Description

Recieved user logon notification on session Session.

Message #

Recieved user logon notification on session %1.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-User Profiles Service",
    "guid": "89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845",
    "event_source_name": "",
    "event_id": 1,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-05T22:32:20.533133+00:00",
    "event_record_id": 64,
    "correlation": {},
    "execution": {
      "process_id": 1428,
      "thread_id": 1544
    },
    "channel": "Microsoft-Windows-User Profile Service/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
    }
  },
  "event_data": {
    "Session": 1
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Finished processing user logon notification on session Session.

Message #

Finished processing user logon notification on session %1.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-User Profiles Service",
    "guid": "89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845",
    "event_source_name": "",
    "event_id": 2,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-05T22:32:20.859547+00:00",
    "event_record_id": 68,
    "correlation": {},
    "execution": {
      "process_id": 1428,
      "thread_id": 1544
    },
    "channel": "Microsoft-Windows-User Profile Service/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
    }
  },
  "event_data": {
    "Session": 1
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Recieved user logoff notification on session Session.

Message #

Recieved user logoff notification on session %1.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-User Profiles Service",
    "guid": "89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845",
    "event_source_name": "",
    "event_id": 3,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-05T22:31:34.014942+00:00",
    "event_record_id": 62,
    "correlation": {},
    "execution": {
      "process_id": 1852,
      "thread_id": 2012
    },
    "channel": "Microsoft-Windows-User Profile Service/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
    }
  },
  "event_data": {
    "Session": 1
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Finished processing user logoff notification on session Session.

Message #

Finished processing user logoff notification on session %1.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-User Profiles Service",
    "guid": "89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845",
    "event_source_name": "",
    "event_id": 4,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-05T22:31:34.250458+00:00",
    "event_record_id": 63,
    "correlation": {},
    "execution": {
      "process_id": 1852,
      "thread_id": 2012
    },
    "channel": "Microsoft-Windows-User Profile Service/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
    }
  },
  "event_data": {
    "Session": 1
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Registry file File is loaded at HKU\Key.

Message #

Registry file %1 is loaded at HKU\%2.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-User Profiles Service",
    "guid": "89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845",
    "event_source_name": "",
    "event_id": 5,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-05T22:32:20.716085+00:00",
    "event_record_id": 66,
    "correlation": {},
    "execution": {
      "process_id": 1428,
      "thread_id": 1540
    },
    "channel": "Microsoft-Windows-User Profile Service/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "File": "C:\\Users\\User\\AppData\\Local\\Microsoft\\Windows\\\\UsrClass.dat",
    "Key": "S-1-5-21-1992711665-1655669231-58201500-1000_Classes"
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Starting synchronize profile from Source to Target.

Message #

Starting synchronize profile from %1 to %2.

Fields #

Description

Finished synchronize profile from Source to Target.

Message #

Finished synchronize profile from %1 to %2. 

Result: %3

Fields #

Description

Background hive upload for user UserSid started.

Message #

Background hive upload for user %1 started.

Fields #

Description

Background hive upload for user UserSid succeeded.

Message #

Background hive upload for user %1 succeeded.

Fields #

Description

Background hive upload for user UserSid failed.

Message #

Background hive upload for user %1 failed.

 Error: %2

Fields #

Description

Cannot delete file File.

Message #

Cannot delete file %1.

 Error: %2

Fields #

Description

Open user regisry root key for UserSid failed.

Message #

Open user regisry root key for %1 failed.

 Error: %2

Fields #

Description

Save user hive to file File failed.

Message #

Save user hive to file %1 failed.

 Error: %2

Fields #

Description

Save user hive to file File succeeded.

Message #

Save user hive to file %1 succeeded.

Fields #

Description

Enable background user hive upload task succeeded.

Message #

Enable background user hive upload task succeeded.

Description

Failed to enable background user hive upload task.

Message #

Failed to enable background user hive upload task.

 Error: %1

Fields #

Description

Disable background user hive upload task succeeded.

Message #

Disable background user hive upload task succeeded.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-User Profiles Service",
    "guid": "89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845",
    "event_source_name": "",
    "event_id": 59,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-05T23:50:00.752497+00:00",
    "event_record_id": 89,
    "correlation": {},
    "execution": {
      "process_id": 1428,
      "thread_id": 1496
    },
    "channel": "Microsoft-Windows-User Profile Service/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {},
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Failed to disable background user hive upload task.

Message #

Failed to disable background user hive upload task.

 Error: %1

Fields #

Description

Slow network connection detected, abort background user hive upload task.

Message #

Slow network connection detected, abort background user hive upload task.

Message #

Windows was unable to successfully evaluate whether this computer is a primary computer for this user. This may be due to failing to access the Active Directory server at this time. The user's roaming profile will be applied as configured. Contact the Administrator for more assistance. Error: %1

Fields #

Description

This computer Result a primary computer for this user.

Message #

This computer %1 a primary computer for this user.

Fields #

Description

The primary computer relationship for this computer and this user was not evaluated due to EnvIssue.

Message #

The primary computer relationship for this computer and this user was not evaluated due to %1.

Fields #

Description

The attempt to create or open the profile key for the user failed with error Error.

Message #

The attempt to create or open the profile key for the user failed with error %1.

Fields #

Description

Creating the local profile for the user failed with error Error.

Message #

Creating the local profile for the user failed with error %1.

Fields #

Description

Logon type: LogonType.

Message #

Logon type: %1 
Local profile location: %2 
Profile type: %3

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-User Profiles Service",
    "guid": "89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845",
    "event_source_name": "",
    "event_id": 67,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-05T22:32:20.729159+00:00",
    "event_record_id": 67,
    "correlation": {},
    "execution": {
      "process_id": 1428,
      "thread_id": 1540
    },
    "channel": "Microsoft-Windows-User Profile Service/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "LogonType": "Regular",
    "LocalPath": "C:\\Users\\User",
    "ProfileType": "Regular"
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

LastDownloadTime: DownloadTime.

Message #

LastDownloadTime: %1 
LastUploadTime: %2

Fields #

Description

Waiting on network arrivals. Max wait time Timeout ms.

Message #

Waiting on network arrivals. Max wait time %1 ms.

Fields #

Description

After waiting Timeout ms, a network with the necessary capabilities was not ready for use. Allowing profile load to proceed.

Message #

After waiting %1 ms, a network with the necessary capabilities was not ready for use. Allowing profile load to proceed.

Fields #

Description

Terminating wait due to unexpected failure Result.

Message #

Terminating wait due to unexpected failure %1.

Fields #

Description

Wait complete due to connectivity event but network not ready.

Message #

Wait complete due to connectivity event but network not ready.

Description

Wait completed due to network connectivity or determination that no viable network connection is likely to become available. Allowing profile load to proceed.

Message #

Wait completed due to network connectivity or determination that no viable network connection is likely to become available. Allowing profile load to proceed.

Description

Roaming Profiles configuration is being controlled by Group Policy.

Message #

Roaming Profiles configuration is being controlled by Group Policy.

Description

Roaming Profiles configuration is being controlled by WMI configuration classes Win32_RoamingProfileUserConfiguration and Win32_RoamingProfileMachineConfiguration.

Message #

Roaming Profiles configuration is being controlled by WMI configuration classes Win32_RoamingProfileUserConfiguration and Win32_RoamingProfileMachineConfiguration.

Description

Begin new user profile creation.

Message #

Begin new user profile creation.

Description

New user profile creation complete.

Message #

New user profile creation complete.

Description

A network latency of MeasuredLatency milliseconds has been detected. Maximum latency to synchronize a roaming profile is set at LatencyThreshold milliseconds.

Message #

A network latency of %1 milliseconds has been detected.  Maximum latency to synchronize a roaming profile is set at %2 milliseconds.

Fields #

Description

A network bandwidth of MeasuredBandwidth kilobits per second has been detected. Minimum bandwidth to synchronize a roaming profile is set at BandwidthThreshold kilobits per second.

Message #

A network bandwidth of %1 kilobits per second has been detected.  Minimum bandwidth to synchronize a roaming profile is set at %2 kilobits per second.

Fields #

Description

Delete cached profile ProfilePath since it is older than AgeLimitInDays days.

Message #

Delete cached profile %1 since it is older than %2 days.

Fields #

Description

Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

Message #

Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. 

 DETAIL - %1

Fields #

Description

Windows cannot create a temporary profile directory. This problem may be caused by insufficient security rights.

Message #

Windows cannot create a temporary profile directory. This problem may be caused by insufficient security rights. 

 DETAIL - %1

Fields #

Description

Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

Message #

Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. 

 DETAIL - %1

Fields #

Description

Windows cannot set security on your registry.

Message #

Windows cannot set security on your registry. 

 DETAIL - %1

Fields #

Description

Windows cannot update your roaming profile completely. Check previous events for more details.

Message #

Windows cannot update your roaming profile completely. Check previous events for more details.

Description

Windows cannot load the user's profile but has logged you on with the default profile for the system.

Message #

Windows cannot load the user's profile but has logged you on with the default profile for the system. 

 DETAIL - %1

Fields #

Message #

Your roaming profile is not available. You are logged on with the locally stored profile. Changes to the profile will not be copied to the server. Possible causes of this error include network problems or insufficient security rights.  

 DETAIL - %1

Fields #

Description

Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

Message #

Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 DETAIL - %1 for %2

Fields #

Description

Windows was unable to load File.

Message #

Windows was unable to load %1.

Fields #

Description

Windows cannot load your profile because it appears to be corrupted.

Message #

Windows cannot load your profile because it appears to be corrupted.

Description

Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Message #

Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Message #

Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. 

 DETAIL - %1

Fields #

Message #

Windows cannot copy your profile because it contains encrypted files or directories. The keys to decrypt the files or directories are also stored in the profile and are not available now. Decrypt the files and try again.

Description

The roaming profile path File is too long. Windows is logging you on with a default profile.

Message #

The roaming profile path %1 is too long. Windows is logging you on with a default profile.

Fields #

Description

Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Message #

Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Message #

Windows saved user %1 registry while an application or service was still using the registry when the user logged off. The memory used by the user registry has not been freed. The registry will be unloaded when it is no longer in use. 

 This error may be caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account.

Fields #

Message #

Windows cannot create a local profile and is logging you on with a temporary profile. This profile will be deleted when you log off. This problem may be caused by incorrect file system permissions or network problems.

Description

Windows cannot locate your roaming mandatory profile and is attempting to log you on with your local profile. This error may be caused by incorrect file system permissions or network problems.

Message #

Windows cannot locate your roaming mandatory profile and is attempting to log you on with your local profile. This error may be caused by incorrect file system permissions or network problems. 

 DETAIL - %1

Fields #

Description

Windows cannot log you on because your roaming mandatory profile is not available. This error may be caused by incorrect file system permissions or network problems.

Message #

Windows cannot log you on because your roaming mandatory profile is not available. This error may be caused by incorrect file system permissions or network problems. 

 DETAIL - %1

Fields #

Message #

Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights. 

 DETAIL - %1

Fields #

Description

Windows cannot locate your roaming profile (read only) and is attempting to log you on with your local profile. This error may be caused by network problems or insufficient security rights.

Message #

Windows cannot locate your roaming profile (read only) and is attempting to log you on with your local profile. This error may be caused by network problems or insufficient security rights. 

 DETAIL - %1

Fields #

Description

Your roaming profile (read only) is not available. You are logged on with the locally stored profile. This error may be caused by incorrect file system permissions or network problems.

Message #

Your roaming profile (read only) is not available. You are logged on with the locally stored profile. This error may be caused by incorrect file system permissions or network problems.  

 DETAIL - %1

Fields #

Description

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Message #

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Message #

Windows has detected that Automatic Offline Caching is enabled on the Roaming Profile share - to avoid potential profile corruption, Offline Caching must be set to manual or disabled on shares where roaming user profiles are stored.

Message #

Windows could not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. Windows could not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrators group must be the owner of the folder.

Description

Windows failed to initialize user profiles. Non-console users will be unable to log on.

Message #

Windows failed to initialize user profiles. Non-console users will be unable to log on.

Message #

Roaming user profiles across forests are disabled. Windows did not load your roaming profile and is logging you on with a local profile. Changes to the profile will not be copied to the server when you log off.

Message #

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.  

 DETAIL - 
 %1

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-User Profiles Service",
    "guid": "89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845",
    "event_source_name": "",
    "event_id": 1530,
    "version": 0,
    "level": 3,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2013-10-23T17:27:30.004750+00:00",
    "event_record_id": 170,
    "correlation": {},
    "execution": {
      "process_id": 916,
      "thread_id": 928
    },
    "channel": "Application",
    "computer": "IE8Win7",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "EVENT_HIVE_LEAK",
    "Data": {
      "Name": "Detail",
      "Value": "1 user registry handles leaked from \\Registry\\User\\S-1-5-21-3463664321-2923530833-3546627382-1000:\nProcess 432 (\\Device\\HarddiskVolume2\\Windows\\System32\\winlogon.exe) has opened key \\REGISTRY\\USER\\S-1-5-21-3463664321-2923530833-3546627382-1000\n"
    }
  },
  "message": "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.  \n\n DETAIL - \n EVENT_HIVE_LEAK"
}

References #

• Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Description

The User Profile Service has started successfully.

Message #

The User Profile Service has started successfully.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-User Profiles Service",
    "guid": "89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845",
    "event_source_name": "",
    "event_id": 1531,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2023-11-06T06:25:39.296302+00:00",
    "event_record_id": 1437,
    "correlation": {},
    "execution": {
      "process_id": 1900,
      "thread_id": 2016
    },
    "channel": "Application",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {},
  "message": "The User Profile Service has started successfully.  %n%n"
}

References #

• Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Description

The User Profile Service has stopped.

Message #

The User Profile Service has stopped.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-User Profiles Service",
    "guid": "89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845",
    "event_source_name": "",
    "event_id": 1532,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2023-11-06T06:23:40.274053+00:00",
    "event_record_id": 1436,
    "correlation": {},
    "execution": {
      "process_id": 1716,
      "thread_id": 1736
    },
    "channel": "Application",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {},
  "message": "The User Profile Service has stopped.  %n%n"
}

References #

• Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Description

Windows cannot delete the profile directory Folder. This error may be caused by files in this directory being used by another program.

Message #

Windows cannot delete the profile directory %1. This error may be caused by files in this directory being used by another program. 

 DETAIL - %2

Fields #

Description

Profile notification of event Event for component Component failed, error code is Error.

Message #

Profile notification of event %1 for component %2 failed, error code is %3.

Fields #

Description

Successfully suspended folder "Folder".

Message #

Successfully suspended folder "%1"

Fields #

Description

Successfully unsuspended folder "Folder".

Message #

Successfully unsuspended folder "%1"

Fields #

Description

Failed to suspend folder "Folder".

Message #

Failed to suspend folder "%1"
 DETAIL - %2

Fields #

Description

Failed to unsuspend folder "Folder".

Message #

Failed to unsuspend folder "%1"
 DETAIL - %2

Fields #

Description

Failed to sync folder "Folder".

Message #

Failed to sync folder "%1"
 DETAIL - %2

Fields #

Description

Your roaming profile is not synchronized correctly with the server. Windows will load your previously-saved local profile instead. See the previous events for details.

Message #

Your roaming profile is not synchronized correctly with the server. Windows will load your previously-saved local profile instead. See the previous events for details.

Description

Failed to apply CSC suspend policy. Cannot connect to CSC service.

Message #

Failed to apply CSC suspend policy. Cannot connect to CSC service.
 DETAIL - %1

Fields #

Description

Windows cannot load classes registry file.

Message #

Windows cannot load classes registry file.
 DETAIL - %1

Fields #

Description

A slow network connection is detected for the roaming profile Folder. It will not be synchronized with the profile on this computer.

Message #

A slow network connection is detected for the roaming profile %1. It will not be synchronized with the profile on this computer.

Fields #

Message #

Windows cannot back up a ProfileList entry because one already exists for this user. Only the existing backup entry will be kept in the ProfileList. Future logons will restore the ProfileList entry from the existing backup entry.

Description

User hive is loaded by another process (File Lock). Process name: InterferingImageName, PID: InterferingPID, ProfSvc PID: ProfsvcPID.

Message #

User hive is loaded by another process (File Lock). Process name: %1, PID: %2, ProfSvc PID: %3.

Fields #

Description

User hive is loaded by another process (Registry Lock) Process name: InterferingImageName, PID: InterferingPID, ProfSvc PID: ProfsvcPID.

Message #

User hive is loaded by another process (Registry Lock) Process name: %1, PID: %2, ProfSvc PID: %3.

Fields #

Description

Windows unloaded user {User} registry when it received a notification that no other applications or services were using the profile.

Message #

Windows unloaded user {User} registry when it received a notification that no other applications or services were using the profile.

Fields #

Message #

Windows saved user {User} registry while an application or service was still using the registry when the user logged off. The memory used by the user registry has not been freed. The registry will be unloaded when it is no longer in use.  This error may be caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account.

Fields #

Description

The User Profile Service has started successfully.

Message #

The User Profile Service has started successfully.

Description

The User Profile Service has stopped.

Message #

The User Profile Service has stopped.

Description

Successfully suspended folder '{Folder}'.

Message #

Successfully suspended folder '{Folder}'

Fields #

Description

Successfully unsuspended folder '{Folder}'.

Message #

Successfully unsuspended folder '{Folder}'

Fields #

Description

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Message #

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Message #

Windows has detected that Automatic Offline Caching is enabled on the Roaming Profile share - to avoid potential profile corruption; Offline Caching must be set to manual or disabled on shares where roaming user profiles are stored.

Message #

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.   DETAIL -  {Detail}

Fields #

Description

Profile notification of event {Event} for component {Component} failed; error code is {Error}.

Message #

Profile notification of event {Event} for component {Component} failed; error code is {Error}.

Fields #

Description

Your roaming profile is not synchronized correctly with the server. Windows will load your previously-saved local profile instead. See the previous events for details.

Message #

Your roaming profile is not synchronized correctly with the server. Windows will load your previously-saved local profile instead. See the previous events for details.

Description

Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network; and that your network is functioning correctly. DETAIL - {Error}.

Message #

Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network; and that your network is functioning correctly.  DETAIL - {Error}

Fields #

Description

Windows cannot create a temporary profile directory. This problem may be caused by insufficient security rights. DETAIL - {Error}.

Message #

Windows cannot create a temporary profile directory. This problem may be caused by insufficient security rights.  DETAIL - {Error}

Fields #

Description

Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. DETAIL - {Error}.

Message #

Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.  DETAIL - {Error}

Fields #

Description

Windows cannot set security on your registry. DETAIL - {Error}.

Message #

Windows cannot set security on your registry.  DETAIL - {Error}

Fields #

Description

Windows Windows cannot update your roaming profile completely. Check previous events for more details.

Message #

Windows Windows cannot update your roaming profile completely. Check previous events for more details.

Description

Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - {Error}.

Message #

Windows cannot load the user's profile but has logged you on with the default profile for the system.  DETAIL - {Error}

Fields #

Message #

Your roaming profile is not available. You are logged on with the locally stored profile. Changes to the profile will not be copied to the server. Possible causes of this error include network problems or insufficient security rights.   DETAIL - {Error}

Fields #

Description

Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. DETAIL - {Error} for {File}.

Message #

Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.  DETAIL - {Error} for {File}

Fields #

Description

Windows cannot load your profile because it appears to be corrupted.

Message #

Windows cannot load your profile because it appears to be corrupted.

Description

Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Message #

Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Message #

Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account.  DETAIL - {Error}

Fields #

Message #

Windows cannot copy your profile because it contains encrypted files or directories. The keys to decrypt the files or directories are also stored in the profile and are not available now. Decrypt the files and try again.

Description

The roaming profile path {File} is too long. Windows is logging you on with a default profile.

Message #

The roaming profile path {File} is too long. Windows is logging you on with a default profile.

Fields #

Description

Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Message #

Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Message #

Windows cannot create a local profile and is logging you on with a temporary profile. This profile will be deleted when you log off. This problem may be caused by incorrect file system permissions or network problems.

Message #

Windows cannot locate your roaming mandatory profile and is attempting to log you on with your local profile. This error may be caused by incorrect file system permissions or network problems.  DETAIL - {Error}

Fields #

Description

Windows cannot log you on because your roaming mandatory profile is not available. This error may be caused by incorrect file system permissions or network problems. DETAIL - {Error}.

Message #

Windows cannot log you on because your roaming mandatory profile is not available. This error may be caused by incorrect file system permissions or network problems.  DETAIL - {Error}

Fields #

Message #

Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights.  DETAIL - {Error}

Fields #

Message #

Windows cannot locate your roaming profile (read only) and is attempting to log you on with your local profile. This error may be caused by network problems or insufficient security rights.  DETAIL - {Error}

Fields #

Message #

Your roaming profile (read only) is not available. You are logged on with the locally stored profile. This error may be caused by incorrect file system permissions or network problems.   DETAIL - {Error}

Fields #

Message #

Windows could not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. Windows could not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrators group must be the owner of the folder.

Description

Windows failed to initialize user profiles. Non-console users will be unable to log on.

Message #

Windows failed to initialize user profiles. Non-console users will be unable to log on.

Message #

Roaming user profiles across forests are disabled. Windows did not load your roaming profile and is logging you on with a local profile. Changes to the profile will not be copied to the server when you log off.

Description

Windows cannot delete the profile directory {Directory}. This error may be caused by files in this directory being used by another program. DETAIL - {Error}.

Message #

Windows cannot delete the profile directory {Directory}. This error may be caused by files in this directory being used by another program.  DETAIL - {Error}

Fields #

Description

Failed to suspend folder '{Folder}' DETAIL - {Error}.

Message #

Failed to suspend folder '{Folder}' DETAIL - {Error}

Fields #

Description

Failed to unsuspend folder '{Folder}' DETAIL - {Error}.

Message #

Failed to unsuspend folder '{Folder}' DETAIL - {Error}

Fields #

Description

Failed to sync folder '{Folder}' DETAIL - {Error}.

Message #

Failed to sync folder '{Folder}' DETAIL - {Error}

Fields #

Description

Failed to apply CSC suspend policy. Cannot connect to CSC service. DETAIL - {Error}.

Message #

Failed to apply CSC suspend policy. Cannot connect to CSC service. DETAIL - {Error}

Fields #

Description

Windows cannot load classes registry file. DETAIL - {Error}.

Message #

Windows cannot load classes registry file. DETAIL - {Error}

Fields #

Description

A slow network connection is detected for the roaming profile {Path}. It will not be synchronized with the profile on this computer.

Message #

A slow network connection is detected for the roaming profile {Path}. It will not be synchronized with the profile on this computer.

Fields #