Have an issue with Active Diretory user, computer keeps shutting down

I have a user that are having a bunch of issues. when they are in Outlook 2010 there computer just decides to shutdown on them, this happens 5 times a day or more and it happens randomly. here is what I am seeing in the event logs for application and system. What I have tried so far is give her a new computer, I recreated her account. Don't know what else to try with this and is driving me up a wall.




Event Type:      Error
Event Source:      DCOM
Event Category:      None
Event ID:      10016
Date:            8/17/2010
Time:            3:00:48 PM
User:            NT AUTHORITY\SYSTEM
Computer:      WS20188
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-----------------------------------------------------------------

Event Type:      Warning
Event Source:      Userenv
Event Category:      None
Event ID:      1517
Date:            8/17/2010
Time:            2:57:17 PM
User:            NT AUTHORITY\SYSTEM
Computer:      WS20188
Description:
Windows saved user ASG\username registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

--------------------------------------------------------------------------------------------

Event Type:      Error
Event Source:      AutoEnrollment
Event Category:      None
Event ID:      15
Date:            8/17/2010
Time:            2:18:07 PM
User:            N/A
Computer:      WS20188
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

--------------------------------------------------------------------------------------------

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1054
Date:            8/17/2010
Time:            2:17:59 PM
User:            NT AUTHORITY\SYSTEM
Computer:      WS20188
Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
arraysg2008Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sigurdur HaraldssonSystem AdministratorCommented:
Give the user admin privileges and log him in. Log out and revert to normal privileges. See if this helps.
0
jgtyson3Commented:
Have you verified the DNS settings on the workstation? Not sure why this would cause the machine to reboot, but it seems to be having difficulty contacting a domain controller. Can you ping your DC by IP and name? Also, do you have this problem when logging in with a different user account?
0
BeghemotCommented:
Ok don't laugh,

Is she kicking the surge protector or the power cord?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

arraysg2008Author Commented:
I have verified that I can ping the DNS server and everything is working fine. I can log into the same computer and I have no issues. Its only this user where the computer reboots.
0
arraysg2008Author Commented:
Today this same user just let us know that all her E-mails in her sent and deleted items are gone. They both are empty. Anyone have any ideas what is going on?
0
arraysg2008Author Commented:
I ran Microsofts Diagnostics tools and this is what I am seeing, any thoughts?

 
 Analysis Summary  
  Type Description Recommendation
  Error In WINWORD__PID__2980__Date__08_19_2010__Time_10_38_49AM__537__First chance exception 0XE0000002.dmp the assembly instruction at kernel32!RaiseException+53 in C:\WINDOWS\system32\kernel32.dll from Microsoft Corporation has caused an unknown exception (0xe0000002) on thread 0



This exception originated from msxml5!DllUnregisterServer+31e93.  Review the faulting call stack for thread 0 to determine root cause for the exception.





Please follow up with vendor Microsoft Corporation for problem resolution concerning the following file: C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll.
  Information DebugDiag determined that this dump file (WINWORD__PID__2980__Date__08_19_2010__Time_10_38_49AM__537__First chance exception 0XE0000002.dmp) is a crash dump and did not perform any hang analysis. If you wish to enable combined crash and hang analysis for crash dumps, edit the CrashHangAnalysis.asp script (located in the DebugDiag\Scripts folder) and set the g_DoCombinedAnalysis constant to True.  
 
 


 
 Analysis Details  
 


 Your browser settings are currently prohibiting this report's scripts from running.

This is preventing some features of this analysis report from displaying properly. To enable scripts to run, right-click the security warning above and choose "Allow Blocked Content..." or enable the "Allow active content to run in files on My Computer*" setting on the Advanced tab of your "Internet Options" dialog to avoid being prompted in the future





Table Of Contents
WINWORD__PID__2980__Date__08_19_2010__Time_10_38_49AM__537__First chance exception 0XE0000002.dmp

   Faulting Thread

   Faulting Module Information



 Report for WINWORD__PID__2980__Date__08_19_2010__Time_10_38_49AM__537__First chance exception 0XE0000002.dmp




Report for WINWORD__PID__2980__Date__08_19_2010__Time_10_38_49AM__537__First chance exception 0XE0000002.dmp
Type of Analysis Performed   Crash Analysis
Machine Name   WS20188
Operating System   Windows XP Service Pack 3
Number Of Processors   2
Process ID   2980
Process Image   C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
System Up-Time   00:33:54
Process Up-Time   00:00:01


Thread 0 - System ID 2988
Entry point   WINWORD+10cc
Create time   8/19/2010 10:38:48 AM
Time spent in user mode   0 Days 0:0:0.78
Time spent in kernel mode   0 Days 0:0:0.140






Function     Arg 1     Arg 2     Arg 3   Source
kernel32!RaiseException+53     e0000002     00000000     00000001    
msxml5!DllUnregisterServer+31e93     80004004     023f9044     023f9038    
msxml5!DllCanUnloadNow+a2f2     023f9038     00000000     00000004    
msxml5!DllCanUnloadNow+77e2     00128d98     00128df4     023f9038    
msxml5!DllUnregisterServer+314fb     023f9038     0000000d     00000000    
msxml5!DllUnregisterServer+37ff5     023f9038     0000000d     00000000    
MSO!Ordinal7352+3b8     015436a8     00000000     0152d2b0    
MSO!Ordinal4198+2cb     45a568ae     0012b6f0     0152d2a0    
MSO!Ordinal8041+1b3     00cdb500     00000000     0152d2b0    
MSO!Ordinal8041+2c     00129178     0152d2b0     014e4900    
WWLIB!DllGetClassObject+33494     001291cc     00000000     014e47cc    
WWLIB!DllGetClassObject+32dd2     0012b6f0     014e47cc     00c441a0    
WWLIB!DllGetClassObject+2f8cb     0012b6f0     01510000     00000010    
WWLIB!DllGetClassObject+2f695     00000004     04210000     0012d048    
WWLIB!DllGetClassObject+2e0e2     00000004     00000000     04210000    
WWLIB!DllGetClassObject+2d9ac     0012d584     00000000     00000000    
WWLIB!DllGetClassObject+27e4c     00000001     0012fa60     0012f9e0    
WWLIB!DllGetClassObject+152bc     00000003     0012f52c     00000001    
WWLIB!DllGetClassObject+3b23     0012fa60     00000001     0012f9e0    
WWLIB!FMain+482     30000000     00000000     0015234a    
WINWORD+15d7     30000000     00000000     0015234a    
WINWORD+155d     80000001     03b0f224     7ffde000    
kernel32!BaseProcessStart+23     300010cc     00000000     78746341    




In WINWORD__PID__2980__Date__08_19_2010__Time_10_38_49AM__537__First chance exception 0XE0000002.dmp the assembly instruction at kernel32!RaiseException+53 in C:\WINDOWS\system32\kernel32.dll from Microsoft Corporation has caused an unknown exception (0xe0000002) on thread 0



This exception originated from msxml5!DllUnregisterServer+31e93. Module Information
Image Name: C:\WINDOWS\system32\kernel32.dll   Symbol Type:  PDB
Base address: 0x7c800000   Time Stamp:  Sat Mar 21 09:06:58 2009  
Checksum: 0x000fe572   Comments:  
COM DLL: False   Company Name:  Microsoft Corporation
ISAPIExtension: False   File Description:  Windows NT BASE API Client DLL
ISAPIFilter: False   File Version:  5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)
Managed DLL: False   Internal Name:  kernel32
VB DLL: False   Legal Copyright:  © Microsoft Corporation. All rights reserved.
Loaded Image Name:  kernel32.dll   Legal Trademarks:  
Mapped Image Name:     Original filename:  kernel32
Module name:  kernel32   Private Build:  
Single Threaded:  False   Product Name:  Microsoft® Windows® Operating System
Module Size:  984.00 KBytes   Product Version:  5.1.2600.5781
Symbol File Name:  c:\symcache\kernel32.pdb\072FF0EB54D24DFAAE9D13885486EE092\kernel32.pdb   Special Build:  &




 
 


 
 Script Summary  
  Script Name Status Error Code Error Source Error Description Source Line
CrashHangAnalysis.asp Completed  
 
 
0
Sigurdur HaraldssonSystem AdministratorCommented:
"What I have tried so far is give her a new computer, I recreated her account."
Did you delete the account and give her a new one WITHOUT copying the profile?
0
arraysg2008Author Commented:
yes I didn't copy any other user. i created it from scratch.
0
Sigurdur HaraldssonSystem AdministratorCommented:
Does the user have admin rights? Is she installing something on the computer? It's starting to smell like a bad user. If it's ok when you're logged on (as a normal user, right, not as admin?) then it's not the computer. So it must be the user. My bet is she is installing something or visiting a web site that's screwing it up.

0
arraysg2008Author Commented:
Anyone know what this means?


Event Type:      Error
Event Source:      DCOM
Event Category:      None
Event ID:      10016
Date:            8/20/2010
Time:            8:17:59 AM
User:            NT AUTHORITY\SYSTEM
Computer:      ERICA
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
jgtyson3Commented:
Is this a 64 bit client?

http://support.microsoft.com/kb/899965



0
arraysg2008Author Commented:
We moved this user to Windows 7 and now she is having issues with messages in Outlook 2007 getting deleted out of her Sent and Deleted folders. Also today her computer shutdown and when she turned it back on all her Excel and Word documents in her shares drive were deleted and sitting in her Recycling bin. i don't know what else to try. I have been working with Microsoft with this issue and they have no clue what is causing it.
0
arraysg2008Author Commented:
Windows 7 is 32-bit that she is on now.
0
arraysg2008Author Commented:
We have found out the issue, a file in outlook was running and shutting the computer down and deleting her E-mails.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.