Event ID 1000 errors after installing latest updates
David Nicholls
suitable here (apologies for cross-posting):
Since I installed the latest Win2K critical update
security fixes (13 Dec 02) and the VM fix, on two
different PCs on a small LAN, I am getting EventID 1000
errors as described in MS KB Q285192: "Userenv failing to
unload profile on shutdown".
The result is that it takes 60 seconds to logout/shutdown
while Windows tries to unload the profile. I have found a
work around, to reduce the delay to nothing, but I
shouldn't have to.
The bug was supposedly removed with sp3 (which I installed
a while back) but seems to have been reintroduced with the
updates, or at least reawakened :-( Until yesterday, I
had seen only one or two instances of the error in 12
months.
The solution (source: www.eventid.net and an earlier post
in this list) is as follows:
Run gpedit.msc Either in Domain Group Policy or local
computer policy, change "Maximum retries to unload and
update user profile" to far less than its default 60. Find
this setting under Group Policy Editor > Local Computer
Policy > Computer Config > Admin Templates > System >
Logon. I set mine to 5 tries (5 seconds).
I find that the error occurs about 95% of the time I log
out, and its appearance correlates exactly with the
installation of the latest critical updates.
My questions: Is anyone else seeing this after updating?
How do I alert MS about this? Will they listen? (any
replies to email address, remove killspam).
DN
Douglas Guynn
three updates.
Wonder if MS will issue a fix?
>.
>
George Hester
--
George Hester
__________________________________
"David Nicholls" <nich...@killspamworld.net> wrote in message news:038701c2a303$28bd5000$d3f82ecf@TK2MSFTNGXA10...
Hans Näslund
principle "Maximum retries to unload and update user profile" in gpedit.msc.
My Win2000 is Swedish, but one would believe that the components should be
the same, even if they have Swedish names.
Can you give an exact description of the tree structure that leads to the
principle that I cannot find?
"David Nicholls" <nich...@killspamworld.net> skrev i meddelandet
news:038701c2a303$28bd5000$d3f82ecf@TK2MSFTNGXA10...
Tom Waller
know we can lessen the amt of time it takes to logoff,but
that does not fix the issue of the profile not being
updated.
>.
>
Torgeir Bakken (MVP)
> Just wondering if anyone has found a fix for this issue.I
> know we can lessen the amt of time it takes to logoff,but
> that does not fix the issue of the profile not being
> updated.
Hi
This problem is very often introduced when the Q329170 Security Patch is
installed.
Go to Control Panel>Add/Remove Programs > Change/Remove Programs and see if
Q329170 is listed as an update. If it is, remove it and see if it solves the
problem.
Q329170 is not very important or relevant unless you are on a network where you
have configured your Windows 2000 or Windows XP Gold systems to use SMB Signing
(default they do not use it):
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-070.asp
<quote>
Impact of vulnerability: Modify group policy.
Maximum Severity Rating: Moderate
Recommendation: Administrators whose Windows 2000 or Windows XP Gold systems are
configured to use SMB Signing should install the patch immediately.
</quote>
http://www.microsoft.com/security/security_bulletins/ms02-070.asp
<quote>
Why We Are Issuing This Update
An identified security issue in Microsoft® Windows® 2000 and Windows XP could
enable an attacker to modify a network's security policies. Network
administrators can help protect their networks by installing this update from
Microsoft. This update only affects networks running Windows 2000 or Windows XP.
Home users and those using workstations on corporate networks do not need this
update.
</quote>
--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and a ONLINE version of the 1328 page
Scripting Guide: http://www.microsoft.com/technet/scriptcenter