How do you fix a domain users profile in WIN 7 and Server 2008 R2 ?

I have a particular domain user who seems to have a corrupt user profile.  We use roaming profiles and it seems she can log into some machines but others error out with "The User Profile Service service failed the login.  User profile cannot be loaded"  And she is kicked out of the login screen.  Some machines load a temp profile but this also is not satisfactory.

I have gone through several registry checks suggested by Microsoft, and others, but none seem to apply to my problem.  

I seem to need to create a new profile.  But how do you do that for a user that accesses all machines as a domain member?  And why is she OK on some computers ?  Her roaming profile stored on a server seems OK.

Is the easiest way to bite the bullet and delete and create the user ?

I would appreciate your suggestions.

Thank you

Brian
brian_ounAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AustinComputerLabsCommented:
If you rename her roaming profile on the server and create a new empty folder with the same name as her previous one.
Then do the same on the PC(s) that is having the most trouble, you should get a clean happy profile.
Then you can move her desktop, docs, favorites and the like from the copy on the server.

it is a little time consuming but if you go through creating a new user it will be more work than this.
0
Jackie ManIT ManagerCommented:
Try to dis-joint the domain in the problem windows 7 os PC; restart; PC and re-joint the PC to the domain to see whether it helps.
0
Firmin FrederickSenior IT ConsultantCommented:
Austin is on the right track you may find the problem is permissions related and / or there may be content in the roaming profile that is being blocked by your antivirus.

Check the nature of the error message when the profile fails to load as this gives fairly accurate fault finding tips:

1. access denied - the user permission on the PC is not sufficient to allow copying and creating folders
   b. access denied copying profile to server - check that "profile" root folder permission is set to "full  
         control"  to  all users

2. unable to copy "XYZ" file to local PC from server - file is being blocked or disallowed - find and delete file from server side.  This is usually a file in the Temporary Internet files folder

3. unable to load roaming profile as profile exceeds maximum size set by policy

If Jackieman is correct and re-joining a PC to resolves your profile errors - then this points to permissions not propagating to that machine when on domain - group poilicy failure for example or DNS errors and you should investigate this issues on the problem machines.
0
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

brian_ounAuthor Commented:
Gentlemen, thank you for your suggestions, I have tried with varying degrees of success.  This user’s principal computer still is not responding except with a temporary profile – with or without the roaming profile.  Using her computer with the temporary profile, she is able to RDP into one of our virtual machines several miles away and her profile builds 100%.
If I look at the registry, H_LOCAL -> Software -> Microsoft -> WindowsNT -> CurrentVersion -> ProfileList I can see .bak files but manipulation of these files does not produce a solution.  If you go too far the user is completely locked out.
There must be some way  to get the user logged into the network with a local profile.  Some of the error messages indicate a corrupt local profile.
The error messages are:
1508 – Windows was unable to load the registry
1502 – Windows cannot load the locally stored profile.  The local profile maybe corrupt
1505 – Windows has backed up this user profile
1511 – Windows cannot find the local profile and is logging you in with a temporary profile
Can you suggest what area of the local profile I can look for corruption ?  Should I rename the local profile and start a new one and then move back the files a directory at a time until I run into problems ?
Except for a few changes like passwords parameters, etc., the default group policy is used.
I would appreciate your suggestions.
Brian
0
AustinComputerLabsCommented:
If you rename her roaming profile on the server and create a new empty folder with the same name as her previous one giving her user full rights to it.
Then do the same on the PC(s) that is having the most trouble, you should get a clean happy profile.
0
brian_ounAuthor Commented:
Hi AustinComputerLabs:
I tried that, at least on the server.  It would let me rename the user.v2 but I could not rename user.  I gave up that idea at that time

Brian
0
AustinComputerLabsCommented:
If you rename on the PC and the server then you remove the issue no matter which end it is on. Otherwise the corruption can be syncronized from one to the other.
User.v2 will work fine as long as you create a new folder "user" and make sure permissions are correct.
0
brian_ounAuthor Commented:
Hi ACL, thanks for your more than prompt resonses.

Before I make some more moves can you explain why I cannot log her into some of the other machines now that I have her roaming profile disabled ?  All of our work computers are WIN 7..  I have even tried my own workstation and her logon is not allowed.

Brian
0
AustinComputerLabsCommented:
It is possible that the profile on one PC corrupted. When she logged on from that PC the corruption was uploaded (syncronized) to the server. From that point on the corruption may have syncronized to any PC she attempted to log on to.

Now that her roaming profile is disabled, can she log on to a PC that she has never lgged onto or a PC that has no stored profile (old one renamed)?

What do you mean when you say her " logon is not allowed" on your workstation?
0
brian_ounAuthor Commented:
Thanks again ACL:
I did use my computer several days ago to log her in.  There is no user dir in her name.
“Login is not allowed” goes like this:

WELCOME notice
The User Profile Service service failed the logon.
User profile cannor be loaded
LOGGING OFF

I checked error messages (some pretty strange, at least for me) for that particular login and there were 6 Warning and 5 Errors as follows in order:
1530 Warn - Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  
1508 Error -  Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.
1502 Error - Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.
1533 Error - Windows cannot delete the profile directory C:\Users\leihaf. This error may be caused by files in this directory being used by another program.
1511 Error - Windows cannot delete the profile directory C:\Users\leihaf. This error may be caused by files in this directory being used by another program.
6004 Warn - The winlogon notification subscriber <Profiles> failed a critical notification event.
1509 Warn - Windows cannot copy file C:\Users\Default\AppData\Local\Microsoft\Windows Live\Bici\Bici1_00.sqm to location C:\Users\TEMP\AppData\Local\Microsoft\Windows Live\Bici\Bici1_00.sqm. This error may be caused by network problems or insufficient security rights.
 DETAIL - Access is denied.
1509 Warn -  Windows cannot copy file C:\Users\Default\AppData\Local\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm to location C:\Users\TEMP\AppData\Local\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm. This error may be caused by network problems or insufficient security rights.
 DETAIL - Access is denied.
1533 Error - Windows cannot delete the profile directory C:\Users\TEMP. This error may be caused by files in this directory being used by another program.
 DETAIL - The directory is not empty.
1500 Error - Windows cannot delete the profile directory C:\Users\TEMP. This error may be caused by files in this directory being used by another program.
 DETAIL - The directory is not empty.
6001 Error - The winlogon notification subscriber <Sens> failed a notification event
6001 Error - The winlogon notification subscriber <Profiles> failed a notification event.

We use the default Group Policy except for some password modifications.  All computer are WIN 7 Pro.

Thanks again
Brian
0
brian_ounAuthor Commented:
To ACL;

I checked the USER\TEMP directory in my computer and she does have full rights.  Also a USER\leihaf directory was created with one sub-dir "favorites"

Brian
0
AustinComputerLabsCommented:
You did say that you disabled roaming profiles for her?

those are some pretty odd error messages.
It is almost like she does not have the right to "log on locally" which is usually modified on a server to keep users from logging in at the server.

To review: You have,
disabled roaming profile for this user
renamed her old profile on the server and put in place an empty folder
renamed her old profile on your PC

and you are still receiving “Login is not allowed”

you could try moving the user into an OU that has no GP associated with it to rule out GP.
0
brian_ounAuthor Commented:
Hi ACL:
To review:
I have disabled the roaming profiles for this user
I have deleted her profile on my PC
I have done nothing with the profile on the server
I am still unable to log her in on my PC (and a couple or others too)
To get her working I have installed a new HD in her computer with all the necessary programs she uses.  She was able to login and establish a new local profile.  The original drive is still in the machine so I have access to her old files.  I have copied her desktop, documents, and contacts to the new profile.  But nothing else.  Hopefully she can get along on what she has and eventually establish a new, full profile
Then I will copy it to the server and hopefully that will solve the problem.
I also a number of 1202 errors: “Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.”  I also notice there is a hot fix for this problem so I am installing SP 1 into the 3 domain controllers and maybe this will correct a number of problems.

I would still like to know what is preventing the login to my workstation.  At least for now, the pressure is off.  We are a small organization with about 30 servers and I’m the only guy.

Thanks again.
0
AustinComputerLabsCommented:
Good luck, I hope I helped you work it out.
Rick
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
brian_ounAuthor Commented:
Not 100% resolved but I received enough assistance to lead me in the right direction for a complete resolve

Thank you
0
AustinComputerLabsCommented:
Glad we could help,
thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.