Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Comments for event ID 1517 currently in the processing queue.

Note: We have not reviewed this information yet so it is unfiltered, exactly how it was submitted by our contributors.

Event ID: 1517
Event Source: Userenv
Event Type: Warning
Event Description: windows saved user ECOSPRD\Administrator registry while an
application or service was still using the registry during log off.
the memory used by the user''s registry has not been freed. the registry will
be unloaded when it is no longer in use.

this is often caused by services running asauser account try configuring
the services to run in either the localservice or network service account

Comment:
Event ID: 1517
Event Source: Userenv
Event Type: -
Event Description: -
Comment: In my case it was caused by the Print Spooler service. I restarted the service and users were finally able to log off normally. Index: 1206
Event ID: 1517
Event Source: userens
Event Type: Error
Event Description: windows xp
Comment:
Event ID: 1517
Event Source: Userenv
Event Type: -
Event Description: -
Comment: This was happening to me on a Windows Terminal Server 2003 SP2.

PER MICROSOFT:
"When this problem occurs, you cannot resolve it even by using the User Profile Hive Cleanup Service (UPHClean). To recover from this problem, you have to restart the computer."

HOTFIX WindowsServer2003-KB944984-v2-x86-ENU.exe solved the issue.
Index: 1206
Event ID: 1517
Event Source: Userenv
Event Type: Warning
Event Description:
Event Type: Warning

Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 10/25/2009
Time: 1:05:11 PM
User: NT AUTHORITY\SYSTEM
Computer:
Description:
Windows saved user (name) registry while an application or service was still using the registry during log off. The memory used by the user''s registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account try configuring the services to run in either the LocalService or NetworkService account.

For more information see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Comment: I don't currently see a fix for this.
Event ID: 1517
Event Source: Userenv
Event Type: -
Event Description: -
Comment: installed the UserHive Cleanup Tool fixed my issue - As mentioned above this error can be caused if you use sysprep which I do. Index: 1206
Event ID: 1517
Event Source: Userenv
Event Type: -
Event Description: -
Comment: Zone Alarm Free Edition was the cause for me too. Start in Safe Mode (F8) and change logon to NetworkService solved issue. Index: 1206
Event ID: 1517
Event Source: Userenv
Event Type: Error
Event Description: Windows saved user domainname\username registry while an application or service was still using the registry during log off. The memory used by the user''s registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account try configuring the services to run in either the LocalService or NetworkService account.

For more information see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Comment:

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...