Solved

Terminal Server Logon Issue

Posted on 2009-06-30
18
1,093 Views
Last Modified: 2012-05-07
We have a 2003 Enterprise Terminal Server.  Dual Xeon Quad Core, 12 gb ram.  During the working day there are usually about 60 active sessions.  Just about daily we are forced to reboot the server because users can not log in.  Event Viewer on the server shows these messages:
1401 The following handles in user profile hive have been remapped because they were preventing the profile from unloading successfully, Rtvscan.exe (2372) HKCU\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks (0xebc)
1508 Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.  DETAIL - Insufficient system resources exist to complete the requested service.  for C:\Documents and Settings\username\ntuser.dat
1500 Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.  DETAIL - Insufficient system resources exist to complete the requested service.
1219 Logon rejected for domain\username. Unable to obtain Terminal Server User Configuration. Error: Not enough resources are available to complete this operation.

Using Symantec End Point 11 mr4 unmanaged.  Any help would be greatly appreciated.

Thanks
0
Comment
Question by:hindsight
  • 7
  • 5
  • 3
  • +1
18 Comments
 
LVL 9

Expert Comment

by:bharrington83
ID: 24744825
Have you tried disabling Symantec for a day or two to see if it is the culprit?  You could try removing and re-installing symantec.  I had an issue with TrendMicro being set up before terminal services were installed and it blew the whole thing up.  Re-installation fixed the issue.
0
 
LVL 9

Expert Comment

by:bharrington83
ID: 24744838
Sorry, for the two postings, but it looks as if Symantec is blowing out your network stack.
0
 
LVL 1

Author Comment

by:hindsight
ID: 24744868
My next step was to try uninstalling SEP 11 and putting version 10 on there.
0
 
LVL 9

Expert Comment

by:bharrington83
ID: 24744881
I think that is where your problem lies.  In my instance it was 2008, but it was the Anti-Virus that screwed things up.  On the other hand, it's a great solution.  If no one can use the machine, it can't get infected :).
0
 
LVL 1

Author Comment

by:hindsight
ID: 24744920
I like the glass half full approach.  I'll give that a shot tonight and see what happens.
0
 
LVL 1

Author Comment

by:hindsight
ID: 24793410
Reinstalled End Point 11 mr4, same issue exists.  last night uninstalled End Point and installed 10.1.5.  Hopefully that does the trick.
0
 

Expert Comment

by:OccIT
ID: 24823500
I have the exact same issue on my 2003 Terminal server with Endpoint MR4 MP2.  Symantec Endpoint is definitely causing these issues.  I have tried adding exclusions to the individual users ntuser.dat file.  So now I no longer have errors unloading those files when a user logs off but now its complaining about this hive in the registry.   HKCU\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks  I have also installed UPHclean to cleanup the users profile when they log off but thats not doing the trick either.  The issue seems to rear its head right after Enpoint does a LiveUpdate which is 6pm for me.  

I have uninstalled, cleaned and reinstalled Endpoint now 5 times with no change.  This is driving me bananas because I have to reboot the server every morning in order for my users to get back into their correct profiles.  Endpoint in theory is a great product however, I have struggled with this product since day one on my network.  If I could get this last issue resolved I may be a happier person...

Any ideas?

Thanks!
0
 
LVL 1

Author Comment

by:hindsight
ID: 24858779
After a week of having Symantec AV 10 on the terminal server we are still having the same issue just a little less frequent.  I'm at a loss.
0
 
LVL 1

Author Comment

by:hindsight
ID: 24860909
with both SEP 11 and SAV 10 it keeps blocking uphclean even though I've added it to the exceptions list.  any ideas?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Expert Comment

by:OccIT
ID: 25003631
I have resolved my issue!  I had to remove all user profiles on the Terminal Server.  I used the profile cleanup tool issued by Microsoft to delete them.  I also had some "ghost" profiles that I had to delete manually.  As soon as I cleaned up the profiles, rebooted and re added them the server has been running great.  It was a royal PITA to remove all the profiles cause everyone has their customized profiles but I just bit the bullet as a last ditch effort and everything worked great in the end!

good luck!
0
 
LVL 1

Author Comment

by:hindsight
ID: 25070466
It seems like there must be a better solution than rebuilding all of the profiles.  We have over 100 on here with a lot of users connecting back to local printers that are shared off of their desktops.  I made the change from Symantec AV to Kaspersky which has improved the situation but did not completely resolve it.  Still working on it.
0
 

Expert Comment

by:OccIT
ID: 25087970
Good luck!  I have been running for almost three weeks now(knock on wood) without issue after deleting and recreating the user profiles.  I also run the UPHclean utility as well.  My users are much happier!
0
 
LVL 1

Accepted Solution

by:
hindsight earned 0 total points
ID: 25197436
I didn't want to post until I had a couple of weeks of stability but we finally have it.  What I had to do was delete and recreate the page file.  Since then, not one corrupt profile.  From what I read, page files often become corrupt by antivirus software.  Hope this helps some folks.
0
 

Expert Comment

by:HCSHAW
ID: 25226848
What/where is the "profile cleanup tool " mentioned above.  I am having simliar issues on our Termnal Server.
ID:25003631Author:OccITDate:08/03/09 07:16 AM
Thanks
0
 

Expert Comment

by:OccIT
ID: 25230598
0
 

Expert Comment

by:HCSHAW
ID: 25232332
Thanks for the link.  I have already been running UPHClean.  The wording led me to think that you had found a tool to delete the profiles. " used the profile cleanup tool issued by Microsoft to delete them."  Does UPHClean have this capability?  Or were you just stating you had deleted the profiles and allowed the system to rebuild at next login.   Thanks in advance for the clarification.  


I have been chasing the problem for several months.   The latest findings is that both Terminal Servers ( we have two) had problems this Monday morning.  The two terminal servers are for two different companies in two different states.  The only common factor so far is that the both run a Syamentec virus scan early monay a.m. but it completes by the time the users begin to log in.   I am digging deeper into reported AV issues and profile cannot log in, but as of yet have found nothing definitive excpet for "This issue has been addressed in release 10.3.1.13 of the SymEvent driver" was suppose to fix the problem.  However, several blogs state it did nothing for them. (REF MS KB Article ID: 272568 )

Thanks to all who contribute, perhaps my little bit of info may allow someone else to resolve their issue.

0
 

Expert Comment

by:OccIT
ID: 25232484
I'm sorry, I have too many things on the brain right now.  There is a tool that does delete user profiles.  Here is the link:

http://www.microsoft.com/downloads/details.aspx?familyid=901a9b95-6063-4462-8150-360394e98e1e&displaylang=en

In my situation I took the dive and just cleaned out all the profiles and started from scratch.  It was a huge PITA!  In the end things are working great!  
0
 

Expert Comment

by:HCSHAW
ID: 25232505
Thanks,,,,  I will look into this..
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
More or less everybody in the IT market understands the basics of Networking, however when we start talking about Storage Networks, things get a bit dizzier, and this is where I would like to help.
This video discusses moving either the default database or any database to a new volume.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now