Has anyone encountered this issue: We have windows boxes running on Citrix XenCenter and periodically they will stop allowing RDP connections to the host (error message http://imgur.com/mKDM5uT )
"The User Profile Service service failed the logon. No more threads can be created in the system."
Currently the only way to resolve the issue is to reboot the vm. Has anyone else had this problem? Does anyone know of a fix or of a way to get into the host again without having to reboot? Thanks.
Actually there is no exact reason why this is happening in windows but this issue may occur if The C:Users(user-name) user profile folder was manually deleted instead of properly deleting the user account through User Accounts in the Control Panel. A user profile that is manually deleted does not remove the security identifier (SID) from the profile list in the registry. Since the SID is still present, Windows 7 will still try to load the profile by using the ProfileImagePath that points to a nonexistent path. Therefore, the profile cannot be loaded or The C:Users(user-name) user profile folder itself was manually renamed, instead of using the proper method in this tutorial or A unknown issue with the user profile entering into a backup state occurred or Corrupted user profile or Occasionally, Windows 7 might not read your user profile correctly, for example, if your antivirus software is scanning your computer while you try to log on. Try restarting your computer and logging on.
For permanent solution it may help you
http://www.solveinweb.com/solved-the-user-profile-service-failed-the-logon-user-profile-cannot-be-loaded/
Related
I am having an issue with IIS resulting in the app pool stopping, so I am getting a 503 error
Event Viewer reports
Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.
DETAIL - Access is denied.
Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
I believe this may be because I followed instructions I found on google to clear down files from AppData amongst other place, last week when C: became full (bad move ). Sadly, there is no backup to reinstate the lost files. I expect I have removed an account or permissions somehow.
I have tried setting Load User Profile to False and also setting Identity to LocalSystem but not allowed these settings in the app pool
I was hoping to reinstall IIS but cannot find a solution for that. Does anyone please have advice?
I was running a python program to fetch data from Azure Data Explorer, process it and write. The way I authenticate is:
import os
os.system("az login")
#browser pops up, I click on the relevant microsoft account and login.
I can now go back to my IDE and continue with my program. After finishing coding my programs, I restarted the kernel and ran it again for testing. This time, on the browser, I accidently clicked on the wrong micrsoft azure account and the login succeeded (because it was a valid login), but I knew it was wrong so I immediately restarted my kernel again. But ever since then I've been stuck at an error when I actually run a query:
'Caller is not authorized to perform this action', '#type': 'Kusto.DataNode.Exceptions.UnauthorizedDatabaseAccessException',
I tried cleaning the cache with az
az cache purge
#no output on console
I tried going to a different browser, closing everything and restarting. I also tried to find kusto or azure-data-explorer folders under AppData in the windows system and manually deleting the cache, but didn't find any such folders. Note: I haven't restarted the system yet, it's an ec2 instance and I have a lot of work open.
I am able to run the same program normally on a different windows machine succesfully. How can I fix this in an easy way in the future? I normally don't use windows or Azure for development work.
The az logoutcommand should do the work and let you logout from the current active accounts.
But as your tests this don't work for you so a second alternative is to use az logout with all specific accounts az logout --username -Doc
Note: I've found several questions similar on here, but the one's that were resolved did not work for me. So I thought I'd open a new question.
I rebooted our server 2012 box, which hosts our new .net applications. After doing so, I started receiving a 503 error. Upon investigation, it seemed like an identity problem.
Before going much further, I should state that this account has worked for several months now. I've rebooted before, and everything started fine.
So I'm getting the (quite common) 5059, 5057, and 5021 errors in the log. They boil down to this:
The identity of application pool SVFileUpload is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.
I thought I would just ensure the password and account were correct, so I go to the application pool, select identity-> custom and ensure it's set up right. I get an error:
There was an error while performing this operation. Details: Keyset does not exist (Exception from HRESULT: 0x80090016)
This was strange to me, so I tried setting the app pool to a built in account, and it worked fine. I get this error anytime I try to set to a custom account. Also, no app pools that are using custom accounts will run.
I googled a bit, unsure which error was the one I needed to track. I have tried:
registering the account on the command line via the aspnet_ tool
Making sure the user was in the IIS_IUSRS group
changing the permissions on C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys file(s)
adding a completely new user and trying to set an app pool to that users account
There was a couple other random things I tried from googling but I don't remember.
This error doesn't make sense to me, and it seems random. I need help figuring out 1) why I can't set an app pool to a custom account and 2) why the identity isn't working for my applications anymore
-Edit
I recently removed and re-added the user account I've been working with. I think that solves that problem. The problem remaining is I can't update the application pool because of the "keyset does not exist" error.
I found a couple of links that led me to a solution.
In c:\windows\system32\inetsrv\config\applicationHost.config I removed all the configProtectedData entries.
Then I removed everything in %ALLUSERSPROFILE%\Microsoft\Crypto\RSA\MachineKeys
I ran iissetup.exe /install SharedLibraries from the inetsrv directory, which resulted in a "Failed = 0x80070005"
I then was able to set up my application pools as if nothing happened.
See also https://techcommunity.microsoft.com/t5/IIS-Support-Blog/Keyset-does-not-exist-exception-from-HRESULT-0x8009000D-or-or/ba-p/342955 for a more detailed explanation
I ran the iisreset command and my problem was sovled
I had the same error-message because my user was not member of the "Local Administrators" group.
I was able to connect to the server because I was member of the "Remote Desktop Users" group.
I was able to open IIS Management and to change settings, but when I clicked on the "OK" or "Save" button - I got the "Keyset does not exist" - error message.
So my advice - check if you are an administrator.
I tried to change the Identity of Application Pool on a remote server and it failed with the above error.
I RDP into the remote machine and then tried to update the Identity using local IIS Manager and it worked.
For anyone on Windows server 2008 stumbling into this error:
this may occur when you are managing the IIS instance from another server using the remote management feature ('connect to another computer').
I resolved by managing the IIS instance from the server itself.
https://support.microsoft.com/en-hk/help/977754/-keyset-does-not-exist-error-message-when-you-try-to-change-the-identi
Since I am working on a fresh server I was able to uninstall the IIS Windows Feature and then re-add it.
I was able to change the App Pool Identity after that with no issues.
delete the rsa found here C:\Users\usernamn\AppData\Roaming\Microsoft\Crypto\RSA
MAKE A BACKUP JUST TO BE SURE WORKED FOR ME
I am trying to access a static file on a Novell file server.
The drives are mapped on the IIS box. The application is using the the default application pool.
The path (not shown in Title above) is : \cms1\vol4\cms\008\docs\008\2011\Nov\0224294.pdf
If I enter the above path from the command line on the IIS box, it opens the PDF just fine. When accessed via IIS, I receive the error shown in the Title above.
I have researched numerous threads looking for an answer. Most of them suggest changing the properties of the application pool. I have modified it to use my User ID and Password, and confirmed this is the case by checking w3wp.exe, and it shows as running with my user ID. Any thoughts would be appreciated.
Thanks in advance!
Does your server have CIFS enabled? If it is just using NCP, then is Client32 installed on that machine so that NCP access will be enabled?
If you enable CIFS on the Netware or OES server then there is no need for Client32 on the IIS server. In either case, the service needs to try to connect to the share as a user with sufficient rights. I imagine the IIS_IUSRS account is not existing in the eDirectory tree.
I am having a huge problem with the eventlog on my server. Right let me first of all explain the setup.
I have a domain setup with 2 computers
One computer is running IIS the other is a workstation. The IIS is running Win2k3 the workstation Win XP.
The IIS computer is hosting a website which uses Windows Impersonation and tries to log an entry to the eventlog for a custom log file called MyApp and a custom event source MySource
I have a domain user called MyUser who is just a member of Domain Users.
Single Sign On is working 100% because I can write out the logged in user to the page fine.
When I visit the IIS page from the workstation I get one of the following messages (sometimes I get the first sometimes the second)
1) The handle is invalid
2) Cannot open log for source 'MySource'. You may not have write access.
So to try and fix this I have tried all of the following:
Granted the Everyone user FullControl to C:\windows\system32\config\MyApp.evt file
Granted the everyone user FullControl to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog
In the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\MyApp\CustomSD I appended the following string (A;;0x0002;;;AU), (the reason for this can be read here http://fgheysels.blogspot.com/2008/01/cannot-open-log-for-source-0-on-windows.html)
I am now totally out of ideas of how to fix this. Has anyone else come across this and have you tried anything else.
The error, as you seem to have found already, relates to writing to event sources or creating them. I would suggest you try the following.
You did not indicate if the event source exists in the registry or weather the .evt files ware created by the system or if you put them on the machine, so it is hard to determine at which point you are stuck.
You also did not mention if this works on some developer's machine, in which case you can compare the registries and even create the keys manually if you have to.
Have a look under ...\Eventlog if a key for your log has been created (MyApp?).
Have a look in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\MyApp.
There should be a key called Sources. Does your source appear in here?
If these entries do not exist the error is that your user does not have permissions to create the custom log and source.
In the error message it should indicate a ThreadIdentity parameter, which should indicate which user account it is attempting to use to do this. You can also open the permissions to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog and query the "Effective Permissions" for this particular user to ensure it effectively really has full control.
Try granting full control to the entire directory C:\windows\system32\config\ and not just the .evt file as the system needs to create some additional files here as well.
Lastly you can try and enable anonymous access to the website and run it as the machine/Domain administrator user once so all the keys get created before setting it back to the way you like it. You could also try enabling impersonation in the web.config file to ensure that it is not running without a windows identity. These ones you should all be able to undo once the correct keys and files have been created.
Let us know what you find after this and we can take it further.
Well after many hrs of trying to solve this I appear to have a solution which works.
First of all I had to allow the Authenticated Users group write access to the event log. I advice you backup your registry before continuing.
Run regedit
Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
Open the subkey which matches the EventLog you are writing to (so I will pick Application)
On the right you will see the registry strings, locate one called CustomSD
Right click and modify it.
Append to the end (A;;0x2;;;AU) (I will explain this later)
Save the changes (I don't know if you need to reboot or not)
So that will mean Authenticated Users can write to the Application event log. I needed to apply one more change.
Open the Domain GPO or local computer GPO
Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights > Assignments > Manage auditing and security log
Go to its Properties window
Select Define these policy settings
Add the Administrator group
Add the Authenticated Users group
Save and do a gpupdate /force for the affected computer.
That is the only way I could get it to allow my website users to write to the event log.
I mentioned in part 1 step 6 I would explain the string we added. Please see this page for more details http://support.microsoft.com/kb/323076