Link to home
Create AccountLog in
Avatar of ajthomas12
ajthomas12

asked on

windows server 2003 profile locking due to anti virus scan

Our Windows server 2003 server gives us profile locking errors when our anti virus is ran.  When a user tries to login to a terminal which uses Remote Desktop Protocol we will get the error "Windows cannot log you on because your profile cannot be loaded.  Check that you are connected to the network, or that your network is functioning correctly.  If this problem persists, contact your network administrator."

We have tried Norton , Nod32, and Avast anti virus software and running scans with them have all resulted in profiles being locked.  uhg!

So far the only solution we have found to eliminate the problem is to run without anti virus software.

ANY ideas to try to remedy this situation that you may have would be greatly appreciated.

Thanks,
~AJ
Avatar of Farhan Kazi
Farhan Kazi
Flag of Australia image

You can exclude "C:\Documents and Settings" from Anti virus scanning. In NOD32 may be you can find it in scanning targets option/tab.

http://www.nod32-av.com/setup/NOD32%202.5%20Setup%20Tutorial.htm

In Norton you can find steps on following website:
http://service1.symantec.com/Support/nav.nsf/docid/199829164436
Is this your AV software checking the files when they are being opened? You could try setting your AV the scan files on write rather than on read. This is certainly possible with Sophos AV but I don't know about others.
Avatar of ajthomas12
ajthomas12

ASKER

This might prevent the profile locking but wouldn't it effectively nullify the anti virus effectiveness as well?  

I don't think this is what I am looking for.

Any other ideas?
SOLUTION
Avatar of Farhan Kazi
Farhan Kazi
Flag of Australia image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
On the basis that any virus would have to be 'written' to the server hard disk before it could be loaded and executed, the server would still be fully protected.
We last scanned on Sunday night, with no terminals logged in, and no backup being run.  Monday morning we had several profile locking errors.

~AJ
Are you certain that this issue is caused by the AV software? What type of profiles do the users have?

There is a tool called Policy Reporter (http://www.sysprosoft.com/policyreporter.shtml), which can be very useful in isolating problems with user profiles and group policy.
We are relatively certain.  We had been running the server without any AV scans being done for several weeks and had no problems.

~AJ
Does your AV do 'on-access' scanning as well as scheduled scans?
Do your users use local, roaming or mandatory profiles?
Thanks for the link ajbritton.

I don't know if it will help me however.  I'm not that savvy.

I was hoping to find someone else who has run into this and was able to fix it.

Do you know what kind of profiles are in use? It should be possible to find this out as follows;

1 - Log on to the server as an admin level user
2 - Right click the My computer icon and select properties
3 - Select the Advanced tab
4 - Click the Settings button in the User Profiles area
5 - You should now see a list of user profiles with their size, type and status.

If the profiles are described in the list as 'roaming' then you need to find out where they are stored. You can do this by looking at individual user accounts in 'Active Directory Users & Computers', going to the Profile tab and looking at the profile entry.

ajbritton,

I'm not sure if my AV will do 'on-access' scanning.  (What does that mean?)

Most profiles are Local.  It looks like I have a few Mandatory profiles but I don't know why or how that happened.

~AJ
ajbritton,

What's the difference between Local and Mandatory profiles?

Which is better?

I'm going to try to set up our anti-virus to scan everything except the ntuser.dat file, or something along those lines.  I'll report the results here on Monday, 07-02-07.

Thanks for your help so far.
~AJ
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ajbritton,

Thanks for all the info.

I decided to postpone my next test until July 8th, with the results being posted on July 9th due to the fact that we already have a busy busy Monday planned for July 2nd and if we get profile locking errors in addition to that it would not be good.  I thank you for your patience on this.

Interesting note:  We have been performing AV scans on one of our two terminal servers as we always have and we haven't had a profile lock for at least the last two weeks.  Could MS have finally fixed something?  Could Norton have finally fixed something?  I'm tempted to reinstall Norton onto the other server to see if the problem will crop up again rather than continue my searching for other AVs.
I reinstalled Norton in the hopes that the problem would just be gone but it was not to be.  After reinstalling it on the Terminal Server on Saturday, the AV scan was run on Sunday, and then on Monday we got several Profile Locking errors.

I then disabled the scheduled virus scans and so far not a single Profile Lock.

Because I can see that there are no easy answers to this one and to finish trouble shooting it will take a lot of time and a lot of trial and error, I'll close the question and distribute the points to those that tried to help.  ~Thanks All     ~AJ