The User Profile Service failed to logon

Got this message on a client workstation last week. It was running managed Symantec Endpoint Protection client 12.1…so much for that. The message is caused by a clever virus/worm/malware application which makes a small change in the Windows 7 registry and voila users can’t log in anymore…all they get is the following message when they attempt to log in with their username/password:

[The User Profile Service service failed to logon.]

[User profile cannot be loaded.]

Further analysis of the registry shows that the user accounts in HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList have been copied, the modified and the original renamed by an appended “.bak”. The modification essentially points to a hard drive location which does not exist or worse yet, exists with a profile that upon login displays a message stating you must pay money to get your files back.

There’s a Microsoft KB article on this as well with steps on how to fix this here, but I found these steps faster and easier:

[step 1] Boot to safe mode by mashing the F8 key repeatedly during a reboot until you see startup choices.

[step 2] You should be able to log in as the previously disabled user…if not, fire up safe mode with command prompt and type net user administrator /active:yes to enable the administrator account. Then start over from [step 1] but log in as Administrator instead of the disabled user account.

[step 3] Open Regedit and locate HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList.

[step 4] Locate any keys with .bak appended to them and find their duplicates minus the .bak. Rename those keys to .old and then rename the keys with .bak such that just the “.bak” is deleted.

if [step 4] is too confusing and/or does not resolve the problem, try:

  • Find two folders starting with S-1-5 followed by same long numbers and one of them ended with .bak.
    1. Right click the folder without .bak and choose Rename. Then add .ba at the end of the folder name.
    2. Right click the folder with .bak and choose Rename. Then remove .bak at the end of the folder name.
    3. Right click the folder with .ba and choose Rename. Then change the .ba to .bak at the end of the folder name.
  • If you have only one folder starting with S-1-5 followed by a long numbers and ended with .bak. Right click the folder and choose Rename. Then remove .bak at the end of the folder name.

[step 5] Choose the folder without .bak, in the right pane, double click RefCount and type 0 (zero) and then click OK.

Choose the folder without .bak, in the right pane, double click State and type 0 (zero) and then click OK.

[step 6] Close regedit and Reboot.

That’s it. You should now be able to log back into your system using your standard username/password. I’d also recommend running a full antivirus scan.


Posted

in

by

Comments

6 responses to “The User Profile Service failed to logon”

  1. Gary Lesperance Avatar

    Tried renaming to .old and then removing the .bak extension. Rebooted and problem persisted. I’ll let you know if I find a solution.

    1. David Vielmetter Avatar

      Sorry to hear that. Microsoft now has a KB article on this: http://support.microsoft.com/kb/947215 It has some additional steps I seem to be missing in my tutorial. Perhaps give those a try and let me know. I’ll update this post if they work for you.

  2. sara Avatar
    sara

    very useful link . thanks very much

  3. Fred Avatar
    Fred

    Thank you very much. Worked perfectly

  4. sasa Avatar
    sasa

    thank you!!

  5. Frank Zegarra Avatar
    Frank Zegarra

    Funciono genial!!