locked
"Known folders" errors in event viewer RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I am using windows 7 x64 RC, My event viewer is filled with "Known folders" errors like this:

    Error 0x80070005 occurred while creating known folder {3eb685db-65f9-4cf6-a03a-e3ef65729f3d} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming'.

    Any ideas? Never seen this before.

    This is my second time installing windows 7 Rc. I installed it yesterday, then mysteriously got a BSOD 0x0000007E (no error msg) today.

    Friday, May 8, 2009 10:47 AM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote
    The 0x07E error is usually the controller. Folder access problems also indicate some disk corruption problem.
    Rating posts helps other users
    Mark L. Ferguson MS-MVP
    Sunday, May 24, 2009 2:23 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Looks like a sata driver error. Your controller need a different driver. You can check for new 'chipset drivers' on your system makers site.
    Rating posts helps other users
    Mark L. Ferguson MS-MVP
    Tuesday, May 12, 2009 8:00 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Looks like a sata driver error. Your controller need a different driver. You can check for new 'chipset drivers' on your system makers site.
    Rating posts helps other users
    Mark L. Ferguson MS-MVP


    Mark,

    How did you come up with sata driver errors? (just curious)  I have several of these errors for different folders: 

    For example:

    Error 0x80070005 occurred while verifying known folder {352481e8-33be-4251-ba85-6007caedcf9d} with path 'C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files'.

    Error 0x80070002 occurred while verifying known folder {fdd39ad0-238f-46af-adb4-6c85480369c7} with path 'C:\Windows\system32\config\systemprofile\Documents'.


    Error 0x80070002 occurred while verifying known folder {625b53c3-ab48-4ec1-ba1f-a1ef4146fc19} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu'.

     

    Wednesday, May 13, 2009 12:31 AM
  • Question
    Sign in to vote
    1
    Sign in to vote
    The 0x07E error is usually the controller. Folder access problems also indicate some disk corruption problem.
    Rating posts helps other users
    Mark L. Ferguson MS-MVP
    Sunday, May 24, 2009 2:23 PM
  • Question
    Sign in to vote
    1
    Sign in to vote
    This issue persists in the RTM version of Win7.  I am running the MSDN x64 edition and get a handful of these errors related to KnownFolders at every startup and then periodically thereafter.  Here's a sampling of them:

    Error 0x80070002 occurred while verifying known folder {1777f761-68ad-4d8a-87bd-30b759fa33dd} with path 'C:\Windows\system32\config\systemprofile\Favorites'.
Error 0x80070002 occurred while verifying known folder {625b53c3-ab48-4ec1-ba1f-a1ef4146fc19} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu'.
Error 0x80070002 occurred while verifying known folder {b4bfcc3a-db2c-424c-b029-7fe99a87c641} with path 'C:\Windows\system32\config\systemprofile\Desktop'.
Error 0x80070002 occurred while verifying known folder {fdd39ad0-238f-46af-adb4-6c85480369c7} with path 'C:\Windows\system32\config\systemprofile\Documents'.
Error 0x80070003 occurred while verifying known folder {a77f5d77-2e2b-44c3-a6a2-aba601054a51} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs'.
Error 0x80070003 occurred while verifying known folder {b97d20bb-f46a-4c97-ba10-5e3608430854} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.

    Oh and by the way, I think this has nothing to do with SATA controller drivers or "disk corruption".  I have no disk issues whatsoever and use a SAS RAID array hung off of an Adaptec 5445 PCI-E controller.  I ran chkdsk a few times for kicks and it came up 100% clean.

    Anybody??
    Sunday, September 13, 2009 5:53 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Luckman,

    The path mentioned, C:\Windows\system32\config\systemprofile\AppData, is a bit surprising.   The system profile is an area on disk that services running under the "local system" account use like another user's profile (my documents, etc.), but the apps that typically run under local system generally don't make much use of this area.   Have you configured custom services that might be related?
    Burt Harris
    Monday, October 5, 2009 12:48 AM
  • Question
    Sign in to vote
    1
    Sign in to vote
    I do have some custom services configured, but how would I know/check if these are related?  I browsed the C:\Windows\system32\config\systemprofile\AppData directory and the only files/folders I found in there were some Microsoft-related folders.  Actually the folder itself was behaving a little strangely-- it seems to be a virtualized folder.  Because I got wildly different results when browsing it with Explorer vs. navigating there via an Administrative Command Prompt.  I'm entirely confused now as to the nature, location, and actual contents of this folder.
    Monday, October 5, 2009 12:18 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    hi folks,
    I have the same probs on a Win7-RTM environment.
    here, we have set a folder redirection to a fileshare, so the error message contains "... 0x80070002 occured while verifying known folder ... with path '\\Server\Share\subfolder\...'."
    so I don`t think this could be a local sata prob, too.

    @Luckman: the differences between prompt and gui are "by design", because the display name shown in the explorer is defined in the desktop.ini in the root of that folder:
    You can try it out by modyfying one:
    [.ShellClassInfo]
    LocalizedResourceName=MyFolder
    and the folder is shown as "MyFolder" in the explorer and with his "real" name at the prompt.

    I wandered from the subject, sorry.
    my reason for checking out 0x80070002 is a first-logon-time of about 11 minutes and performance probs while browsing the homeshare.

    so, anybody out there?
    Thursday, November 5, 2009 6:10 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    im getting this problem with a brand new laptop and boot up event ids 100,101,103,107,108warnings 106,100,103errors and 100,103,102 critical and shut down 200,201,203wanings,errors and critical this is the 2nd laptop to have these problems should i take this 1 back or is it something that will happen with most laptops. good info will be appreciated thanks
    Tuesday, November 10, 2009 9:11 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    For me the error seems to be related to Outlook 2007 because it only occures while it is running.

    Starting Outlook 2007 is a sure thing to trigger the event.
    Friday, December 18, 2009 10:21 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    IT_João
    For me the error seems to be related to Outlook 2007 because it only occures while it is running.

    Starting Outlook 2007 is a sure thing to trigger the event.
    I have the same problem running Windows 7 x64 Ultimate OEM Russian. And I have checked that these "Known folders" warnings appeared in event viewer whithout starting Outlook 2007, just sometimes after system startup.
    Saturday, January 2, 2010 6:47 AM
  • Question
    Sign in to vote
    4
    Sign in to vote
    I have had several issues on several computers with Windows 7. I finally tracked down the resolution for my  "known folders" issue and thought it might help someone save time. All of my known folders pointed to folders that were not actually on the computer. I simply browsed the file system as far as I could and when a folder was not there to click on I created it. At one point I had to create 3 empty folders, one inside of the other to get the desired folder as listed in the error. 
    • Proposed as answer by onedeadgod Thursday, December 23, 2010 12:05 PM
    Sunday, January 17, 2010 9:37 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    I have had several issues on several computers with Windows 7. I finally tracked down the resolution for my  "known folders" issue and thought it might help someone save time. All of my known folders pointed to folders that were not actually on the computer. I simply browsed the file system as far as I could and when a folder was not there to click on I created it. At one point I had to create 3 empty folders, one inside of the other to get the desired folder as listed in the error. 
    Thank you. Logic prevails ;-)
    Wednesday, January 20, 2010 11:37 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Not always the case.

    Error 0x80070005 occurred while creating known folder {3eb685db-65f9-4cf6-a03a-e3ef65729f3d} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming'.

    'Roaming' exists.

    It contains Microsoft/Windows/Start Menu.

    W7 Ultimate
    Happens at random and this is only one of about 3 similar errors as mentioned by others.

    What is the difference between error numbers:80070002/003/005?
    Monday, February 8, 2010 9:48 PM
  • Question
    Sign in to vote
    2
    Sign in to vote
    I have the same problem.  I've noticed that the specified directory "Roaming" under Properties indicates "Read-only (Only applies to files in folder)".
    If a directory is considered a file, then what is trying to write a file in Roaming?

    I also used the before mentioned create the folder that the error called for and that did work until now.
    Friday, February 12, 2010 2:10 AM
  • Question
    Sign in to vote
    1
    Sign in to vote

    It's strange that the folders aren't there, but it helps to get the events away.

    Wednesday, April 14, 2010 7:19 AM
  • Question
    Sign in to vote
    2
    Sign in to vote
    so........... sorry if I missed it but was there a final / proper solution to this problem?  aside from recursively creating those non-existent folders?
    Wednesday, April 14, 2010 1:05 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    I see the same types of errors on Win7 x64 RTM (examples below). Do any of you also get the occasional 'Could not find this item' when trying to move files? I see this reasonably often (few times a week). I wonder if the two issues could be related.

     

    Error 0x80070005 occurred while creating known folder {5e6c858f-0e22-4760-9afe-ea3317b67173} with path 'C:\Windows\system32\config\systemprofile'

    Error 0x80070005 occurred while creating known folder {f1b32785-6fba-4fcf-9d55-7b8e7f157091} with path 'C:\Windows\system32\config\systemprofile\AppData\Local'

     

    Lenovo X61 tablet, Core2Duo L7700 1.8GHz, 4Gb,Intel 965 integrated graphics, MultiTouch/MultiView screen (pen + resistive touch), Intel turbo memory bluescreen generator, UltraBase docking station.
    Monday, May 24, 2010 1:50 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    why is that no one seems to provide proper answers to this question, this is seen predominantly in every laptop i could see, in my new dell studio 1557, win 7 professional, my friends dell Inspiron 15z etc, this is not a driver problem it has some stupid processing done by win 7 some one has to sit and look at the issue rather than telling its a driver problem and escaping it.
    Tuesday, June 29, 2010 8:51 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    I have the same error on a Windows 2008 R2 server in '...\Appdata\Roaming'. Now I changed the security of thios folder to everyone-Modify and the folders below everyone-deny all. Now I wait, what will happen. In my case: nothing. But I am still waitng..... hoping for an entry.
    Monday, July 12, 2010 8:42 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    The known folder thing also causes the backup to error at the end. I too have no controller or drive corruption issues. Whats the big deal about known folders anyway? With certain exceptions of course - why cant you just call a folder whatever you want to call it?

    Saturday, October 9, 2010 8:29 AM
  • Question
    Sign in to vote
    3
    Sign in to vote

    Has anyone yet figured out this problem?

     

    As mentioned, it is very simple...I do not believe this is a SATA controller/chipset issue - the folders actually do not exist. (If these 40 or so critical folders where truly gone due to a disk corruption error, I doubt I could even start nor use Windows.) So to me the question is why is windows trying to "verify known folder[s]" that are invalid and/or located somewhere else?

    I see about 40 event logs on this daily. Some Examples of EventId 1002 errors:

    Error 0x80070002 occurred while verifying known folder {a63293e8-664e-48db-a079-df759e0509f7} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates'.

    Error 0x80070002 occurred while verifying known folder {625b53c3-ab48-4ec1-ba1f-a1ef4146fc19} with path 'C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu'.

    I did some digging in the Event Viewer and found that these events started on 9/8/2010. Unfortunately on that date I did a ton of things on my computer. Most notably I installed Visual Studio 2008 Professional. (This also installed 24 other tools and apps, such as SQL Server Compact and SDK frameworks...)

     

    Ahh, this is something! ... all of the errors are specifying folders in:

    C:\Windows\system32\config\systemprofile\ (etc etc...)


    And in most cases (not all) the correct path is actually in their 64-bit counterparts:

    C:\Windows\SysWOW64\config\systemprofile\ (etc etc...)

     

    I also correlated the time of these events with other events from all logs at the same respective time. Unfortunately I could not find any patterns there.

    Ok as an error, this makes sense to me (something in my huge install caused "Known Folders" to point to a 32-bit systemprofile instead of the 64bit one...so now:

    1. How do I fix this?
    2. Aside from annoying log entries, what does this actually do (or supposed to do?) And is it a big deal that I'm seeing this?
    Thanks much in advance for any help!
    Monday, October 25, 2010 7:42 AM
  • Question
    Sign in to vote
    7
    Sign in to vote

    I too have noticed Event 1002 from the source Known Folders, even on newly-built Windows 7 systems.  I think one culprit is the Windows Search service.  When it starts, and then at about 24-hour intervals thereafter, it looks for the following folders, which, because they are absent by default, generate one instance of Event 1002 per missing folder, so a total of 4 such instances per occurence.

    1.  C:\Windows\system32\config\systemprofile\Desktop

    2.  C:\Windows\system32\config\systemprofile\Documents

    3.  C:\Windows\system32\config\systemprofile\Favorites

    4.  C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu

    Additionally, on domain-joined Windows 7 computers, the group policy client service looks for the preceding 4 plus 6 more missing folders on 100 to 120-minute intervals, or whenever it is restarted, and this generates 10 instances of Event 1002 per occurrence.

    5.  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

    6.  C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

    7.  C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent

    8.  C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo

    9.  C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

    10.  C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

    You can eliminate Event 1002 by creating the missing folders manually.

    You can force the first 4 of these events to occur by restarting the Windows Search service; you can force all 10 to occur (on a domain-joined Windows 7 computer) by running gpupdate /force.

    It would be interesting to know why these processes are looking for locations that don't exist by default.

     

    • Proposed as answer by melliottx Sunday, January 16, 2011 10:00 PM
    Friday, November 12, 2010 3:38 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I have the same warnings on Windows 7 Ultimate 64bit, in the Microsoft-Windows-Known Folders/ Operational log.

    I created the folders that seem to be missing but I have new event where the error code changed from 1002 ("error while verifying") to 1000 ("error while creating").

    Doesn't seem like a warning is a big deal.

    Sunday, December 12, 2010 4:34 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    I have not seen Event 1000.  I added the "missing" folders using a batch file run from an Administrator Command prompt.
    Monday, December 13, 2010 4:09 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    I have had several issues on several computers with Windows 7. I finally tracked down the resolution for my  "known folders" issue and thought it might help someone save time. All of my known folders pointed to folders that were not actually on the computer. I simply browsed the file system as far as I could and when a folder was not there to click on I created it. At one point I had to create 3 empty folders, one inside of the other to get the desired folder as listed in the error. 
    Logic++.
    Thursday, December 23, 2010 12:04 PM
  • Question
    Sign in to vote
    5
    Sign in to vote

    Only this doesn't work.

    {c5abbf53-e17f-4121-8900-86626fc2c973}  e.g. is the SID of the folder that is being looked after. Simply recreating won't do, since the SID will not match the expected SID. Therefor, if u create the folders, the errors will persist.

    Further more,

    It seems no1 is able to give a proper explanation of the following error codes, so allow me:

    0x80070005 = Seems to relate only to the Event ID 1000: Error while creating map.
    0x80070003 = Seems to relate only to the Event ID 1002: Error while verifying folder.
    0x80070002 = Seems to relate only to the Event ID 1002: Error while verifying folder.

    It also seems that 0x80070003 happens more on subfolders of "AppData" then 0x80070002.

    Further analyses show that 0x80070005 applies to the account NETWORK SERVICE, where 0x80070002 and 0x80070003 apply to SYSTEM account.

    Going even further:

    Alot of 0x80070002 and 0x80070003 errors are caused, in my case, by proces-ID 2256, which is ccSvcHst.exe, which is Symantec Service Framework, a.k.a. my virusprotection utility.

    Some of 0x80070002 and 0x80070003 errors are caused, in my case, by proces-ID 4604, which is SearchIndexer.exe, a.k.a. the Index utility of Windows.

    The 0x80070005 are caused by 4228 and 4484, which i yet have to identify.

    This has absolutely nothing to do with disk errors.

    I suggest people start using the tools (Eventvwr, Taskmgr) that Microsoft has provided and find a 'real' logical answer, not just parrot each other.

    Even better: When is Microsoft coming up with a fix for this, as it seems the problem exists "Out of the Box"?

    My 2 cents.

    • Proposed as answer by jonnygs1 Friday, May 13, 2011 9:47 PM
    Thursday, January 6, 2011 7:31 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    @ KrazeyKami

    I agree that the events in the Known Folders Operational log are not related to disk errors. 

    And that the conditions that generate these events existing "Out of the Box." - just look in the Known Folders Operational log on a newly-minted Windows 7 system. 

    And that some are related to the Windows Search Service (as detailed in my posted dated 2010-11-12). 

    I have been able to eliminate most of these events by running a batch file (KnownFolders.bat - detailed below) at first logon.  The question still remains, why are processes like the Windows Search service looking for locations that don't exist "out of the box"?

    md "C:\Windows\system32\config\systemprofile\Desktop"
    md "C:\Windows\system32\config\systemprofile\Documents"
    md "C:\Windows\system32\config\systemprofile\Favorites"
    md "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu"
    md "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent"
    REM 2010-11-16 added the following lines required for domain-joined computers
    md "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs"
    md "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
    md "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo"
    md "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts"
    md "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
    md "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch"

    • Proposed as answer by Randommantus Wednesday, July 31, 2013 4:19 AM
    Thursday, January 6, 2011 8:57 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    I fixed this by giving the account that's causing the error access to the folder:

    windows\systems32\config\systemprofile\appdata

    In my case it was on a SharePoint 2010 server, so I gave the entire WSS_WPG group access to it.

    Thursday, March 10, 2011 9:55 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Good that you fixed this on SharePoint 2010 server.

    In a Windows 7 system, I think the situation is different: the process that's trying to access this folder is the Windows Search service, which runs under the Local System, which has Full Control permissions on the windows\systems32\config\systemprofile\appdata folder.

    Friday, March 11, 2011 4:54 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Good that you fixed this on SharePoint 2010 server.

    Yes. 'fixed'.

    I have been getting hacked by silent unattended deployed Microsoft signed system files which crash my drives, and get into recursion wars with other system files, endless bloody skirmishing between the same Windows files. Turf wars between SFC and WFP etc. The deployed code which hijacked my registry and cannot be fixed, even with 16 hour DBAN zero-filling, was endpoint security software used to secure company assets from home users. Frustrated after 3 months of this, experts surprising only in their endless cluelessness and fraudulent assertions otherwise; today I 'cracked'. After low-level formatting throughout the night with Linux, only to install another deployed OS silently via Shadow Copy service - with my Genuine Advantage Win7 discs ($400 but clearly you pay for the ONGOING SUPPORT)...today I just hacked away at the registry in spots where I knew the settings were clearly not default.

    I then formatted, loaded clean drivers, wiped CMOS, flashed the BIOS for the heck of it, and installed Windows.

    I don't want to jinx myself but looking at these logs, I have a perhaps ill-advised euphoric optimism that I might just have finally done it. I'm getting all the identical errors you guys are getting, and pretty happy about it. I know exactly why my system is looking for those "known folders". 

    If I were you, I wouldn't be all that comfortable with the fact that Microsoft can't answer such a simple question. I - personally - wouldn't just shrug at another one of Microsoft's unexplained 'peculiarities' and find a 'workaround'. That's not a fix. The creation of folders (which, as someone pointed out, won't match the SIDs) is not a solution. A solution, would look very different.

    A solution, would be an official investigation, with an extensive explanation. $400 for a freaking CD. I think, a warranted answer or two, to the most glaring questions ever, is...warranted. But that's me. The gremlins everyone wants to blame on hardware and crappy drivers...hmm. Yeah, I think they're merely the side-effect.

    You can keep telling yourself that your man only hits you because he loves you. He didn't mean it. Also, you kind of asked for it, right? You didn't have his breakfast ready on time, or anti-virus solutions installed prior to going online. You can keep finding 'workarounds' and putting makeup on those purple bruises and wear sunglasses indoors.

    But he's just gonna keep hitting you, until you ditch his sorry ass. Linux isn't that scary. Don't be a coward, you can do it. And by you, of course I mean me.

    Friday, May 13, 2011 10:40 PM
  • Question
    Sign in to vote
    7
    Sign in to vote

     

    I am having the same problem...even the missing folders match the ones in sejong's proposed batch file.

     

    Update: the following is incorrect most of the time, but I am leaving it here because others may find this info useful. When you see a bold "END SPECULATIVE / BEGIN CORRECT" block, everything from then on is true (to my knowledge) and has me much closer to the problem.

     

    Then I remembered something: I have Windows 7 x64 ...Many of the things that are in C:\Windows\system32 in 32-bit Windows are in the 64-bit equivalent:C:\Windows\SysWOW64

     

    Sure enough, for example, even though this was NOT there:

    C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

     

    THIS one is there(!!!)

    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

     

    So instead of putting blank folders in the incorrect places, we should find-out why Known Folders got it wrong.

    I will post again when I figure this out...in the meantime, I'm open to suggestions too. ;)

     

    END SPECULATIVE / BEGIN CORRECT


    I just spent the past few hours digging through the registry and the web. Actually it has to do with the USERPROFILE abstracted Environment variables.

    Example

    I'll use the one from above...this is the *incorrect* path that throws the Event Viewer 1002 entry:

    C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

    I was able to find-out, that this is the correct path the Folder should be pointing to. (Test it yourself, I am sure you will find the correct locations all already there....)

    C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Network Shortcuts

    So basically, most of the path is exactly the same, but something is spitting out the first part of the folder to be 1) when it should be 2)

    1. C:\Windows\system32\config\systemprofile\
    2. C:\Users\MyName\

    To prove this pattern, I went into the registry. Each of those errors has a corresponding GUID to the "Known Folder".  In this case the

    Folder Guid = {C5ABBF53-E17F-4121-8900-86626FC2C973}

    I went into the registry and searched for it. I didn't find much, but the node corresponding to that guid/folder had the following keys:

    ParentFolder = {3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}

    RelativePath = Microsoft\Windows\Network Shortcuts

     

    Notice that the "RelativePath" is the end of the folder. So I then searched the registry for the ParentFolder Guid. There were many times this came up, but always as ParentFolder. However, when I finally made it to its actual node, I found out why...this is what I found:

    Folder Guid = {3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}

    Name = AppData

    RelativePath = AppData\Roaming

     

    Do you see how interesting this is? ...Take this all together and you have:

    ..\AppData\Roaming\Microsoft\Windows\Network Shortcuts

    All spelled out explicitly! So then I got to thinking, all we are missing is the "off" parts..

     

    The correct: C:\Users\MyName\

    The incorrectly used: C:\Windows\system32\config\systemprofile\


    I was wondering why the registry trail dies right there, but I realized that c:\Users\MyName\ is the value of the Environment Variable %USERPROFILE% !!! (Try putting that into Windows explorer (just %USERPROFILE% with the % and all) - you will map right to c:\Users\MyName\) ...So no more path-mapping is needed.


    However, look at the "bad" one, I do not know of the environment variable if there is one, but it clearly is equivalent to "SystemProfile" ...heck, "systemprofile" is explicitly stated at the end of the path!

    Then I looked back at the Event Viewer: look at the General Tab of one of the Events...it says:

    User: SYSTEM

    So whatever is calling Known Folders and throwing up this error is calling on behalf of "SYSTEM" and not your user. Thus, instead of going to USERPROFILE and getting the correct Known Folder using the algorithm I reverse-engineered above, it stuck-on a *system* profile that is essentially meaningless (probably because one never logs in as "System" and the first login of a new User creates many of those folders for itself...)

    LOL Phew! It has been a long day, I am sorry to say that that is as far as I could get...I"m sorry if you read this far only to findout that I don't know what to do next. Since the first part of the path is neither registry nor environment variable driven (as I hoped) it is somewhere in the code of what is making all of those errors happen. I am also VERY tired and this is not as grammatically/structurally correct as most of my other posts.

    I am mainly posting this for three reasons 1) To get this down on paper for when I follow-up on it next. 2) Share with you how far I got. and 3) Find out if I am mistaken and there is some little step I missed...please let there be something I missed! :)

     

    cheers!

    MikeY

     

    PS - I found the same issues on my laptop! They appear to happen when booting up...


     

     

     


    Saturday, June 18, 2011 10:46 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    Great Post.

    I used Event Viewer's  "Custom Views" along with "Custom Range..." under Logged to narrow in on a 10 minute window before after the Known Folder error log, and selected everything.

    The result in my case was an Information Event with Source "volsnap" that is responsible for the shadow copying of your files (I assume for Restore point?).

    That being said .... I just found the following:

    Click the "Help" button in the users Dialog Box (found in Computer Management -> Local Users and Groups -> Users ->yourusername)

    It took a couple of re-reads for me to narrow in on this particular line:

    "If no home folder is assigned, the system assigns a default local home folder to the user account (on the root directory where the operating system files are installed as the initial version)."

    Now that ~could~ imply that the "root directory" is system32 ... perhaps.  It definetly implies the SYSTEM is doing it on behalf of you. Nicely fits this scenerio, but does it hold water?

    In any case, even if not, messing with this dialog box may prove useful.

    I'm not about to do it on my drive I've just spent an eternity setting up, but I do have a spare one lying around .....now where did I put it?

    • Proposed as answer by DOrzx Wednesday, October 5, 2011 9:50 AM
    • Unproposed as answer by DOrzx Wednesday, October 5, 2011 9:50 AM
    • Edited by DOrzx Wednesday, October 5, 2011 10:05 AM
    Wednesday, October 5, 2011 8:31 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Have a Windows 7 home premium & this is the same issue on our Acer Aspire One (2 months old) --- it is not the only thing that comes and goes -- have performed disk scan, file checker scan & other "fixes" & these "things" still come and go  -- also like to known why when connecting to internet that 20 Kernel Event Tracing error occur within 5-10 seconds & the is almost a "take it to the bank" error ----
    Friday, October 7, 2011 1:06 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I think there is a link between the next warning

    Log Name:      Microsoft-Windows-Known Folders API Service
    Source:        Microsoft-Windows-KnownFolders
    Date:          2.1.12 15:52:41
    Event ID:      1002
    D    escription:
    Error 0x80070002 occurred while verifying known folder {b4bfcc3a-db2c-424c-b029-7fe99a87c641} with path 'C:\Windows\system32\config\systemprofile\Desktop'.

    AND
    Log Name:      Microsoft-Windows-PrintService/Admin
    Source:        Microsoft-Windows-PrintService
    Date:          2.1.12 14:44:01
    Event ID:      315
    Task Category: Sharing a printer
    Level:         Error
    Keywords:      Classic Spooler Event,Printer
    Description:
    The print spooler failed to share printer HP LaserJet P2014 with shared resource name HP LaserJet P2014. Error 2114. The printer cannot be used by others on the network.
    Event 315 error has been bugging me for some months. This afternoon I was trying to resolve an Event ID: 2 error and found a blog offering a solution to that problem:
    http://manlyelectronics.com.au/blog/resolve-windows-error-session-homegroup-log-failed-to-start-with-the-following-error-0xc0000035-in-event-viewer-microsoft-windows/

    If you ignore the caution and click on "Leave the Homegroup" and restart the computer your Home Network still works. You also get no more Event ID: 2 errors and the bonus for me was a cessation of Event ID: 315 errors. I have restarted the computer several times and the errors have definitely stopped.

    The warnings have now stopped.

     

    Hope this helps, Gerry

    Monday, January 2, 2012 5:29 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    My last post was not correct. The Warnings 1002 have continued. Events ID: 2 and 315 have stopped but not 1002.
    Hope this helps, Gerry
    Tuesday, January 3, 2012 1:53 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    Event ID: 1002 is a Microsoft Windows Operating System issue, it has nothing to do with driver errors, disk failures or anything that moderators are trying to divert this issue from.

    So far I had worked on a number of systems running on Windows 7, 32-bit as well as 64-bit.

    Those running on 32-bit systems can be resolve by adding in the missing folders located at the sub-directory location where the "Windows" folder is found (which I denote as %Windows% as in C:\Windows or D:\Windows or whatever is on your system):

    %Windows%\System32\config\SystemProfile\

    %Windows%\System32\config\SystemProfile\AppData\Local\Microsoft\Windows\

    %Windows%\System32\config\SystemProfile\AppData\Roaming\Microsoft\Windows\

    For 64-bit sytems there is no solution for it because the missing 32-bit folders (Yes, those 32-bit s/w) are somehow pointed to a 64-bit folder location. MICROSOFT SCREW UP BIG TIME. The only way not to see those warning yellow triangles in your Event Viewer, Known Folder is to disable logging by right clicking the Known Folder and choose Property to set it. But this will not improve on the processing time because it is still running in the background.

    Shit! It took more than 3 years since the first issue was reported and non of the so call Microsoft internal gurus can identify it.



    • Edited by Hans Ko Friday, May 4, 2012 10:47 AM
    Friday, May 4, 2012 10:43 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    The system producing the Event ID: 1002 is Windows 7 64 bit. The  eror is unresolved.

    I have now ascertained that the displayed name for  the Guid is Desktop:
    http://msdn.microsoft.com/en-us/library/windows/desktop/dd378457(v=vs.85).aspx
    Is there an error here?

    Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}

    Class Name:        <NO CLASS>

    Last Write Time:   14/07/09 - 05:53

    Value 0

      Name:            Name

      Type:            REG_SZ

      Data:            Desktop

    Value 1

      Name:            Category

      Type:            REG_DWORD

      Data:            0x4

    Value 2

      Name:            RelativePath

      Type:            REG_SZ

      Data:            Desktop

    Value 3

      Name:            Roamable

      Type:            REG_DWORD

      Data:            0x1

    Value 4

      Name:            LocalizedName

      Type:            REG_EXPAND_SZ

      Data:            @%SystemRoot%\system32\shell32.dll,-21769

    Value 5

      Name:            PreCreate

      Type:            REG_DWORD

      Data:            0x1

    Value 6

      Name:            PublishExpandedPath

      Type:            REG_DWORD

      Data:            0x1

    Value 7

      Name:            Attributes

      Type:            REG_DWORD

      Data:            0x1

    Value 8

      Name:            Icon

      Type:            REG_EXPAND_SZ

      Data:            %SystemRoot%\system32\imageres.dll,-183

    Hope this helps, Gerry

    Friday, May 4, 2012 1:36 PM
  • Question
    Sign in to vote
    7
    Sign in to vote

    PERMANENT SOLUTION FOR EVENT ID: 1002 KNOWN FOLDER FOR WINDOWS 7 64-BIT FOUND!

    Thanks! Gerry for helping to confirm that Windows 7 64-bit system GUID Desktop {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} is actually pointing to the System32 folder while it is actually looking at the SysWOW64 folder through a hidden command somewhere.

    Instead of adding the missing folders to the following 32-bit system folders:

    %Windows%\System32\config\SystemProfile\"Place Your Missing Folders Here"

    %Windows%\System32\config\SytemProfile\AppData\Local\Microsoft\Windows\"Place Yor Missing Folders Here"

    %Windows%\System32\config\SystemProfile\AppData\Roaming\Microsoft\Windows\"Place Your Missing Folders Here"

    THESE MISSING FOLDERS MUST ALSO BE ADDED TO THE FOLLOWING 64-BIT SYSTEM FOLDERS:

    %Windows%\SysWOW64\config\SystemProfile\"Place Your Missing Folders Here"

    %Windows%\SysWOW64\config\SystemProfile\Appdata\Local\Microsoft\Windows\"Place Your Missing Folders Here"

    %Windows%\SysWOW64\config\SystemProfile\AppData\Roaming\Microsoft\Windows\"Place Your Missing Folders Here"

    By just adding those missing folders in the 64-bit system folders will not stop those Yellow Triangle Warnings coming out due to unknow reason in the operating system that at time calls for the missing folders under the 32-bit system folders, while at other times they call for it under the 64-bit system folders.

    I can now confirm that Event ID:1002 Errors has nothing to do with drivers or hard disk failures due to my today's visit to the largest IT showroom that display computers running Windows 7 64-bit operating system produced by Acer, ASUS, Compaq, Dell, HP, Lenovo, Samsung and Toshiba, all of them have Event ID: 1002 errors out of the box without any additional hardware or software added to it. The least I saw was 2 errors, while others have up to 15 different errors. These errors were also found with the latest notebooks with 3rd generation Intel i7 motherboards which were only released a couple of weeks ago.

    MICROSOFT REALLY NEED TO PUT SOME SOFTWARE ENGINEERS TO LOOK AT WHAT IS GOING WRONG WITH THOSE HIDDEN COMMANDS THAT DIRECT IT TO LOOK FOR THOSE MISSING FOLDERS IN THE 32-BIT AS WELL AS 64-BIT SYSTEM FOLDERS AT DIFFERENT TIME.

    THIS IS A DAY ONE WINDOWS 7 64-BIT ERROR THAT WAS NEVER RESOLVED.







    • Edited by Hans Ko Saturday, May 5, 2012 5:58 PM
    • Proposed as answer by JDH IT Wednesday, May 22, 2013 3:16 PM
    Saturday, May 5, 2012 5:28 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I am not sure that I fully understand you?

    I have, however, discovered something that I had not previously realised:
    Event ID:     1002
    D    escription:
    Error 0x80070002 occurred while verifying known folder {b4bfcc3a-db2c-424c-b029-7fe99a87c641} with path 'C:\Windows\system32\config\systemprofile\Desktop'.

    I have no Desktop folder at this location!
    'C:\Windows\system32\config\systemprofile\Desktop'

    Hope this helps, Gerry


    Saturday, May 5, 2012 10:14 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I am not sure that I fully understand you?

    I have, however, discovered something that I had not previously realised:
    Event ID:     1002
    D    escription:
    Error 0x80070002 occurred while verifying known folder {b4bfcc3a-db2c-424c-b029-7fe99a87c641} with path 'C:\Windows\system32\config\systemprofile\Desktop'.

    I have no Desktop folder at this location!
    'C:\Windows\system32\config\systemprofile\Desktop'

    Hope this helps, Gerry

    -------------------------------------------------------------------------------------------------------------------------------------

    Hi Gerry,

    Yes, the "Desktop" folder is one of the 15 or so missing folders that I had noticed in most systems.

    If you are running Windows 7 64-bit operating system. just create a "Desktop" folder at the following locations:

    C:\Windows\sysWOW64\config\systemprofile\Desktop

    as well as at:

    C:\Windows\system32\config\systemprofile\Desktop

    You need both in order to not getting the yellow warning sign in Event Viewer under Known Folders.

    This is caused by a bug in the Windows 7 operating system that randomly select the 32-bit or at time the 64-bit folders, even if the files are base on 32-bit.





    • Edited by Hans Ko Saturday, May 5, 2012 11:48 PM
    Saturday, May 5, 2012 11:37 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I seem to be seeing similar symptoms to Mikey. Events showing users apparently trying to access the systemprofile areas, with user local appdata path not being constructed correctly. I'm also seeing lines in either c:\windows\brndlog.txt or %userprofile%\appdata\local\virtualstore\windows\brndlog.txt along the following:

    Processing CallInternetInitializeAutoProxyDll...
Users Local AppData path is (null)

    Does anyone else see similar lines? The above suggests to me the issue may relate to internet explorer settings or autoproxy detection.

    Cheers

    Will


    • Edited by Willottctk Monday, May 14, 2012 11:37 AM
    Monday, May 14, 2012 11:35 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thank you Hans Ko

    Month old lenovo laptop i3 sandybridge   3 (un)Known Folders

    manually creating those folders in Roaming here, in both system32 & sysWow64, seems to have stopped this laptops warning errors.

    fwiw; Media Center update error I was working on & this error happen at same moment in time.

    Friday, May 25, 2012 11:18 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    The ProgramDataUpdater scheduled task looks for these folders that are missing by default.  You can see this by manually running this task and looking in the Known Folders Operational log.

    Other processes that I have not identified look for these folders too.

    Monday, June 4, 2012 5:28 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    I have the same error on a Windows 2008 R2 server...

    We have server with some virtual 2008 R2 servers installed. Some of virtual servers have this problem, but some are clean.
    Tuesday, October 2, 2012 5:41 AM
  • Question
    Sign in to vote
    1
    Sign in to vote
    Have you tried manually running the ProgramDataUpdater scheduled task on the clean servers?
    Tuesday, October 2, 2012 3:23 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    I agree - I thought this was a forum to solve problems , not discuss the inner workings of the computer???

    blondeagent99

    Tuesday, March 19, 2013 3:06 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

     

    User: SYSTEM

    So whatever is calling Known Folders and throwing up this error is calling on behalf of "SYSTEM" and not your user. Thus, instead of going to USERPROFILE and getting the correct Known Folder using the algorithm I reverse-engineered above, it stuck-on a *system* profile that is essentially meaningless (probably because one never logs in as "System" and the first login of a new User creates many of those folders for itself...)

    Lots of clues up there, and after lots of digging myurkus *almost* has it...

    the problem is only occurring when 32-bit programs are being installed on 64-bit Windows as user Local System.

    Do we have anyone actually from Microsoft here that can fix it, though?

    That's what I thought.  :-|


    • Edited by Darr247 Saturday, March 30, 2013 5:42 AM Changed System Local to Local System
    Saturday, March 30, 2013 5:36 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I haven't seen an event from KnownFolders in a long time.  I think I killed 'em off by running a batch file as part of Windows Setup than includes the following lines.  YMMV, so if you are seeing different folders metioned in instances of Event 1002 you could try creating the folders mentioned.

    md "C:\Windows\SysWOW64\config\systemprofile\Music"
    md "C:\Windows\SysWOW64\config\systemprofile\Videos"
    md "C:\Windows\SysWOW64\config\systemprofile\Pictures"
    md "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates"
    md "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts"
    md "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History"
    md "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Burn\Burn"

    Monday, April 1, 2013 2:58 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    On our systems we came to this same conclusion. We added the folderID indicated as the name of the folder under both \System32\ and \SysWOW64\ paths. We no longer have the warning on our 64-bit machines. For the 32-bit machines it was simply doing the same under the \System32\ path.

    Wednesday, May 22, 2013 3:25 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I noticed the same issue in my registry. It appears that when the local system calls the Profile Image Path of Security Identifier S-1-5-18, "Local System" ( HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 ) instead of that of the currently logged in user, then you get the error. If you check HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Explorer\Shell Folders it appears that all of the folders that are not verified have a copy here or for some files in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Explorer\Shell Folders. You can also find these under the .Default profile and the HKEY_USERS\{Current SID} profile. in both the Shell Folders key and User Shell Folders key some with exact paths and others with enviroment variables.

    I think a workaround would be to find where it is making the call to the registry for the generic systemprofile path and add the keys for missing folders, but I dont think that will correct the error as it dosnt make the folders. We already know that placing the folders in the path containing \SYSTEM32\ or \SYSWOW64\ depending on architecture can stop the errors. Or maybe, possibly change the environment variable paths for the system profile user to point to the current users profile since the folders seem to already exist there. I think this at the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Explorer\Shell Folders" registry location. Then if that works, you could save that portion of the registry and inject those keys into all computers having the issue depending on wthere they were 32-bit or 64-bit.

     

    Thursday, May 23, 2013 3:23 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    I don't understand why the "volunteers" don't address this thread. I haven't seen a single response from any of them here.....

    Of course, it's just my opinion....I could be wrong!

    Thursday, July 4, 2013 4:04 AM
  • Question
    Sign in to vote
    1
    Sign in to vote

    PERMANENT SOLUTION FOR EVENT ID: 1002 KNOWN FOLDER FOR WINDOWS 7 64-BIT FOUND!

    Thanks! Gerry for helping to confirm that Windows 7 64-bit system GUID Desktop {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} is actually pointing to the System32 folder while it is actually looking at the SysWOW64 folder through a hidden command somewhere.

    Instead of adding the missing folders to the following 32-bit system folders:

    %Windows%\System32\config\SystemProfile\"Place Your Missing Folders Here"

    %Windows%\System32\config\SytemProfile\AppData\Local\Microsoft\Windows\"Place Yor Missing Folders Here"

    %Windows%\System32\config\SystemProfile\AppData\Roaming\Microsoft\Windows\"Place Your Missing Folders Here"

    THESE MISSING FOLDERS MUST ALSO BE ADDED TO THE FOLLOWING 64-BIT SYSTEM FOLDERS:

    %Windows%\SysWOW64\config\SystemProfile\"Place Your Missing Folders Here"

    %Windows%\SysWOW64\config\SystemProfile\Appdata\Local\Microsoft\Windows\"Place Your Missing Folders Here"

    %Windows%\SysWOW64\config\SystemProfile\AppData\Roaming\Microsoft\Windows\"Place Your Missing Folders Here"

    By just adding those missing folders in the 64-bit system folders will not stop those Yellow Triangle Warnings coming out due to unknow reason in the operating system that at time calls for the missing folders under the 32-bit system folders, while at other times they call for it under the 64-bit system folders.

    I can now confirm that Event ID:1002 Errors has nothing to do with drivers or hard disk failures due to my today's visit to the largest IT showroom that display computers running Windows 7 64-bit operating system produced by Acer, ASUS, Compaq, Dell, HP, Lenovo, Samsung and Toshiba, all of them have Event ID: 1002 errors out of the box without any additional hardware or software added to it. The least I saw was 2 errors, while others have up to 15 different errors. These errors were also found with the latest notebooks with 3rd generation Intel i7 motherboards which were only released a couple of weeks ago.

    MICROSOFT REALLY NEED TO PUT SOME SOFTWARE ENGINEERS TO LOOK AT WHAT IS GOING WRONG WITH THOSE HIDDEN COMMANDS THAT DIRECT IT TO LOOK FOR THOSE MISSING FOLDERS IN THE 32-BIT AS WELL AS 64-BIT SYSTEM FOLDERS AT DIFFERENT TIME.

    THIS IS A DAY ONE WINDOWS 7 64-BIT ERROR THAT WAS NEVER RESOLVED.








      Hans Ko solution worked perfect for me.....( i created the missing folders stated on my windows log using CMD runing as administrator. Created both under system32 and syswow64 like Hans stated and got no more errors and i was getting them everyday on boot)
    Wednesday, July 31, 2013 12:16 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I like the way you think.   Seems like a good path into the why of the warning message.

    Came here because I see nothing but warning messages in that area on this computer my event viewer but felt strongly this relatively new Win7 Pro box has no real hardware issue that some other page pointed to.

    I do not believe that supplying a folder where a mistake expects to find it is a fix but it certainly is a way to get rid of an unnecessary warning.

    Hey, if it wants to look in the wrong place and complain that nothing is there then why not give it something to see?  I wonder if there are any possible negatives to that solution?

    This issue reminds me of an error that happened in Windows Server 2008r2 backup that was related to folders in that area until they fixed it.  Probably just some irritating buggy code doing what you described in theory without actual knowledge of that code that does no harm other than to cause large groups of people who do not believe in leaving warnings unattended to spend time researching what should eventually be fixed. 

    Thanks for your valuable information regarding your research results. 

    Al Coberly

    Tuesday, April 1, 2014 2:56 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thank you myurkus,

    it applied for me.


    "As mentioned, it is very simple...I do not believe this is a SATA controller/chipset issue - the folders actually do not exist."
    • Edited by Alex_0s Monday, May 12, 2014 4:59 PM
    Monday, May 12, 2014 4:58 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi! Think I found an easier solution.

    I've had this problem for some time too.

    I'm using a Windows 7 (Ultimate) 64-bit OS. I've just managed to download and install SP1 (didn't know I didn't have it?!), check event viewer and found a few volume shadow errors (0 restore points!).

    I have in the past created folders in syswow64, even recently creating one for a missing folder @

    C:\Windows\Resources\0409  


    I decided to take an alternative approach -

    1. go to event viewer and find the offending GUID 

    (Applications and Services Logs > Microsoft > Windows > Known Folders > Operation > Details tab

    (see above!)

    Copy the {GUID} (in my case it was {ae50c081-ebd2-438a-8655-8a092e34987a} 

    run regedit and CTRL+Find the GUID.

    Change the relative path from 

    Microsoft\Windows\Recent

    to

    %appdata%\Microsoft\Windows\Recent

    (you should be able to access the special folder in question by pasting the new, full relative path into an address bar / run box.

    Keen to know if this is useful for anyone else!

    Hard for my to track as I now have 5 builds... I <3 Virtualization!



    Wednesday, September 10, 2014 3:30 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    The 0x07E error is usually the controller. Folder access problems also indicate some disk corruption problem.
    Rating posts helps other users
    Mark L. Ferguson MS-MVP     <marquee behavior="alternate" direction="right" height="100" loop="5" scrollamount="4" scrolldelay="25" style="left:10px;width:100px;top:0px;height:40px;" width="200">
      Rightclick for 'Open Link in a New Tab' to read my 'Signatures 101' thread
    </marquee>

    Hi Mark!

    How do you do your quick HEX math magic?! 0x07E - is that 0x80070005 ? and 0x80070002?

    Re that error "usually being the controller", how do you know/what do you mean? 

    Using windows 7's native vhd support, I have several builds, basically clones. I'm trying to see what is causing the error (what event occurs), alas eventviewer's application/system logs reveal nothing.

    Is there a way to debug this? using process monitor / explorer ?

    I've tried following the lead of Dr. Russinovich, but I'm a novice. I need help!

    The most insight I've got is think is from Mr. Harris, ie

    The path mentioned, C:\Windows\system32\config\systemprofile\AppData, is a bit surprising.   The system profile is an area on disk that services running under the "local system" account use like another user's profile (my documents, etc.), but the apps that typically run under local system generally don't make much use of this area.   Have you configured custom services that might be related?

    Burt Harris

    Saturday, October 25, 2014 10:36 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    hi Luke, I am still having this annoyance too. Looking as deep as possible into it (or trying too)

    did you ever find a resolution, or a root-cause?

    trying to follow this to see what's causing the event ("folder verification"), also comparing to other builds on same laptop, to see which aren't affected...

    I think it might be windows update. just a hunch. there was a hotfix, but the link is dead.

    First I want to see a correlation between the event and the OS. It's just kind of bugging my mind that the issue occurs sometimes on some systems, but (seemingly) not so on other VHDs.

    (I'm trying to make a rock steady build. And keep it clean and running smooth. It's not easy)

    ISSUE: UNRESOLVED. CAUSE: UNKNOWN

    UPDATE: Cause identified by PID in event viewer. for me, re 

    "Error 0x80070002 occurred while verifying known folder {b4bfcc3a-db2c-424c-b029-7fe99a87c641} with path 'C:\Windows\system32\config\systemprofile\Desktop'." 

    the PID each time corresponds to windows search service ID. The question is why it's building a "bad desktop path", instead of referencing the special folder

    Desktop Path, using Nirsoft's SpecialFoldersView

    Saturday, October 25, 2014 10:55 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I am with you Mikey! I almost reached the same conclusion... merely steps away.

    To clarify, is the cause a bad relative path, ergo the solution to fix the relativepath for any offending GUIDs?

    (I thought this was cause by a bad update, or the absence of service pack 1 whilst installing other updates, like windows defender.. but it's all speculation as I never identified the event that caused the bad verification (event 1002).

    Saturday, October 25, 2014 11:01 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    wow!!! the CAUSE and the solution, without directly hacking the registry?!

    attempting now!!

    recent events

    proposed fix

    Saturday, October 25, 2014 11:07 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Another culprit candidate:

    I suspect windows search references these on some occasions.

    On closer inspection, I discovered this location does have a (protected,hidden, manually created, empty) Desktop folder (just to shut MS up).

    Hope anyone suffering this annoyance discovers this. Wonder how prolific the issue is...

    Saturday, October 25, 2014 1:23 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    SOLVED

    {MANUAL QUOTE, thanks again to the above contributors}

    • Question
      Vote

       

      I am having the same problem...even the missing folders match the ones in sejong's proposed batch file.

       

      Update: the following is incorrect most of the time, but I am leaving it here because others may find this info useful. When you see a bold "END SPECULATIVE / BEGIN CORRECT" block, everything from then on is true (to my knowledge) and has me much closer to the problem.

       

      Then I remembered something: I have Windows 7 x64 ...Many of the things that are in C:\Windows\system32 in 32-bit Windows are in the 64-bit equivalent:C:\Windows\SysWOW64

       

      Sure enough, for example, even though this was NOT there:

      C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

       

      THIS one is there(!!!)

      C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

       

      So instead of putting blank folders in the incorrect places, we should find-out why Known Folders got it wrong.

      I will post again when I figure this out...in the meantime, I'm open to suggestions too. ;)

       

      END SPECULATIVE / BEGIN CORRECT


      I just spent the past few hours digging through the registry and the web. Actually it has to do with the USERPROFILE abstracted Environment variables.

      Example

      I'll use the one from above...this is the *incorrect* path that throws the Event Viewer 1002 entry:

      C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

      I was able to find-out, that this is the correct path the Folder should be pointing to. (Test it yourself, I am sure you will find the correct locations all already there....)

      C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Network Shortcuts

      So basically, most of the path is exactly the same, but something is spitting out the first part of the folder to be 1) when it should be 2)

      1. C:\Windows\system32\config\systemprofile\
      2. C:\Users\MyName\

      To prove this pattern, I went into the registry. Each of those errors has a corresponding GUID to the "Known Folder".  In this case the

      Folder Guid = {C5ABBF53-E17F-4121-8900-86626FC2C973}

      I went into the registry and searched for it. I didn't find much, but the node corresponding to that guid/folder had the following keys:

      ParentFolder = {3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}

      RelativePath = Microsoft\Windows\Network Shortcuts

       

      Notice that the "RelativePath" is the end of the folder. So I then searched the registry for the ParentFolder Guid. There were many times this came up, but always as ParentFolder. However, when I finally made it to its actual node, I found out why...this is what I found:

      Folder Guid = {3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}

      Name = AppData

      RelativePath = AppData\Roaming

       

      Do you see how interesting this is? ...Take this all together and you have:

      ..\AppData\Roaming\Microsoft\Windows\Network Shortcuts

      All spelled out explicitly! So then I got to thinking, all we are missing is the "off" parts..

       

      The correct: C:\Users\MyName\

      The incorrectly used: C:\Windows\system32\config\systemprofile\


      I was wondering why the registry trail dies right there, but I realized that c:\Users\MyName\ is the value of the Environment Variable %USERPROFILE% !!! (Try putting that into Windows explorer (just %USERPROFILE% with the % and all) - you will map right to c:\Users\MyName\) ...So no more path-mapping is needed.


      However, look at the "bad" one, I do not know of the environment variable if there is one, but it clearly is equivalent to "SystemProfile" ...heck, "systemprofile" is explicitly stated at the end of the path!

      Then I looked back at the Event Viewer: look at the General Tab of one of the Events...it says:

      User: SYSTEM

      So whatever is calling Known Folders and throwing up this error is calling on behalf of "SYSTEM" and not your user. Thus, instead of going to USERPROFILE and getting the correct Known Folder using the algorithm I reverse-engineered above, it stuck-on a *system* profile that is essentially meaningless (probably because one never logs in as "System" and the first login of a new User creates many of those folders for itself...)

      LOL Phew! It has been a long day, I am sorry to say that that is as far as I could get...I"m sorry if you read this far only to findout that I don't know what to do next. Since the first part of the path is neither registry nor environment variable driven (as I hoped) it is somewhere in the code of what is making all of those errors happen. I am also VERY tired and this is not as grammatically/structurally correct as most of my other posts.

      I am mainly posting this for three reasons 1) To get this down on paper for when I follow-up on it next. 2) Share with you how far I got. and 3) Find out if I am mistaken and there is some little step I missed...please let there be something I missed! :)

       

      cheers!

      MikeY

       

      PS - I found the same issues on my laptop! They appear to happen when booting up...


       

       

       

      Saturday, June 18, 2011 10:46 PM
      Avatar of myurkus
      45 Points
    • Question
      Vote

      Great Post.

      I used Event Viewer's  "Custom Views" along with "Custom Range..." under Logged to narrow in on a 10 minute window before after the Known Folder error log, and selected everything.

      The result in my case was an Information Event with Source "volsnap" that is responsible for the shadow copying of your files (I assume for Restore point?).

      That being said .... I just found the following:

      Click the "Help" button in the users Dialog Box (found in Computer Management -> Local Users and Groups -> Users ->yourusername)

      It took a couple of re-reads for me to narrow in on this particular line:

      "If no home folder is assigned, the system assigns a default local home folder to the user account (on the root directory where the operating system files are installed as the initial version)."

      Now that ~could~ imply that the "root directory" is system32 ... perhaps.  It definetly implies the SYSTEM is doing it on behalf of you. Nicely fits this scenerio, but does it hold water?

      In any case, even if not, messing with this dialog box may prove useful.

      I'm not about to do it on my drive I've just spent an eternity setting up, but I do have a spare one lying around .....now where did I put it?

    I fear Mr. Ferguson assumes too much

    Saturday, October 25, 2014 1:28 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    I just hit backspace at the wrong time... and lost an hour's worth of (beautifully formatted) detailed instructions on

    How to fix the System systemprofile issue... so here's the (new) lowdown:

    • Take a quick look in C:\Windows\System32\config\systemprofile.

    Nothing special there, right?

    re Roaming, there's an empty folder trail - C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows

    • Compare this with C:\Users\Default\AppData\Roaming\Microsoft\Windows ...

    Start Menu, SendTo, NetworkShortcuts ... 

    • (Optional) Backup

    The "System Profile" SID registry key - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18

    The Default Folder - C:\Users\Default

    • Change the 'System ProfileImagePath' - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18

    from %systemroot%\system32\config\systemprofile

    to C:\Users\Default

    • Reboot, check for events...

    Solved?

    • Proposed as answer by JonnyH3425675 Sunday, January 11, 2015 7:33 PM
    Sunday, January 11, 2015 7:32 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I've just rebooted.... the only Event Viewer warnings I have now pertain to

    • NVIDIA (custom dynamic link library) Wininit warning #11, +
    • that annoying WLAN-Autoconfig "warning" that the service has successfully stopped

    Removing KnownFolders current view from event viewer :D

    This will solve broken links like 

    C:\Windows\system32\config\systemprofile\Desktop

    \Documents

    \Favorites

    \Downloads

    \Links etc, 

    and the one about 

    C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu

    without having to create empty folders.

    I could now even delete the erroneous C:\Windows\system32\config\systemprofile folder, recovering a whopping 1.7MB of space.

    Weekend of wins!!!

    Sunday, January 11, 2015 8:15 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Just wanted to put this out there. If anyone has any p2p software, games, torrents or what have you. I have been watching the one game I have accessing these "known folders" (that actually do exist on my machine, documents, pictures, videos, file history, cached files and so on). These programs use the same PID as windows services, They are constantly "sending" even if you do not have them open,  if you look under disk activity you just might see areas that they have no place being in. The connection name changes while the IP address does not. Eventually you might see SYSTEM sending a ton of your data, while using the same ip address of the peer to peer program.
    Friday, January 8, 2016 9:47 AM