Hi Guys, I am trying to resolve a issue that is really doing my head it. I have a 2003 r2 x86 server that is being used as a citrix presentation server 4.5. It has hotfix rollup 7 applied. This server has been alive for approx 4 years now and never had a issue.
2 weeks ago multiple times when i log in id see the following in c:\documents and settings
Now i have gone through the usual steps of a week full of process monitor/explorer and modifying the LogoffCheckSysModule under the HKLM\System\CurrentControl
I am at the stage where now i can see users log in and out with absolutely no remaining processes yet the the profile remains. In the task manager tab it shows the user log in and leave the server. Process explorer shows all processes that started as the user logs in, terminate when the user logs out. There is no reason i can see why the profile remains.
I have then installed the User Profile Hive Cleaner and am presented with the following errors
The following handles in user profile hive Username (user guid) have been remapped because they were preventing the profile from unloading successfully:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings (0x5c4)
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings (0x648)
HKCU\Software\Microsoft\Internet Explorer\IETld (0x6c8)
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings (0x6d0)
Now i have done some research and i have found one of the old IT admins has modified some of the policies in terms of internet settings. Problem is this guy "left against his will" about a week after making these changes. The problem is i know the changes were not malicious and more likely error in creating the policy. My problem is i am trying to identify what the code in the ( ) above refer to so i can try and resolve this issue.
Does anyone know what the (0x6c8) , (0x6d0), (0x5c4), (0x648) refer to in regards to the above registry error codes.
I found this support article from microsoft http://support.microsoft.com/kb/975619
however a call to microsoft and i have been advised this hotfix is no longer valid and microsoft not willing to provide me with the original file/fix.
Can anyone shed some light into this information for me.