11

I created a Windows Domain account that works on MYDOMAIN. All computers attached to MYDOMAIN can use the credentials I have created for log on except for one.

On PROBLEMSERVER01 when I try to log in with MYDOMAIN \ myuser I get the following error (other accounts previously created are working):

User Profile Service service failed the sign-in.

User Profile cannot be loaded.

OK

When I log on to the server and check C:\Users I do not see a folder associated with the account I created. When I check each registry's S-1-5 folders under the the ProfileImagePath entry there is no entry for my user. http://support.microsoft.com/kb/947215

If I try to create the account locally on the machine it appears to work upon creation (no errors there), but if I try to log in I get the same message and no entries are added to the registry.

User Profile Service service failed the sign-in.

User Profile cannot be loaded.

OK

Event log data after trying to sign in:

User Logoff Notification for Customer Experience Improvement Program

User Logon Notification for Customer Experience Improvement Program

The Windows Error Reporting Service service entered the stopped state

The Windows Error Reporting Service service entered the running state

A LDAP connection with domain controller DC01.MYDOMAIN.localhost for domain MYDOMAIN is established

I have also tried copying the C:\Users\Default folder from a known good server to this one with no change in results.

Community
  • 1
에이바
  • 642
  • 5
  • 11
  • 34
  • @RyanRies, `ProfileList` is the parent directory that contains the S-15-XX... folders. Inside of these folders contains `ProfileImagePath` Ex. i.imgur.com/QZ4SE6p.png – 에이바 Dec 09 '14 at 20:25
  • Are you suggesting I delete all of the S-5-21-... sub keys? – 에이바 Dec 09 '14 at 21:19
  • That's the issue, there isn't one listed for the user that cannot log in. – 에이바 Dec 09 '14 at 21:43
  • Validate to be sure no roaming or a profile path got setuped for that user. – yagmoth555 Dec 15 '14 at 14:40
  • 1
    Does either the username or the password you've created, with the issues described, have any characters which would only be available in some localisations which are included on the rest of the server builds but not the affected? This is a long-shot but I can't think of much else which may cause what you describe – BE77Y Dec 15 '14 at 14:57
  • No, that doesn't seem to be the issue. I even changed the password to the same as another user account that does work -- just to be sure the chars were OK. – 에이바 Dec 15 '14 at 21:19
  • @에이바 did you try to create other user accounts and logging in with them? It'll help differentiate between some user-specific-residue and non-user-specific issues – Nitz Dec 16 '14 at 10:45
  • @Nitz, yes I created new user accounts and they also had the same issue. – 에이바 Dec 16 '14 at 14:26
  • Does the login problem on this server exist with every new user you created? if i understand you right the new user 'myuser' can't log in, old users are working fine. What if you create an other new testuser? Can the new testuser log in? – frupfrup Dec 16 '14 at 14:42
  • @frupfrup, all existing users work as normal. Any new user that is created cannot log in. – 에이바 Dec 16 '14 at 14:43
  • Perhaps compare the permissions of C:\users and the likes against a working workstation? – Nitz Dec 16 '14 at 14:56
  • 1
    I think this MUST be something with the C:\Users\Default folder. Try to copy it again from an blank winServer 2012 System and do a Filesize check if the Byte-number really is the same. And also check if the Filerights are correct. particularly for you C:\Users\Default folder! – frupfrup Dec 16 '14 at 14:59
  • Default folder has been copied and is exactly the same from a new 2012 system. Issue persists. – 에이바 Dec 18 '14 at 20:34
  • 2
    Sysinternals procmon.exe has an option for boot logging. You might be able to use it to catch the problem as it happens during the login process. – JasonAzze Dec 19 '14 at 15:58
  • @에이바 & Jason No need for boot logging in this case (because login happens later), just log in with admin, and filter the results by user. – EliadTech Dec 21 '14 at 18:26
  • OS not mentioned?? Can you please specify..? – serverstackqns Dec 22 '14 at 07:03
  • 1
    What does a "GPRESULT /R" on this sever give you for the user parameters ? This is maybe not related but I once had a similar issue because two computer had the same name in my domain.... – NooJ Dec 22 '14 at 13:31

2 Answers2

1

If you are using Server 2012 R2 with April 2014 update (KB2919355) and also seeing Event ID 1500 in Application log ("Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.") as well as Event ID 1509 ("Windows cannot copy file \?\UNC\contoso.com\Users\Profiles\User1.V4\AppData\Roaming\ApplicationName\Program Settings\0000.ex to location \?\C:\Users\User1\AppData\Roaming\ApplicationName\Program Settings\0000.ex. This error may be caused by network problems or insufficient security rights.") then it is known issue with available coldfix from Microsoft:
https://support.microsoft.com/en-us/kb/2985344

Mikhail
  • 1,295
  • 3
  • 19
  • 35
0

The first thing to try in a situation like this is to remove the computer/server from the domain.

Reboot computer/server.

Delete the computer account in the domain.

Add the computer/server back to the domain again.

Reboot the computer/server.

Login and be happy.

hasse
  • 569
  • 4
  • 2