• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 520
  • Last Modified:

Roaming profiles remaining on machines after log off

Hi,

In our scenario we have roaming profiles, but we have the GPO setting enabled to delete these profiles (computer config/admin templates/system/user profile/delete cached copies of roaming profiles set to enabled). This is set at the domain level of the organisation and there is only one domain. This is so that if the profile becomes corrupt there won't be any local remnants of it and we also found that as we're a uni campus with many students logging on to one machine we eventually end up with the hard disk becoming full!

However, if I look on to a machine I still see remnants of users profiles, but I also see folders that are something like %username%.%domainname%.001, %username%.%domainname%.002, %username%.%domainname%.003 where %username% is the username and %domainname% is the domain name. It looks like the folders are incrementing with each log on, which is actually the reverse of what we are trying to achieve! From this I'm assuming that the policy itself isn't working, but we're not getting any clues as to why. There's no event log messages saying that GPO's aren't being applied, no blocking of inheritance, etc. Two of us have been through the AD completely and double checked everything individually and we can't see anything wrong there, so any help would be very much appreciated.

Thanks
Ian
0
ian_chard
Asked:
ian_chard
1 Solution
 
ian_chardAuthor Commented:
I should also add that we've even created local policies on the machines too to double check and this is still happening.
0
 
MaasdrielCommented:
Usually this happens when a program keeps a lock on the registry (user.dat)

Install User Profile Hive Cleanup Service read the documentation to enable verbose modes in the event view to locate wich program is causing the problem.

If you can't solve the program wich is causing the problem you can always force to close any locks with this software, wich in return windows will be able to remove the profile after logoff.

http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582&DisplayLang=en
0
 
Netman66Commented:
Good point Maasdriel - this does cause some issues for sure.

You also want to check permissions to make sure they can delete their profile directory.  Sometimes the permissions get a little out of sync.


0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
ozegaCommented:
UPHCLEAN suggested above should be able to solve the problem. As suggested, it is important to also use UPHCLEAN to report in ebent logs, the name of the process keeping the file in use. This may enable you to find the root cause and if you can eliminate it, you will not need to install UPHCLEAN on all computers.
Other than that, I can just add that running  "gpresult" at command prompt on a  Windows XP workstation will provide you the list of Domain GPOs currently APPLIED on workstation. This would save you time in the future when trying to ensure a certain domain GPO is actually applied.
0
 
ian_chardAuthor Commented:
Thanks for the responses. Permissions are definitely ruled out, as I get the same problem and I'm domain admin, enterprise admin, etc, etc.

I've installed UPHC on my machine now and plan on trialling it tomorrow and Friday on some of our normal users machines to see if it cures things and will post back then with any events, etc or allocate points if it cures our problem.

Many thanks again
Ian

0
 
MaasdrielCommented:
Not sure how far you are with testing.

But heres some extra info.

If svhost.exe (or some other general windows related file) is causing the problem its more dificult to locate what the problem is.

You can do this by enabling this.

SOURCE README.TXT (C:\Program Files\UPHCLEAN\README.TXT)
--------------------------------------------------------------------------------------------------------------------
You can also have UPHClean log the call stack that is responsible for the
profile hive handle.  This is necessary to find out what software is
responsible for the hive handle in processes used for many purposes (e.g.
svchost.exe, dllhost.exe, winmgmt.exe).  To enable call stack logging use the
registry editor to set:

HKLM\System\CurrentControlSet\Services\UPHClean\Parameters\CALLSTACK_LOG to 1.

Logging the call stack is computationally and memory intensive.  You should use
this option to collect information and then turn it off.  To get more accurate
call stack logging it may be necessary to get symbols installed on the
computer.  You can read about getting symbols at:

http://www.microsoft.com/whdc/ddk/debugging/symbols.mspx
--------------------------------------------------------------------------------------------------------------------

An event msg could show up something like this:

SOURCE Eventlog
--------------------------------------------------------------------------------------------------------------------
The following handles opened in user profile hive DOMAIN\USER (S-1-5-21-111111111-11111111111-111111111-1111) are preventing the profile from unloading:
 
svchost.exe (1064)
  HKCU (0x3ac)
      0x77fab4b7 ADVAPI32!<no symbol>
      0x77f772b1 ADVAPI32!IsTextUnicode+0x9cb4
      0x77f46b20 ADVAPI32!RegOpenKeyExW+0xa8
      0x77f4773e ADVAPI32!RegOpenKeyW+0x2f
      0x77f4b2dc ADVAPI32!SaferComputeTokenFromLevel+0x587
      0x77f4b296 ADVAPI32!SaferComputeTokenFromLevel+0x541
      0x77f49e9e ADVAPI32!IdentifyCodeAuthzLevelW+0xd9
      0x7c819653 kernel32!BasepCheckWinSaferRestrictions+0x17e
      0x7c818d2c kernel32!GetNlsSectionName+0x10cb
      0x77f67838 ADVAPI32!CreateProcessAsUserW+0xc3
      0x76a642fd rpcss!<no symbol>
      0x76a5deaf rpcss!<no symbol>
      0x77da9dc9 RPCRT4!CheckVerificationTrailer+0x75
      0x77e2321a RPCRT4!NdrStubCall2+0x215
      0x77e236ee RPCRT4!NdrServerCall2+0x19
      0x77da988c RPCRT4!NdrGetTypeFlags+0x1c9
      0x77da97f1 RPCRT4!NdrGetTypeFlags+0x12e
      0x77da971d RPCRT4!NdrGetTypeFlags+0x5a
      0x77dabd0d RPCRT4!NdrConformantArrayFree+0x42e
      0x77dabb6a RPCRT4!NdrConformantArrayFree+0x28b
      0x77da6784 RPCRT4!I_RpcBCacheFree+0x14c
      0x77da6c22 RPCRT4!I_RpcBCacheFree+0x5ea
      0x77da6a3b RPCRT4!I_RpcBCacheFree+0x403
      0x77da6c0a RPCRT4!I_RpcBCacheFree+0x5d2
      0x7c80b50b kernel32!GetModuleFileNameA+0x1b4
--------------------------------------------------------------------------------------------------------------------

If this is the case you will need to install "Debugging Tools for Windows".
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx  (32bit)
http://www.microsoft.com/whdc/devtools/debugging/install64bit.mspx (64bit)

And the symbols for the corresponding Windows OS version.
http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx

And debug the information to locate the true problem.

Hope this helps.

Respectfully,
Maasdriel
0
 
ian_chardAuthor Commented:
Points awarded to Maasdriel as he was the first to reply to use UPHCleaner, this resolved the issue on the test clients.

Many thanks
Ian
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now