none
Server 2008r2 the user profile service failed the logon - User profile cannot be loaded

    Question

  • Hi guys

    I am running Microsoft Windows Server 2008r2 and Exchange 2010 on the same server (cant afford 2 servers). Before I promoted the server to a domain controller I created 1 administrator account named ******* and logged in locally to test that this account worked ok which it did. I then promoted the server to a domain controller and installed exchange 2010.

    Now after promotion I am able to log on to the Domain controller with the built in admin
    account along with the admin account that I created before the domain controller
    was promoted.

    My problem is that I created a 2nd administrator account on the domain controller after domain controller promotion but when I try and log on to the domain controller with this newly created admin account I get the following error message;

    The user profile service failed the logon - User profile cannot be loaded.

    I am able to logon to other workstations with this 2nd created admin account but not
    on the domain controller itself.

    This newly created admin account is a member of the following; domain users, domain admins, enterprise admins, schema admins.

    Also I have tried deleting this newly created account and created other new admin accounts but I still gwt the same problem of not being able to logon to the domain controller (locally or remotely)

    My question is whether this is normal behaviour and you can't logon to domain controllers with admin accounts created after domain controller promotion or is there something in the settings that I have changed by mistake or are there settings that I need to change?

    Many thanks in advance for your input.




    • Edited by back2work Saturday, December 22, 2012 9:44 PM
    Saturday, December 22, 2012 9:31 PM

Answers

  • Solved

    I discovered it was caused by a security problem on a few files/folders in the C:\Users\Default folder. I was able to easily fix it by going into the Advanced Security Settings for the C:\Users\Default folder and checking the box to "Replace all childobject permission with inheritable permissions from this object".

    • Marked as answer by back2work Sunday, December 23, 2012 2:38 AM
    Sunday, December 23, 2012 2:37 AM

All replies

  • The local accounts are gone since dcpromo. You now need to logon to domain in form of domainname\username

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Saturday, December 22, 2012 11:22 PM
  • Hi

    Are you using the roaming profile, if yes please check the profile path / access on the new user account.

    Also see http://support.microsoft.com/kb/947215 which may help to resolve the issue. 


    Rajesh J S

    • Proposed as answer by Rajesh J S Sunday, December 23, 2012 12:19 PM
    Saturday, December 22, 2012 11:28 PM
  • As explained in my post I can access the domain controller domainname\username using both the built in administrator account and the first admin account I created. I can log on to the server just fine with the built in account and the admin account I created before running dcpromo but I am trying to setup a 3rd admin account to log onto the server with but I get the user profile error. I realise that local accounts are not used on domain controllers.
    Saturday, December 22, 2012 11:49 PM
  • No I am not using roaming profiles. I have 2 administrator accounts (1 is the built in admin account) they both log on to the domain controller just fine. However if I try and create a 3rd administrator account I am unable to logon to the DC as I receive the user profile error. This is happening on all newly created admin accounts that I try to create. I'm thinking that perhaps the default user profile is missing on the server?
    Saturday, December 22, 2012 11:56 PM
  • Just to add, if I try to open the default user folder in C:\Users\default user I get access is denied. Should I not be able to open this folder, I am using the built in admin account with all privileges?
    Sunday, December 23, 2012 12:08 AM
  • Sorry. Your post a bit confusing. No this is not normal and looks to be a problem now with \default user profile. Since it is your only dc I'd start a support case with Microsoft CSS

     http://support.microsoft.com/kb/319726

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Sunday, December 23, 2012 12:15 AM
  • Path should be

    C:\Users\Default

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Proposed as answer by Brett LaBare Wednesday, October 9, 2013 5:51 PM
    Sunday, December 23, 2012 12:20 AM
  • I just tried your suggestion C:\users\default and I can access that folder, many thanks.

    At least I can access the DC using the 2 admin accounts I already have it just would be handy to setup a 3rd.

    Sunday, December 23, 2012 12:25 AM
  • Do you have "Do not logon users with temporary profiles" policy applied via a GPO? If so disable it.
    Sunday, December 23, 2012 12:49 AM
  • Where is Do not logon users with temporary profiles found IN GPO?

    According to Microsoft I should;

    • Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    • Right-click the SID that you want to remove, and then click Delete.

    http://support.microsoft.com/kb/947215?wa=wsignin1.0

    This registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList is missing on my DC (perhaps this is the problem but how do I fix this?

    Sunday, December 23, 2012 1:40 AM
  • This guy has the same problem as me but explains it better than I did;

    New User Logon - New User Account is Created, But It Does not Work

    My computer suddenly developed a glitch regarding New User accounts and the Guest Account.  Whenever a new user has been created in User Accounts under Control Panel, or (active directory users and computers) or the Guest Account has been turned on, those users cannot logon.  Any attempt for these users or Guest to logon is greeted with "User Profile Service service failed the logon - User Profile cannot be loaded."  When the new user is deleted, and the command to save all files is used, no files exist to be saved. 

    The problem is not a corrupted profile or SID's that need to be deleted or renamed, and so on. The problem is that when I create a new user through User Accounts in Control Panel (or active directory users and computers), no profile or anything else seems to be created along with it. The computer does absolutely nothing more than show the new user under User Accounts and on the logon screen.  The new user is not listed in the Settings under My Computer Properties; there are no documents (desktop, and so on) for the new user in Windows Explorer; there is no SID for the new user. It seems that there is no profile or anything at all for the new user. System Restore couldn't help, because the incident which wiped out the profiles also wiped out all of the System Restore points. There are no ".bak" files in the Registry for any user.

    I have the same problem with the Guest Account.  There is nothing in Explorer to indicate that a Guest profile exists. There doesn't seem to be a SID for the guest. The Guest Account cannot be used because any attempt to logon as Guest is greeted with "User Profile Service service failed the logon - User Profile cannot be loaded."

    So, please is there someone who can help us fix the problem of not being able to create new users effectively and to have a Guest Account. Thank you.

    • Proposed as answer by r.m.leland Wednesday, August 28, 2013 9:43 PM
    Sunday, December 23, 2012 2:09 AM
  • Solved

    I discovered it was caused by a security problem on a few files/folders in the C:\Users\Default folder. I was able to easily fix it by going into the Advanced Security Settings for the C:\Users\Default folder and checking the box to "Replace all childobject permission with inheritable permissions from this object".

    • Marked as answer by back2work Sunday, December 23, 2012 2:38 AM
    Sunday, December 23, 2012 2:37 AM

  • Glad to hear that the issue has been resolved.


    Happy Holidays!


    Jeremy Wu
    TechNet Community Support

    Tuesday, December 25, 2012 5:37 AM
    Moderator
  • That did the trick back2work, adjusting the permissions solved it for me, thanks man!
    Thursday, February 28, 2013 10:13 AM
  • thank you back2work! like you said,

    I was able to easily fix it by going into the Advanced Security Settings for the C:\Users\Default folder and checking the box to "Replace all childobject permission with inheritable permissions from this object".

    thanks again!

    Saturday, March 23, 2013 10:02 AM
  • I Back2Work,

    i have the exact same problem.

    however this solution didn't work for me.

    Can not do the following.

    1. can not run SFC /scannow

    2. if create local account promote it as Admin, cann't login, no registry keys created, no folder nothing at all

    3. the registry keys in profilelist and profileguid are not intact

    4. can not see the windows version

    5. windows got deactivated

    6. can see 1515 and 1504 etc events regarding the profile loading which says the path is not found similiar msg.

    7. the only user which can login with default profile is the local admin, but that is also default profile, it create a key the profilelist with .bak(removed it few times) but there is no SID generated in profileGUID.

    whats done so far.

    1. replicated permissions.

    2. copy default user profile from another computer to the same computer

    3. removed keys from registry

    4. restarted multiple times

    Any though guys?

    thanks in advance


    Wednesday, November 13, 2013 10:42 AM
  • Solved

    I discovered it was caused by a security problem on a few files/folders in the C:\Users\Default folder. I was able to easily fix it by going into the Advanced Security Settings for the C:\Users\Default folder and checking the box to "Replace all childobject permission with inheritable permissions from this object".

    This also worked for SBS 2011.  I had the same issue when I created a new admin profile I couldnt log that user into the server.  Also, I could not log in with any other user that has not logged into the server previously.  I dont know how this setting changed but it is now good to go.  I was also getting event logs of 1500 I bet this was also why.
    Tuesday, February 18, 2014 5:25 PM
  • This was just what I needed, Thank you! Spent about 2 hours then found your post. Thank you for taking the time to post what you found.
    Monday, April 28, 2014 12:31 AM
  • This worked for me,

    Thanks back2work

    Thursday, September 4, 2014 5:54 PM
  • Hi,

    I am facing same issue, however let me try this solution and update it to you.

    Regards

    Raj Navalgund


    ADS/DNS/DHCP/RIS/GROUP POLICY/PowerShell/VMware/Esxi/Storage.

    Tuesday, December 16, 2014 4:39 PM
  • This fixed my issue - THANKS A LOT!

    Jonz

    Wednesday, March 11, 2015 8:53 PM
  • Copied folder from another 2008 R2 server, then let permissions be replaced as stated above. Fixed the issue.

    Friday, May 22, 2015 8:27 PM
  • Thanks Back2Work

    I was able to solve the error through the solution you had posted

    Thursday, June 11, 2015 8:38 AM
  • Replacing permissions worked for me - thanks!
    Wednesday, August 5, 2015 10:48 PM
  • Thank you soooooo much!, it worked well and i finally solved the problem!!!
    Wednesday, August 26, 2015 11:49 AM
  • I have the same issue. but setting the security permissions on the C:\users\default folder did not help. any other ideas? 

    I am running server 2008 R2 in a domain setting. 

    thank you,

    Buddy Farr

    Monday, January 4, 2016 8:16 PM
  • For me , it was the disk space issue. C drive was FULL. cleared some files and was able to login . 

    

    Monday, January 11, 2016 6:17 AM
  • same problem, the only fix is rename keys in registry and reboot

    but this is a SERVER, I can't reboot anytime.... this is RIDICOLOUS, this error exists since years and there is no fix for it

    Monday, January 18, 2016 10:22 AM
  • Resetting the permissions on the Default profile folder did not work for me either.  I was able to get it to work by copying the Default Profile folder from another server. 
    Monday, April 11, 2016 1:21 AM
  • works for me Thanks.
    Saturday, August 13, 2016 12:23 PM
  • Yes, copying the Default folder fixed my issue. Thank you.
    Saturday, August 27, 2016 2:26 AM
  • Thank you so much for the direct point to resolving issue in single action.

    Friday, March 17, 2017 8:08 AM
  • Excellent!

    Wednesday, May 3, 2017 1:15 PM
  • Resetting permissions did not work for me, replacing the default folder from another server worked and no reboot needed.
    Monday, July 17, 2017 3:33 PM
  • Hi, please check the status of the user profile, in my case the profile had status "Backup". I deleted the profile, I logged in again, the system generated a new profile and it worked.
    Friday, September 29, 2017 3:33 PM
  • it did not help me
    Monday, September 3, 2018 7:45 PM
  • @All 

    This will only happen if you have managed updates 
    Installing ALL MS updates for server 2008 resolves this issue
    There is no reason why a 2008 server should not be fully updated in 2019 

    That is just poor administration.

    Thursday, May 16, 2019 12:36 PM