Solved

Terminal Server Logon Issue

Posted on 2009-06-30
18
1,109 Views
Last Modified: 2012-05-07
We have a 2003 Enterprise Terminal Server.  Dual Xeon Quad Core, 12 gb ram.  During the working day there are usually about 60 active sessions.  Just about daily we are forced to reboot the server because users can not log in.  Event Viewer on the server shows these messages:
1401 The following handles in user profile hive have been remapped because they were preventing the profile from unloading successfully, Rtvscan.exe (2372) HKCU\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks (0xebc)
1508 Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.  DETAIL - Insufficient system resources exist to complete the requested service.  for C:\Documents and Settings\username\ntuser.dat
1500 Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.  DETAIL - Insufficient system resources exist to complete the requested service.
1219 Logon rejected for domain\username. Unable to obtain Terminal Server User Configuration. Error: Not enough resources are available to complete this operation.

Using Symantec End Point 11 mr4 unmanaged.  Any help would be greatly appreciated.

Thanks
0
Comment
Question by:hindsight
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 3
  • +1
18 Comments
 
LVL 9

Expert Comment

by:bharrington83
ID: 24744825
Have you tried disabling Symantec for a day or two to see if it is the culprit?  You could try removing and re-installing symantec.  I had an issue with TrendMicro being set up before terminal services were installed and it blew the whole thing up.  Re-installation fixed the issue.
0
 
LVL 9

Expert Comment

by:bharrington83
ID: 24744838
Sorry, for the two postings, but it looks as if Symantec is blowing out your network stack.
0
 
LVL 1

Author Comment

by:hindsight
ID: 24744868
My next step was to try uninstalling SEP 11 and putting version 10 on there.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 9

Expert Comment

by:bharrington83
ID: 24744881
I think that is where your problem lies.  In my instance it was 2008, but it was the Anti-Virus that screwed things up.  On the other hand, it's a great solution.  If no one can use the machine, it can't get infected :).
0
 
LVL 1

Author Comment

by:hindsight
ID: 24744920
I like the glass half full approach.  I'll give that a shot tonight and see what happens.
0
 
LVL 1

Author Comment

by:hindsight
ID: 24793410
Reinstalled End Point 11 mr4, same issue exists.  last night uninstalled End Point and installed 10.1.5.  Hopefully that does the trick.
0
 

Expert Comment

by:OccIT
ID: 24823500
I have the exact same issue on my 2003 Terminal server with Endpoint MR4 MP2.  Symantec Endpoint is definitely causing these issues.  I have tried adding exclusions to the individual users ntuser.dat file.  So now I no longer have errors unloading those files when a user logs off but now its complaining about this hive in the registry.   HKCU\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks  I have also installed UPHclean to cleanup the users profile when they log off but thats not doing the trick either.  The issue seems to rear its head right after Enpoint does a LiveUpdate which is 6pm for me.  

I have uninstalled, cleaned and reinstalled Endpoint now 5 times with no change.  This is driving me bananas because I have to reboot the server every morning in order for my users to get back into their correct profiles.  Endpoint in theory is a great product however, I have struggled with this product since day one on my network.  If I could get this last issue resolved I may be a happier person...

Any ideas?

Thanks!
0
 
LVL 1

Author Comment

by:hindsight
ID: 24858779
After a week of having Symantec AV 10 on the terminal server we are still having the same issue just a little less frequent.  I'm at a loss.
0
 
LVL 1

Author Comment

by:hindsight
ID: 24860909
with both SEP 11 and SAV 10 it keeps blocking uphclean even though I've added it to the exceptions list.  any ideas?
0
 

Expert Comment

by:OccIT
ID: 25003631
I have resolved my issue!  I had to remove all user profiles on the Terminal Server.  I used the profile cleanup tool issued by Microsoft to delete them.  I also had some "ghost" profiles that I had to delete manually.  As soon as I cleaned up the profiles, rebooted and re added them the server has been running great.  It was a royal PITA to remove all the profiles cause everyone has their customized profiles but I just bit the bullet as a last ditch effort and everything worked great in the end!

good luck!
0
 
LVL 1

Author Comment

by:hindsight
ID: 25070466
It seems like there must be a better solution than rebuilding all of the profiles.  We have over 100 on here with a lot of users connecting back to local printers that are shared off of their desktops.  I made the change from Symantec AV to Kaspersky which has improved the situation but did not completely resolve it.  Still working on it.
0
 

Expert Comment

by:OccIT
ID: 25087970
Good luck!  I have been running for almost three weeks now(knock on wood) without issue after deleting and recreating the user profiles.  I also run the UPHclean utility as well.  My users are much happier!
0
 
LVL 1

Accepted Solution

by:
hindsight earned 0 total points
ID: 25197436
I didn't want to post until I had a couple of weeks of stability but we finally have it.  What I had to do was delete and recreate the page file.  Since then, not one corrupt profile.  From what I read, page files often become corrupt by antivirus software.  Hope this helps some folks.
0
 

Expert Comment

by:HCSHAW
ID: 25226848
What/where is the "profile cleanup tool " mentioned above.  I am having simliar issues on our Termnal Server.
ID:25003631Author:OccITDate:08/03/09 07:16 AM
Thanks
0
 

Expert Comment

by:HCSHAW
ID: 25232332
Thanks for the link.  I have already been running UPHClean.  The wording led me to think that you had found a tool to delete the profiles. " used the profile cleanup tool issued by Microsoft to delete them."  Does UPHClean have this capability?  Or were you just stating you had deleted the profiles and allowed the system to rebuild at next login.   Thanks in advance for the clarification.  


I have been chasing the problem for several months.   The latest findings is that both Terminal Servers ( we have two) had problems this Monday morning.  The two terminal servers are for two different companies in two different states.  The only common factor so far is that the both run a Syamentec virus scan early monay a.m. but it completes by the time the users begin to log in.   I am digging deeper into reported AV issues and profile cannot log in, but as of yet have found nothing definitive excpet for "This issue has been addressed in release 10.3.1.13 of the SymEvent driver" was suppose to fix the problem.  However, several blogs state it did nothing for them. (REF MS KB Article ID: 272568 )

Thanks to all who contribute, perhaps my little bit of info may allow someone else to resolve their issue.

0
 

Expert Comment

by:OccIT
ID: 25232484
I'm sorry, I have too many things on the brain right now.  There is a tool that does delete user profiles.  Here is the link:

http://www.microsoft.com/downloads/details.aspx?familyid=901a9b95-6063-4462-8150-360394e98e1e&displaylang=en

In my situation I took the dive and just cleaned out all the profiles and started from scratch.  It was a huge PITA!  In the end things are working great!  
0
 

Expert Comment

by:HCSHAW
ID: 25232505
Thanks,,,,  I will look into this..
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Hyper-convergence systems have taken the IT world by storm and have quickly started to change our point of view of how the data center should and could be architected. In this article, I’ll explain the benefits of employing a hyper-converged system …
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question