Showing posts with label Event ID 1517. Show all posts
Showing posts with label Event ID 1517. Show all posts

Sunday, September 30, 2012

Event ID 1517 / 1524 in Windows Server 2003 Event Viewer - Server Login Requires Reboot

I recently worked on a Windows 2003 server that required manual reboots in order to login, whether via console or Remote Desktop. After rebooting, Event ID 1517 was logged repeatedly in Event Viewer (protip: this error could also appear as Event ID 1524 in Windows Server 2003, or as Event 1000 in Windows Server 2000). Microsoft explains this error in better detail than I can in KB article 944984 - essentially, user profile registry hives are kept in limbo after log off, and never completely terminated. Unfortunately, the hotfix described in the KB article didn't help. I don't administrate this server, I was just called in to fix the issue without breaking anything else. At this point, I know the administrator had an application in need of some coding assistance. I didn't have time to review every application's authentication behavior, though, and I am a novice developer at best.

As an alternative to reviewing miles of code, I installed the User Profile Hive Cleanup Service. The service runs continuously and looks for users that have logged off but still have a registry hive loaded. Each time a user session is terminated, the user, application and effected registry keys are logged in Event Viewer.

There are no fancy configurations needed to install the User Profile Hive Cleanup Service - just download, install and reboot. The service immediately resolved the issue for me, and no further logon issues were encountered. After the first reboot the eventvwr had a helpful entry in the System log showing me which application and user was causing the issue.

Billing systems development now available

Good news for current and future clients of Josh Wieder Technical Consulting : customers can now retain a variety of unique services related...