"The User Profile Service failed the logon. User profile cannot be loaded"
I have changed the registry as per knowledge base 947215 but now, other user profiles are not being shown at start up and they can't log in. Any answers other than restore the registry and try again?
May 11th, 2012 7:52am
I tried to go to a restore point but after trying three, none of which would restore, I tried to repair using Windows 7 disc but that had no effect, which is when I went to the Microsoft solutions. The problem appeared when I tried to log on in the
morning after turning the computer off the previous night but other than than I have no history.
Stuart
Free Windows Admin Tool Kit Click here and download it now
May 12th, 2012 6:11pm
I have now checked my events page and recorded this using Problem Steps Recorder. There is an error the night before the problem began and when I followed the on-line help, it took me to: http://social.technet.microsoft.com/wiki/contents/articles/3134.event-id-1530-user-profile-service.aspx
and then: http://support.microsoft.com/kb/947238 but this means nothing to me and offers no solutions. None of my restore points work they are all failing saying they have been unable to extract parts of files mainly from silverlight.
Stuart
May 14th, 2012 8:10am
Hi,
http://support.microsoft.com/default.aspx?scid=kb;EN-US;947238
This behavior occurs because Windows automatically closes any registry handle to a user profile that is left open by an application. Windows 7 does this when Windows 7 tries to close a user profile. Please check which application is listed in the event detail
that is leaving the registry handle open in Event log. Niki Han
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2012 3:40am
Please refer the Microsoft Tech net Article
http://social.technet.microsoft.com/wiki/contents/articles/10609.windows-cannot-load-your-profile-because-it-may-be-corrupted-you-may-be-logged-in-using-a-temporary-user-profile.aspx
This issue may occur if the user profile folder was deleted manually. A profile folder that is manually deleted does not remove the Security Identifier (SID) from the profile list
in the registry. For solving the above problem we used the third party utility called Reprofier.
Download link: http://nchc.dl.sourceforge.net/project/reprofiler/Beta%20Release/reprofiler.zip
Login with default login user account. Open the Reprofiler utility. Select the corrupted user profile and select assign as shown in figure.
And restart the machineRegards Jinish.K.G|HCL Infosystems LTD
May 15th, 2012 4:21am
Here is the data from the event log:
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 09/05/2012 23:32:19
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Stuart-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-1983506266-295851579-1332406256-1000:
Process 688 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1983506266-295851579-1332406256-1000
Process 688 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1983506266-295851579-1332406256-1000
Process 688 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1983506266-295851579-1332406256-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 688 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1983506266-295851579-1332406256-1000\Software\Microsoft\SystemCertificates\My
Process 688 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1983506266-295851579-1332406256-1000\Software\Microsoft\SystemCertificates\CA
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-05-09T22:32:19.762907100Z" />
<EventRecordID>62735</EventRecordID>
<Correlation />
<Execution ProcessID="1604" ThreadID="7268" />
<Channel>Application</Channel>
<Computer>Stuart-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">5 user registry handles leaked from \Registry\User\S-1-5-21-1983506266-295851579-1332406256-1000:
Process 688 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1983506266-295851579-1332406256-1000
Process 688 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1983506266-295851579-1332406256-1000
Process 688 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1983506266-295851579-1332406256-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 688 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1983506266-295851579-1332406256-1000\Software\Microsoft\SystemCertificates\My
Process 688 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1983506266-295851579-1332406256-1000\Software\Microsoft\SystemCertificates\CA
</Data>
</EventData>
</Event>
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2012 5:10am
The Reprofiler does not make any sense to me. I am not sure what profile to use as being the corrupted one having changed the registry as per knowledge base 947215. I have set up new user profiles and copied documents etc across but these new
user profiles cannot access control panel even when they were opened as administrators.
What joy!
May 15th, 2012 11:41am
As there have been no further posting since I showed the event log and my confusion about Reprofiler, does that mean everyone else is baffled?
Free Windows Admin Tool Kit Click here and download it now
May 28th, 2012 12:22pm
Post an output of whats running in memory (tasklist /M /FO LIST) and of services (tasklist /SVC /FO /LIST) here. or a snapsho using ProcessExplorer.
Post a gpresult /z here.
May 29th, 2012 4:32pm
I hope this helps. Process Explorer snapshot is in three parts, 1 here, 2+3 to follow:
Free Windows Admin Tool Kit Click here and download it now
May 30th, 2012 10:44am
Snapshop part 2 +3
May 30th, 2012 10:48am
In my experience, it is the 3rd paty applications that tend to cause profile roaming issues. iTunes has been the root of a lot of profile issues at my work place. Try disabling the Apple services for now to try - there's a lot of them and they
can be quite registry intensive.
I'd personally disable the Apple, Nuance PDF, KissTray, TomTom, psr.exe to see if the problem goes away. Then re-enable them one by one to see where/when the problem occurs.
HTH
Free Windows Admin Tool Kit Click here and download it now
May 30th, 2012 12:16pm
More problems. The other users can't access their documents. This morning at start-up message "Windows could not connect to the System Event Notification Service service.This event prevents standard users from logging on to the system.". The following was
copied from the Event Log:
Events Log 31.05.2012
Error 31/05/2012 08:55:06
Kernel-EventTracing 2
Session
Log Name: Microsoft-Windows-Kernel-EventTracing/Admin
Source: Microsoft-Windows-Kernel-EventTracing
Date: 31/05/2012 08:55:06
Event ID: 2
Task Category: Session
Level: Error
Keywords: Session
User: SYSTEM
Computer: Stuart-PC
Description:
Session "Homegroup Log" failed to start with the following error: 0xC0000035
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>2</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2012-05-31T07:55:06.119579300Z" />
<EventRecordID>5835</EventRecordID>
<Correlation />
<Execution ProcessID="1692" ThreadID="5864" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>Stuart-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SessionName">Homegroup Log</Data>
<Data Name="FileName">
</Data>
<Data Name="ErrorCode">3221225525</Data>
<Data Name="LoggingMode">285212677</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 31/05/2012 08:53:34
Event ID: 7022
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Stuart-PC
Description:
The Rapport Management Service service hung on starting.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
Log Name: System
Source: Service Control Manager
Date: 31/05/2012 08:53:44
Event ID: 7026
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Stuart-PC
Description:
The following boot-start or system-start driver(s) failed to load:
trufos
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7026</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2012-05-31T07:53:44.691435700Z" />
<EventRecordID>242845</EventRecordID>
<Correlation />
<Execution ProcessID="664" ThreadID="668" />
<Channel>System</Channel>
<Computer>Stuart-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">
trufos</Data>
</EventData>
</Event>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7022</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2012-05-31T07:53:34.957018600Z" />
<EventRecordID>242788</EventRecordID>
<Correlation />
<Execution ProcessID="664" ThreadID="668" />
<Channel>System</Channel>
<Computer>Stuart-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Rapport Management Service</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 30/05/2012 23:46:11
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Stuart-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1983506266-295851579-1332406256-1020_Classes:
Process 3644 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1983506266-295851579-1332406256-1020_CLASSES
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-05-30T22:46:11.149652000Z" />
<EventRecordID>66787</EventRecordID>
<Correlation />
<Execution ProcessID="1620" ThreadID="8504" />
<Channel>Application</Channel>
<Computer>Stuart-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-1983506266-295851579-1332406256-1020_Classes:
Process 3644 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1983506266-295851579-1332406256-1020_CLASSES
</Data>
</EventData>
</Event>
I feel my best option is to wipe the hard drive and re-install Windows but wonder if that is part of the problem. I have Vista Ultimate 64bit upgraded to Windows 7 Ultimate 64 bit. Would I be better installing full Windows 7 rather than upgrade?
May 31st, 2012 4:44am