Endpoint Encryption

 View Only

  • 1.  SEE 8.2.0 User Profile Service failed the logon. User profile cannot be loaded.

    Posted Sep 27, 2012 12:53 PM

    Windows 7 SP1

    Symantec Endpoint Encryption Framework Client 8.2.0 MP2

    Symantec Endpoint Encryption Full Disk Edition Client 8.2.0 MP2

    I am suddenly unable to add new Windows profiles to an encrypted laptop. After restart and using either the SEE client administrator account or using an existing registered user, proceed to the Windows logon prompt. After entering credentials for a user previously never logged into this laptop (but having valid credentials and can log onto a different unencrypted desktop computer in the same domain) getting this error: "The User Profile Service service failed the logon. User profile cannot be loaded."

    In the Windows Application log contains generic kind of messages (see bottom of this posting).

    Searched and found nothing on the Internet for this problem for a NEW user profile. Lots of pointers to fix EXISTING bad user profiles. I don't have a problem with existing profiles. As a first troubleshooting step used Windows Restore to go back to the most recent known-good restore point (several days ago). This did not fix the problem. (Although several days ago I was not attempting to logon with a new user account, so do not know for certain that the problem wasn't already there, just no symptoms.)

    My symptoms are similar to this closed thread:

    https://www-secure.symantec.com/connect/forums/user-profile-service-failed-logon-problem-when-using-see-703-full-disk-and-windows-7

    In that thread a solution was to correct corrupt/missing NTFS permissions on "C:\Users\Default\AppData\Local\Encryption Anywhere\RemovableStorageSettings.xml". I do not have that path on my laptop. This file must have moved since SEE version 7 to version 8. Anyone know if my symptoms apply to SEE version 8 and what the new fix would be?

     

    Windows Application Log

    Log Name:      Application
    Source:        Microsoft-Windows-User Profiles Service
    Date:          9/27/2012 11:41:27 AM
    Event ID:      1530
    Task Category: None
    Level:         Warning
    Keywords:     
    User:          SYSTEM
    Computer:      LA41996.myco.com
    Description:
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. 

    DETAIL -
     2 user registry handles leaked from \Registry\User\S-1-5-21-823518204-789336058-682003330-38779:
    Process 4212 (\Device\HarddiskVolume2\Windows\System32\plasrv.exe) has opened key \REGISTRY\USER\S-1-5-21-823518204-789336058-682003330-38779\Control Panel\International
    Process 2832 (\Device\HarddiskVolume2\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-823518204-789336058-682003330-38779\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks

    Log Name:      Application
    Source:        Microsoft-Windows-User Profiles Service
    Date:          9/27/2012 11:41:27 AM
    Event ID:      1530
    Task Category: None
    Level:         Warning
    Keywords:     
    User:          SYSTEM
    Computer:      LA41996.myco.com
    Description:
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. 

    DETAIL -
     1 user registry handles leaked from \Registry\User\S-1-5-21-823518204-789336058-682003330-38779_Classes:
    Process 4212 (\Device\HarddiskVolume2\Windows\System32\plasrv.exe) has opened key \REGISTRY\USER\S-1-5-21-823518204-789336058-682003330-38779_CLASSES

     Log Name:      Application
    Source:        Microsoft-Windows-Winlogon
    Date:          9/27/2012 11:41:46 AM
    Event ID:      6004
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      LA41996.myco.com
    Description:
    The winlogon notification subscriber <Profiles> failed a critical notification event.
     

    Log Name:      Application
    Source:        Microsoft-Windows-User Profiles Service
    Date:          9/27/2012 11:41:46 AM
    Event ID:      1511
    Task Category: None
    Level:         Error
    Keywords:     
    User:          MERITER\gperkinstest
    Computer:      LA41996.myco.com
    Description:
    Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
     

    Log Name:      Application
    Source:        Microsoft-Windows-User Profiles Service
    Date:          9/27/2012 11:41:46 AM
    Event ID:      1500
    Task Category: None
    Level:         Error
    Keywords:     
    User:          MERITER\gperkinstest
    Computer:      LA41996.myco.com
    Description:
    Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

     DETAIL - The system cannot find the file specified.

    Log Name:      Application
    Source:        Microsoft-Windows-Winlogon
    Date:          9/27/2012 11:41:50 AM
    Event ID:      6001
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      LA41996.myco.com
    Description:
    The winlogon notification subscriber <Sens> failed a notification event.
     

    Log Name:      Application
    Source:        Microsoft-Windows-Winlogon
    Date:          9/27/2012 11:41:50 AM
    Event ID:      6000
    Task Category: None
    Level:         Information
    Keywords:      Classic
    User:          N/A
    Computer:      LA41996.myco.com
    Description:
    The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
     

    Log Name:      Application
    Source:        Microsoft-Windows-Winlogon
    Date:          9/27/2012 11:41:50 AM
    Event ID:      6001
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      LA41996.myco.com
    Description:
    The winlogon notification subscriber <Profiles> failed a notification event.
     

     

     



  • 2.  RE: SEE 8.2.0 User Profile Service failed the logon. User profile cannot be loaded.

    Posted Sep 27, 2012 05:39 PM

    The problem might be described by http://support.microsoft.com/kb/947215 which blames “Occasionally, Windows might not read your user profile correctly, such as if your antivirus software is scanning your computer while you try to log on.” This problem computer has both SEE and SEP. I wonder if encryption or antivirus or other latency during startup is a possible cause?

     

    The Microsoft KB pointed to another symptom, which is the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

     

    On my laptop there are no entries in ProfileList for the new users that try logging on. Example, user1  logged on, got the temporary profile error, and created a new C:\Users\user1 folder (but with incorrect NTFS permissions), but no registry entry under ProfileList.

     

    Somehow Windows is broken and is not creating new GUID entries under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList and at the same time is not applying corresponding NTFS permissions correctly at C:\Users\<user>. Furthermore, to even get the symptom this far along, the user must be a local administrator.

     

     



  • 3.  RE: SEE 8.2.0 User Profile Service failed the logon. User profile cannot be loaded.
    Best Answer

    Posted Sep 27, 2012 06:17 PM

    Hacking around on the laptop and reading a ton of articles on similar symptoms (lots of people getting this) I found that my C:\Users\Default was corrupted. I copied C:\Users\Default from another Windows 7 computer and this fixed all of my issues!  (For now.)