Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: User Profile Service|
Windows cannot delete the profile directory C:\Users\<username>. This error may be caused by files in this directory being used by another program.
DETAIL - The directory is not empty.
|English: Request a translation of the event description in plain English.|
In our case this error showed up on our Windows 2008 Citrix XenApp 5.0 virtual servers running on an VMware ESX host after enabling the "set path for TS Roaming User Profile" group policy and pointing it to a DFS share in addition to enabling the "Delete cached copies of roaming profiles" group policy.
On an attempt at starting an application through Citrix web access the users would see the message:
The User Profile Service failed the logon
User profile cannot be loaded.
On investigation it appeared that the cached copy of the roaming profile was not being cleaned up correctly on log out the file C:\Users\<username>\AppData\Local\VMware\hgfs.dat was locked and was being left behind.
Further researched showed that the file is related to VMWare shared folders and it is an issue with VMWare Tools and Terminal Server roaming profiles. For details and first part of the fix please see:
The second part of the fix is to clean up the broken user profiles. There are two components to delete: the cached copy of the roaming profile (on all affected local servers) and the related registry entries on the affected local servers.
Deleting the cached copies of the roaming profiles on the local servers without deleting the corresponding registry entries may cause other problems.
In the registry editor open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. The subkeys are the SIDs of users that logged on to that server before. Looking at each SID key look at the ProfileImagePath value (which will also give you the user name) and note the path. Temporarily prevent the user from logging on to any Citrix server and delete the folder given by the path along with the SID subkey. You may also find SID.bak subkeys in which case you may not find the related ProfileImagePaths these subkeys should be deleted as well. We also deleted all other orphaned folders in the local profile directory not referenced in the registry. Repeat for all other Citrix servers. Re-enable user logon to Citrix.
FYI: Joe Shonk of the Shonk Project wrote a VB script to automate deletion of profiles. However I have not used the script and can't comment. It is available at EV100025.
References: EV100026, ME947242
|Private comment: Subscribers only. See example of private comment|
|Links: EV100023, EV100024, EV100025, EV100026, ME947242|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated