No announcement yet.

The User Profile Service service failed the logon

  • Filter
  • Time
  • Show
Clear All
new posts

  • The User Profile Service service failed the logon

    Hello folks, i would like to share my experience about this issue. First of all, let me give you the scenario which i was faced with. The infrastructure has parent domain and several child domains. All the user's accounts are hosted at the parent domain as well all the groups (security and distribution groups). Every administrator has two accounts, one which is just a peon accounts with user rights only and the second account has administrative rights at the chiled domain which the administrator is responsible for and nowhere else. The parend domain and all the child domains are running Windows 2003 active directory at the highest ( domain level). The forest has been raised as well. All the child domains are hosting their domain infrastructure and the client machines. Every domain has least 2 domain controllers, member servers and more than 500 client machines. The infrastructure is shown on AD.jpg picture.
    The hosts a member server running Windows 2008 Enterprise Edition which was successfully joined to that child domain. According to the security policy users are not allowed to logon on any member server or domain controller. Only administrators have this right. Whenever we tried to logon at this Windows 2008 member server using an administrator's account i was given the message "The User Profile Service service failed the logon" We were using the common way to login"
    Following this patern we were not able to logon. All what we got was that message and the system logged us off. The Domain Admin group where all the domain accounts have membership to was granted to the local Administrators group on the Windows 2008 machine. After we made another attempt to logon, we figured out that we are at the same success as before, NOTHING.
    After few nights researches and attempts I figured out that Windows 2008 server is using slightlly different patern to allow the user to logon on the machine.
    As all we know there are 4 distinct way to logon.
    1. Using DomainName\username
    2. Using username (when the account is at the same domain where you are login to
    3. Using [email protected]ntion
    4. Using Canonical name
    Few hours after midnight i try to use different paternt ([email protected]) and at this moment VOILA I was granted access to the machine. I am still doind research what cause this problem and where this issue comes from. Whenever i have an update i will share it with you.

    I hope it is helpfule for you.
    Attached Files

  • #2
    Re: The User Profile Service service failed the logon

    First of all thanks for the details, it helps when trying to help people.

    It seems weird that it is working with the UPN but not the pre-win2000 username.

    What do you have in the event logs?

    Can you run a netdiag on the 2008 machine?

    And can you completely delete the profile of a user having problems logging in and try again with that user?
    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah


    • #3
      Re: The User Profile Service service failed the logon

      Sorry but the update which i have is negative. I am at the same point where i have started at the begining. The system has cashed the credentials and that is why i was able to login. At the very first attempt when i got this message "User Profile service...." i granted the account membership to the local administrators group directly (without granting the account membership to a group which to be given membership to the local administrators group).

      Damn, this problem drives me crazy but i will not give up !!! Until now the test machine which i was using was virtual machine on VMWare ESX 3.5 host. I assume there could be something with the virtualization which i really doubt because all other virtual Windows 2003 Servers are working perfect. I will install the W2K8EE on a physical machine and will try again.
      Sorry Guys for this inconveninece and misinforming you.


      • #4
        Re: The User Profile Service service failed the logon

        I am happy to notify you that i found what was the problem. I have tested it several times and it works now.
        The first time Windows 2008 was installed on physical server and i used the VMWare converter to convert it to a virtual. Because the second local disk had not enough space i have saved the machine on a network drive. The network drive is a LUN on a SAN storage. The LUN infrastructure is RAID 5. When P2V conversion was done i had to use the converter to prepare that machine to the proper format which ESX uses. The machine was saved on another LUN ( with RAID 5 ) infrastructure. The virtual machine was presented to the ESX server via the Virtual center. Everything was nice and smooth except this problem.

        Today i have installed new W2K8 installation on a physical server. The P2V conversion was done by VMWare Converter, but at this time, i set the converter to save the machine on the local drive instead sending it to the network drive. The local drive is a singal basic disk connected on SATA controller. After the conversion i have used the converter againi to prepare the virtual machine in the proper ESX format. As the first time i saved the W2K8 on the second LUN where the ESX server grabs the virtual machines from. At this moment i was able to join that virtual machine to the domain and was able to login with the domain account.

        Based on my experience, i am willing to believe that the P2V storage has to be on a local disk instead on a network disk. I have seen this problem many times before when i was using VMWare GSX server and VMWare Workstation. I have been faced in a similar problems when i save the virtual machines (Linux, Ubuntu, W2K3, Novell) on the network drives.
        If you want to perform a valid P2V conversion, you have to save the virtual machine on a local disk which has not array membership. Maybe the srtiping process has something to mess up with , i don't know.