You receive “The User Profile Service failed the logon” error message

After running Combofix on a badly infected machine, I was unable to log into the profile account. There is a Microsoft KB article that walked me through the process of fixing this error with just a few quick changes in the registry.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

How to back up and restore the registry in Windows
  1. Click Start, type regedit in the Search box, and then press Enter.
  2. In Registry Editor, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList
  3. In the navigation pane, locate the folder that begins with S-1-5 (SID key) followed by a long number.
  4. Click each S-1-5 folder, locate the ProfileImagePath entry in the details pane, and then double-click to make sure that this is the user account profile that has the error. See image
    Collapse this imageExpand this image

    • If you have two folders starting with S-1-5 followed by some long numbers and one of them ended with .bak, you have to rename the .bakfolder. To do this, follow these steps:
      1. Right-click the folder without .bak, and then click Rename. Type .ba, and then press Enter. See image
    Collapse this imageExpand this image

  5. Right-click the folder that is named .bak, and then click Rename. Remove .bak at the end of the folder name, and then press Enter. See image
    Collapse this imageExpand this image

  6. Right-click the folder that is named .ba, and then click Rename. Change the .ba to .bak at the end of the folder name, and then press Enter. See image
    Collapse this imageExpand this image

  • If you have only one folder starting with S-1-5 that is followed by long numbers and ends with .bak, right-click the folder, and then click Rename. Remove .bak at the end of the folder name, and then press Enter.
  • If you have two folders starting with S-1-5 followed by some long numbers and one of them ended with .bak, you have to rename the .bakfolder. To do this, follow these steps:
    1. Right-click the folder without .bak, and then click Rename. Type .ba, and then press Enter. See image
      Collapse this imageExpand this image

    2. Right-click the folder that is named .bak, and then click Rename. Remove .bak at the end of the folder name, and then press Enter. See image
      Collapse this imageExpand this image

    3. Right-click the folder that is named .ba, and then click Rename. Change the .ba to .bak at the end of the folder name, and then press Enter. See image
      Collapse this imageExpand this image

  • If you have only one folder starting with S-1-5 that is followed by long numbers and ends with .bak, right-click the folder, and then click Rename. Remove .bak at the end of the folder name, and then press Enter.
  • Double-click the folder without .bak in the details pane, double-click RefCount, type 0, and then click OK. See image
    Collapse this imageExpand this image

  • Click the folder without .bak in the details pane, double-click State, type 0, and then click OK. See image
    Collapse this imageExpand this image

  • Close Registry Editor.
  • Restart the computer.
  • Log on again with your account.

Source:
http://support.microsoft.com/kb/947215 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s