specify network directories to sync at logon, logoff time only
Metrics from Horizon Agent, Persona Management, App Volumes VMware products that interact with Logon Monitor report custom metrics in the Logon Monitor logs. These metrics can help determine if one of these products might be contributing in a negative way to the logon time.

This table was acquired from the above link on VMware Website.

There are some other metrics you can gather as part of this but it does cause a bit of a performance hit on logon, but nothing anyone would notice. You can enable the following:

 CPU and memory metrics and Process Events and Logon Script Metrics

Those settings will require a bit more configuration. There are some configurations and customization you can do with Reg Keys on the master images. There are some Reg Keys you can create to customization to your deployment of this. VMware Link to settings. Here are the Reg keys that can be edited in the following location on each of the master images. The reg keys are located here: HKLM\Software\VMware, Inc.\VMware Logon Monitor

Below are the configuration values found at HERE

Logon Monitor Configuration Values
Registry Key Type Description
RemoteLogPath REG_SZ Path to remote share to upload logs. When logs are copied to remote log share they are placed in folders specified by the RemoteLogPath registry key. Example: \\server\share\%username%.%userdomain%. Logon Monitor creates the folders as needed. Disabled by default.

  • UNC Path to remote log FOLDER
  • Optional; if not configured, log is not uploaded.
  • Optional local environment variables supported.
Flags REG_DWORD This value is a bitmask to influence the behavior of the logon monitor.

  • The value to set or remove to enable or disable CPU and memory metrics is 0x4. Disabled by default.
  • The value to set or remove to enable process events and logon script metrics is 0x8. Disabled by default.
  • The value to set to enable or disable integration with Horizon 7 is 0x2. Enabled by default.
  • The value to set to disable crash dumps is 0x1. Dumps are written to C:\ProgramData\VMware\VMware Logon Monitor\Data. Disabled by default.
  • The value to set to create folders per user in remote path is 0x10. Disabled by default.
LogMaxSizeMB REG_DWORD Maximum size of the main log in MB. Default is 100 MB.
LogKeepDays REG_DWORD Maximum number of days to keep the main log before rolling it. Default is 7 days.

Inside registry it would look something like this.



This is where you can set the Remote Log path, and can set it to create custom named logs for each person, set number of days to keep, and max size.

This is where the product begins to shine. Now you can save all those logs in central location so you can run though them when you need too, rather than being lost when the user logs off.

Logon Monitor logs will look something like:



This will now help you with Logon troubleshooting. More to add to this in the near future!

About childebrandt42

I am a jack of all trades and a master of a few things. Manage a enterprise VDI deployment for a living. Automate things, work on my media server and fish for hobbies. Monkey tamer at home!
This entry was posted in Blogtober, Horizon, VDI, Virtulization and tagged , , , . Bookmark the permalink.