index.dat locked by winlogon.exe preventing roaming profiles to be completely unloaded on client PCs
Greetings,
We have a problem with the file index.dat(*) being locked by the process winlogon.exe preventing the profiles on the computer to be completely unloaded when logging off. Most of the time, after the user is logged off, we can't even manually delete this file
until a few minutes after logging off. So a script to automatically remove these files during log off is of no use unfortunately.
I searched the internet and saw a lot of people with this or similar issues, but either there was no response or the solutions didn't work for our environment.
The problem happens on all OS in our environment (Windows 2000, Windows XP, Windows 7) and all IE versions (IE 6, IE 7 and IE 8).
We tried the following:
- Creating a completely new profile (and obviously deleting everything from the computer itself)
- Disabling the anti-virus
- Using the latest version of UPHClean
- Specifically excluding the folders from roaming profiles (eventhough they are by default excluded)
(*) index.dat is found in the following folders:
- %USERPROFILE%\Cookies
- %USERPROFILE%\Local Settings\History\History.IE5\
- %USERPROFILE%\Local Settings\Temporary Internet Files\Content.IE5\
Kind regards,
Bram
January 28th, 2011 9:19am
Hello,
install user profile hive cleanup:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582&displaylang=en
Also keep in mind that this forum is for Windows server OS related questions and the Microsoft Answers forums are for client OS versions:
http://social.answers.microsoft.com/Forums/en-US/group/WindowsAnswersBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
January 28th, 2011 7:35pm
Greetings,
Thanks for the reply.
As mentioned in "We tried the following:" UPHClean has been installed on all clients.
I wasn't sure where to place this, should I make a new thread on the client OS forum or is there a way to get this moved there?
Thanks again,
Bram
January 31st, 2011 2:20am
Hello,
only moderators can move the thread, maybe they will do. I think it is faster if you create a new thread in the required forum.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
January 31st, 2011 3:45am
Hello,
I posted it in the answers but there only seem to be subsections per OS while it happens over my whole environment, a moderator on answers told me to post it on the Win 7 forum here so I did this too.
I also unmarked this thread as answered since it isn't answered, it's pretty frustrating to look for a problem on the internet and seeing threads with similar problems as you are having as answered without a working solution, so please do not mark this thread
as answered, I prefer you close or delete it if this doesn't belong here. But don't mark it as answered!
Thanks.
Bram
February 1st, 2011 2:36am
ok bam as a test just try to install a new computer without any third party tools and give a try ? se what happens usually the problem you are expecting might be from thord party you should see the similar applications intalled on all the pc.
http://www.virmansec.com/blogs/skhairuddin
Free Windows Admin Tool Kit Click here and download it now
February 1st, 2011 2:40am
Hello Syed,
The issue does seem to point to third party tools. When trying on a brand new installation there aren't any problems (even after logging in/out 30+ times), however every now and then there's a computer in our environment that doesn't have the problem eventhough
they're in the same section of the company (and thus have the same software).
I also did the following test-scenario:
(users are by default local admin on their computers in our environment, we're trying to reduce this but that's another issue)
User member of Administrators group:
- default situation, issue happens
User removed from Administrators group and computer rebooted:
- profiles seem to log off correctly, no remnant index.dat files after 20+ relogs
User re-added to Administrators group and computer rebooted:
- profiles still seem to log off correctly, no remnant index.dat files after 20+ relogs
I don't think the reboot is the reason for the problems dissapearing because some PCs in our environment automatically get rebooted every night. But I don't understand why removing/re-adding fixes the problem (for a while), I would've expected if removing from
local admins solves the problem, the problem would reappear once they're re-added.
If the issue is caused by third party software, how would I be able to see which problem is causing it? Because the issue doesn't happen EVERY log off (some users once every 3 log offs, others once every 2 weeks, etc) it's pretty hard to trace this?
Thanks for your assistance,
Bram
February 1st, 2011 5:37am
atlast the problem is segreagated now its sure that the third party appliaction is giving you the problem. You may find out which application is giving you the problem while logging of using Syinternals tool called process monitor, regmon or filemon.
http://www.virmansec.com/blogs/skhairuddin
Free Windows Admin Tool Kit Click here and download it now
February 1st, 2011 6:13am
Hello Syed,
I've used these tools previously and it just said the process was "winlogon.exe", so not third party related. It's very contradictory I know. :)
I also enabled the UsrEnvDebugging parameter and found errors similar to this:
USERENV(2f8.2fc) 10:02:43:970 Delnode_Recurse: Failed to delete directory <\\?\C:\Documents and Settings\username\Local Settings\Geschiedenis>. Error = 145
However this is an example that I saved because it was different (the directory instead of the .dat file), usually it's the same message but then with index.dat.
February 1st, 2011 7:27am
why dont u directly find out the Index.dat file amd delete it manaully and check the sysmptoms and let us know how it helpshttp://www.virmansec.com/blogs/skhairuddin
Free Windows Admin Tool Kit Click here and download it now
February 1st, 2011 7:48am
Syed,
Unfortunately that was already tried. Most of the time, after the user is logged off, we can't even manually delete this file until a few minutes after logging off. It's at that point that I tried to find out which process locks the file and we noticed it
was winlogon.exe.
Thanks for your continued assistance.
Bram
February 1st, 2011 7:57am