Win 2008 R2 terminal server issue - The User Profile Service failed the logon. User Profile cannot be loaded

Hi All,

Randomly my user in the AD domain unable to login to one of the load balanced terminal server at all using the Load balanced FQDN.

This is the error:

The User Profile Service failed the logon. User Profile cannot be loaded
The User Profile Service failed the logon. User Profile cannot be loaded
There are about 50 Terminal Server VMs all running 2008 R2 Enterprise and the load balancer that I use is Riverbed Steel App.

if the user is manually connecting to another terminal server directly it works, so I'm lost as to what to do in this problem.
LVL 9
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kulboyCommented:
What does your logging say?
1
HariomExchange ExpertsCommented:
The user profile might be corrupt

Please refer following ms article to fix the issue

https://support.microsoft.com/en-us/kb/947215
1
compdigit44Commented:
IS this a new issue or has it just started?
I assume the same issue is seem when connecting to the load balanced service using IP correct?
What are using using for your persistence settings?
1
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Senior IT System EngineerIT ProfessionalAuthor Commented:
@CompDigit44: in my Riverbed setting, I have just set Traffic distribution: Perceptive, no session persistence yesterday so I'll monitor it if is an issue.

Previously yes it was set to on.
0
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, now I have to turn back on the Session (IP Based) persistence again since the terminal server is dropping off from the Riverbed SteelApp LoadBalancer.

But still I have some users unable to login using the TS-FARM1.domain.com VIP server name.

the error is still the sameUnable to login
0
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, further details:

The username is DOMAIN\Meiske, when she access the TS FARM usingthe RDP application shortcut on her desktop, she is using TS-FARM1.domain.com virtual name but somehow the Load Balancer only redirects to TS16-VM and when I ask her to type random TS like TS60-VM she can login.

When I go to TS16-VM C:\Users directory, I can see Meiske.DOMAIN.034 directory name, but I cannot delete it since SYSTEM is now using it.

Since there are multiple users having this issue, how can I troubleshoot this problem ?
0
Spike99On-Site IT TechnicianCommented:
Have you tried rebooting the problem server?

Since that is only happening to some users but not others, there's obviously some issue with those profiles. The fact that you can't delete the profile folder for one of the effected users means that the profile "hive" is still loaded and locked. So, some process has hung those user profiles on the server.  You will either need to reboot to clear out those profile hives or you can manually unload each hive in REGEDIT.  Just open up REGEDIT on the server in question, then find the user's SID in the list of users under HKEY_USERS.

There should be two entries for each user currently logged on to the server in HKEY_Users:  SID and SID_Classes.  You will need to unload both.

If they can't be unloaded manually, reboot and try again.

For Server 2008, don't clear the local profile by just deleting the user's folder in C:\Users.  This will leave behind the registry entry for the user's profile.  It's Microsoft's best practices to use Advanced System Settings to remove the user profile. If you do remove the user profile folder manually, you will also need to delete the user profile key for the user from the registry.  If you don't, then the user will get loaded on the machine in question with a temp profile until the registry entry for their profile has been removed manually.

Those keys can be found here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
0
Senior IT System EngineerIT ProfessionalAuthor Commented:
Hi Alicia, thanks for the suggestion, I have used Delprof2 – User Profile Deletion Tool
https://helgeklein.com/free-tools/delprof2-user-profile-deletion-tool/

to clear out Terminal Server profile regularly but somhow for this particular instance it is not working, so the work around is to reboot the TS VM.

This is not happening to just this one user, but some other users as well in various different Terminal Server VMs.
0
Spike99On-Site IT TechnicianCommented:
The functionality of the UPHClean.exe utility (it was a utility you could install on Server 2003) is included in the Server 2008 user profile service, I believe.  When users log off, is there any indication about why the profile service is failing to log them off?
0
Senior IT System EngineerIT ProfessionalAuthor Commented:
Well, upon further investigation, it seems that the group policy setting "Delete cached copies of roaming profiles" which is located at [Computer Configuration\Administrative Templates\System\User Profiles] is enabled.

The problem is that some users do not log off properly and I have run / scripted the Delprof2 to run nightly.

but still it doesn't make any diffference to resolve the issue above.
0
Spike99On-Site IT TechnicianCommented:
If users are just disconnecting and not logging off as they should, perhaps you should remotely log off all users before running the nightly DelProf2 script.

You can set session times limits using group policy to force users to log off after they have been idle or disconnected for a certain amount of time.   In a past job, we had pretty generous session limits.  We didn't set any limits on active sessions, but these were the limits on idle or disconnected sessions:
     Inactive sessions were disconnected after 4 hours
     Disconnected sessions were logged off after 4 hours

In that example, an idle user would be disconnected after 4 hours, then that disconnected session would be logged off after another 4 hours.

You could set shorter limits, of course.

This page has more info about session limits in Server 2008 R2:
https://technet.microsoft.com/en-us/library/cc754272.aspx

Or, you could also force users to log off at a certain time by enforcing user logon restrictions and forcing logoff when logon times expire (basically, not letting people stay logged on past a certain hour).  How to do that is described in this forum posting:
https://community.spiceworks.com/topic/232447-windows-server-2008-force-user-log-off
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Senior IT System EngineerIT ProfessionalAuthor Commented:
Ok what about if the user session get disconnected automatically when idling ?

Does it can cause this problem as well ?
0
Susika HettiarachchiCommented:
RDS with UPD issue
For the windows 2012 R2 with UDP profiles, if you configure  Store only the following folders on the user profile disk option is selected together with User registry data will corrupt the UDP profiles when the network connectivity issues or if you reset or reboot server without logoff user sessions
https://support.microsoft.com/en-us/kb/3092688

I have tried to resolve this with MS support and no luck, only solution is restore the VHDx files from backup and replace with old profile (rename the old profile) that way you can get all your data and profile configuration back
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.