0 comments

Windows 2008 automatic user profile hive cleanup

Published on Friday, November 27, 2009 in ,

After the upgrade of HP RDP to version 6.0 (cfr the other post), we seem to have a lot of scripts failing with weird errors. because these scripts ran fine in the past, I blamed the RDP upgrade. What we we're seeing is that whenever in one of the vbscripts we tried to execute a command like netsh, bcdedit, diskpart, it would fail with the following errorcode: -2147023741

Google didn't came up with much, just that it would mean something like "windows doesn't know the file extension used". Huh? So we started looking in the scripts for errors in the path, or quotes, but all in vain.

Then we noticed that the same scripts wouldn't always fail at the same point, and very soon after that we noticed the following errors in the eventlog:

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxx-1106: Process 3616 (\Device\HarddiskVolume1\Windows\System32\cmd.exe) has opened key \REGISTRY\USER\S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxx-1106 Event Xml: 1530 0 3 0 0 0x80000000000000 121 Application server.domain.tld
1 user registry handles leaked from \Registry\User\S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxx-1106: Process 3616 (\Device\HarddiskVolume1\Windows\System32\cmd.exe) has opened key \REGISTRY\USER\S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxx-1106
<:event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

Bottom line, some kind of race condition was occuring with the profile of our user account being forced to unload while the script was running. And thus causing all kind of weird unexainable behaviour. It seemed like we were doing to much, or to fast logons with the scripts running in the context of a domain user.

Some possible workarounds exists:
  • Run scripts under "local system"
  • Use the following workaround: remkoweijnen blogpost
  • Insert a sleep inside the HP RDP job. This is the part where you configure which script will be executed. This is the content who gets copied to a file called rxscript.bat and thus executed. Note: for the sleepcommand: download the Windows 2003 resource kit tools.
We choose the first option as that seemed the nicest one. We had to give some security on our shares containing packages and logs to the "domain computers"

Oh, almost forgot, this behaviour is "by design": http://support.microsoft.com/kb/947238, nevertheless I think it's a nice feature for the Terminal Server boys

Related Posts

No Response to "Windows 2008 automatic user profile hive cleanup"

Add Your Comment