Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.
DETAIL - The process cannot access the file because it is being used by another process.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of Userenv?
As per MSW2KDB, this error can occur if the user profile registry hive gets corrupted or if permissions are set incorrectly on the profile folders. If your old profile is corrupted in some way, you can move the files and settings from the corrupt profile to a new profile. See ME811151 to find out how to copy user data to a new user profile.
From a newsgroup post: "These error logs indicate that the user profiles in your server are either corrupted, or are not properly configured.
This can happen if some usersí ProfileImagePath registries are duplicated with other users' ProfileImagePath. To resolve the issue, perform the following steps:
1. Run "WHOAMI /USER /SID" to determine the usersí correct SID.
If you do not have the whoami command tool, you can download and install it from the link below.
Note: By default, it will install to the C:\Program files\Resource Kit folder. To run it, go to a command prompt and change the path to C:\Program Files\Resource Kit. Then type "whoami /USER /SID" (without quotes) and press Enter. It should display the current usersí name and SID.
2. Check the ProfileImagePath value under the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\<SID>.
Note down this ProfileImagePath value.
3. Check the other ProfileList\<SID> keys for matching ProfileImagePath values and deleted those keys.
Note: Please make sure you have backed up the registry key before you delete them.
4. Test and see if the problem is fixed.
Did you manually move your users' profiles to another drive? If you have moved the Documents and Settings folder, it will lead to the issue. Microsoft does not support moving the Documents and Settings folder in Windows Server 2003 or Windows XP to another drive. Although you can try the steps in M236621, Microsoft provides it for informational purposes only.
If the issue persists, I suggest that you create a new user and then copy the user profile. When copying, the following files should be excluded:
See M811151 for information on how to copy user data to a new user profile. Test and see if the problem is fixed".
Some process that is using the user portion of the userís registry at the time (so the registry could not be loaded) typically causes this error. Thus, the profile is locked out. This Event ID is followed by Event ID 1515, which states that the userís profile is "backed up", and will be tried the next time the user logs on and then followed by Event ID 1511 complaining that it cannot find the userís profile so it will use a temporary one. A reboot resolved this for me. Waiting a while may resolve it too.
|Private comment: Subscribers only. See example of private comment|
|Links: ME236621, ME811151, Whoami, MSW2KDB|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated