Solved

Terminal Services - Windows cannot load the locally stored Profile.

Posted on 2010-08-26
9
6,514 Views
Last Modified: 2013-11-21
Hello Experts - Hope you can help me.

I have a client with a windows server 2003 R2 Standard server SP2 running in application mode with Citrix Zenapp 4.5. The server is connected to a SBS 2008 Domain and the clients are running XP pro SP3.
The client can connect with program neighborhood or RDP and get to the desktop of run published apps.
The problem is a few days after setting them up they began to recieve the following errors at login.

Windows cannot load the locally stored profile. Possible causes of this error include insufficent security rights or a corrupt profile. If this problem persists contact you network administrator.
Detail - The process cannot access the file because it is being used by another process.

The they recieve this error.

Windows cannot find the local profile and is logging you on with a temporary profile. Changes made to this profile will be lost when you log off.

The foloowing events are logged in the event log.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1508
Date:            8/26/2010
Time:            1:21:18 PM
User:            NT AUTHORITY\SYSTEM
Computer:      CTX1
Description:
Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.

 DETAIL - The process cannot access the file because it is being used by another process.  for M:\Documents and Settings\Deniz2\ntuser.dat

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1502
Date:            8/26/2010
Time:            1:21:20 PM
User:            STELLAR\deniz2
Computer:      CTX1
Description:
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.

 DETAIL - The process cannot access the file because it is being used by another process.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1515
Date:            8/26/2010
Time:            1:21:20 PM
User:            STELLAR\deniz2
Computer:      CTX1
Description:
Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1511
Date:            8/26/2010
Time:            1:21:21 PM
User:            STELLAR\deniz2
Computer:      CTX1
Description:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Here is the output from whoami /user command

M:\Documents and Settings\TEMP.STELLAR.066>whoami /user

USER INFORMATION
----------------

User Name      SID
============== =============================================
stellar\deniz4 S-1-5-21-559414530-1929977471-2740923582-1178


I have included a jpg of the registry for this user as an attachment.

I have also enabled userenv logging and will attach the section I feel is relavent below.

V(2714.14f8) 05:57:16:079 InitializePolicyProcessing: Initialised Machine Mutex/Events
USERENV(2714.14f8) 05:57:16:079 InitializePolicyProcessing: Initialised User Mutex/Events
USERENV(2714.14f8) 05:57:16:079 LibMain: Process Name:  \??\M:\WINDOWS\system32\winlogon.exe
USERENV(2714.14f8) 05:57:20:970 LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV(2714.14f8) 05:57:20:970 =========================================================
USERENV(2714.14f8) 05:57:20:970 LoadUserProfile: Entering, hToken = <0x364>, lpProfileInfo = 0x6e5d8
USERENV(2714.14f8) 05:57:20:970 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
USERENV(2714.14f8) 05:57:20:986 LoadUserProfile: lpProfileInfo->lpUserName = <deniz4>
USERENV(2714.14f8) 05:57:20:986 LoadUserProfile: NULL central profile path
USERENV(2714.14f8) 05:57:20:986 LoadUserProfile: lpProfileInfo->lpDefaultPath = <\\STELLARSBS\netlogon\Default User>
USERENV(2714.14f8) 05:57:20:986 LoadUserProfile: NULL server name
USERENV(2714.14f8) 05:57:20:986 LoadUserProfile: no thread token found, impersonating self.
USERENV(2714.14f8) 05:57:20:986 GetInterface: Returning rpc binding handle
USERENV(214.2444) 05:57:20:986 IProfileSecurityCallBack: client authenticated.
USERENV(214.2444) 05:57:20:986 DropClientContext: Got client token 00000CEC, sid = S-1-5-18
USERENV(214.2444) 05:57:20:986 MIDL_user_allocate enter
USERENV(214.2444) 05:57:20:986 DropClientContext: load profile object successfully made
USERENV(214.2444) 05:57:20:986 DropClientContext: Returning 0
USERENV(2714.14f8) 05:57:20:986 LoadUserProfile: Calling DropClientToken (as self) succeeded
USERENV(2714.14f8) 05:57:20:986 CProfileDialog::Initialize : Cookie generated <04F7B5D7D1015F769FE1EF0B881357D0>
USERENV(2714.14f8) 05:57:20:986 CProfileDialog::Initialize : Endpoint generated <IProfileDialog_1692D5D8B4AEF2D8D07172DBA649BB66>
USERENV(214.240) 05:57:20:986 IProfileSecurityCallBack: client authenticated.
USERENV(214.240) 05:57:20:986 LoadUserProfileI: RPC end point IProfileDialog_1692D5D8B4AEF2D8D07172DBA649BB66
USERENV(214.240) 05:57:20:986 In LoadUserProfileP
USERENV(214.240) 05:57:20:986 LoadUserProfile: Running as client, sid = S-1-5-18
USERENV(214.240) 05:57:20:986 =========================================================
USERENV(214.240) 05:57:20:986 LoadUserProfile: Entering, hToken = <0xe78>, lpProfileInfo = 0x20c0760
USERENV(214.240) 05:57:20:986 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
USERENV(214.240) 05:57:20:986 LoadUserProfile: lpProfileInfo->lpUserName = <deniz4>
USERENV(214.240) 05:57:20:986 LoadUserProfile: NULL central profile path
USERENV(214.240) 05:57:20:986 LoadUserProfile: lpProfileInfo->lpDefaultPath = <\\STELLARSBS\netlogon\Default User>
USERENV(214.240) 05:57:20:986 LoadUserProfile: NULL server name
USERENV(214.240) 05:57:20:986 LoadUserProfile: User sid: S-1-5-21-559414530-1929977471-2740923582-1178
USERENV(214.240) 05:57:20:986 CSyncManager::EnterLock <S-1-5-21-559414530-1929977471-2740923582-1178>
USERENV(214.240) 05:57:20:986 CSyncManager::EnterLock: No existing entry found
USERENV(214.240) 05:57:21:001 CSyncManager::EnterLock: New entry created
USERENV(214.240) 05:57:21:001 CHashTable::HashAdd: S-1-5-21-559414530-1929977471-2740923582-1178 added in bucket 11
USERENV(214.240) 05:57:21:001 LoadUserProfile: Wait succeeded. In critical section.
USERENV(214.240) 05:57:21:001 TestIfUserProfileLoaded:  return with error 2.
USERENV(214.240) 05:57:21:001 RestoreUserProfile:  Entering
USERENV(214.240) 05:57:21:001 RestoreUserProfile:  User is a Admin
USERENV(214.240) 05:57:21:001 IsCentralProfileReachable:  Entering
USERENV(214.240) 05:57:21:001 IsCentralProfileReachable:  Null path.  Leaving
USERENV(214.240) 05:57:21:001 RestoreUserProfile:  Profile path = <>
USERENV(214.240) 05:57:21:001 ExtractProfileFromBackup:  Failed to open key Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-559414530-1929977471-2740923582-1178 with error 2
USERENV(214.240) 05:57:21:001 RegRenameKey: renaming Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-559414530-1929977471-2740923582-1178.bak to Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-559414530-1929977471-2740923582-1178
USERENV(214.240) 05:57:21:001 ExtractProfileFromBackup:  Profile created from Backup
USERENV(214.240) 05:57:21:001 PatchNewProfileIfRequred: A profile already exists with the current sid, exitting
USERENV(214.240) 05:57:21:001 CreateLocalProfileKey:  user <S-1-5-21-559414530-1929977471-2740923582-1178> is local, not setting preference key
USERENV(214.240) 05:57:21:017 GetExistingLocalProfileImage:  Found entry in profile list for existing local profile
USERENV(214.240) 05:57:21:017 GetExistingLocalProfileImage:  Local profile image filename = <%SystemDrive%\Documents and Settings\Deniz4>
USERENV(214.240) 05:57:21:017 GetExistingLocalProfileImage:  Expanded local profile image filename = <M:\Documents and Settings\Deniz4>
USERENV(214.240) 05:57:21:017 GetExistingLocalProfileImage:  No local mandatory profile.  Error = 2
USERENV(214.240) 05:57:21:017 GetExistingLocalProfileImage:  Found local profile image file ok <M:\Documents and Settings\Deniz4\ntuser.dat>
USERENV(214.240) 05:57:21:017 GetExistingLocalProfileImage:  Failed to query low profile unload time with error 2
USERENV(214.240) 05:57:21:017 Local Existing Profile Image is reachable
USERENV(214.240) 05:57:21:017 Local profile name is <M:\Documents and Settings\Deniz4>
USERENV(214.240) 05:57:21:017 RestoreUserProfile:  No central profile.  Attempting to load local profile.
USERENV(214.240) 05:57:21:017 MyRegLoadKey:  Failed to load subkey <S-1-5-21-559414530-1929977471-2740923582-1178>, error =32
USERENV(214.240) 05:57:21:017 MyRegLoadKey: Returning 00000020
USERENV(214.240) 05:57:21:017 RestoreUserProfile:  MyRegLoadKey returned FALSE.
USERENV(214.240) 05:57:21:017 ReportError: Impersonating user.
USERENV(214.240) 05:57:21:033 ReportError: Logging Error <Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.


DETAIL - The process cannot access the file because it is being used by another process.
>

USERENV(214.240) 05:57:21:033 GetInterface: Returning rpc binding handle
USERENV(214.240) 05:57:21:033 ReportError: RPC End point IProfileDialog_1692D5D8B4AEF2D8D07172DBA649BB66
USERENV(214.240) 05:57:21:033 ReportError: waiting on rpc async event
USERENV(2714.2220) 05:57:21:033 ErrorDialogEx: Calling DialogBoxParam
USERENV(2714.2220) 05:57:21:033 ErrorDlgProc:: DialogBoxParam
USERENV(214.240) 05:57:23:658 RpcAsyncCompleteCall finished, status = 0
USERENV(214.240) 05:57:23:658 ReleaseInterface: Releasing rpc binding handle
USERENV(214.240) 05:57:23:658 RestoreUserProfile:  Failed to load local profile and profile path is NULL, going to overwrite local profile
USERENV(214.240) 05:57:23:658 RestoreUserProfile:  Issuing default profile
USERENV(214.240) 05:57:23:658 RestoreUserProfile:  Deleting cached profile directory <M:\Documents and Settings\Deniz4>.
USERENV(214.240) 05:57:23:658 RegRenameKey: renaming Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-559414530-1929977471-2740923582-1178 to Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-559414530-1929977471-2740923582-1178.bak
USERENV(214.240) 05:57:23:673 ReportError: Impersonating user.
USERENV(214.240) 05:57:23:673 CreateLocalProfileKey:  user <S-1-5-21-559414530-1929977471-2740923582-1178> is local, not setting preference key
USERENV(214.240) 05:57:23:673 CreateLocalProfileImage:  One way or another we haven't got an existing local profile, try and create one
USERENV(214.240) 05:57:23:673 GetUserDomainName: DomainName = <STELLAR>
USERENV(214.240) 05:57:23:673 CreateSecureDirectory: Entering with <M:\Documents and Settings\TEMP.STELLAR.070>
USERENV(214.240) 05:57:23:673 CreateSecureDirectory: Created the directory <M:\Documents and Settings\TEMP.STELLAR.070>
USERENV(214.240) 05:57:23:673 ComputeLocalProfileName: generated the profile directory <M:\Documents and Settings\TEMP.STELLAR.070>
USERENV(214.240) 05:57:23:673 ReportError: Impersonating user.
USERENV(214.240) 05:57:23:673 ReportError: Logging Error <Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
>

So here is what I have tried.
Reboot the server, run UHPClean, rename user profile and copy back documents and desktop with out ntuser.dat, and setup new user. All end up with the same problem within two days.
I have also applied the registry entrys from KB 935649.that adjust the PoolUsagemaximum and PagedPoolSize.
The server is not running symantec antivirus it is running Panda Managed Office protection.

Sorry to be so long winded but I wanted to give as much info upfront as possible.

I look forward to hearing from you and really appreciate any help you can provide.
Thanks
Don

Stellar-Registry.jpg
0
Comment
Question by:ccoffice
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 2

Expert Comment

by:ppdogs
ID: 33538827
Have you tried stopping the AV scanner and see if it's still happening? We had a similar problem with MS FF scanner.
0
 
LVL 12

Expert Comment

by:Daniel Borger
ID: 33541489
Why does it seem like it's try to create a profile for  M:\Documents and Settings\TEMP.STELLAR.070 based on the path for M:\Documents and Settings\Deniz4? Do you have a GPO that is pointing to deniz4 as the template profile?
0
 

Author Comment

by:ccoffice
ID: 33542621
ppdogs
I will give that a try this weekend and let you know.
dborger
How do I determine if a GPO is pointing to a template profile.
Sorry my GPO skills are not very polished.
Don
0
 
LVL 12

Expert Comment

by:Daniel Borger
ID: 33542919
open an mmc console (start run mmc) add plugin for Active directory users and computers.
Browse to the OU that has the servers on it and right click, then go to properties, group policies. you can choose to edit any policy and see if there is anything set for the computer pertaining to user profiles.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 16

Accepted Solution

by:
Spike99 earned 500 total points
ID: 33548098
You will need to clear the user's profile completely from this server to resolve this issue, I think.

First, have the user log off.

Then, do you see the .BAK registry entry for this user?  The name is the user's SID+.bak.  Delete that key:
   S-1.5.21-559414530-1929977471-2740923582-1178.bak

The regular profile key probably will go away when user logs off since it's a TEMP profile.  You can tell it's a temp by the ProfileImagePath value.  If it doesn't go away, you can either clear the user profile in System Properties (click on the Advanced tab, then on User Profiles button).  Or, you can delete the profile manually, by deleting the TEMP directory for the user that is showing in the value for ProfileImagePath:
    %SystemDrive%\Documents and Settings\TEMP.STELLAR.066

And, then delete that profile key for this user that is shown in your screen shot.

Since that .DAT file is in use & is generating that profile error at log on, the user's profile hive is probably not unloading (it's being held by some process).

You can manually unload the "hive" by doing this (the SID is based on the screenshot you sent):

Drill down to the user's hive.  Each user normally has two hive keys like this:
   HKEY_Users\S-1.5.21-559414530-1929977471-2740923582-1178
   HKEY_Users\S-1.5.21-559414530-1929977471-2740923582-1178_Classes

If the "Classes" key is there, click on it first, then click on:
    File > Unload Hive...

Do that again for the user's other profile hive key.

If you get an error "access is denied," you will probably have to reboot the server to clear those out.  They should go away after the reboot, but check for the registry key again: if they're still there after the reboot, then you should be able to unload them.

I can see from your screen shot that you have a other users with Profile issues (lots of .BAK keys).  You probably need to have UPHClean.exe running on your server..  That tool from MS will unload hives for user profiles when people log off: it will monitor the user's profile keys and unload the hive when processes are finished with them.

You can download that tool from this page:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

I hope this helps.

Alicia
0
 

Author Comment

by:ccoffice
ID: 33568161
ppdogs
I disabled the AV and it did not make a difference.
dborger
Thanks for the input but I believe Spike99 has the answer
Spike99
Thanks for the detailed answer and I have tried your suggestion on two users and so far it appears to working.
I need another couple of days to make sure it sticks and if it does I will award the points to you.
Thanks Again
Don
0
 
LVL 16

Expert Comment

by:Spike99
ID: 33573774
Excellent!  I hope I helped: I know how tough these issues can be.  We host over 2,000 users in a large terminal services environment and have frequently struggled with profile issues, so I know exactly how difficult they can be.

Please, let us know how it goes.

Thanks,

Alicia
0
 

Author Closing Comment

by:ccoffice
ID: 33614278
It looks like your post has solved the problem.
All users for which I have applied your fix are still working after a week long trial.
Thank you very much and have a great week.
Don
0
 
LVL 16

Expert Comment

by:Spike99
ID: 33618111
Excellent news!  I was very glad I could help.
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Suggested Solutions

#Citrix #Citrix Policies #XenDesktop #VDI #POC #Citrix Univeral Printer Driver #Citrix UPD
#Citrix #XenApp #Citrix Scout #Citrix Insight Services #Microsoft VMMAP #Microsoft ADEXPLORE #Microsoft RAMMAP #Microsoft TCPVIEW #Microsoft AUTORUNS #Microsoft PROCESS EXPLORER #Microsoft PROCESS MONITOR
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now