C_Parlato
asked on
Error 0x80070005 occurred while creating known folder {625b53c3-ab48-4ec1-ba1f-a1ef4146fc19} with path '\\MILLE004-VM02\AllUsersStartMenu\StartMenu'.
Server seems to be getting these error messages more and more frequently. I tried looking for a solution, and what I found indicated that I should try manually recreating the folder. I tried that, but I'm still seeing the issue. I'm curious what would be causing it? These are hosted VM servers, so I seriously doubt that there is any hardware issue causing these, I would see similar issues on other VMs within the cluster.
Is it possible that these error is occurring because the folders are already created?
Log Name: Microsoft-Windows-Known Folders API Service
Source: Microsoft-Windows-KnownFol
Date: 5/27/2015 8:04:41 AM
Event ID: 1000
Task Category: None
Level: Warning
Keywords:
User: CC\331.5HS6621DST
Computer: MILLE004-VM02.cc.local
Description:
Error 0x80070005 occurred while creating known folder {b4bfcc3a-db2c-424c-b029-7
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kn
<EventID>1000</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2015-05-27T12:
<EventRecordID>314456</Eve
<Correlation />
<Execution ProcessID="4500" ThreadID="5552" />
<Channel>Microsoft-Windows
<Computer>MILLE004-VM02.cc
<Security UserID="S-1-5-21-155850598
</System>
<EventData>
<Data Name="hrError">0x80070005<
<Data Name="FolderId">{B4BFCC3A-
<Data Name="Path">\\MILLE004-VM0
</EventData>
</Event>
Is it possible that these error is occurring because the folders are already created?
Log Name: Microsoft-Windows-Known Folders API Service
Source: Microsoft-Windows-KnownFol
Date: 5/27/2015 8:04:41 AM
Event ID: 1000
Task Category: None
Level: Warning
Keywords:
User: CC\331.5HS6621DST
Computer: MILLE004-VM02.cc.local
Description:
Error 0x80070005 occurred while creating known folder {b4bfcc3a-db2c-424c-b029-7
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kn
<EventID>1000</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2015-05-27T12:
<EventRecordID>314456</Eve
<Correlation />
<Execution ProcessID="4500" ThreadID="5552" />
<Channel>Microsoft-Windows
<Computer>MILLE004-VM02.cc
<Security UserID="S-1-5-21-155850598
</System>
<EventData>
<Data Name="hrError">0x80070005<
<Data Name="FolderId">{B4BFCC3A-
<Data Name="Path">\\MILLE004-VM0
</EventData>
</Event>
Randy Downs
Did you see this thread?
Google kind of finds answer in 1 second....
Unless the user 331.5HS6621DST is a domain admin (or close to it) and MILLE004-VM02 is a PC that user would be using, they've got no business trying to create something in All Users Desktop and I smell a rat. Luckily, the server is stopping it as the 0x80070005 means access denied.
I'd be checking MILLE004-VM02 for malware!
I'd be checking MILLE004-VM02 for malware!
ASKER
@David The user is actually 331.5HS6621DST, so it's doesn't appear malicious. This is one of many that we get every day, so it's not isolated to a particular user or group of users.
@gheist As to the solutions on google. They were not effective in solving this issue. When google fails me, i refer to ExpertExchange, so thank you for your extremely helpful suggest...
@Randy I'm thinking this has something to do with the file redirection GPO enabled. Users also have a GPO preventing them from saving to even their local desktop. I regularly check msconfig for both startup items services that are outside of what should be running. In this example, I'm not able to find anything.
@gheist As to the solutions on google. They were not effective in solving this issue. When google fails me, i refer to ExpertExchange, so thank you for your extremely helpful suggest...
@Randy I'm thinking this has something to do with the file redirection GPO enabled. Users also have a GPO preventing them from saving to even their local desktop. I regularly check msconfig for both startup items services that are outside of what should be running. In this example, I'm not able to find anything.
ASKER
This is a windows generated folder. I'm not sure why it's trying to make the "B4BFCC3A-DB2C-424C-B029-7
I imagine I can ignore the error as it is likely is not critical. I was just hoping someone could help me figure out a way to make it go away.
I imagine I can ignore the error as it is likely is not critical. I was just hoping someone could help me figure out a way to make it go away.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I don't see much on this error.
Are you running Sharepoint?
0x80070005 = access denied. Appears to be related to Windows Search service. You might check that the folder path exists.
Are you running Sharepoint?
To resolve this issue, synchronize the Windows SharePoint Services Timer Service together with the new user account information. To do this, follow these steps:
Start Windows SharePoint Services Central Administration.
On the Windows SharePoint Services Central Administration page, click Configure virtual server for central administration under Server Configuration.
On the Configure Administrative Virtual Server page, click Use an existing application pool, click the existing application pool that you are already using, and then click OK.
"@David The user is actually 331.5HS6621DST, so it's doesn't appear malicious"
It's Davis, BTW.....
And 331.5HS6621DST is a domain administrator? If they are, then the access denied shouldn't have happened and something is wrong with your permissions on the C:\ProgramData folder. If they are not, be glad Windoze protected you!
It's Davis, BTW.....
And 331.5HS6621DST is a domain administrator? If they are, then the access denied shouldn't have happened and something is wrong with your permissions on the C:\ProgramData folder. If they are not, be glad Windoze protected you!
ASKER
@gheist Thank you. I didn't see that before. So I guess at this point, I need to figure out why the folder is being created by the users under '\\MILLE004-VM02\AllUsersS
@davis, sorry about the that. And only Admins should be able to write to the All Users profile. The issue is that something is being written in the first place. So I need to find the root cause for that and stop it.
@randy no sharepoint. This VM functions almost like a kiosk for customers. Everything is locked down except a single application.
@davis, sorry about the that. And only Admins should be able to write to the All Users profile. The issue is that something is being written in the first place. So I need to find the root cause for that and stop it.
@randy no sharepoint. This VM functions almost like a kiosk for customers. Everything is locked down except a single application.