Reg key stuff

Discussion in 'Networks' started by zxspectrum, Nov 4, 2014.

  1. zxspectrum

    zxspectrum Terabyte Poster Forum Leader Gold Member

    2,092
    216
    244
    Hey guys

    So I am having an issue with one user. It only affects this user in a strange way, but no one else

    People log on to the network by using the a thin client which logs onto a terminal server or by using a PC. When she is connecting to the terminal server there isnt an issue, however when she logs onto any PC, she gets logged on with a temporary profile. She can use everything on the pc at the time apart from powerpoint, and this causes a program crash. Any other office program however are unaffected.

    So I thought well ok, ill delete the reg key/profile etc and see what goes, but on the affected machines the profile of that specific user is nowhere to be seen, but others are.

    I decided to do a bit of digging and went through the event viewer and at the time she has logged on, there are errors with the winlogon service.

    and i get this message

    'Windows has detected that your registry file is in use by another application or services, the file will be unloaded now.' Now thee only thing that pops into my head is the powerpoint issue, or am I barking up the wrong tree, can a program such as power point cause this ?? As I have said before, everything works as is should when she logs onto a terminal server.

    Thanks for any input

    Ed
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  2. Arroryn

    Arroryn we're all dooooooomed Moderator

    4,015
    193
    209
    I think you're barking up the wrong tree, possibly.
    Look on the TS directly. Her profile is probably borked on there. Can it - if you're on Server 2008+ make sure you get rid of the profilelist GUID of the profile. Then log back in as her on the TS and see if it gives her a proper profile.
     
    Certifications: A+, N+, MCDST, 70-410, 70-411
    WIP: Modern Languages BA
  3. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    This depends on how the TS profile has been setup. If I have users on a TS but also logging onto a desktop\laptop I have a loopback policy so that the TS profile is only used on the TS and not pulled onto a Windows 7 machine.

    If she logs onto another PC do you get the same issue? Does she have a roaming profile?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  4. zxspectrum

    zxspectrum Terabyte Poster Forum Leader Gold Member

    2,092
    216
    244
    Hi Sparky

    She does have a roaming profile, now when she logs into any PC she will get the temp profile, but she is fine when using a thin client on a terminal server?

    I am not sure how relevant this is, but its appeared about the same time as she has tried to log on.

    Log Name: Application
    Source: Microsoft-Windows-User Profiles Service
    Date: 04/11/2014 16:04:35
    Event ID: 1530
    Task Category: None
    Level: Warning
    Keywords:
    User: SYSTEM
    Computer: C012STAFF

    Description:
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    DETAIL -
    5 user registry handles leaked from \Registry\User\S-1-5-21-2960621353-2970212612-3663432730-1782:
    Process 528 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2960621353-2970212612-3663432730-1782
    Process 528 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2960621353-2970212612-3663432730-1782
    Process 528 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2960621353-2970212612-3663432730-1782\Software\Microsoft\SystemCertificates\My
    Process 528 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2960621353-2970212612-3663432730-1782\Software\Microsoft\SystemCertificates\CA
    Process 528 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2960621353-2970212612-3663432730-1782\Software\Microsoft\SystemCertificates\Disallowed


    Sorry for the long reply, but that is one of the messages i get. As Im typing this, i have just had another user who is now having the same problem

    So i will see what is causing his issue?

    Cheers for the help tho guys

    Ed
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  5. zxspectrum

    zxspectrum Terabyte Poster Forum Leader Gold Member

    2,092
    216
    244
    Hey Guys

    Bit of an update

    We have managed to delete the profile, but we are still getting the temp profile issue, one thing that isnt happening is the user profile, after being deleted, is not now being created. So after I have logged on with the same user account, it does the temp profile, but after I have deleted the profile from a lcal admin account, nothing is created in local users and groups.

    One thing im thinking of is that it may be a admin rights issue, but why this has changed and affected a teacher and a memeber of the learning support, IE 2 different user groups, is beyond me. I was told to try access the roaming profiles \\some-server\roamingprofile$\roamingprofiles but on both occasions i got the access denied error, 0x80070035. Now our staff and learning support have different levels of access, so my next move is to assign a temporary accountb to the teacher and gain full access of her account. More or less do the same as Ive been doing, then get the profile deleted and see if it creates a new one, as it should.

    Ive spent ages on this, but whoo hooo its effing marvellous

    Cheers

    Ed
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  6. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    The roaming profile is playing up so each PC you log onto will have this issue.

    For the first user that has this problem do the following.

    1) In AD remove profile path
    2) On the server that holds the profile rename the profile to username.old
    3) Reboot the PC you were using with the problem profile
    4) Log on as administrator
    5) Rename any cached user profiles to username.old in C:\users for the problem user account
    6) Log on as the user – if you get the same temp profile error then delete the .bak reference in the registry (similar to this article) How to Fix Temporary Profile in Windows 7
    7) Reboot PC
    8 ) Log on as the user
    9) If the problem is resolved the put in the users profile path back into AD
    10) Log out the PC and the profile should be uploaded to the server.

    Then have a beer : )
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  7. zxspectrum

    zxspectrum Terabyte Poster Forum Leader Gold Member

    2,092
    216
    244
    Cheers for the feedback guys

    Cheers Sparky, I will try that tomorrow. I think the one thing we didnt do is remove the profile path in AD, which is number on on your list, I did everything else.

    Thanks again guys

    Eddie

    - - - Updated - - -

    One thing that has just popped into my head, after deleting the persons profile from the machine as local admin, it didnt reappear, i dont know if that is helpful.

    Off to bed now, I am goosed

    Ed
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  8. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Yeah - because the roaming profile is playing up you are logged on as C:\users\temp as a cached profile cannot be created.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  9. zxspectrum

    zxspectrum Terabyte Poster Forum Leader Gold Member

    2,092
    216
    244
    Hey all

    Just thought Id update you on this situation. After the profile had been removed from the computer and the reg deleted, I would log into the users account and then a new profile should of been created, however there was an issue and the way we had to work it was we would put that user into an admin account, then log on, which would then create the profile. Obviously we have taken them out of that group when we gave them access to their account and that resolved the problem.

    Thanks for all the input though

    Ed
     
    Certifications: BSc computing and information systems
    WIP: 70-680

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.