RE: Corrupt Profiles lead to nearly empty desktops, Win2k3 & XPSP1
- From: "Kune" <Kune@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 9 Nov 2005 02:12:03 -0800
This is what I get without enabling any further Logging Options:
Ereignistyp: Informationen
Ereignisquelle: UPHClean
Ereigniskategorie: Keine
Ereigniskennung: 1401
Datum: 08.11.2005
Zeit: 19:17:44
Benutzer: SALUS03\tmf103
Computer: WST-03-069
Beschreibung:
The following handles in user profile hive SALUS03\tmf103
(S-1-5-21-2809045491-4103733910-460318220-1174) have been remapped because
they were preventing the profile from unloading successfully:
svchost.exe (912)
HKCU (0x3b0)
Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter
http://go.microsoft.com/fwlink/events.asp.
Sorry: It's in german! Later that day I will turn on some more log options
and post the result!
"hunt01@xxxxxxxxxxxxxxxx" schrieb:
> Thanks for the reply. We have XP Pro SP1, and no roaming profiles, but it's
> a problem here too.
>
> Basic software includes:
> Scalable Software "Survey" software
> McAfee v7.0
> ...not that much else, really. A few components and software, but not a lot
> of kernel-level stuff.
>
> We do have waituntilservicekill:
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
> "WaitToKillServiceTimeout"="3000"
>
> but that's a pretty good wait there.
>
> What does your UPHClean logs (be sure to turn on CallStackLog feature) show?
> Anything interesting pointing to the service or software causing the issue?
> It should... go over the UPHClean docs and turn on everything and you should
> get some detailed reports.
>
>
>
> "Kune" wrote:
>
> > I'm getting exactly the same error in our domain!
> >
> > During last weekend we relaunched aur Network with Server 2003 and XP Pro
> > SP2 and set up 100 machines with 5 servers. Yesterday we were enabled rhe
> > roaming Profiles for each user an had the same symptoms! My way of getting
> > rid of the problem seemed to be the same as yours: Installing UPHclean
> > service as described in KB837115 But without any effect. Our workarround was
> > to disable the roaming profiles wich is not a satisfying situation. I also
> > changed the Reg Key "waituntilservicekill" to 1000 on a testmachine but I
> > assume that the profiles still won't close clean. Some details to our
> > enviroment:
> >
> > All system are P4 2,8 or 3 GHz with 512 MB RAM on a Intel 845G Chipset (ASUS
> > P5P800VM)
> > We are using Kaspersky AV Version 5.x with Administrator Kit 5.x
> > All machines have Office 2003 SBE installed
> > UltraVNC inkl. HookDriver
> > Adobe Acrobat Reader 7.05
> > 20% of the system have some individual software installed
> >
> > The Server Systems are running on Server 2003 SP1
> >
> > I hope anyone has an approach for a solution.
> >
> > "hunt01@xxxxxxxxxxxxxxxx" schrieb:
> >
> > > Basic problem a user sees: The user logs in and gets a blank desktop with no
> > > drive mappings and no desktop shortcuts or Internet Explorer Favorites.
> > >
> > > Technical problem: The profile is locked and will not unload, so the next
> > > time the user logs in, another new (empty) profile is made for the user, and
> > > the user is told either that they're being logged in with a temporary
> > > profile, or a similar error message. A string of profile directories can be
> > > created (username, username.000, username.001, etc.) in the Documents and
> > > Settings directory, and technical support must spend time fixing the impacted
> > > user by copying over user data, desktop icons, internet shortcuts,
> > > reconfiguring software, and the like.
> > >
> > > Error message:
> > > Event Type: Error
> > > Event Source: Userenv
> > > Event Category: None
> > > Event ID: 1517
> > > Description:
> > > Windows saved user ComputerName\UserName registry while an application or
> > > service was still using the registry during log off. The memory used by the
> > > user's registry has not been freed. The registry will be unloaded when it is
> > > no longer in use. This is caused by services running as a user account, try
> > > configuring the services to run in either the LocalService or NetworkService
> > > account.
> > >
> > > Overview:
> > >
> > > Profiles do not unload successfully, so Microsoft Support KB 837115 was
> > > consulted. (http://support.microsoft.com/default.aspx?scid=kb;en-us;837115)
> > > ;
> > > UPHClean was installed on the impacted machines, and logging was turned on in
> > > order to see what programs or threads had a lock on the user profile.
> > >
> > > Here is the list of threads that are locking the profile open, per
> > > Microsoft's UPHClean, error 1201:
> > >
> > > Event Type: Information
> > > Event Source: UPHClean
> > > Event Category: None
> > > Event ID: 1201
> > > Date: 8/17/2005
> > > Time: 4:06:26 PM
> > > User: XXYYZZ\XXYYZZ
> > > Computer: XXYYZZ
> > > Description:
> > > The following handles in user profile hive XXYYZZ\XXYYZZ
> > > (S-1-5-21-4135613065-917552800-1533411840-18239) have been closed because
> > > they were preventing the profile from unloading successfully:
> > >
> > > svchost.exe (684)
> > > HKCU (0x4a0)
> > > 0x77e2a1aa ADVAPI32!CredFree+0x6c1
> > > 0x773418c0 comctl32!InitCommonControlsEx+0x1f7
> > > 0x773424bb comctl32!RemoveWindowSubclass+0x4e5
> > > 0x77341a0c comctl32!InitCommonControlsEx+0x343
> > > 0x77f56771 ntdll!RtlCreateHeap+0xf20
> > > 0x77f6151e ntdll!LdrGetProcedureAddress+0x5b6
> > > 0x77f570e0 ntdll!LdrLoadDll+0x1c5
> > > 0x77e7d854 kernel32!LoadLibraryExW+0xc8
> > > 0x77e73b70 kernel32!LoadLibraryW+0xd
> > > 0x7cd532fb SHELL32!Ordinal646+0x8ff
> > > 0x7cd29cea SHELL32!Ordinal517+0x29cea
> > > 0x77f5b42c ntdll!LdrInitializeThunk+0x24
> > > 0x77f56771 ntdll!RtlCreateHeap+0xf20
> > > 0x77f6151e ntdll!LdrGetProcedureAddress+0x5b6
> > > 0x77f570e0 ntdll!LdrLoadDll+0x1c5
> > > 0x77e7d854 kernel32!LoadLibraryExW+0xc8
> > > 0x77e73b70 kernel32!LoadLibraryW+0xd
> > > 0x7641ae0d msi!MsiAdvertiseScriptW+0x2a6b
> > > 0x7642853f msi!MsiEnumProductsW+0x4878
> > > 0x764209a3 msi!MsiAdvertiseScriptW+0x8601
> > > 0x00350046 <no module>!<no symbol>
> > >
> > >
> > > For more information, see Help and Support Center at
> > > http://go.microsoft.com/fwlink/events.asp.
> > >
> > > This is consistent across many, many machines. Users still get corrupt
> > > profiles, even after UPHClean is installed. The list of threads keeping a
> > > profile open can be seen almost every time some users log out of an impacted
> > > machine.
> > >
> > > I need to know what is causing these locked profiles. Does the list of
> > > threads locking the profile tell anyone anything? Can a Microsoft DS Support
> > > Professional tell me anything more from a KB search?
> > >
> > > USERENVDEBUGLEVEL = 10002 will be set on a few hundred PCs in the domain,
> > > and I'm hopeful that the userenv.log files will tell me something; is anyone
> > > aware of a tool to parse those files for profile errors or issues?
> > >
> > > Thank you.
> > >
.
- References:
- Prev by Date: Re: DDNS ok with Jetdirect HP??
- Next by Date: RE: SOLUTION
- Previous by thread: RE: Corrupt Profiles lead to nearly empty desktops, Win2k3 & XPSP1 Cli
- Next by thread: RE: Corrupt Profiles lead to nearly empty desktops, Win2k3 & XPSP1
- Index(es):
Relevant Pages
|
