The infamous:
Windows cannot load the user’s profile but has logged you on with the default profile for the system.
This was received on Windows Server 2003 Terminal Server (non-roaming profile) when I logged in this morning. I *really* grumble when I see these errors.
My first thought was NTUSER.dat and NTUSER.dat.LOG files were locked.
This server has User Profile Hive Cleanup which is supposed to combat this during a user log off and make sure handles are closed to the files in the user’s profile.
First things first, I grabbed Process Explorer from SysInternals website. I know that in the application you can search for a file and close it’s handle (from previous experience) so I got to work.
I fired up ProcExp and searched for NTUSER.dat then sorted by handle.
I double-clicked on NTUSER.DAT and then right-clicked and chose Close Handle.
Ah damn, didn’t work. (Shocking? Pfft.)
Next, I decided to grab SysInternal’s handle command-line tool.
C:\CMDS>handle -u ntuser.dat|find /i rkreider System pid: 4 type: File NT AUTHORITYSYSTEM 27D4: C:\Documents and Settings\rkreider\ntuser.dat.LOG System pid: 4 type: File NT AUTHORITYSYSTEM 2B9C: C:\Documents and Settings\rkreider\NTUSER.DAT
I need the PID and handle (hex) from the information above (bolded), then I could try to kill it:
C:CMDS>handle -c 27D4 -p 4 Handle v3.46 Copyright (C) 1997-2011 Mark Russinovich Sysinternals - www.sysinternals.com 27D4: File (---) C:Documents and Settingsrkreiderntuser.dat.LOG Close handle 27D4 in System (PID 4)? (y/n) y Handle closed. C:\CMDS>handle -c 2b9c -p 4 Handle v3.46 Copyright (C) 1997-2011 Mark Russinovich Sysinternals - www.sysinternals.com 2B9C: File (---) C:Documents and SettingsrkreiderNTUSER.DAT Close handle 2B9C in System (PID 4)? (y/n) y Handle closed.
Now, you’d think it would be closed, right since ‘handle’ told me so. Let’s check!
C:\CMDS>handle -u ntuser.dat|find /i rkreider System pid: 4 type: File NT AUTHORITYSYSTEM 27D4: C:\Documents and Settings\rkreider\ntuser.dat.LOG System pid: 4 type: File NT AUTHORITYSYSTEM 2B9C: C:\Documents and Settings\rkreider\NTUSER.DAT
Aaaiiieee! It didn’t work. =(
I decided to make sure UPHClean.exe was running (User Profile Hive Cleanup) with a quick
tasklist | find /i uphclean.exe
It is running I saw so I decided to just restart the service.
After I restarted the service, I once again used handle to quickly locate the files using:
handle -u ntuser.dat | find /I rkreider
BINGO!
It was gone. So, what is the root problem here? UPHClean not doing it’s job? *shrug*
