none
User Profile Service service failed the logon Windows 7 and Mandatory profiles

    Question

  • I work at a University where we have 250+ lab computers.  We use mandatory user profiles (stored on a Windows Server 2008 - Domain Controller) and have recently migrated to Windows 7 on all our lab computers.  About two weeks after we went to Windows 7 we started encountering the error; "User Profile Service service failed the logon  User profile service cannot be loaded".   This happens when booting the computers and trying to log in as the mandatory user (Student) which I created from scratch for Windows 7.  Since then it happens to about half the computers (random computers) every morning.  To temporarily fix this when it happens, I log in as a Domain Admin user and go into Advance System Settings -> User Profiles -> Settings and delete the local copy of the mandatory user "Student" .  I then log out and log in as "Student" and it works fine for the day.  Also the problem has occurred when logging on as other mandatory accounts other than "Student".  I have not experienced the problem when logging in with accounts that are not mandatory (i.e. roaming profile accounts or local accounts).  Does anyone have a clue as to why this is a continuing problem, and/or what could be done to fix it permanently?  It take me and my staff an hour a day just to turn on computers....not cool at all. 
    Tuesday, September 21, 2010 3:12 PM

Answers

  • Hi,

    The reason is that the file name is too long. You may be able to resolve the issue with customized script. Please refer the following case:

    Windows cannot copy file. The filename or extension is too long in General Discussion


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    • Marked as answer by Marsoutpost Wednesday, September 29, 2010 2:36 PM
    Monday, September 27, 2010 8:03 AM
  • Arthur,

     

    Success.  Yesterday I implemented a power script that removes the temporary internet files, if they exist, from the locally stored copy of the mandatory profile.  This morning I had ZERO computers fail to log in.  Thank you for your help!  Have a great day.

     

    Marsoutpost

    • Marked as answer by Marsoutpost Wednesday, September 29, 2010 2:39 PM
    Wednesday, September 29, 2010 2:36 PM
  • TechETS,

    I have two solutions to our problem;  The first one involves the use of a power shell script.  Note that I am using a windows 2008 R2 server and windows 7 clients (important because power shell scripts only work with server 2008 and windows 7).  The script is simple and designed to remove any temporary internet files created by internet explorer during the course of our school day. I found that when students use internet explorer to surf certain websites, the websites sometimes write temporary files with names that are longer than 260 characters.  This causes the user profile to fail the logon the next time the computer is either restarted, or logged out and logged back in; resulting in the infamous "User Profile Service service failed the logon" error.

    First solution:

    I wrote the script using a Windows 7 workstation and the built in Windows PowerShell ISE (Scripting Environment).  The contents of the script are as follows:

    remove-item -path C:\Users\UserAccountName \AppData\Local\Microsoft\Windows\"Temporary Internet Files"\* -recurse -force

    To implement the script, I configured the Group Policy Object (GPO) that governs the student account on our Domain Controller (Windows 2008 server) to run as a log off script.  This can be found by editing the GPO,

    User Configuration->Policies->Windows Settings->Scripts (Logon/Logoff) .  Add the script as a logoff script (note that you will have to copy the script to the server itself or a shared location so the server can find it). 

    That's pretty much it for the scripting solution.  Some of the shortcomings are:

    1. If you have more than one account you would have to write a script for each account.

    2. If the computer is not logged off/powered off properly obviously the script will not run.

     

    Second solution: (The better one in my opinion).

    This morning I have been testing this solution and it seems to work better than the previous scripting solution.  This one also involves the use of a Group Policy Object (GPO). 

    I merely created a new GPO containing the setting Computer Configuration->Administrative Templates->System->User Profiles-> Set the "Delete cached copies of roaming profiles" to enabled. I then applied this GPO to the Organizational Unit (OU) that contains the client computers in the domain. This works wonderfully, because now any mandatory roaming account that logs in to these computers gets deleted on exit, thereby eliminating the problem of long file names.  I don't have to write scripts to delete the temp files for each account anymore!

    Now here is the kicker.  This setting was configured in the GPO that we apply to our student account, however it wasn't working (i.e. the locally cached copy of the mandatory roaming profile was not being deleted at log out) and I could figure out why. 

    This morning I finally figured it out.

    Group Policy Objects have two portions to them. One is the Computer portion and the other is the User portion.  One thing that I did not realize is that when you apply (link) a GPO to an Organizational Unit (OU) in the Active Directory is that depending on what is in the OU determines which part of the GPO is applied. 

    For instance if an OU contains user accounts then only the User portion of the GPO is applied.  Inversely, if the OU contains computers then only the Computer portion of the GPO is applied.  The "Delete cached copies of roaming profiles" setting is contained it the Computer portion of the GPO and therefore was not being applied to our computers because I had the GPO linked to the OU containing the user accounts.  Once I linked it to the OU containing the client computers then it worked! 

    Hope all this helps,

    Marsoutpost

     

     

    • Marked as answer by Marsoutpost Friday, October 01, 2010 5:22 PM
    Friday, October 01, 2010 4:57 PM

All replies

  • Have you tried this?

    http://support.microsoft.com/kb/947215


    Don't forget about Alt+Esc!
    • Proposed as answer by yukla20 Monday, January 31, 2011 9:11 PM
    Wednesday, September 22, 2010 1:00 PM
  • Weslee db,

    Thanks for the reply.  I checked the Group Policy setting "Do not logon users with temporary profiles" and it is not configured on the local computer nor is it configured on the Group Policy Object that we use for our mandatory profile accounts.

    Wednesday, September 22, 2010 6:30 PM
  • You may check event log and let us know more clues. Is it possible that students rename the NTuser.man file to NTuser.dat on client computers?
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Thursday, September 23, 2010 6:33 AM
  • Have you tried the fix in the link?

    We have seen this problem occur without these group policies configured.

    Also have you tried going back to a recovery point when the problem didn't yet occur? Just to see if it problem returns?


    Don't forget about Alt+Esc!

    Thursday, September 23, 2010 1:33 PM
  • All,

    This is what is happening in the application event log.  It seems the problem is being caused by the inability of the client computer to load the below specified Temporary internet files from our Domain Controller, however when I checked the studentacct11 profile on our server the path Temporary\Internet Files\Low\Content.IE5\* does not exist, and nor do the temporary files.  I have not been able to figure out where these files are coming from.

    In answer to the question (from Arthur Xie) of whether or not the students could be renaming the ntuser.man to .dat the answer is no, because we use the GPO setting  "Prevent access to drives from my computer", which prevents the user from accessing the contents of the C: drive through explorer.  We also have the command prompt disabled (cmd.exe) through our GPO as well as other settings which prevent the students from mucking with our systems.

    Also, I did check the GPO setting "Do not logon users with temporary profiles" and it is not configured.  I have not tried going back to a recovery point, but I have noticed that the problem doesn't seem to occur on a freshly imaged computer.

     

    Application Event log

    Event 1509

     Windows cannot copy file \\rodan.acddomain.wnmu.internal$NOCSC$\profiles\studentacct11.V2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0WWVS7BM\dref=http%253A%252F%252Fwww.apartmentguide[1].com%252Fapartments%252FColorado%252FAurora%252FSonoma-Resort-at-Saddle-Rock%252F24126%252F to location C:\Users\studentacct10.ACDDOMAIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0WWVS7BM\dref=http%253A%252F%252Fwww.apartmentguide[1].com%252Fapartments%252FColorado%252FAurora%252FSonoma-Resort-at-Saddle-Rock%252F24126%252F. This error may be caused by network problems or insufficient security rights.

     

      DETAIL - The filename or extension is too long.

    Event 1509

    Windows cannot copy file \\rodan.acddomain.wnmu.internal$NOCSC$\profiles\studentacct11.V2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ELSJ1AXB\=,cm-9416518_1285174050,11b5e1989e88ebf,Miscellaneous,;;dc=s;cmw=owl;env=ifr;ord1=982256;sz=160x600;contx=Miscellaneous;btg=;ord=[timestamp][1] to location C:\Users\studentacct10.ACDDOMAIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ELSJ1AXB\=,cm-9416518_1285174050,11b5e1989e88ebf,Miscellaneous,;;dc=s;cmw=owl;env=ifr;ord1=982256;sz=160x600;contx=Miscellaneous;btg=;ord=[timestamp][1]. This error may be caused by network problems or insufficient security rights.

     

      DETAIL - The filename or extension is too long.

    Event 1509

    Windows cannot copy file \\rodan.acddomain.wnmu.internal$NOCSC$\profiles\studentacct11.V2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ELSJ1AXB\op[1].com%252F2010%252F09%252F21%252Fare-bad-teeth-are-the-new-hotness%252F%253Ficid%253Dmain%25257Cmain%25257Cdl3%25257Csec3_lnk2%25257C172054 to location C:\Users\studentacct10.ACDDOMAIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ELSJ1AXB\op[1].com%252F2010%252F09%252F21%252Fare-bad-teeth-are-the-new-hotness%252F%253Ficid%253Dmain%25257Cmain%25257Cdl3%25257Csec3_lnk2%25257C172054. This error may be caused by network problems or insufficient security rights.

     

      DETAIL - The filename or extension is too long.

     

    Event 1509

    Windows cannot copy file \\rodan.acddomain.wnmu.internal$NOCSC$\profiles\studentacct11.V2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y0RLTMJF\dref=http%253A%252F%252Fwww.apartmentguide[1].com%252Fapartments%252FColorado%252FDenver%252F1601-Colorado%252F87070%252F to location C:\Users\studentacct10.ACDDOMAIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y0RLTMJF\dref=http%253A%252F%252Fwww.apartmentguide[1].com%252Fapartments%252FColorado%252FDenver%252F1601-Colorado%252F87070%252F. This error may be caused by network problems or insufficient security rights.

     

      DETAIL - The filename or extension is too long.

     

    Event 1509

     Windows cannot copy file \\rodan.acddomain.wnmu.internal$NOCSC$\profiles\studentacct11.V2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y0RLTMJF\op[1].com%252F2010%252F09%252F21%252Fare-bad-teeth-are-the-new-hotness%252F%253Ficid%253Dmain%25257Cmain%25257Cdl3%25257Csec3_lnk2%25257C172054 to location C:\Users\studentacct10.ACDDOMAIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y0RLTMJF\op[1].com%252F2010%252F09%252F21%252Fare-bad-teeth-are-the-new-hotness%252F%253Ficid%253Dmain%25257Cmain%25257Cdl3%25257Csec3_lnk2%25257C172054. This error may be caused by network problems or insufficient security rights.

     

      DETAIL - The filename or extension is too long.

     

    Event 6005

    The winlogon notification subscriber <Profiles> is taking long time to handle the notification event (Logon).

     

    Event 6006

    The winlogon notification subscriber <Profiles> took 65 second(s) to handle the notification event (Logon).

     

    Event 6004

    The winlogon notification subscriber <Profiles> failed a critical notification event.

     

    Event 1500

     

    Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

     

      DETAIL - Unspecified error


     

    Friday, September 24, 2010 4:13 PM
  • Weslee db,

    I did try the fix in the link, and the problem does reoccur after using the "fix it" program.

    Cheers

    Friday, September 24, 2010 4:16 PM
  • Hi,

    The reason is that the file name is too long. You may be able to resolve the issue with customized script. Please refer the following case:

    Windows cannot copy file. The filename or extension is too long in General Discussion


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    • Marked as answer by Marsoutpost Wednesday, September 29, 2010 2:36 PM
    Monday, September 27, 2010 8:03 AM
  • Arthur,

     

    Success.  Yesterday I implemented a power script that removes the temporary internet files, if they exist, from the locally stored copy of the mandatory profile.  This morning I had ZERO computers fail to log in.  Thank you for your help!  Have a great day.

     

    Marsoutpost

    • Marked as answer by Marsoutpost Wednesday, September 29, 2010 2:39 PM
    Wednesday, September 29, 2010 2:36 PM
  • Is it possible that you could provide the group further details of your fix. Perhaps a copy of your script and how it was implemented. I have a similiar situation with several a 12 schools and several thousand computers. Please advise.

     

    Thanks - TechETS

    Wednesday, September 29, 2010 5:52 PM
  • TechETS,

    I have two solutions to our problem;  The first one involves the use of a power shell script.  Note that I am using a windows 2008 R2 server and windows 7 clients (important because power shell scripts only work with server 2008 and windows 7).  The script is simple and designed to remove any temporary internet files created by internet explorer during the course of our school day. I found that when students use internet explorer to surf certain websites, the websites sometimes write temporary files with names that are longer than 260 characters.  This causes the user profile to fail the logon the next time the computer is either restarted, or logged out and logged back in; resulting in the infamous "User Profile Service service failed the logon" error.

    First solution:

    I wrote the script using a Windows 7 workstation and the built in Windows PowerShell ISE (Scripting Environment).  The contents of the script are as follows:

    remove-item -path C:\Users\UserAccountName \AppData\Local\Microsoft\Windows\"Temporary Internet Files"\* -recurse -force

    To implement the script, I configured the Group Policy Object (GPO) that governs the student account on our Domain Controller (Windows 2008 server) to run as a log off script.  This can be found by editing the GPO,

    User Configuration->Policies->Windows Settings->Scripts (Logon/Logoff) .  Add the script as a logoff script (note that you will have to copy the script to the server itself or a shared location so the server can find it). 

    That's pretty much it for the scripting solution.  Some of the shortcomings are:

    1. If you have more than one account you would have to write a script for each account.

    2. If the computer is not logged off/powered off properly obviously the script will not run.

     

    Second solution: (The better one in my opinion).

    This morning I have been testing this solution and it seems to work better than the previous scripting solution.  This one also involves the use of a Group Policy Object (GPO). 

    I merely created a new GPO containing the setting Computer Configuration->Administrative Templates->System->User Profiles-> Set the "Delete cached copies of roaming profiles" to enabled. I then applied this GPO to the Organizational Unit (OU) that contains the client computers in the domain. This works wonderfully, because now any mandatory roaming account that logs in to these computers gets deleted on exit, thereby eliminating the problem of long file names.  I don't have to write scripts to delete the temp files for each account anymore!

    Now here is the kicker.  This setting was configured in the GPO that we apply to our student account, however it wasn't working (i.e. the locally cached copy of the mandatory roaming profile was not being deleted at log out) and I could figure out why. 

    This morning I finally figured it out.

    Group Policy Objects have two portions to them. One is the Computer portion and the other is the User portion.  One thing that I did not realize is that when you apply (link) a GPO to an Organizational Unit (OU) in the Active Directory is that depending on what is in the OU determines which part of the GPO is applied. 

    For instance if an OU contains user accounts then only the User portion of the GPO is applied.  Inversely, if the OU contains computers then only the Computer portion of the GPO is applied.  The "Delete cached copies of roaming profiles" setting is contained it the Computer portion of the GPO and therefore was not being applied to our computers because I had the GPO linked to the OU containing the user accounts.  Once I linked it to the OU containing the client computers then it worked! 

    Hope all this helps,

    Marsoutpost

     

     

    • Marked as answer by Marsoutpost Friday, October 01, 2010 5:22 PM
    Friday, October 01, 2010 4:57 PM
  • Sorry folks, this is all too techy for me.  Can someone tell me what to do in plain English?  I just got this error and can't log into my home PC.  This is very frustrating!!!
    Thursday, October 21, 2010 1:51 AM
  • Patr-m,

     

    This topic was for the User Profile Service error when encountered on computers in a client/server environment where the PCs load the user accounts from a server.  Since your computer is a "home PC" I am assuming that you are not in a client/server configuration.  You might try the fix discussed in the following thread which involves the use of system restore:

     

    http://social.technet.microsoft.com/Forums/en-US/w7itproui/thread/a38a8a6a-050b-4590-a49d-499706690801

     

    Hope that helps.

    Regards

    Thursday, October 21, 2010 2:41 PM
  • The reason is not that the filename is too long.

    The reason is that Microsoft has not updated older code to recognise the system file path length of over 32,000 characters which is proivided in Windows NT and which other file copy applications such as Robocopy recognise.

    Thursday, November 18, 2010 12:44 AM
  • The answer for this is for MS to update the code to recognise the system file path length of over 32,000 characters.

    They should stop using the Ansi file calls with the limit of 260 characters and use the Unicode functions with the 32,767 character limit.

    http://msdn.microsoft.com/en-us/library/aa365247(v=VS.85).aspx

    and also

    "The shell and the file system have different requirements. It is possible to create a path with the Windows API that the shell user interface is not be able to interpret properly."

    These differences should be removed so that we don't have to put up with silly error messages in Explorer when it lets people create multiple levels of directories that each level can be 250 characters long but it can't copy/move files when the total path length is more than 260.

    Thursday, November 18, 2010 12:58 AM
  • To all with this issue...

    The instructions at this link work GREAT!  Remember, as recommended in several places, to backup your registry first just in case.  

    For all who are a bit 'tech limited' like me, backing up your registry is simple (the instructions are in Windows help system): basically just open the registry editor and use "Export" in the file menu.  Just make sure when you save the exported file it is somewhere you can find it again.  Then follow the instructions at the link above.

    I used these simple step by step instructions on my Windows 7 Home Premium OS (Sony VAIO laptop) and was up and running in less than 5 minutes.

    Thank you Weslee db.  You are a life saver!

    Monday, January 31, 2011 9:21 PM
  • Are you using roaming profiles at the University?
    Monday, November 21, 2011 8:33 PM
  • Hi,

     

         We're having the same problem with mandatory roaming profiles here.  I attempted to implement a group policy which deletes local profiles but the event viewer actually reports that the profiles were not deleted because they are in use.  Strangely enough, this problem disappeared for approximately 2 weeks after this was implemented.  Now, the problem is back again.  The only solution is to delete the registry entry for the user, and have them log in.  This allows the user to log in once, before receiving the same user profile service failed the logon again.  I originally assumed it was part of the default profile but why would the problem have fixed itself and then started again?  There are also a lot of username.001 temp files in the profile folder.  Any help that could be provided would be greatly appreciated.

     

    Thanks

    Friday, December 09, 2011 3:13 PM
  • ok I encountered this problem on my test workstation, initially I manually deleted the temp files/profile, then opted to add the GPO solution, i am still seeing the following error when attempting to login to a user with a mandatory profile

     

    The Group Policy Client Service failed the logon

    Access is denied

     

    any other ideas?

    Thursday, December 29, 2011 8:39 PM