Mike Player
December 12th 03, 11:04 PM
Hi All - In XP Pro SP1 I am having trouble with HKCU registry handles not
being released at logoff, leading to Userenv Event IDs 1517 and 1524. To
troubleshoot, I log off the affected account, and log on to Administrator,
then use Oh.exe and Tasklist /SVC to identify the service holding the
handle. At first, the debug manager MDM appeared to be the culprit but,
having disabled that, the problem has cropped up with other services
including Web Client and possibly Remote Registry, now both also disabled.
Although now somewhat less frequent, it is still happening, this time with
Remote Procedure Call (RpcSs), which obviously I can do little about. It
seems there must be an underlying problem causing SVCHOST to hold on to the
handles, almost independently of the services actually hosted - though at
the moment it seems RpcSs is consistently the only service directly involved
Contary to some suggestions I have seen that the 1517 and 1524 log messages
indicate a relatively benign condition, this came to light because of
volatility of desktop icon and other settings, owing to the user profile
essentially never getting written: in fact, a right mess. Having improved
the situation by disabling the services most frequently involved, this
volatility has been ostensibly fixed, but I have a strong feeling it is only
a matter of time before it and probably worse misbehaviour is back.
It seems the problem affects only one account, originally set up during
final installation (my system is OEM installed by Dell on an Inspiron 5150).
All the profiles are local, the whole installation is only a couple of weeks
old, no odd tweaks have been applied, and otherwise it seems to be working
well. I have purged the prefetch cache, and the icon cache for the affected
account, run sfc /scannow, chkdsk /f, defragmented... all to no effect. All
MS patches and virus definitions (in Norton 2003) are up to date. The
affected account has administrator privileges.
Anyone any ideas for further troubleshooting or fixes? Failing that, any
recommendations for rebuilding a "clean" user profile, preferably without
abandoning the account and starting again? TIA and best regards - Mike.
being released at logoff, leading to Userenv Event IDs 1517 and 1524. To
troubleshoot, I log off the affected account, and log on to Administrator,
then use Oh.exe and Tasklist /SVC to identify the service holding the
handle. At first, the debug manager MDM appeared to be the culprit but,
having disabled that, the problem has cropped up with other services
including Web Client and possibly Remote Registry, now both also disabled.
Although now somewhat less frequent, it is still happening, this time with
Remote Procedure Call (RpcSs), which obviously I can do little about. It
seems there must be an underlying problem causing SVCHOST to hold on to the
handles, almost independently of the services actually hosted - though at
the moment it seems RpcSs is consistently the only service directly involved
Contary to some suggestions I have seen that the 1517 and 1524 log messages
indicate a relatively benign condition, this came to light because of
volatility of desktop icon and other settings, owing to the user profile
essentially never getting written: in fact, a right mess. Having improved
the situation by disabling the services most frequently involved, this
volatility has been ostensibly fixed, but I have a strong feeling it is only
a matter of time before it and probably worse misbehaviour is back.
It seems the problem affects only one account, originally set up during
final installation (my system is OEM installed by Dell on an Inspiron 5150).
All the profiles are local, the whole installation is only a couple of weeks
old, no odd tweaks have been applied, and otherwise it seems to be working
well. I have purged the prefetch cache, and the icon cache for the affected
account, run sfc /scannow, chkdsk /f, defragmented... all to no effect. All
MS patches and virus definitions (in Norton 2003) are up to date. The
affected account has administrator privileges.
Anyone any ideas for further troubleshooting or fixes? Failing that, any
recommendations for rebuilding a "clean" user profile, preferably without
abandoning the account and starting again? TIA and best regards - Mike.