Solved

Problems logging off and logging back on - due to UPH clean (it appears)

Posted on 2006-11-03
1
441 Views
Last Modified: 2008-02-20
I need to know what is causing this event in app event viewer and how to correct the problem.  The following occurred yesterday - earliest (first) entry was at 3:38:41... entry every second until 3:41:23.  The day before it occurred on another user.... same info in each entry.

Event Type:      Information
Event Source:      UPHClean
Event Category:      None
Event ID:      1401
Date:            11/2/2006
Time:            3:41:23 PM
User:            HOWARDSHEPPARD\lisa
Computer:      HSIWIN
Description:
The following handles in user profile hive HOWARDSHEPPARD\lisa (S-1-5-21-1198605736-1630746206-1236467883-1162) have been remapped because they were preventing the profile from unloading successfully:
 
spoolsv.exe (1000)
  HKCU\Software\Lexmark\PCLPlugIn\Lexmark E240 XL\Watermark (0x983c)
      0x77fb6221 ADVAPI32!ElfFlushEventLog+0x1d9a
      0x77fb5c5b ADVAPI32!ElfFlushEventLog+0x17d4
      0x77f67ea9 ADVAPI32!RegCreateKeyExW+0xc0
      0x5000b1cc <no module>!<no symbol>
      0x5000b262 <no module>!<no symbol>
      0x50001f76 <no module>!<no symbol>
      0x767b7d27 UNIDRVUI!DrvUpgradePrinter+0x1693
      0x767adb1e UNIDRVUI!DrvSplDeviceCaps+0x2af5
      0x767b3234 UNIDRVUI!DrvConvertDevMode+0x5e
      0x7406df2e SPOOLSS!CallDrvDevModeConversion+0x103
      0x7403d5aa win32spl!InitializePrintProvidor+0xbc24
      0x7403728b win32spl!InitializePrintProvidor+0x5905
      0x7403f298 win32spl!InitializePrintProvidor+0xd912
      0x740407d0 win32spl!InitializePrintProvidor+0xee4a
      0x740413cb win32spl!InitializePrintProvidor+0xfa45
      0x74041e75 win32spl!InitializePrintProvidor+0x104ef
      0x74041fa6 win32spl!InitializePrintProvidor+0x10620
      0x74041ff0 win32spl!InitializePrintProvidor+0x1066a
      0x74071077 SPOOLSS!AddPrinterConnectionW+0x4d
      0x01007f7a spoolsv!YSetJob+0x314
      0x01006f44 spoolsv!YGetPrinterDriverDirectory+0x133d
      0x77c70f3b RPCRT4!NdrServerInitialize+0x462
      0x77ce23f7 RPCRT4!NdrStubCall2+0x217
      0x77ce26ed RPCRT4!NdrServerCall2+0x19
      0x77c709be RPCRT4!I_RpcGetBuffer+0x1d8
      0x77c7093f RPCRT4!I_RpcGetBuffer+0x159
      0x77c70865 RPCRT4!I_RpcGetBuffer+0x7f
      0x77c734b1 RPCRT4!NDRCContextMarshall+0x46f
      0x77c71bb3 RPCRT4!RpcRevertToSelfEx+0x6a6
      0x77c75458 RPCRT4!I_RpcBindingIsClientLocal+0x68b
      0x77c5778f RPCRT4!NdrOleFree+0x3c5
      0x77c5f7dd RPCRT4!I_RpcTransGetThreadEvent+0x188
      0x77c5de88 RPCRT4!I_RpcLogEvent+0xe92
      0x77e6608b kernel32!GetModuleFileNameA+0xeb
  HKCU\Software\Lexmark\PCLPlugIn\Lexmark E240 XL\Watermark (0x9854)
      0x77fb6221 ADVAPI32!ElfFlushEventLog+0x1d9a
      0x77fb5c5b ADVAPI32!ElfFlushEventLog+0x17d4
      0x77f67ea9 ADVAPI32!RegCreateKeyExW+0xc0
      0x5000b1cc <no module>!<no symbol>
      0x5000b262 <no module>!<no symbol>
      0x50001f76 <no module>!<no symbol>
      0x767b7d27 UNIDRVUI!DrvUpgradePrinter+0x1693
      0x767adb1e UNIDRVUI!DrvSplDeviceCaps+0x2af5
      0x767a7fdd UNIDRVUI!DrvDocumentPropertySheets+0x859
      0x767a7f45 UNIDRVUI!DrvDocumentPropertySheets+0x7c1
      0x767a9553 UNIDRVUI!DrvDeviceCapabilities+0x122c
      0x767a8342 UNIDRVUI!DrvDeviceCapabilities+0x1b
      0x761428f0 localspl!SplSetPrinterDataEx+0x3af
      0x761422c1 localspl!SplSetPrinter+0x19a3
      0x76140c5c localspl!SplSetPrinter+0x33e
      0x74069039 SPOOLSS!SetPrinterW+0x79
      0x01005681 spoolsv!YGetPrinter+0x710
      0x010055f3 spoolsv!YGetPrinter+0x682
      0x77c70f3b RPCRT4!NdrServerInitialize+0x462
      0x77ce23f7 RPCRT4!NdrStubCall2+0x217
      0x77ce26ed RPCRT4!NdrServerCall2+0x19
      0x77c709be RPCRT4!I_RpcGetBuffer+0x1d8
      0x77c7093f RPCRT4!I_RpcGetBuffer+0x159
      0x77c70865 RPCRT4!I_RpcGetBuffer+0x7f
      0x77c734b1 RPCRT4!NDRCContextMarshall+0x46f
      0x77c71bb3 RPCRT4!RpcRevertToSelfEx+0x6a6
      0x77c75458 RPCRT4!I_RpcBindingIsClientLocal+0x68b
      0x77c5778f RPCRT4!NdrOleFree+0x3c5
      0x77c5f7dd RPCRT4!I_RpcTransGetThreadEvent+0x188
      0x77c5de88 RPCRT4!I_RpcLogEvent+0xe92
      0x77e6608b kernel32!GetModuleFileNameA+0xeb
  HKCU\Software\Lexmark\PCLPlugIn\Lexmark E240 XL\Watermark (0x9874)
      0x77fb6221 ADVAPI32!ElfFlushEventLog+0x1d9a
      0x77fb5c5b ADVAPI32!ElfFlushEventLog+0x17d4
      0x77f67ea9 ADVAPI32!RegCreateKeyExW+0xc0
      0x5000b1cc <no module>!<no symbol>
      0x5000b262 <no module>!<no symbol>
      0x50001f76 <no module>!<no symbol>
      0x767b7d27 UNIDRVUI!DrvUpgradePrinter+0x1693
      0x767adb1e UNIDRVUI!DrvSplDeviceCaps+0x2af5
      0x767a7fdd UNIDRVUI!DrvDocumentPropertySheets+0x859
      0x767a7f45 UNIDRVUI!DrvDocumentPropertySheets+0x7c1
      0x767a9553 UNIDRVUI!DrvDeviceCapabilities+0x122c
      0x767a8342 UNIDRVUI!DrvDeviceCapabilities+0x1b
      0x76141afd localspl!SplSetPrinter+0x11df
      0x76140c5c localspl!SplSetPrinter+0x33e
      0x74069039 SPOOLSS!SetPrinterW+0x79
      0x01005681 spoolsv!YGetPrinter+0x710
      0x010055f3 spoolsv!YGetPrinter+0x682
      0x77c70f3b RPCRT4!NdrServerInitialize+0x462
      0x77ce23f7 RPCRT4!NdrStubCall2+0x217
      0x77ce26ed RPCRT4!NdrServerCall2+0x19
      0x77c709be RPCRT4!I_RpcGetBuffer+0x1d8
      0x77c7093f RPCRT4!I_RpcGetBuffer+0x159
      0x77c70865 RPCRT4!I_RpcGetBuffer+0x7f
      0x77c734b1 RPCRT4!NDRCContextMarshall+0x46f
      0x77c71bb3 RPCRT4!RpcRevertToSelfEx+0x6a6
      0x77c75458 RPCRT4!I_RpcBindingIsClientLocal+0x68b
      0x77c5778f RPCRT4!NdrOleFree+0x3c5
      0x77c5f7dd RPCRT4!I_RpcTransGetThreadEvent+0x188
      0x77c5de88 RPCRT4!I_RpcLogEvent+0xe92
      0x77e6608b kernel32!GetModuleFileNameA+0xeb
  HKCU\Software\Lexmark\PCLPlugIn\Lexmark E240 XL\Watermark (0x9884)
      0x77fb6221 ADVAPI32!ElfFlushEventLog+0x1d9a
      0x77fb5c5b ADVAPI32!ElfFlushEventLog+0x17d4
      0x77f67ea9 ADVAPI32!RegCreateKeyExW+0xc0
      0x5000b1cc <no module>!<no symbol>
      0x5000b262 <no module>!<no symbol>
      0x50001f76 <no module>!<no symbol>
      0x767b7d27 UNIDRVUI!DrvUpgradePrinter+0x1693
      0x767adb1e UNIDRVUI!DrvSplDeviceCaps+0x2af5
      0x767a7fdd UNIDRVUI!DrvDocumentPropertySheets+0x859
      0x767a7f45 UNIDRVUI!DrvDocumentPropertySheets+0x7c1
      0x767a9553 UNIDRVUI!DrvDeviceCapabilities+0x122c
      0x767a8342 UNIDRVUI!DrvDeviceCapabilities+0x1b
      0x76141bb4 localspl!SplSetPrinter+0x1296
      0x76140c5c localspl!SplSetPrinter+0x33e
      0x74069039 SPOOLSS!SetPrinterW+0x79
      0x01005681 spoolsv!YGetPrinter+0x710
      0x010055f3 spoolsv!YGetPrinter+0x682
      0x77c70f3b RPCRT4!NdrServerInitialize+0x462
      0x77ce23f7 RPCRT4!NdrStubCall2+0x217
      0x77ce26ed RPCRT4!NdrServerCall2+0x19
      0x77c709be RPCRT4!I_RpcGetBuffer+0x1d8
      0x77c7093f RPCRT4!I_RpcGetBuffer+0x159
      0x77c70865 RPCRT4!I_RpcGetBuffer+0x7f
      0x77c734b1 RPCRT4!NDRCContextMarshall+0x46f
      0x77c71bb3 RPCRT4!RpcRevertToSelfEx+0x6a6
      0x77c75458 RPCRT4!I_RpcBindingIsClientLocal+0x68b
      0x77c5778f RPCRT4!NdrOleFree+0x3c5
      0x77c5f7dd RPCRT4!I_RpcTransGetThreadEvent+0x188
      0x77c5de88 RPCRT4!I_RpcLogEvent+0xe92
      0x77e6608b kernel32!GetModuleFileNameA+0xeb


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:lisaj599
1 Comment
 
LVL 82

Accepted Solution

by:
oBdA earned 500 total points
Comment Utility
That's not a problem of UPHClean; UPHClean is just displaying the symptoms, it's not the cause.
UPHClean checks whether there are still handles to the registry open when a user logs off, as this will prevent the profile from unloading. If it finds open handles, it tries to remap them to the local system account (if I remember correctly).
The cause here seems to be the Lexmark 240 driver, that upon the user logoff doesn't close the registry handles it opened before.
First thing to check is if there's an updated driver available.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now