Hangs at applying personal settings

happyhenrik
happyhenrik used Ask the Experts™
on
During the past week, we've had issues with around 50 XP SP3 clients having problems logging in. The pc hangs for more than 20minutes when "applying personal settings". The pc is shut down brutally and re-started. Then it is able to login.

But we have a gpo controlling wallpaper and one for Communicator, and these gpo's are applied (gpresult) but not effective. Other GPO's are applied.

We have 4 DC's (2 hardware and 2 virtual, all W2K8 R2). These DC's are not located in the countries where the pc's with problems are.

I have checked DNS settings and they look fine.
No GPO's has been altered the past month.
If I do a Systeminfo in a command prompt, the machines uses different DC's
Wan links are not loaded
Windows7 machines are not affected

I'm a bit lost here
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
System Engineer
Commented:
problem came suddenly ?? you didn't install some program, hardware, change app setting's??

do you have windows automatic updates??



Author

Commented:
Yes it started tuesday last week. Nothing (as far as I can see) has been changed. We have an almost locked down environment, so users are normally not allowed to install software by themselves.

Nothing on the DC's has been changed

Windows update is disabled on all clients through GPO
Kruno DžoićSystem Engineer

Commented:
hm, tuesday is the day when Microsoft put new updates out

What about updates on DC?
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

I does sound DNS related, You mentioned "If I do a Systeminfo in a command prompt, the machines uses different DC's" Are these machines not logging on to the local DC's?

.Dave

Author

Commented:
M3rc74: Automatic updates are disabled by GPO on clients. The same for DC's and they have not been updated

David: There is no local DC
Have you tried creating a new container that doesn't use the GPO's and moving one of these into that container to test if the GPO's are causing the issue?

.Dave
Can post errors that you may find in the event viewer?

Author

Commented:
No because the problem only appears once, and I don't who will be next... But the local servicedesk mentioned, that if the did a gpupdate /force and rebooted, everything was back to normal. I asked him to monitor that and report the outcome back to me everytime he has this issue

Author

Commented:
I've only checked the event log on one pc, and I only found this:

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.

I have no idea what it means...
Kruno DžoićSystem Engineer

Commented:
Permission settings do not grant Local Launch permission for the COM Server application with CLSID
Here is the typical error description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{0D011B6A-4BDB-49CB-8533-820B75E24DCA}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
To resolve this problem, use one of the following methods, depending on the cause of the problem.
Grant the user permissions to start the COM component

Grant the user permissions to start the COM component. To do this, follow these steps:
Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click the following registry subkey:
HKEY_CLASSES_ROOT\CLSID\CLSID value
Note In this subkey, "CLSID value" is a placeholder for the CLSID information that appears in the message.
In the right pane, double-click AppID.
The Edit String dialog box appears. Leave this dialog box open and continue to the next step.
Click Start, click Run, type dcomcnfg in the Open box, and then click OK.
If a Windows Security Alert message prompts you to keep blocking the Microsoft Management Console program, click to unblock the program.
In Component Services, double-click Component Services, double-click Computers, double-click My Computer, and then click DCOM Config.
In the details pane, locate the program by using the friendly name.
If the AppGUID identifier is listed instead of the friendly name, locate the program by using this identifier.
Right-click the program, and then click Properties.
Click the Security tab.
In the Launch and Activation Permissions area, click Customize, and then click Edit.
Click Add, type the user’s account name, and then click OK.
While the user is selected, click to select the Allow check boxes for the following items:
Local Launch
Remote Launch
Local Activation
Remote Activation
Click OK two times.
Quit Registry Editor.
Grant the correct permissions to the Network Service account

To grant the correct permissions to the Network Service account, follow these steps:
Click Start, click Run, type dcomcnfg in the Open box, and then click OK.
In Component Services, double-click Component Services, and then double-click Computers.
Right-click My Computer, and then click Properties.
Click the COM Security tab.
In the Launch and Activation Permissions area, click Edit Default.
Click Add, type Network Service, and then click OK.
While Network Service is selected, click to select the Allow check boxes for the following items:
Local Launch
Remote Launch
Local Activation
Remote Activation
Click OK two times.
For the error above refer to http://blog.paulgu.com/2009/02/10/permission-settings-do-not-grant-local-launch-permission-for-the-com-server-application-with-clsid/

For the main issue try to enable userenv debug logging on a few client machines.
You can refer to the following MS KB to enable the logging. This will record everything  after the user hits enter after entering the login credentials.
How to enable user environment debug logging in retail builds of Windows

Go through the userenv.log file located in C:\Windows\debug\UserMode folder. Hope it gives out some clues.

Author

Commented:
that might be the next step. I am waiting for a reply from our Client Management team, to see if they have done something, without telling me :-)

Author

Commented:
OK - here's the deal.

Our Client management dep. rolled out a new version of Office Communicator last week. It was only done for older xp installations.

That caused the problem...

Thank you all for trying to help me out - I will split the points between you

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial