Skip navigation
Menu
Compute Engines

JSI Tip 7816. How do I cause the User Profile Hive Cleanup Service (UPHClean) to log when it finds resources that won't otherwise close?


In tip 7815 - Some user profiles will not unload, I described the UPHClean Service.

I have scripted UPHClean_App_Log.bat to cause the UPHClean Service, on every computer in your domain, to log when it had to free resources. After running UPHClean_App_Log.bat, the Application event log will contain Event ID 1201 with Source UPHClean, when resources were locked. The event would be similar to:

Event Type: Information
Event Source: UPHClean
Event Category: None
Event ID: 1201
Date: MM/DD/YYYY
Time: HH:MM:SS
User: <UserName>
Computer: <ComputerName>
Description:
The following handles in user profile hive <UserName> (<SID>) have been closed because they were preventing the profile from unloading successfully:

winlogon.exe (844)
HKCU (0x744)
call stack data collection not enabled for this process
svchost.exe (1108)
HKCU (0x334)
call stack data collection not enabled for this process
InoRT.exe (1828) HKCU\Software\Classes (0x274)
call stack data collection not enabled for this process For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

NOTE: See How do I cause the User Profile Hive Cleanup Service (UPHClean) to NOT force resources to close?

The syntax for using UPHClean_App_Log.bat is:

UPHClean_App_Log

NOTE: The output is displayed on the CMD console, but you can pipe it to a file using the following syntax:

UPHClean_App_Log>FileName

NOTE: UPHClean_App_Log.bat uses REG.EXE and NETDOM.EXE built into Windows XP and Windows Server 2003, or from the Windows 2000 Support Tools.

UPHClean_App_Log.bat contains:

@echo off
setlocal
set netdm=netdom query /domain:%userdnsdomain%
for /f "Skip=1 Tokens=*" %%c in ('%netdm% dc^|find /v /i "The command completed successfully."') do (
 set cmp=%%c
 call :doit
)
for /f "Skip=1 Tokens=*" %%c in ('%netdm% server^|find /v /i "The command completed successfully."') do (
 set cmp=%%c
 call :doit
)
for /f "Skip=1 Tokens=*" %%c in ('%netdm% workstation^|find /v /i "The command completed successfully."') do (
 set cmp=%%c
 call :doit
)
endlocal
@echo **********************
exit /b 0
:doit
set work=%cmp:     ( Workstation or Server )=%
if "%work%" NEQ "%cmp%" set cmp=%work%#
set cmp=%cmp: #=%
set cmp=%cmp:#=%
@echo **********************
@echo.
@echo Process %cmp%
REG ADD \\%cmp%\HKLM\SYSTEM\CurrentControlSet\Services\UPHClean\Parameters /v CALLSTACK_LOG /t REG_DWORD /d 00000001 /f
@echo.



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023