Help - AD domain user is being logged off PCs

I have an AD user that I've got a serious (and confusing) problem with...when the user signs into his PC he gets immediately signed out.

I tried repairing the Windows 10 start menu database (as that's what the errors first indicated), but that didn't work so I tried logging the user into a different PC and the same thing happens (and on 2 other Dell / HP desktops & 1x Windows 7 laptop). However, when I log in as that user onto my own laptop (MacBook Pro running Windows 10 in VMware Fusion) it works fine.

Attached are the only common logs I can see on each PC that I've tried to log the user into.

Does anyone have any ideas? The user is off today and back in the office tomorrow mid morning so I need to resolve the issue asap.

Thanks in advance!
Rob SamuelIT ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sam Simon NasserIT Support ProfessionalCommented:
There is a problem with the NTuser.dat file in the default profile folder after upgrading to windows 10 1703.
I have seen this issue twice now and I have fixed it both times. There is a problem with the NTuser.dat file in the default profile folder after upgrading to windows 10 1703.
Make sure to remove the profile folder of the user that is having the login issues. I removed it through system properties in control panel. Go to the advanced tab and click the user profiles button. Remove the affected user.
I then copied the NTuser.dat file from a user that was able to login before the upgrade ( I used the admin user folder) to the default profile folder. I renamed the ntuser.dat in the default folder just in case.
I was able to login as the new domain user both times after I did this.

also check this
I found this same issue happened to my home PC running Windows 10. This machine had been upgraded from Windows 8. On that Windows 8 machine I had third-party software installed that bypassed the Metro UI and went right to the desktop. As it turns out, this software left a bit of info in my registry prohibiting me from signing in unless the account was an admin.

If you can somehow get logged in in safe mode or under an administrator account, check out the registry.

HKLM/Software/Microsoft/Windows NT/CurrentVersion/Winlogon

Look at the UserInit key. Make sure it doesn't have anything extra in it. It should only contain C:Windows\system3\userinit.exe

Once I deleted the extra info added, I was able to log in again.

Good luck.
Rob SamuelIT ManagerAuthor Commented:
Thanks Sam, I'll give that a try now...just looking on AD I can see two attributes that differ between this user and a working user:

Rob SamuelIT ManagerAuthor Commented:
Hi Sam, would this still apply when I am logging the user onto a totally different Windows 10 PC for the first time?
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Sam Simon NasserIT Support ProfessionalCommented:
@rob, it's preferred to use NTuser.dat of the same PC. as mentioned above, use admin user file to replace the NTuser.dat of the user.
Sam Simon NasserIT Support ProfessionalCommented:
for the above parameters, try copying them to notepad and save it, then clear them from the attributes, see if this makes a difference.
Rob SamuelIT ManagerAuthor Commented:
Thanks Sam, I'll try it on the PC now but I can't understand why it's happening when I log this user into someone else's Windows 10 PC for the first time (no previous profile for user present)...also, I've re-formatted/re-installed Windows 10 on this user's PC...give me 10 mins to try your recommendation and I'll let you know my findings.
Hello ThereSystem AdministratorCommented:
Navigate to the following location in registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Change these two values to
Userinit = userinit.exe
Hello ThereSystem AdministratorCommented:
McKnife comment from similar thread:
Symptoms point to drive letters being mixed up. Cure is to delete hklm\system\mounteddevices from a setup disk. Can add more tomorrow.
Hello ThereSystem AdministratorCommented:
Otherwise just recreate the profile.
Rob SamuelIT ManagerAuthor Commented:

I've spent some time on the user's PC and carried out the following steps but I'm still having this issue where the user is being logged off straight away:

NTuser.dat - Even though I only reinstalled Windows 10 on the user's PC yesterday afternoon, I have replaced the NTuser.dat file in the default profile folder, rebooted then tried to log in as the troublesome user.

HKLM/Software/Microsoft/Windows NT/CurrentVersion/Winlogon - I have checked this and the UserInit key does only contain C:Windows\system3\userinit.exe

AD attributes - I tried clearing both attributes, logged in as the user and still had the same issue.

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - I can confirm that Shell=explorer.exe and Userinit = userinit.exe

HKLM\system\mounteddevices - The drives listed are similar to my own laptop so I can't see any issues there.

I'm running out of ideas now so I might have to create the user a fresh user profile then migrate all of his e-mails to the new profile, etc. It's a job I don't particulary want to do but I think it's the only way around it at this stage :(
Hello ThereSystem AdministratorCommented:
Creating a new profile is the best for you here. Time spent on investigating and fixing this issue isn't worth the effort you would have to put in it.
Sam Simon NasserIT Support ProfessionalCommented:
most of the internet are mentioning the ntuser.dat to solve the issue.
try to copy the file from another windows 10 computer (doesnt make a difference if the account was user or administrator) and replace the corrupted one, see if that helps, otherwise, rename the user profle to user.old, from the registry is profilelist rename his registry key to old and try to log in, i will create a brand new one

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rob SamuelIT ManagerAuthor Commented:
Thanks for your help guys, much appreciated! I have created a new profile and am in the process of exporting the old mailbox to a PST so I can import it into the new profile.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.