Link to home
Start Free TrialLog in
Avatar of normanml
normanmlFlag for United States of America

asked on

Help trouble-shooting Event 1530

At shutdown I've been getting a registry leak.:

5 user registry handles leaked from \Registry\User\S-1-5-21-2987587682-1074968332-1067063631-1001:
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001\Software\Microsoft\SystemCertificates\My
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001\Software\Microsoft\SystemCertificates\CA

1. Volume3 harddisk is the micro disk (SD) built-in reader. Why is that device holding the registry open when there is no micro-disk in it at shutdown? Is there a way to shut the volume down prior to shut down?

2. Note please: In other user profile warnings for Volume 3, various processes are listed: process 988, process 568, process 560 and, as show above, process 980. Again all involved HardiskVolume3 -- the micro disk reader I use to look at camera disks.

Thanks.
Avatar of Ryan Smith
Ryan Smith
Flag of United States of America image
Run all the firmware updates for your computer.  Not windows updates but firmware.
ASKER CERTIFIED SOLUTION
Avatar of Merete
Merete
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of normanml
normanml
Flag of United States of America image

ASKER

By accident deleted volume that had memory card reader software on it. Installed latest version of software (2.1), fixed a registry key pointing to the wrong place, and the leaks seemed to have stopped. Thanks. BTW none of the flash drives in DM had a policies tab, only the HDs internal and external.
Avatar of Merete
Merete
Flag of Australia image
Deleting the  card reader software explains what was going on since it is an internal device.
Good to see it fixed normanml , thank you!
Regards Merete