Jump to content

Windows temp profile: user profile service failed the sign-in


IT-user

Recommended Posts

Since a couple of weeks, some users complain they receive the following message before the login-screen of windows:

The user profile service service failed the sign-in. User profile cannot be loaded

On signing in, the user is presented with a temporary profile. After a couple of reboots (or deleting the .bak registry key) the user can succesfully log in to his/her profile.

Upon digging in the event viewer, I noticed several of the following error at the time of boot-up:

Event ID 1552: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\ESET\ESET Security\ekrn.exe, PID: 3088, ProfSvc PID: 2068.

And also:

Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. 

 DETAIL - Access denied 

So it seems to me as if Eset is locking the user profile service which causes the issue with a temporary profile.

Has anyone else noticed this behaviour & managed to solve this?

Below some more information about our installation:

  • Windows 11 (occurs on all versions)
  • Eset 10.1.2050.0
  • Devices are not domain joined - user is logged on with local user profile

Thanks in advance

Link to comment
Share on other sites

  • Administrators

Please raise a support ticket. It's likely that the next version of the Configuration Engine module will fix it. We expect it to be released within this month.

Link to comment
Share on other sites

1 hour ago, Kurt234 said:

Hi we have the same problem,

could you manage to fix this problem?

I've posted a support request to eset and they are planning a session with me 16/11/2023 so at the moment no progress on that front.

FYI: I've also found a similar event id log at the same time of the login problem.:

Event ID 1552: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\SriverStore\FileRepository\hpcustomcapcomp.inf_amd64_44fcd5c63470399d\x64\SysInfoCap.exe 

This is refereing to HP App Helper HSA service, something that is installed by default on HP laptops apparently. Does this error also appear on your system? 

 

1 hour ago, Marcos said:

This issue should be addressed by the next release of the Configuration Engine module soon.

When will this update be released approximately? I suppose this update is pushed automatically to the clients?

Link to comment
Share on other sites

  • Administrators
14 minutes ago, IT-user said:

When will this update be released approximately? I suppose this update is pushed automatically to the clients?

We want to release it ASAP, however, the module must be tested completely first. Personally I'd expect it to be released on the pre-release update channel within 1 week or a little bit earlier followed by granular batch releases on the regular update channel.

Link to comment
Share on other sites

2 hours ago, IT-user said:

This is refereing to HP App Helper HSA service, something that is installed by default on HP laptops apparently. Does this error also appear on your system

Really interesting. Yes we also use HP Notebooks in our company. And in some of the error logs i can see it aswell, but it is not always the case.

Edited by Kurt234
Link to comment
Share on other sites

16 minutes ago, Marcos said:

Configuration Engine module 2099.4 with a fix is now available on the pre-release update channel.

How can you check which configuration engine module is installed? I've tried to search within eset protect cloud -> computer -> details but i guess this version is only for the detection engine? 

See my example after I've just updated my client

image.png.f3305fad10a363eb70c4e326f05998a5.png

Moreover - I assume this pre-release channel is only available for selected testers?

 

9 minutes ago, Kurt234 said:

Really interesting. Yes we also use HP Notebooks in our company. And in some of the error logs i can see it aswell, but it is not always the case.

The same here, we only see it occasionaly which made me think that Eset was the culprint for the error (as also confirmed by Marcos).

Let's hope this update soon hits our environments. 

Link to comment
Share on other sites

  • Administrators

It depends on how you have set up the update server. In a policy you can set it up here:image.png

If the clients update from a mirror, this has no effect and it depends on if you mirror update files from the regular or pre-release update channel.

However, we don't recommend using pre-release updates on mission critical systems.

If the Engine number ends with P it's very likely that the machine is using pre-release updates.

Link to comment
Share on other sites

Thanks for your reply. I notice that I'm still on an older version for the configuration module: 

image.png.64b83c84b566623d6cdc2d5d3b244819.png

IThe new update will probably take some time to reach our environment I guess.
However, we haven't encountered this temp profile problem for over a week now (knock wood).

Link to comment
Share on other sites

  • Administrators

The Configuration module 2099.5 is currently on the pre-release update channel with staggered release on the regular update channel to follow soon. We expect it to be fully released towards the end of November.

Link to comment
Share on other sites

  • 2 weeks later...

The same within our company: one user with configuration module 2099.6 still receives the same error (The user profile service service failed the sign-in. User profile cannot be loaded) from time to time. 

image.png.379feb1f2149f5efb173262c432584a2.png

@Marcos what is the status of this issue?

Link to comment
Share on other sites

  • Administrators

The Configuration module 2099.6 addresses storing files in users' roaming folders (AppData/Roaming) which didn't turn out sufficient. The next version of the Configuration engine should help in cases when the whole user profile is deleted on logoff.

M_CNFENG-1821

Link to comment
Share on other sites

OK thx for the extra information.

FYI: the user profile is not actually deleted. The matter is that the user profile folder is changed to c:\users\temp instead of its own personal folder. The same problem as described in this link (when the problem occurs, applying the regfix solves the problem but of course this is not a long term solution).

Link to comment
Share on other sites

3 minutes ago, IT-user said:

@Kurt234

Could you explain a bit more? How long does he wait (e.g. 1 minute or until something appears on the screen?)

thx for the suggestion

He's making himself some tea and or coffee, so he'll probably wait about 2-3 minutes.

Link to comment
Share on other sites

@Kurt234

Good advice, I'll also let our users know to first make a cup of coffee 😊

No, it's really helpful I'll try it the next time. It's better than rebooting & praying that the own user profile is loaded.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...