arraysg2008
asked on
Have an issue with Active Diretory user, computer keeps shutting down
I have a user that are having a bunch of issues. when they are in Outlook 2010 there computer just decides to shutdown on them, this happens 5 times a day or more and it happens randomly. here is what I am seeing in the event logs for application and system. What I have tried so far is give her a new computer, I recreated her account. Don't know what else to try with this and is driving me up a wall.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10016
Date: 8/17/2010
Time: 3:00:48 PM
User: NT AUTHORITY\SYSTEM
Computer: WS20188
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0 DA39248FF4 8}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
-------------------------- ---------- ---------- ---------- ---------
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 8/17/2010
Time: 2:57:17 PM
User: NT AUTHORITY\SYSTEM
Computer: WS20188
Description:
Windows saved user ASG\username registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ------
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 8/17/2010
Time: 2:18:07 PM
User: N/A
Computer: WS20188
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ------
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1054
Date: 8/17/2010
Time: 2:17:59 PM
User: NT AUTHORITY\SYSTEM
Computer: WS20188
Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10016
Date: 8/17/2010
Time: 3:00:48 PM
User: NT AUTHORITY\SYSTEM
Computer: WS20188
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------------------------
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 8/17/2010
Time: 2:57:17 PM
User: NT AUTHORITY\SYSTEM
Computer: WS20188
Description:
Windows saved user ASG\username registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------------------------
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 8/17/2010
Time: 2:18:07 PM
User: N/A
Computer: WS20188
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------------------------
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1054
Date: 8/17/2010
Time: 2:17:59 PM
User: NT AUTHORITY\SYSTEM
Computer: WS20188
Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Give the user admin privileges and log him in. Log out and revert to normal privileges. See if this helps.
Have you verified the DNS settings on the workstation? Not sure why this would cause the machine to reboot, but it seems to be having difficulty contacting a domain controller. Can you ping your DC by IP and name? Also, do you have this problem when logging in with a different user account?
Ok don't laugh,
Is she kicking the surge protector or the power cord?
Is she kicking the surge protector or the power cord?
ASKER
I have verified that I can ping the DNS server and everything is working fine. I can log into the same computer and I have no issues. Its only this user where the computer reboots.
ASKER
Today this same user just let us know that all her E-mails in her sent and deleted items are gone. They both are empty. Anyone have any ideas what is going on?
ASKER
I ran Microsofts Diagnostics tools and this is what I am seeing, any thoughts?
Analysis Summary
Type Description Recommendation
Error In WINWORD__PID__2980__Date__ 08_19_2010 __Time_10_ 38_49AM__5 37__First chance exception 0XE0000002.dmp the assembly instruction at kernel32!RaiseException+53 in C:\WINDOWS\system32\kernel 32.dll from Microsoft Corporation has caused an unknown exception (0xe0000002) on thread 0
This exception originated from msxml5!DllUnregisterServer +31e93. Review the faulting call stack for thread 0 to determine root cause for the exception.
Please follow up with vendor Microsoft Corporation for problem resolution concerning the following file: C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll .
Information DebugDiag determined that this dump file (WINWORD__PID__2980__Date_ _08_19_201 0__Time_10 _38_49AM__ 537__First chance exception 0XE0000002.dmp) is a crash dump and did not perform any hang analysis. If you wish to enable combined crash and hang analysis for crash dumps, edit the CrashHangAnalysis.asp script (located in the DebugDiag\Scripts folder) and set the g_DoCombinedAnalysis constant to True.
Analysis Details
Your browser settings are currently prohibiting this report's scripts from running.
This is preventing some features of this analysis report from displaying properly. To enable scripts to run, right-click the security warning above and choose "Allow Blocked Content..." or enable the "Allow active content to run in files on My Computer*" setting on the Advanced tab of your "Internet Options" dialog to avoid being prompted in the future
Table Of Contents
WINWORD__PID__2980__Date__ 08_19_2010 __Time_10_ 38_49AM__5 37__First chance exception 0XE0000002.dmp
Faulting Thread
Faulting Module Information
Report for WINWORD__PID__2980__Date__ 08_19_2010 __Time_10_ 38_49AM__5 37__First chance exception 0XE0000002.dmp
Report for WINWORD__PID__2980__Date__ 08_19_2010 __Time_10_ 38_49AM__5 37__First chance exception 0XE0000002.dmp
Type of Analysis Performed Crash Analysis
Machine Name WS20188
Operating System Windows XP Service Pack 3
Number Of Processors 2
Process ID 2980
Process Image C:\Program Files\Microsoft Office\Office12\WINWORD.EX E
System Up-Time 00:33:54
Process Up-Time 00:00:01
Thread 0 - System ID 2988
Entry point WINWORD+10cc
Create time 8/19/2010 10:38:48 AM
Time spent in user mode 0 Days 0:0:0.78
Time spent in kernel mode 0 Days 0:0:0.140
Function Arg 1 Arg 2 Arg 3 Source
kernel32!RaiseException+53 e0000002 00000000 00000001
msxml5!DllUnregisterServer +31e93 80004004 023f9044 023f9038
msxml5!DllCanUnloadNow+a2f 2 023f9038 00000000 00000004
msxml5!DllCanUnloadNow+77e 2 00128d98 00128df4 023f9038
msxml5!DllUnregisterServer +314fb 023f9038 0000000d 00000000
msxml5!DllUnregisterServer +37ff5 023f9038 0000000d 00000000
MSO!Ordinal7352+3b8 015436a8 00000000 0152d2b0
MSO!Ordinal4198+2cb 45a568ae 0012b6f0 0152d2a0
MSO!Ordinal8041+1b3 00cdb500 00000000 0152d2b0
MSO!Ordinal8041+2c 00129178 0152d2b0 014e4900
WWLIB!DllGetClassObject+33 494 001291cc 00000000 014e47cc
WWLIB!DllGetClassObject+32 dd2 0012b6f0 014e47cc 00c441a0
WWLIB!DllGetClassObject+2f 8cb 0012b6f0 01510000 00000010
WWLIB!DllGetClassObject+2f 695 00000004 04210000 0012d048
WWLIB!DllGetClassObject+2e 0e2 00000004 00000000 04210000
WWLIB!DllGetClassObject+2d 9ac 0012d584 00000000 00000000
WWLIB!DllGetClassObject+27 e4c 00000001 0012fa60 0012f9e0
WWLIB!DllGetClassObject+15 2bc 00000003 0012f52c 00000001
WWLIB!DllGetClassObject+3b 23 0012fa60 00000001 0012f9e0
WWLIB!FMain+482 30000000 00000000 0015234a
WINWORD+15d7 30000000 00000000 0015234a
WINWORD+155d 80000001 03b0f224 7ffde000
kernel32!BaseProcessStart+ 23 300010cc 00000000 78746341
In WINWORD__PID__2980__Date__ 08_19_2010 __Time_10_ 38_49AM__5 37__First chance exception 0XE0000002.dmp the assembly instruction at kernel32!RaiseException+53 in C:\WINDOWS\system32\kernel 32.dll from Microsoft Corporation has caused an unknown exception (0xe0000002) on thread 0
This exception originated from msxml5!DllUnregisterServer +31e93. Module Information
Image Name: C:\WINDOWS\system32\kernel 32.dll Symbol Type: PDB
Base address: 0x7c800000 Time Stamp: Sat Mar 21 09:06:58 2009
Checksum: 0x000fe572 Comments:
COM DLL: False Company Name: Microsoft Corporation
ISAPIExtension: False File Description: Windows NT BASE API Client DLL
ISAPIFilter: False File Version: 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)
Managed DLL: False Internal Name: kernel32
VB DLL: False Legal Copyright: © Microsoft Corporation. All rights reserved.
Loaded Image Name: kernel32.dll Legal Trademarks:
Mapped Image Name: Original filename: kernel32
Module name: kernel32 Private Build:
Single Threaded: False Product Name: Microsoft® Windows® Operating System
Module Size: 984.00 KBytes Product Version: 5.1.2600.5781
Symbol File Name: c:\symcache\kernel32.pdb\0 72FF0EB54D 24DFAAE9D1 3885486EE0 92\kernel3 2.pdb Special Build: &
Script Summary
Script Name Status Error Code Error Source Error Description Source Line
CrashHangAnalysis.asp Completed
Analysis Summary
Type Description Recommendation
Error In WINWORD__PID__2980__Date__
This exception originated from msxml5!DllUnregisterServer
Please follow up with vendor Microsoft Corporation for problem resolution concerning the following file: C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
Information DebugDiag determined that this dump file (WINWORD__PID__2980__Date_
Analysis Details
Your browser settings are currently prohibiting this report's scripts from running.
This is preventing some features of this analysis report from displaying properly. To enable scripts to run, right-click the security warning above and choose "Allow Blocked Content..." or enable the "Allow active content to run in files on My Computer*" setting on the Advanced tab of your "Internet Options" dialog to avoid being prompted in the future
Table Of Contents
WINWORD__PID__2980__Date__
Faulting Thread
Faulting Module Information
Report for WINWORD__PID__2980__Date__
Report for WINWORD__PID__2980__Date__
Type of Analysis Performed Crash Analysis
Machine Name WS20188
Operating System Windows XP Service Pack 3
Number Of Processors 2
Process ID 2980
Process Image C:\Program Files\Microsoft Office\Office12\WINWORD.EX
System Up-Time 00:33:54
Process Up-Time 00:00:01
Thread 0 - System ID 2988
Entry point WINWORD+10cc
Create time 8/19/2010 10:38:48 AM
Time spent in user mode 0 Days 0:0:0.78
Time spent in kernel mode 0 Days 0:0:0.140
Function Arg 1 Arg 2 Arg 3 Source
kernel32!RaiseException+53
msxml5!DllUnregisterServer
msxml5!DllCanUnloadNow+a2f
msxml5!DllCanUnloadNow+77e
msxml5!DllUnregisterServer
msxml5!DllUnregisterServer
MSO!Ordinal7352+3b8 015436a8 00000000 0152d2b0
MSO!Ordinal4198+2cb 45a568ae 0012b6f0 0152d2a0
MSO!Ordinal8041+1b3 00cdb500 00000000 0152d2b0
MSO!Ordinal8041+2c 00129178 0152d2b0 014e4900
WWLIB!DllGetClassObject+33
WWLIB!DllGetClassObject+32
WWLIB!DllGetClassObject+2f
WWLIB!DllGetClassObject+2f
WWLIB!DllGetClassObject+2e
WWLIB!DllGetClassObject+2d
WWLIB!DllGetClassObject+27
WWLIB!DllGetClassObject+15
WWLIB!DllGetClassObject+3b
WWLIB!FMain+482 30000000 00000000 0015234a
WINWORD+15d7 30000000 00000000 0015234a
WINWORD+155d 80000001 03b0f224 7ffde000
kernel32!BaseProcessStart+
In WINWORD__PID__2980__Date__
This exception originated from msxml5!DllUnregisterServer
Image Name: C:\WINDOWS\system32\kernel
Base address: 0x7c800000 Time Stamp: Sat Mar 21 09:06:58 2009
Checksum: 0x000fe572 Comments:
COM DLL: False Company Name: Microsoft Corporation
ISAPIExtension: False File Description: Windows NT BASE API Client DLL
ISAPIFilter: False File Version: 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)
Managed DLL: False Internal Name: kernel32
VB DLL: False Legal Copyright: © Microsoft Corporation. All rights reserved.
Loaded Image Name: kernel32.dll Legal Trademarks:
Mapped Image Name: Original filename: kernel32
Module name: kernel32 Private Build:
Single Threaded: False Product Name: Microsoft® Windows® Operating System
Module Size: 984.00 KBytes Product Version: 5.1.2600.5781
Symbol File Name: c:\symcache\kernel32.pdb\0
Script Summary
Script Name Status Error Code Error Source Error Description Source Line
CrashHangAnalysis.asp Completed
"What I have tried so far is give her a new computer, I recreated her account."
Did you delete the account and give her a new one WITHOUT copying the profile?
Did you delete the account and give her a new one WITHOUT copying the profile?
ASKER
yes I didn't copy any other user. i created it from scratch.
Does the user have admin rights? Is she installing something on the computer? It's starting to smell like a bad user. If it's ok when you're logged on (as a normal user, right, not as admin?) then it's not the computer. So it must be the user. My bet is she is installing something or visiting a web site that's screwing it up.
ASKER
Anyone know what this means?
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10016
Date: 8/20/2010
Time: 8:17:59 AM
User: NT AUTHORITY\SYSTEM
Computer: ERICA
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0 DA39248FF4 8}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10016
Date: 8/20/2010
Time: 8:17:59 AM
User: NT AUTHORITY\SYSTEM
Computer: ERICA
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
ASKER
We moved this user to Windows 7 and now she is having issues with messages in Outlook 2007 getting deleted out of her Sent and Deleted folders. Also today her computer shutdown and when she turned it back on all her Excel and Word documents in her shares drive were deleted and sitting in her Recycling bin. i don't know what else to try. I have been working with Microsoft with this issue and they have no clue what is causing it.
ASKER
Windows 7 is 32-bit that she is on now.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.