Udostępnij za pośrednictwem


Windows Vista, Windows Server 2008 and UPHClean

UPHClean fails to install on Windows Vista and Windows Server 2008.  This happens because the User Profile service included with those operating system includes the functionality of UPHClean v1.6 built in.  There is no point in having UPHClean perform its monitoring work when the profile service does all necessary work to prevent user hive fails from occuring.

Whereas UPHClean logs event 1401 to indicate that it took action to resolve a problem that would have prevent a user profile hive from unloading, the User Profile service logs event 1530.  It looks like this:

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 2/28/2008 2:56:52 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: RCARON-PC
Description:
Windows detected your registry file is still in use by other applications or
services. The file will be unloaded now. The applications or services that
hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from
\Registry\User\S-1-5-21-2641105361-2081720548-7543625-1000:
Process 896 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has
opened key \REGISTRY\USER\S-1-5-21-2641105361-2081720548-7543625-1000

This event is letting you know that when the profile was being unloaded svchost.exe with process id (PID) 896 had a registry key handle to the profile hive for the user with SID S-1-5-21-2641105361-2081720548-7543625-1000.

The event is there so you know that the system took action.  That way you could know that if the application fails in some way you can investigate whether this action might be involved in the failure.  Generally my advice for this (as for UPHClean event 1401) is to ignore it.

I am working on UPHClean v2.0.  This version will address many more user profile problem scenarios.  This version will likely install on Windows Vista and Windows Server 2008.  It is in beta but currently the beta bits do not yet install on those operating systems.

Robin.

Comments

  • Anonymous
    January 01, 2003
    I get every shutdown two messages of the type 1530. These are the messages in the eventvwr: (it's in dutch, I ope you have enough with the technical stuff -otherwise I'll translate it).

Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed.   DETAIL - 1 user registry handles leaked from RegistryUserS-1-5-21-1564836495-3584289984-1312657921-1000_Classes: Process 972 (DeviceHarddiskVolume2WindowsSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-1564836495-3584289984-1312657921-1000_CLASSES AND Uw registerbestand is nog steeds in gebruik door andere toepassingen of services. Het bestand wordt nu verwijderd. De toepassingen en services die het registerbestand nu gebruiken, werken achteraf mogelijk niet meer goed.   DETAIL - 1 user registry handles leaked from RegistryUserS-1-5-21-1564836495-3584289984-1312657921-1000: Process 972 (DeviceHarddiskVolume2WindowsSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-1564836495-3584289984-1312657921-1000

Some more information: When I look in the process viewer to see which svcprocesses are running: I find three processes with a PID around 972 :

  • svchost.exe -k DcomLaunch under SYSTEM.
  • svchost.exe -k rpcss under username NETWORK SERVICE.
  • svchost.exe -k secsvcs under username SYSTEM. Since I don't know the PID's at the moment of logoff, I am not sure which svchost is causing the problem. I hope you have enough information to help me out and enough information to incorporate in your new vista-ready uphclean-version. P.
  • Anonymous
    January 01, 2003
    Aha, I managed to find out which of the svchost processes is causing the problem. (How?  -> tasklist /v and tasklist /svc, save output in a file and perform a shutdown...). It is WinDefend !! Now I only have to find out why he does this...

  • Anonymous
    January 01, 2003
    "Windows Vista and Windows Server 2008 include the functionality of UPHClean." (http://support.microsoft.com/kb/837115/en-us)

  • Anonymous
    January 01, 2003
    Event 1530 tells you what application caused the problem.  In the event listed above svchost in process 896 is the one causing a problem. If you are unsure how to interpret the event post it here and I'll help. Thank you, Robin.

  • Anonymous
    January 01, 2003
    Hi, I have user profile unloading problem on my vista, just like hte one you are describing. I find the 1530-event in my eventviewer but I cannot see how I have to resolve this. Can I work with you as a testcase or can you give me some hints on how I can find out which application prevents the profile from unloading ? Thx.

  • Anonymous
    September 21, 2011
    The comment has been removed