Terminal Server Logon Issue

We have a 2003 Enterprise Terminal Server.  Dual Xeon Quad Core, 12 gb ram.  During the working day there are usually about 60 active sessions.  Just about daily we are forced to reboot the server because users can not log in.  Event Viewer on the server shows these messages:
1401 The following handles in user profile hive have been remapped because they were preventing the profile from unloading successfully, Rtvscan.exe (2372) HKCU\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks (0xebc)
1508 Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.  DETAIL - Insufficient system resources exist to complete the requested service.  for C:\Documents and Settings\username\ntuser.dat
1500 Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.  DETAIL - Insufficient system resources exist to complete the requested service.
1219 Logon rejected for domain\username. Unable to obtain Terminal Server User Configuration. Error: Not enough resources are available to complete this operation.

Using Symantec End Point 11 mr4 unmanaged.  Any help would be greatly appreciated.

Thanks
LVL 1
hindsightAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian HarringtonIT ManagerCommented:
Have you tried disabling Symantec for a day or two to see if it is the culprit?  You could try removing and re-installing symantec.  I had an issue with TrendMicro being set up before terminal services were installed and it blew the whole thing up.  Re-installation fixed the issue.
0
Brian HarringtonIT ManagerCommented:
Sorry, for the two postings, but it looks as if Symantec is blowing out your network stack.
0
hindsightAuthor Commented:
My next step was to try uninstalling SEP 11 and putting version 10 on there.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Brian HarringtonIT ManagerCommented:
I think that is where your problem lies.  In my instance it was 2008, but it was the Anti-Virus that screwed things up.  On the other hand, it's a great solution.  If no one can use the machine, it can't get infected :).
0
hindsightAuthor Commented:
I like the glass half full approach.  I'll give that a shot tonight and see what happens.
0
hindsightAuthor Commented:
Reinstalled End Point 11 mr4, same issue exists.  last night uninstalled End Point and installed 10.1.5.  Hopefully that does the trick.
0
OccITCommented:
I have the exact same issue on my 2003 Terminal server with Endpoint MR4 MP2.  Symantec Endpoint is definitely causing these issues.  I have tried adding exclusions to the individual users ntuser.dat file.  So now I no longer have errors unloading those files when a user logs off but now its complaining about this hive in the registry.   HKCU\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks  I have also installed UPHclean to cleanup the users profile when they log off but thats not doing the trick either.  The issue seems to rear its head right after Enpoint does a LiveUpdate which is 6pm for me.  

I have uninstalled, cleaned and reinstalled Endpoint now 5 times with no change.  This is driving me bananas because I have to reboot the server every morning in order for my users to get back into their correct profiles.  Endpoint in theory is a great product however, I have struggled with this product since day one on my network.  If I could get this last issue resolved I may be a happier person...

Any ideas?

Thanks!
0
hindsightAuthor Commented:
After a week of having Symantec AV 10 on the terminal server we are still having the same issue just a little less frequent.  I'm at a loss.
0
hindsightAuthor Commented:
with both SEP 11 and SAV 10 it keeps blocking uphclean even though I've added it to the exceptions list.  any ideas?
0
OccITCommented:
I have resolved my issue!  I had to remove all user profiles on the Terminal Server.  I used the profile cleanup tool issued by Microsoft to delete them.  I also had some "ghost" profiles that I had to delete manually.  As soon as I cleaned up the profiles, rebooted and re added them the server has been running great.  It was a royal PITA to remove all the profiles cause everyone has their customized profiles but I just bit the bullet as a last ditch effort and everything worked great in the end!

good luck!
0
hindsightAuthor Commented:
It seems like there must be a better solution than rebuilding all of the profiles.  We have over 100 on here with a lot of users connecting back to local printers that are shared off of their desktops.  I made the change from Symantec AV to Kaspersky which has improved the situation but did not completely resolve it.  Still working on it.
0
OccITCommented:
Good luck!  I have been running for almost three weeks now(knock on wood) without issue after deleting and recreating the user profiles.  I also run the UPHclean utility as well.  My users are much happier!
0
hindsightAuthor Commented:
I didn't want to post until I had a couple of weeks of stability but we finally have it.  What I had to do was delete and recreate the page file.  Since then, not one corrupt profile.  From what I read, page files often become corrupt by antivirus software.  Hope this helps some folks.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HCSHAWCommented:
What/where is the "profile cleanup tool " mentioned above.  I am having simliar issues on our Termnal Server.
ID:25003631Author:OccITDate:08/03/09 07:16 AM
Thanks
0
HCSHAWCommented:
Thanks for the link.  I have already been running UPHClean.  The wording led me to think that you had found a tool to delete the profiles. " used the profile cleanup tool issued by Microsoft to delete them."  Does UPHClean have this capability?  Or were you just stating you had deleted the profiles and allowed the system to rebuild at next login.   Thanks in advance for the clarification.  


I have been chasing the problem for several months.   The latest findings is that both Terminal Servers ( we have two) had problems this Monday morning.  The two terminal servers are for two different companies in two different states.  The only common factor so far is that the both run a Syamentec virus scan early monay a.m. but it completes by the time the users begin to log in.   I am digging deeper into reported AV issues and profile cannot log in, but as of yet have found nothing definitive excpet for "This issue has been addressed in release 10.3.1.13 of the SymEvent driver" was suppose to fix the problem.  However, several blogs state it did nothing for them. (REF MS KB Article ID: 272568 )

Thanks to all who contribute, perhaps my little bit of info may allow someone else to resolve their issue.

0
OccITCommented:
I'm sorry, I have too many things on the brain right now.  There is a tool that does delete user profiles.  Here is the link:

http://www.microsoft.com/downloads/details.aspx?familyid=901a9b95-6063-4462-8150-360394e98e1e&displaylang=en

In my situation I took the dive and just cleaned out all the profiles and started from scratch.  It was a huge PITA!  In the end things are working great!  
0
HCSHAWCommented:
Thanks,,,,  I will look into this..
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.