Solved

Help trouble-shooting Event 1530

Posted on 2014-04-03
4
1,701 Views
Last Modified: 2014-04-06
At shutdown I've been getting a registry leak.:

5 user registry handles leaked from \Registry\User\S-1-5-21-2987587682-1074968332-1067063631-1001:
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001\Software\Microsoft\SystemCertificates\My
Process 980 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2987587682-1074968332-1067063631-1001\Software\Microsoft\SystemCertificates\CA

1. Volume3 harddisk is the micro disk (SD) built-in reader. Why is that device holding the registry open when there is no micro-disk in it at shutdown? Is there a way to shut the volume down prior to shut down?

2. Note please: In other user profile warnings for Volume 3, various processes are listed: process 988, process 568, process 560 and, as show above, process 980. Again all involved HardiskVolume3 -- the micro disk reader I use to look at camera disks.

Thanks.
0
Comment
Question by:normanml
  • 2
4 Comments
 
LVL 6

Expert Comment

by:Ryan Smith
ID: 39975685
Run all the firmware updates for your computer.  Not windows updates but firmware.
0
 
LVL 70

Accepted Solution

by:
Merete earned 500 total points
ID: 39977165
It could be because it is internal is not optimised for quick removal
try this sourced from xp and Vista but should be the same"Optimize for quick removal "
This setting disables write caching on the device and in Windows, so the media can be removed without using the Safely Remove Hardware feature in the taskbar.
The card reader might experience a minor drop in device performance.
Source
In Device Manager, click the + sign next to Disk drives to display a list of the drive devices on your computer.
Memory card readers are seen as drive devices in Windows.
In the list of drive devices, right-click the device  to display a drop-down menu (for example, Generic USB CF Reader for CompactFlash media).
Click Properties in this menu.
Click the Policies tab in the Device Properties window.
Select Optimize for quick removal , and then click the OK button.

Using and Troubleshooting Memory Card Readers (Windows Vista and XP)
http://h10025.www1.hp.com/ewfrf/wc/document?cc=au&lc=en&docname=bph07910
0
 

Author Closing Comment

by:normanml
ID: 39981584
By accident deleted volume that had memory card reader software on it. Installed latest version of software (2.1), fixed a registry key pointing to the wrong place, and the leaks seemed to have stopped. Thanks. BTW none of the flash drives in DM had a policies tab, only the HDs internal and external.
0
 
LVL 70

Expert Comment

by:Merete
ID: 39981932
Deleting the  card reader software explains what was going on since it is an internal device.
Good to see it fixed normanml , thank you!
Regards Merete
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question