none
Event ID 1 Error Microsoft-Windows-UAC Microsoft-Windows-UAC/Operational

    Question

  • This error pops upon every restart of Windows Server 2012.

    Event ID 1 Error Microsoft-Windows-UAC Microsoft-Windows-UAC/Operational
    The process failed to handle ERROR_ELEVATION_REQUIRED during the creation of a child process.

    Event Viewer traces user to S-1-5-18 SYSTEM, Execution ProcessID in Task Manager corresponds to SVCHOST.EXE.
    SYSTEM is the owner of SVCHOST.EXE, even having granted SYSTEM permission Full Control does not fix the error.

    Any help will be appreciated.

    Wednesday, June 04, 2014 1:05 AM

Answers

  • @Dharmesh, thanks for your advice.

    The specific SVCHOST process causing the error runs these services :
     - Application Experience
     - Application Information
     - Certificate Propagation
     - Group Policy Client
     - IKE and AuthIP IPsec Keying Modules
     - IP Helper
     - Multimedia Class Scheduler
     - Remote Access Connection Manager
     - Remote Desktop Configuration
     - Routing and Remote Access
     - Server
     - Shell Hardware Detection
     - System Event Notification Service
     - Task Scheduler
     - Themes
     - User Profile Service
     - Windows Management Instructmentation
     - Windows Update

    I doubted if any of those would actually need the ElevateCreateProcess fix.

    However, I gave it a try, applying the compatibility fixes at Server 2003 and Vista SP2 levels; yet the error was not corrected.

    So, combing through those services seemed unavoidable. Eventually, the culprit was identified.

    For the benefits of people encountering the same issue, this may help save some clueless efforts.

    Somehow, Windows Server setup a RaMgmtUIRestartTask in Task Scheduler, to run ramgmtui.exe as Administrators at log on of any user; but, not granting it the necessary permission. It is supposed to start the Remote Access Management console, failing which it logs the Event ID 1 Error, and gives little hint on the whereabouts of the cause.

    To stop the error, one would simply locate the scheduled task, then have it disabled, or check the option to grant it the highest privilege.

    Friday, June 06, 2014 5:49 PM

All replies

  • Hi,

    Thank you for your posting in Windows Server Forum.

    Does this issue occurs for user account or administrator account login?

    First of all suggest you to temporary disable UAC to see if the same issue occurs. 
    The problem is indicated when installations, de-installations, or updates fail because the host process calls the CreateProcess function and it returns an ERROR_ELEVATION_REQUIRED error message.
    The fix handles the error code and attempts to recall the CreateProcess function together with requested elevation. If the fixed application already has a UAC manifest, the error code will be returned unchanged.

    More information:
    Using the ElevateCreateProcess Fix

    Hope it helps!

    Thanks.

    Dharmesh Solanki

    Thursday, June 05, 2014 7:11 AM
    Moderator
  • @Dharmesh, thanks for your advice.

    The specific SVCHOST process causing the error runs these services :
     - Application Experience
     - Application Information
     - Certificate Propagation
     - Group Policy Client
     - IKE and AuthIP IPsec Keying Modules
     - IP Helper
     - Multimedia Class Scheduler
     - Remote Access Connection Manager
     - Remote Desktop Configuration
     - Routing and Remote Access
     - Server
     - Shell Hardware Detection
     - System Event Notification Service
     - Task Scheduler
     - Themes
     - User Profile Service
     - Windows Management Instructmentation
     - Windows Update

    I doubted if any of those would actually need the ElevateCreateProcess fix.

    However, I gave it a try, applying the compatibility fixes at Server 2003 and Vista SP2 levels; yet the error was not corrected.

    So, combing through those services seemed unavoidable. Eventually, the culprit was identified.

    For the benefits of people encountering the same issue, this may help save some clueless efforts.

    Somehow, Windows Server setup a RaMgmtUIRestartTask in Task Scheduler, to run ramgmtui.exe as Administrators at log on of any user; but, not granting it the necessary permission. It is supposed to start the Remote Access Management console, failing which it logs the Event ID 1 Error, and gives little hint on the whereabouts of the cause.

    To stop the error, one would simply locate the scheduled task, then have it disabled, or check the option to grant it the highest privilege.

    Friday, June 06, 2014 5:49 PM