EventID.Net
 
home| search| account| evlog| eventreader| it admin tasks| tcp/ip ports| documents | contributors| about us 
 
Event ID/Source search
Event ID: Event Source:
Keyword search
Example: Windows cannot unload your registry file
EventID.Net Splunk Add-on

Splunk Add-onBuild a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.

read more...
 
Event ID: 1000 Source: Userenv
Source: Userenv
Type: Error
Description:
Windows cannot unload your registry class file. If you have a roaming profile, your settings are not replicated. Contact your administrator.

DETAIL Access is denied. , Build number ((2195)).
English: Request a translation of the event description in plain English.
Concepts to understand:
What is a roaming profile?
What are the registry files?
How are the registry loaded and unloaded?
When does one get an access denied message?
How do roaming profiles get propagated to servers?
What information does a network administrator need from you?
What is a build number?
What is the role of Userenv?
Comments:
EventID.Net
See the links to "Symantec Knowledge Base Document ID: 2005042912312448" and "Symantec Knowledge Base Document ID: 2002011012432348" for information about this event.
Click if the comment is good! x 18

EventID.Net
This problem may occur after Microsoft Windows Installer installs a program on the computer. See ME827825 for a hotfix.

See "Novell Support TID10094376" and "Novell Support TID10094600" for more details on this problem.
Click if the comment is good! x 15

Joshua Schmidlkofer
See ME833781 for a hotfix applicable to Microsoft Windows Server 2003.
Click if the comment is good! x 13

Rigs Ville
See the link to "User Profile Hive Cleanup Service" to download Microsoft User Profile Hive Cleanup Service (UPHClean). As per Microsoft: "UPHClean monitors the computer while Windows is unloading user profiles and forces resources that are open to close. Therefore, the computer can unload and reconcile user profiles".
Click if the comment is good! x 13

Serguei Molotov
A small, but useful tip. Before looking for an extremely complicated turn-around, just try to right-click the bugging directory profile and do a change owner in advanced security settings. Give the ownership to the user and replace in all subdirectories. It often work for me whatever the SP or hotfix on my Win2K servers.
Click if the comment is good! x 13



David Peppard
I am running both SP3 and SP4 Windows 2000 servers in my Citrix Farm. The problem lies with VNC Server.  I am running the infamous Microsoft HotFix ME329170 on the SP3 servers.  I found that on both SP3 servers with the HotFix and the SP4 servers, if I removed VNC Server, my roaming profiles started working again, the Userenv error disappeared and my logoff time dropped substantially.
When I did a regular uninstall, I would get a message stating some components of VNC Server could not be removed and I needed to remove them manually.  I also noticed the VNC Server Service was still registered and listed in the services.  So this is what one should do:
1. Go to the RealVNC or VNC program group (depending on your version) and run the "unregister the VNC server service".
2. Open Control Panel and uninstall VNC. (May get message stating some items could not be removed, remove them manually).
3. Reboot server
4. Once the server came back up, if you are running Citrix or Terminal Server, immediately disallow remote logins.
5. Change user mode of the server to "install mode" by opening a command prompt and typing "change user/install” (TS and Citrix only).
6. Run a fresh install of VNC and make sure you set the VNC Server service to re-register. You may get prompted about the directory that it already exists; overwrite everything and finish the install.  Once the install is complete, you may be asked to reboot.  Reboot server, disallow logins, change to "install mode" again and immediately go to the Control Panel and uninstall VNC.  This time it will successfully unregister the VNC Server Service itself and uninstall VNC completely.
7. Reboot the server.
Now your roaming profiles should be working again.  Run some test to see if they are.  I would go to the folder of a test user where their roaming profile would be stored and delete all the sub folders and files, log in to a TS or Citrix server with that test account, then log off, switch back to watch the folder where their roaming profile would be stored and see if the files and folders reappeared.
NOTE:  I have eight Citrix Servers in a farm.  I did have trouble with the above steps on 2 of the servers and still could not get the roaming profiles to work and still had the 60 second log off time.  I had to run REGEDIT on these two servers, after following the above steps, and delete every instance of VNC in the registry. (Obviously use EXTREME CARE when messing with your registry.  Updating your ERD and backing up your registry first would be a good idea).  Once I finished searching the registry, I rebooted the servers again with the cleaned registry and my roaming profiles started working on these 2 other servers as well.
Click if the comment is good! x 15

Kosta
Many workarounds are available, but this one was the only one that worked for us. Before restarting W2K, open a console and type:

net stop MDM

For some reason, MDM (Machine Debug Manager) assigns itself an exclusive access over the registry and it refuses to release it. By manually stopping MDM process (service) we were able to fix all previous Userenv errors. You could also write a small script that can be executed during shutdown. Inside the script add following lines and save it as shutdown.cmd

@echo off
net stop MDM

Move script to a folder: C:\WINNT\system32\GroupPolicy\User\Scripts\Logoff

Open following console: C:\WINNT\system32\gpedit.msc

Look at "User Configuration" section and select "Windows Settings -> Scripts". Now on the right side double-click "Logoff". From here, you can select saved script and confirm by selecting OK. Restart the computer.
Click if the comment is good! x 14

Ron Terren
In our case, this occured on Dell computers. I called into Dell with this error and their techs had me remove Hotfix 329170 and reboot all the affected servers, then I did the same in the clients and all is well.
Click if the comment is good! x 10

Woodrow Wayne Collins
To work around this problem, turn on the IPSec Policy agent. Windows 2000 Service Pack 3 is supposed to fix this problem. See ME319909 for details.
Click if the comment is good! x 10
Private comment: Subscribers only. See example of private comment
Links: ME285192, ME319909, ME827825, ME833781, User Profile Hive Cleanup Service, Symantec doc id 2001112714405148, Symantec Knowledge Base Document ID: 2005042912312448, Symantec Knowledge Base Document ID: 2002011012432348, Novell Support TID10094376, Novell Support TID10094600
Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (1) - More links...
Feedback: Send comments or solutions - Notify me when updated

Printer friendly

  • Subscribe
    SubscribeSubscribe to EventID.Net now!
    Already a subscriber? Login here!

 





 

 

Recommend Us


  • Quick Tip
    Connect to EventID.Net directly from the Microsoft Event Viewer!
    Instructions


Customer services

Contact us
Support
Terms of Use

Help & FAQ

Sales FAQ
EventID.Net FAQ
Advertise with us

Articles

Managing logs
Recommended books
Newsletter

Links

Follow us on Facebook
Firegen Log Analyzers
Link to us


© Copyright 2001-2017 EventID.Net