• Status: Solved
  • Priority: High
  • Security: Public
  • Views: 42
  • Last Modified:

Help - AD domain user is being logged off PCs

I have an AD user that I've got a serious (and confusing) problem with...when the user signs into his PC he gets immediately signed out.

I tried repairing the Windows 10 start menu database (as that's what the errors first indicated), but that didn't work so I tried logging the user into a different PC and the same thing happens (and on 2 other Dell / HP desktops & 1x Windows 7 laptop). However, when I log in as that user onto my own laptop (MacBook Pro running Windows 10 in VMware Fusion) it works fine.

Attached are the only common logs I can see on each PC that I've tried to log the user into.

Does anyone have any ideas? The user is off today and back in the office tomorrow mid morning so I need to resolve the issue asap.

Thanks in advance!
0
Rob Samuel
Asked:
Rob Samuel
  • 5
  • 4
  • 4
3 Solutions
 
Sam Simon NasserIT Support ProfessionalCommented:
There is a problem with the NTuser.dat file in the default profile folder after upgrading to windows 10 1703.
I have seen this issue twice now and I have fixed it both times. There is a problem with the NTuser.dat file in the default profile folder after upgrading to windows 10 1703.
Make sure to remove the profile folder of the user that is having the login issues. I removed it through system properties in control panel. Go to the advanced tab and click the user profiles button. Remove the affected user.
I then copied the NTuser.dat file from a user that was able to login before the upgrade ( I used the admin user folder) to the default profile folder. I renamed the ntuser.dat in the default folder just in case.
I was able to login as the new domain user both times after I did this.
https://community.spiceworks.com/topic/1975351-windows-10-keeps-signing-me-out-immediately-after-logging-in

also check this
I found this same issue happened to my home PC running Windows 10. This machine had been upgraded from Windows 8. On that Windows 8 machine I had third-party software installed that bypassed the Metro UI and went right to the desktop. As it turns out, this software left a bit of info in my registry prohibiting me from signing in unless the account was an admin.

If you can somehow get logged in in safe mode or under an administrator account, check out the registry.

HKLM/Software/Microsoft/Windows NT/CurrentVersion/Winlogon

Look at the UserInit key. Make sure it doesn't have anything extra in it. It should only contain C:Windows\system3\userinit.exe

Once I deleted the extra info added, I was able to log in again.

Good luck.
https://answers.microsoft.com/en-us/windows/forum/windows_10-security-winpc/user-account-immediately-logged-off-after-entering/36d98832-5313-4b14-a63a-e919dcd201d2
0
 
Rob SamuelIT ManagerAuthor Commented:
Thanks Sam, I'll give that a try now...just looking on AD I can see two attributes that differ between this user and a working user:

mS-DS-ConsistenceGuid
userParameters
Screen-Shot-2018-02-21-at-13.23.17.png
Screen-Shot-2018-02-21-at-13.25.42.png
0
 
Rob SamuelIT ManagerAuthor Commented:
Hi Sam, would this still apply when I am logging the user onto a totally different Windows 10 PC for the first time?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Sam Simon NasserIT Support ProfessionalCommented:
@rob, it's preferred to use NTuser.dat of the same PC. as mentioned above, use admin user file to replace the NTuser.dat of the user.
1
 
Sam Simon NasserIT Support ProfessionalCommented:
for the above parameters, try copying them to notepad and save it, then clear them from the attributes, see if this makes a difference.
0
 
Rob SamuelIT ManagerAuthor Commented:
Thanks Sam, I'll try it on the PC now but I can't understand why it's happening when I log this user into someone else's Windows 10 PC for the first time (no previous profile for user present)...also, I've re-formatted/re-installed Windows 10 on this user's PC...give me 10 mins to try your recommendation and I'll let you know my findings.
0
 
Hello ThereSystem AdministratorCommented:
Navigate to the following location in registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
 
Change these two values to
Shell=explorer.exe
Userinit = userinit.exe
0
 
Hello ThereSystem AdministratorCommented:
McKnife comment from similar thread:
Symptoms point to drive letters being mixed up. Cure is to delete hklm\system\mounteddevices from a setup disk. Can add more tomorrow.
1
 
Hello ThereSystem AdministratorCommented:
Otherwise just recreate the profile.
0
 
Rob SamuelIT ManagerAuthor Commented:
Hi,

I've spent some time on the user's PC and carried out the following steps but I'm still having this issue where the user is being logged off straight away:

NTuser.dat - Even though I only reinstalled Windows 10 on the user's PC yesterday afternoon, I have replaced the NTuser.dat file in the default profile folder, rebooted then tried to log in as the troublesome user.

HKLM/Software/Microsoft/Windows NT/CurrentVersion/Winlogon - I have checked this and the UserInit key does only contain C:Windows\system3\userinit.exe

AD attributes - I tried clearing both attributes, logged in as the user and still had the same issue.

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - I can confirm that Shell=explorer.exe and Userinit = userinit.exe

HKLM\system\mounteddevices - The drives listed are similar to my own laptop so I can't see any issues there.

I'm running out of ideas now so I might have to create the user a fresh user profile then migrate all of his e-mails to the new profile, etc. It's a job I don't particulary want to do but I think it's the only way around it at this stage :(
0
 
Hello ThereSystem AdministratorCommented:
Creating a new profile is the best for you here. Time spent on investigating and fixing this issue isn't worth the effort you would have to put in it.
1
 
Sam Simon NasserIT Support ProfessionalCommented:
most of the internet are mentioning the ntuser.dat to solve the issue.
try to copy the file from another windows 10 computer (doesnt make a difference if the account was user or administrator) and replace the corrupted one, see if that helps, otherwise, rename the user profle to user.old, from the registry is profilelist rename his registry key to old and try to log in, i will create a brand new one
0
 
Rob SamuelIT ManagerAuthor Commented:
Thanks for your help guys, much appreciated! I have created a new profile and am in the process of exporting the old mailbox to a PST so I can import it into the new profile.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now