AD or local PC Profile issue
I've a user that can log on to any PC and their profile works fine. Then they log on to one PC and I get the Windows can't log you on etc with the following detail.
'DETAIL - The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format.'
I've tried several solutions but to no avail; these include, removing the profile from that Laptop completely,running UPHclean, cleaning up registry.
It basically will not allow this user to log in but anyone else can fine with no issues.
Any Ideas and solutions would be helpful and welcome...and yes the user needs to use this Laptop.
'DETAIL - The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format.'
I've tried several solutions but to no avail; these include, removing the profile from that Laptop completely,running UPHclean, cleaning up registry.
It basically will not allow this user to log in but anyone else can fine with no issues.
Any Ideas and solutions would be helpful and welcome...and yes the user needs to use this Laptop.
The file that is causing the problem, UsrClass.dat, and its found it residing in
C:\Documents and Settings\Current User\Local Settings\ApplicationData\M
Where the Current User is the user logged in to the network at the moment). Move the file out of that directory and log back in (it doesn’t matter where you move it to as long as you know, just in case it wouldn’t work). The file is going to be recreated and this will eliminate the login error the user was getting. When everything is working fine, just delete the old UsrClass.dat file.
C:\Documents and Settings\Current User\Local Settings\ApplicationData\M
Where the Current User is the user logged in to the network at the moment). Move the file out of that directory and log back in (it doesn’t matter where you move it to as long as you know, just in case it wouldn’t work). The file is going to be recreated and this will eliminate the login error the user was getting. When everything is working fine, just delete the old UsrClass.dat file.
ASKER
Zsaurabh: The profile has been completely deleted from the PC and therefore has no C:\Documents and Settings\Current User\Local Settings\ApplicationData\M
Basically the pc will not let this user log in full stop, no profile is created it just goes back to the login prompt.
Basically the pc will not let this user log in full stop, no profile is created it just goes back to the login prompt.
Did you check the startup programs via msconfig?
Which programs and 3rd party services are being loaded at startup?
Please send a list of programs loading at the startup...
Did you try reinstalling a fresh XP or whatever you're using on the laptop?
Which programs and 3rd party services are being loaded at startup?
Please send a list of programs loading at the startup...
Did you try reinstalling a fresh XP or whatever you're using on the laptop?
ASKER
Yes HKLM:Run Preload C:\Windows\RUNXMLPL.exe
Yes HKLM:Run IAAnotif "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
Yes HKLM:Run SynTPStart C:\Program Files\Synaptics\SynTP\SynT
Yes HKLM:Run RTHDCPL RTHDCPL.EXE
Yes HKLM:Run Alcmtr ALCMTR.EXE
Yes HKLM:Run AzMixerSel C:\Program Files\Realtek\InstallShiel
Yes HKLM:Run Adobe Reader Speed Launcher "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Yes HKLM:Run RemoteControl "C:\Program Files\CyberLink\PowerDVD\P
Yes HKLM:Run LanguageShortcut "C:\Program Files\CyberLink\PowerDVD\L
Yes HKLM:Run IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IM
Yes HKLM:Run MSPY2002 C:\WINDOWS\system32\IME\PI
Yes HKLM:Run PHIME2002ASync C:\WINDOWS\system32\IME\TI
Yes HKLM:Run PHIME2002A C:\WINDOWS\system32\IME\TI
Yes HKLM:Run IgfxTray C:\WINDOWS\system32\igfxtr
Yes HKLM:Run HotKeysCmds C:\WINDOWS\system32\hkcmd.
Yes HKLM:Run Persistence C:\WINDOWS\system32\igfxpe
Yes HKLM:Run PLFSetL C:\WINDOWS\PLFSetL.exe
Yes HKLM:Run Acer ePresentation HPD C:\Acer\Empowering Technology\ePresentation\e
Yes HKLM:Run ePower_DMC C:\Acer\Empowering Technology\ePower\ePower_D
Yes HKLM:Run Boot C:\Acer\Empowering Technology\ePower\Boot.exe
Yes HKLM:Run StarteLock "C:\Acer\Empowering Technology\eLock\Service\s
Yes HKLM:Run eDataSecurity Loader C:\Acer\Empowering Technology\eDataSecurity\e
Yes HKLM:Run eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRAge
Yes HKLM:Run LManager C:\PROGRA~1\LAUNCH~1\LMana
Yes HKLM:Run BCSSync "C:\Program Files\Microsoft Office\Office14\BCSSync.ex
Yes HKLM:Run ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Yes HKLM:Run QuickTime Task "C:\Program Files\QuickTime\QTTask.exe
Yes HKLM:Run SunJavaUpdateSched "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes Startup Common Acer Empowering Technology.lnk C:\Acer\Empowering Technology\Acer.Empowering
Yes Startup Common Citrix XenApp.lnk C:\WINDOWS\Installer\{388C
Are the startup content. The laptop has only 2weeks ago been reinstalled with windows XP with service pack 3.
Other people log on fine to this computer what is your thinking VB?
Yes HKLM:Run IAAnotif "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
Yes HKLM:Run SynTPStart C:\Program Files\Synaptics\SynTP\SynT
Yes HKLM:Run RTHDCPL RTHDCPL.EXE
Yes HKLM:Run Alcmtr ALCMTR.EXE
Yes HKLM:Run AzMixerSel C:\Program Files\Realtek\InstallShiel
Yes HKLM:Run Adobe Reader Speed Launcher "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Yes HKLM:Run RemoteControl "C:\Program Files\CyberLink\PowerDVD\P
Yes HKLM:Run LanguageShortcut "C:\Program Files\CyberLink\PowerDVD\L
Yes HKLM:Run IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IM
Yes HKLM:Run MSPY2002 C:\WINDOWS\system32\IME\PI
Yes HKLM:Run PHIME2002ASync C:\WINDOWS\system32\IME\TI
Yes HKLM:Run PHIME2002A C:\WINDOWS\system32\IME\TI
Yes HKLM:Run IgfxTray C:\WINDOWS\system32\igfxtr
Yes HKLM:Run HotKeysCmds C:\WINDOWS\system32\hkcmd.
Yes HKLM:Run Persistence C:\WINDOWS\system32\igfxpe
Yes HKLM:Run PLFSetL C:\WINDOWS\PLFSetL.exe
Yes HKLM:Run Acer ePresentation HPD C:\Acer\Empowering Technology\ePresentation\e
Yes HKLM:Run ePower_DMC C:\Acer\Empowering Technology\ePower\ePower_D
Yes HKLM:Run Boot C:\Acer\Empowering Technology\ePower\Boot.exe
Yes HKLM:Run StarteLock "C:\Acer\Empowering Technology\eLock\Service\s
Yes HKLM:Run eDataSecurity Loader C:\Acer\Empowering Technology\eDataSecurity\e
Yes HKLM:Run eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRAge
Yes HKLM:Run LManager C:\PROGRA~1\LAUNCH~1\LMana
Yes HKLM:Run BCSSync "C:\Program Files\Microsoft Office\Office14\BCSSync.ex
Yes HKLM:Run ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Yes HKLM:Run QuickTime Task "C:\Program Files\QuickTime\QTTask.exe
Yes HKLM:Run SunJavaUpdateSched "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes Startup Common Acer Empowering Technology.lnk C:\Acer\Empowering Technology\Acer.Empowering
Yes Startup Common Citrix XenApp.lnk C:\WINDOWS\Installer\{388C
Are the startup content. The laptop has only 2weeks ago been reinstalled with windows XP with service pack 3.
Other people log on fine to this computer what is your thinking VB?
Some malware camouflage themselves as RUNXMLPL.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the RUNXMLPL.exe process on your pc whether it is pest .(the first item on your list)
There are some items that I didn't see before in your startup list.
I recommend to download Spybot Search and Destroy software and after updating the software scan you laptop.
Also download & run ComboFix to be sure there is no BHO or any other malware that cannot be identified by looking into startup objects.
Did you check the event viewer (system and application sections) ?
Is there a red (error) or warning (yellow) when the pc is booting to windows?
There are some items that I didn't see before in your startup list.
I recommend to download Spybot Search and Destroy software and after updating the software scan you laptop.
Also download & run ComboFix to be sure there is no BHO or any other malware that cannot be identified by looking into startup objects.
Did you check the event viewer (system and application sections) ?
Is there a red (error) or warning (yellow) when the pc is booting to windows?
ASKER
Virus and malware scans are clear.
The only errors that have come up in the event viewer are Crypt32 which is to do with Windows Root Certificates.
Still no joy.
The only errors that have come up in the event viewer are Crypt32 which is to do with Windows Root Certificates.
Still no joy.
Since there is no relevant record on event viewer, it must be a 3rd party software.
I think one of the startup programs are causing it. Can you disable all of them (using msconfig: HKLM-RUN, HKCU-RUN, Startup Folder...), restart and give it a try? If it boots correctly then you can be sure one of them is causing this message.
After that you can turn them on one by one, restart and see exactly which one is causing the problem...
I think one of the startup programs are causing it. Can you disable all of them (using msconfig: HKLM-RUN, HKCU-RUN, Startup Folder...), restart and give it a try? If it boots correctly then you can be sure one of them is causing this message.
After that you can turn them on one by one, restart and see exactly which one is causing the problem...
ASKER
Ok, I think you are misunderstanding what it is that is happening here.
* Have disabled all startup items and the issue continues.
* There are not viruses or Malware issues;
* Other people can log on to this laptop fine, and can work on it with out any issues.
* This is just 1 person having the problem, his account is fine in active directory and has been tested on other PCs/Laptops and he has no problems loging in to them.
* He has no profile left on the laptop, so it should load a new one, but it doesn't! It comes up with
"Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.
DETAIL - The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format. "
When you click ok it takes you back to the CTRL-ALT-DEL login screen. I can then log in fine.
Once again thankyou for your help.
* Have disabled all startup items and the issue continues.
* There are not viruses or Malware issues;
* Other people can log on to this laptop fine, and can work on it with out any issues.
* This is just 1 person having the problem, his account is fine in active directory and has been tested on other PCs/Laptops and he has no problems loging in to them.
* He has no profile left on the laptop, so it should load a new one, but it doesn't! It comes up with
"Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.
DETAIL - The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format. "
When you click ok it takes you back to the CTRL-ALT-DEL login screen. I can then log in fine.
Once again thankyou for your help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I get 1500 and 1508 in the event log.
After seraching these I found the Microsoft User Profile Hive Cleanup Service (UPHClean) which loads onto the laptop fine, but doesn't solve my problem. Its automatically in the services startup and seems to have no effect on the profile whatsoever.
After seraching these I found the Microsoft User Profile Hive Cleanup Service (UPHClean) which loads onto the laptop fine, but doesn't solve my problem. Its automatically in the services startup and seems to have no effect on the profile whatsoever.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
1 - 1GB
2 - Page file Currently allocated 3000MB, Initial Size (MB) 3000 and Max Size (MB) 3000.
3 - Made user local administrator get the event id 1508 then 1505, logs in with temp account.
2 - Page file Currently allocated 3000MB, Initial Size (MB) 3000 and Max Size (MB) 3000.
3 - Made user local administrator get the event id 1508 then 1505, logs in with temp account.
ASKER
I've solved the problem, basically looks like the profile was trying to associate itself with a TEMP profile, that I was totally ingoring.
I've removed that profile and it has allowed the user to log into the laptop without any errors. I've tested again by removing administrator priviledges and it has help the profile.
VB thankyou for your assistance in this matter it has helped talking it through with someone.
I've removed that profile and it has allowed the user to log into the laptop without any errors. I've tested again by removing administrator priviledges and it has help the profile.
VB thankyou for your assistance in this matter it has helped talking it through with someone.
ASKER
Managed to work out the solution with the question VB asked.
Glad I helped :)
please log in as local admin... scan the computer .. disjoin and join to domain again and check
Thank you
Dhruv