I have tried posting everywhere, but no one has given me an answer so far. I am willing to try everything short of a clean install of vista.
My Problem:
Some process has a locking handle on the Users NTUSER.DAT file, so windows attempts to unload it:
However, windows fails. Then when the user logs on, the User Profile Service cannot load HKEY_CURRENT_US ER, because the file that contains this hive, NTUSER.DAT, is locked:
So then windows cannot load the profile, because the profile is contained in the file windows cannot load. Windows then throws a critical exeption:
Since windows cannot load the profile, it backs up the profile, and makes this backup the user profile:
So then windows has to load a temporary profile, because it cannot load the user's profile:
Which causes the user to be presented with the default profile with no personalized settings.
After a computer restart the user is able to log on to their normal profile without any problems. But after they log off, the next user has to restart the computer, or they will be presented with the same error.
Please, I have tried posting on multiple forums, and nobody has found a solution. I am desperate to fix this problem. I cannot identify which process has a locking handle on NTUSER.DAT from the windows logs.
My Problem:
Some process has a locking handle on the Users NTUSER.DAT file, so windows attempts to unload it:
Code:
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 6/13/2010 8:54:01 AM
Event ID: 1530
Task Category: None
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: Den-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
27 user registry handles leaked from \Registry\User\S-1-5-21-3692011518-2094500946-738968334-1001:
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Internet Explorer\IETld
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\SystemCertificates\trust
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\SystemCertificates\Root
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Policies\Microsoft\SystemCertificates
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Policies\Microsoft\SystemCertificates
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Policies\Microsoft\SystemCertificates
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Policies\Microsoft\SystemCertificates
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Policies
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Policies
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\SystemCertificates\My
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\SystemCertificates\CA
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
<EventID Qualifiers="32768">1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-06-13T13:54:01.000Z" />
<EventRecordID>39724</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Den-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">27 user registry handles leaked from \Registry\User\S-1-5-21-3692011518-2094500946-738968334-1001:
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Internet Explorer\IETld
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\SystemCertificates\trust
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\SystemCertificates\Root
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Policies\Microsoft\SystemCertificates
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Policies\Microsoft\SystemCertificates
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Policies\Microsoft\SystemCertificates
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Policies\Microsoft\SystemCertificates
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Policies
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Policies
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\SystemCertificates\My
Process 656 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\SystemCertificates\CA
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4752 (\Device\HarddiskVolume3\Program Files\uTorrent\uTorrent.exe) has opened key \REGISTRY\USER\S-1-5-21-3692011518-2094500946-738968334-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
</Data>
</EventData>
</Event>
Code:
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 6/13/2010 8:50:30 AM
Event ID: 1508
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: Den-PC
Description:
Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.
DETAIL - The process cannot access the file because it is being used by another process. for C:\Users\Elaine\ntuser.dat
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
<EventID Qualifiers="49152">1508</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-06-13T13:50:30.000Z" />
<EventRecordID>39704</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Den-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_REGLOADKEYFAILED">
<Data Name="Error">The process cannot access the file because it is being used by another process. </Data>
<Data Name="File">C:\Users\Elaine\ntuser.dat</Data>
</EventData>
</Event>
Code:
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 6/13/2010 8:50:30 AM
Event ID: 1502
Task Category: None
Level: Error
Keywords: Classic
User: Den-PC\Elaine
Computer: Den-PC
Description:
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.
DETAIL - The process cannot access the file because it is being used by another process.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
<EventID Qualifiers="49152">1502</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-06-13T13:50:30.000Z" />
<EventRecordID>39705</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Den-PC</Computer>
<Security UserID="S-1-5-21-3692011518-2094500946-738968334-1002" />
</System>
<EventData Name="EVENT_FAILED_LOAD_LOCAL">
<Data Name="Error">The process cannot access the file because it is being used by another process. </Data>
</EventData>
</Event>
Code:
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 6/13/2010 8:50:31 AM
Event ID: 1515
Task Category: None
Level: Warning
Keywords: Classic
User: Den-PC\Elaine
Computer: Den-PC
Description:
Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
<EventID Qualifiers="49152">1515</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-06-13T13:50:31.000Z" />
<EventRecordID>39706</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Den-PC</Computer>
<Security UserID="S-1-5-21-3692011518-2094500946-738968334-1002" />
</System>
<EventData Name="EVENT_PROFILE_DIR_BACKEDUP">
</EventData>
</Event>
Code:
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 6/13/2010 8:50:31 AM
Event ID: 1511
Task Category: None
Level: Warning
Keywords: Classic
User: Den-PC\Elaine
Computer: Den-PC
Description:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
<EventID Qualifiers="49152">1511</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-06-13T13:50:31.000Z" />
<EventRecordID>39707</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Den-PC</Computer>
<Security UserID="S-1-5-21-3692011518-2094500946-738968334-1002" />
</System>
<EventData Name="EVENT_TEMPPROFILEASSIGNED">
</EventData>
</Event>
After a computer restart the user is able to log on to their normal profile without any problems. But after they log off, the next user has to restart the computer, or they will be presented with the same error.
Please, I have tried posting on multiple forums, and nobody has found a solution. I am desperate to fix this problem. I cannot identify which process has a locking handle on NTUSER.DAT from the windows logs.
Comment