"Account Unknown" on Windows XP client machine, once user account deleted on Server and then recreated, following profile corruption

Thanks for the prompt answer.  I understand your point and I am aware of SID's and how they work, but when a WinXP account becomes corrupt (for reasons beyond my comprehension - e.g. it starts to forget settings between logins, and the email account stops receiving Exchange email, even though http://<server>/exchange correctly displays new Exchange email), there is no alternative but to delete it, right?  Or can accounts be fixed??

If I am wrong in this, please can you correct my understanding.

Thanks.

Ask yourself how much of your time and lost productivity you have had doing this and figure it's cost.  If it's more than $250, then stop wasting time and call Microsoft.  If they can't help or if it's NOT a publicly available hotfix, insist on a refund (I've always gotten one), but odds are, they CAN help.

I personally have never seen the problem you speak of, but I've worked in large and small environments with Exchange and never seen the issue.  

I'll amend that, see if someone here can help you first, but as a rule, if you're going to waste $250 of time and productivity "working around" an issue, you should call Microsoft instead to get the issue FIXED.

Thanks for the prompt response again.  In each of the last four companies I've worked for (Andersen Consulting, Chase Manhattan Bank, JPMorgan, Barclays Capital), this has been an issue with roaming profiles, dating back to the mid 1990's.

At each firm, the only solution we could come up with (and a lots were MS certified, by the way), was to blow away the profile and re-create it.  I'm surprised that you've never seen this before, but I take your word for it.

I've just joined EE for the first time today, and am hoping that this forum will provide the answer.

And one annoying thing about MS certification - it's little more than saying you know how to run MS products - they don't give you any "extra" troubleshooting tools or information.  MS has access to those types of things.  I had once screwed up a disk partition and by weekend's end, MS had really saved my butt, contacting engineers who understood how partitions worked and instructing me, using a byte level editor, how to recover the partition I lost.

Thanks leew, I appreciate it.  Your powers are clearly far more advanced than mine.

I'm just puzzled at how tricky this one is proving to be.  I'm wondering if perhaps my knowledge is inferior (probably is) or whether it's a genuine Windows "feature".  I would be sooooo happy to know the answer..........  What's weird is that it seems to happen at random.  An account that has been fine for ages suddenly gets afflicted by losing settings between logins, loading the Temp profile, Exchange not working etc. etc. and then sometimes I can fix it - and sometimes I can't.  I'd figure that it must be somethign Iwas doing to the system, if I hadn't seen it happen on so many occasions.  On one occasion we had Microsoft on site at Chase in London and they had no clue how to fix it.  The only solution they came up with was to create new account with a different login ID....  i.e. they effectively couldn't accommodate our company's ID naming policy.

BTW coincidentally I ran chkdsk just this morning and it seemed fine.

I may have to resort to making a support call to Microsoft but alas they won't be open for business until tomorrow.  Was rather hoping to get it fixed once and for all today.

Thanks again.

MS Support is open 24x7 - I've spent some LONG nights talking with them.

Some things to check first:

Event Logs on the server and workstation.  Any errors?
What happens if they log in to another workstation?  As i understand, web mail is working?
What's common?  I understand wanting to get this resolved today, but assuming we can't (with one of those annoyingly difficult questions like this), get yourself a notebook.  Then write down all the information you can (or open an Excel sheet, whatever).  

Username affected, Date you created the account, Exchange server they are on, workstation they connected from, groups the user is a part of, any special security settings, DNS settings for the workstation, Event log messages (anything related to authentication and/or networking), whether you were able to fix it and what EXACTLY you did, permissions on the user's folder.

What exactly is the error message when the temp profile is loaded?

My word.  Thanks again for the prompt response!  I'd love to give you the points already hehehe.

BTW I am no longer working in a huge corporation - I now run a small business (having got sick of the corporate world) with just one Windows 2003 server and eight workstations on a small network - just two switches and a broadband router, so nothing really complicated about DNS or subnets or the usual corporate headaches.

BTW #2, I am in Cambridge, England, just so you know where I am in the world; it's currently 5pm and I'll be here for a few hours.  Sigh.

In terms of which workstation, it was the very same one that the person usually works at.  It was my acccount in fact...  Permissions on the user's folder are now set to "Full Control" for "Everyone".  I've also given the same permissions to the master copy of the profile on the server.  Obviously these permissions are only for the purpose of fixing this issue.

The error logs say:

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1508
User:            NT AUTHORITY\SYSTEM
Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.
DETAIL - The process cannot access the file because it is being used by another process.  for C:\Documents and Settings\mathew.dowell\ntuser.dat

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1502
Description:
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.
DETAIL - The process cannot access the file because it is being used by another process.


Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1515
Description:
Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Two quite different errors - but same net effect in each case.


Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1511
Description:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.


The messages do NOT appear on the first login.  Only on the second login.  Thereafter it's a bit non-deterministic - sometimes they appear, sometimes they don't, sometimes I can log in fine ... sometimes I can't.

Sorry if this confuisng you.  It's confusing the hell out of me!


Actually, I've just found something in the logs that looks suspicious:

Event Type:      Warning
Event Source:      Userenv
Event Category:      None
Event ID:      1525
Description:
Windows has detected that Offline Caching is enabled on the Roaming Profile share - to avoid potential profile corruption, Offline Caching must be disabled on shares where roaming user profiles are stored.


I've checked this out on Microsoft's support website which says:
MORE INFORMATION
The warning is recorded in the log to notify the administrator that it is possible for the client to cache files from that share. Although you cannot set caching on Windows NT 4.0-based shares, Client Side Caching (CSC) interprets the lack of caching options as manual caching. Therefore, as far as CSC is concerned, the Windows NT 4.0-based share is cacheable. This can permit profiles to be cached. The warning notifies administrators of this issue.

You can ignore this warning.


My powers are not sufficient to understand in detail what this means.

I've had many problems with Offline file access.  So many, I usually disable it in group policy (This is one of the areas - offline files - I'm not currently an expert in).  I would suggest disabling it and seeing if that helps.

A great resource for Event ID errors, check out www.eventid.net

Sounds interesting.  I had never heard of this until now.  I'm searching for it in the Help Centre, but no results.  Could you explain more about which group policy setting to change?

I just disable it entirely.
http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prde_ffs_phvy.asp

OK, I'll try this out.  Do you share my confusion at Microsoft's naming conventions?  I had always assumed Offline Files referred to offline content downloaded by Internet Explorer, in the days when everybody had dial-up modems.  I guess I just learned something.

By the way, I just deleted the local profile folder, plus the server's master copy, again - and logged in just fine this time.  Don't know if the problem is solved, but I'm keeping my fingers crossed.

I've no idea if this solution has specifically solved the problem, but it does seem to have gone away now.  On that basis, I guess you should have the points!

Thanks a lot.

How often does this happen?  If frequently, give it some time before accepting an answer.

Thanks again leew.  I've been trying to solve this issue for a number of years.  It seems to happen irregularly, and randomly. There seems to be no specific cause.  Generally a user will just log on to the Windows domain at the same machine as per usual, and the first symptom is that the user's profile cannot be downloaded or found due to a permissioning problem.  The only prior solution I've found is to give the user full Administrator pemissions over the local machine and then delete their profile directory on both the server and the local machine; then log out and back in, and remove Administrator permissions, but then carefully re-applying Full Control for that user over their brand-new profile directories, both on the server and the client machine.  Sometimes, though, even this fails, at which point I blow away the profile on the server and then have the painful task of deleting all copies of their roaming profile, plus the server profile directory, and then *crossing* *fingers* re-creating the account on the server, and hoping the problem goes away.  This is usually when the "Account Unknown" issue appears - but I do not know where this information comes from.  Presumably there's some kind of repository of information in the Registry, or in the Windows directory.  It's often impossible to delete the "Account Unknown" instances; but I find that logging in as the LOCAL machine administrator sometimes gets round the problem.  By persistent tinkering with permissions I can generally get the issue to go away, but obviously the irritation is that the user loses all their settings, cookies, preferences etc. etc.  This time the issue was particularly difficult to resolve, which is why I made the original post on this site.  It seems to have gone away - but I cannot tell if this is because of your suggestion (which never would have occurred to me) or because the permissions I was playing around with somehow "took hold" on the next restart.

Does that make sense?  All in all, it's been confusing me for a long long time................

I like the one time leew found something it turned out to be corruption, and the fact his cats can become MCSE's.

The problem:  some files must be protected with no-write access, but this locks out exercising the hysterises of the bits stored on disk.  Entropy sets in and they corrupt.

I wonder if Microsoft is ever going to address this problem.

Just for general reference, I'm posting this here, after decades of fixing disk problems and nightmarish intermittent and authentication/logging and/or speed problems:

http://www.Musics.com/manhtml/Windows/TwilightZone/ProcedureCrashFix.html#Procedure

Just read the section below on why disks become corrupt.  Add to that when a disk gets within 70% of full on Windows systems, it slows down naturally as it seeks things that are spread out all over the disk platter.

And which cat is Cisco Certified?

I respect Cisco certs.  They are FAR more meaningful.  If you reread my comment I said "My cats could be MS Certified."

And while disks COULD get corrupt, it's not generally a random experience.  Corruption typically has far more obvious causes, such as power failures during a write or BIOS not able to read the disk properly.