Error 0x80070005 occurred while creating known folder {625b53c3-ab48-4ec1-ba1f-a1ef4146fc19} with path '\\MILLE004-VM02\AllUsersStartMenu\StartMenu'.

Server seems to be getting these error messages more and more frequently.   I tried looking for a solution, and what I found indicated that I should try manually recreating the folder.    I tried that, but I'm still seeing the issue.   I'm curious what would be causing it?   These are hosted VM servers, so I seriously doubt that there is any hardware issue causing these, I would see similar issues on other VMs within the cluster.

Is it possible that these error is occurring because the folders are already created?


Log Name:      Microsoft-Windows-Known Folders API Service
Source:        Microsoft-Windows-KnownFolders
Date:          5/27/2015 8:04:41 AM
Event ID:      1000
Task Category: None
Level:         Warning
Keywords:      
User:          CC\331.5HS6621DST
Computer:      MILLE004-VM02.cc.local
Description:
Error 0x80070005 occurred while creating known folder {b4bfcc3a-db2c-424c-b029-7fe99a87c641} with path '\\MILLE004-VM02\AllUsersStartMenu\Desktop'.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-KnownFolders" Guid="{8939299F-2315-4C5C-9B91-ABB86AA0627D}" />
    <EventID>1000</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2015-05-27T12:04:41.632125000Z" />
    <EventRecordID>314456</EventRecordID>
    <Correlation />
    <Execution ProcessID="4500" ThreadID="5552" />
    <Channel>Microsoft-Windows-Known Folders API Service</Channel>
    <Computer>MILLE004-VM02.cc.local</Computer>
    <Security UserID="S-1-5-21-155850598-1010963169-2046525729-1192" />
  </System>
  <EventData>
    <Data Name="hrError">0x80070005</Data>
    <Data Name="FolderId">{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}</Data>
    <Data Name="Path">\\MILLE004-VM02\AllUsersStartMenu\Desktop</Data>
  </EventData>
</Event>
LVL 2
C_ParlatoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Randy DownsOWNERCommented:
Did you see this thread?

Can you also try to access that folder using Windows Explorer? This may show a problem with permissions to that folder when if such a problem exists.
 
Once you are in clean boot, refer to the section How to determine what is causing the problem by performing a clean boot and follow steps given under the Windows 7.
How to perform a clean boot to troubleshoot a problem in Windows 8, Windows 7, or Windows Vista
http://support.microsoft.com/kb/929135/en-us
Note: Refer "How to reset the computer to start as usual after troubleshooting with clean boot" under more information to reset the computer to start as normal after troubleshooting.
 
The above steps will help you find out the cause of the issue, if the error does not come up in clean boot mode. This will also ensure if CIS is causing the issue.
0
gheistCommented:
Google kind of finds answer in 1 second....
0
Davis McCarnOwnerCommented:
Unless the user 331.5HS6621DST is a domain admin (or close to it) and MILLE004-VM02 is a PC that user would be using, they've got no business trying to create something in All Users Desktop and I smell a rat.  Luckily, the server is stopping it as the 0x80070005 means access denied.
I'd be checking MILLE004-VM02 for malware!
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

C_ParlatoAuthor Commented:
@David The user is actually 331.5HS6621DST, so it's doesn't appear malicious.   This is one of many that we get every day, so it's not isolated to a particular user or group of users.  

@gheist As to the solutions on google.   They were not effective in solving this issue.    When google fails me, i refer to ExpertExchange, so thank you for your extremely helpful suggest...

@Randy I'm thinking this has something to do with the file redirection GPO enabled.   Users also have a GPO preventing them from saving to even their local desktop.   I regularly check msconfig for both startup items services that are outside of what should be running.      In this example, I'm not able to find anything.
0
C_ParlatoAuthor Commented:
This is a windows generated folder.  I'm not sure why it's trying to make the "B4BFCC3A-DB2C-424C-B029-7FE99A87C641" folder in the All Users.   It's like a recycle folder or a temp folder.  

I imagine I can ignore the error as it is likely is not critical.   I was just hoping someone could help me figure out a way to make it go away.
0
gheistCommented:
https://msdn.microsoft.com/en-us/library/windows/desktop/dd378457%28v=vs.85%29.aspx
It is Desktop folder.... (I checked on absolutely fresh Win 8.1 and it is there created on install.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Randy DownsOWNERCommented:
I don't see much on this error.

0x80070005 = access denied. Appears to be related to Windows Search service. You might check that the folder path exists.

Are you running Sharepoint?

To resolve this issue, synchronize the Windows SharePoint Services Timer Service together with the new user account information. To do this, follow these steps:
Start Windows SharePoint Services Central Administration.
On the Windows SharePoint Services Central Administration page, click Configure virtual server for central administration under Server Configuration.
On the Configure Administrative Virtual Server page, click Use an existing application pool, click the existing application pool that you are already using, and then click OK.
0
Davis McCarnOwnerCommented:
"@David The user is actually 331.5HS6621DST, so it's doesn't appear malicious"
It's Davis, BTW.....
And 331.5HS6621DST is a domain administrator?  If they are, then the access denied shouldn't have happened and something is wrong with your permissions on the C:\ProgramData folder.  If they are not, be glad Windoze protected you!
0
C_ParlatoAuthor Commented:
@gheist Thank you.  I didn't see that before.   So I guess at this point, I need to figure out why the folder is being created by the users under '\\MILLE004-VM02\AllUsersStartMenu\Desktop'.   The folder redirection is pointing the users desktop to a file repository on another server.   I don't know what would need to be created for the all users desktop.    

@davis, sorry about the that.   And only Admins should be able to write to the All Users profile.     The issue is that something is being written in the first place.   So I need to find the root cause for that and stop it.

@randy no sharepoint.    This VM functions almost like a kiosk for customers.   Everything is locked down except a single application.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.