Profile Loading Errors at Logon

Recently we began migrating users to our new Citrix 4.5 environment.  As part of the migration we upgraded the client to the Web Client 10.1/10.2 and now some have 11.0.  We also modified the terminal services roaming profile path to point to a DFS Share.  Ever since we began migrating these users, a small percentage began to report local logon profile errors.  As they logged into their workstations they would get either one or two errors regarding their profile not being able to load.  With one error, there profile would load, with both Windows would load a temp.  We installed the client several weeks prior to migrating the users.  The only thing that was done on the day of migration was the terminal service roaming profile path change. As we have migrated over 1400 users, this is now happening to about 40-100 users a day and not very consistently.  I have reviewed the software and hardware on the workstations and there doesn't appear to be a common platform or software install that could be causing the problem.  
I have a case opened with MS.  We installed UPClean on many of the computers both in log only mode and action mode.  Neither helped.  The userenv logs do not indicate clearly what the source is.  Occasionally logs show the profile is locked by a process:  ssonsvr (which is the Citrix client SSO server executable but this is inconsistent.

AD OS: Windows 2K3 SP2
Workstation OS:  XP SP2
Citrix: CPS 4.5 HFRP2 with 10.1/10.2/11.0 web client using Single Sign On.  SSO Passthru has been enabled via a GPO.  

Event Log Errors:
IEvent Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1511
Date:            6/12/2008
Time:            6:36:39 PM
User:            AKUSA_NT\lunsfordj
Computer:      WS17
Description:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1515
Date:            6/12/2008
Time:            6:36:39 PM
User:            AKUSA_NT\lunsfordj
Computer:      WS17
Description:
Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1502
Date:            6/12/2008
Time:            6:36:39 PM
User:            NT AUTHORITY\SYSTEM
Computer:      WS17
Description:
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.

 DETAIL - The process cannot access the file because it is being used by another process.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1508
Date:            6/12/2008
Time:            6:36:36 PM
User:            NT AUTHORITY\SYSTEM
Computer:      WS17
Description:
Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.

 DETAIL - The process cannot access the file because it is being used by another process.  for C:\Documents and Settings\lunsfordj\ntuser.dat
jeffrey_lunsfordAsked:
Who is Participating?
 
HerrmannatorCommented:
Is it possible to open a ticket with your AV vendor?  They may have utilities to do extensive logging that would help.
I don't know any method to offer other than trial and error (maybe start by reinstalling AV on those PC's but turning off autoprotect, and see if still no problem.  Then turn it back on, but exclude c: entirely.  Then allow auto-protect for every major subdirectory you think could not possible be part of the problem.  Then 1 at a time add the ones you suspect.
Another thought is that (if you can get this to happen on some machines in a predictable way), try opening you (symantec?) AV client and viewing the real-time protection files as they are being scanned.  (ie, it will show you the file names on screen as they are scanned).  And perhaps you will see a particular file being scanned when this problem occurs.
0
 
HerrmannatorCommented:
First thing I would do is change a "zone" to Citrix as this is a common issue there.
Regarding your question, here are a few things to check:
1) make sure that "offline caching" is disabled on the file share where these profiles are stored.  That is another frequest cause of profile problems.  See this link:
http://www.brianmadden.com/Forum/Topic/91182
2) Is UPHClean installed on all Citrix servers?  It should be because any server can corrupt the profiles.  We use the "beta" version (out for several years now and works well).
http://windowsitpro.com/article/articleid/42257/whats-user-profile-hive-cleanup-service-uphclean.html
http://blogs.technet.com/uphclean/archive/2008/03/03/about-uphclean-v2-0-events-1630-1631-and-1632.aspx
3) Anti-Virus software can be a common cause of this problem where the profile gets locked by an active process.  You may want to try making some changes to the auto-protect settings to exclude scanning the NTUser.dat, for example.  If you can easily replicate the problem, then you might try temporarily disabling auto-protect all together as a test to see if that is the underlying cause.  Here is one on tuning AV for Citrix:
http://www.jhouseconsulting.com/articles/antivirus_strategy_for_citrix_servers.html

0
 
jeffrey_lunsfordAuthor Commented:
Thanks for the info. I will change this to the Citrix Zone.
I will check into the offline caching on the file share that the roaming profiles are on but I should be more clear in that the errors reported are on the workstation before these users access Citrix  and a roaming profile.  It happens when logging into Windows.
Also UPHClean is installed on all of our Citrix servers but also on the workstations now as part of the troubleshooting MS is having me do.

As far as anti-virus is concerned we are excluding the scanning of *.dat on the file share as well as on the PCs for some time but will try disabling it for a couple of days. The hard part about diagnosing this problem is that it is so inconsistent and implementing a "fix" and testing after.
I will let you know tomorrow
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
HerrmannatorCommented:
So are roaming profiles used when logging into anything, or just when logging into TS/Citrix servers?  Everything you are already doing sounds good, and now I see why you did not put this just in Citrix zone.   A few other things you might try excluding from autoprotect:
*.LOG, *.INI
%AppData%\ICAClient\Cache
%programfiles%\Citrix\ICA Client
C:\WINDOWS\system32\spool
C:\WINDOWS\system32\spool\PRINTERS
0
 
jeffrey_lunsfordAuthor Commented:
I checked on the offline caching.   We do have it enabled on the share(s).  I am discussing it with our team to turn it off.  Should have a decision by tomorrow.
I will look at making the AV changes you suggested  tomorrow as well.   Tks,
0
 
jeffrey_lunsfordAuthor Commented:
We have disabled offline caching.  Made the AV Changes but that did not help.  I know that I had said we had uninstalled AV and tested before but not me specifically.  I began uninstalling AV on 3 "reliable" user s' machines.  The errors have stopped and been silent for a week.  I am going to reinstall and see if the errors return.  
The question I have now is, if it turns out to be Anti Virus, how do you troubleshoot or log the conflicts at logon.
0
 
jeffrey_lunsfordAuthor Commented:
I am closing this case as I have moved on to another job and will not be able to resolve it.  That being said, I think it is highly likely that the AV was/is the culprit.  I am accepting this answer to award points for the assistance.
0
 
dodger99Commented:
Am having the identical problem as above. Were there any specific AV scanning processes identified that caused the profile not to load?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.