Windows 10: User Profile Service Event ID 1534 warnings

Martin Brinkmann
Dec 29, 2018
Updated • Dec 29, 2018
Windows, Windows 10

Windows 10 administrators who check the event log of systems running Windows 10 version 1809 may notice a huge number of User Profile Service, event ID 1534, warnings.

Event Load and unload warnings are displayed separately in the Event log under the Event ID 1534. The events trigger for most activities that require admin profile access, e.g. launching an elevated command prompt window on the PC.

The loading warning reads: The warning descriptions read: Profile notification of event Load for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.

The unloading warning reads: Profile notification of event Unload for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.

event log error user profile service

You can open the Event Viewer in the following way:

  • Activate the Start menu.
  • Type Event Viewer.
  • Select the result to load it on the PC.
  • Switch to Event Viewer (local) > Windows Logs > Application.

You may need to sort by Event ID or level to see the errors. I replicated the issue on two PCs running Windows 10 version 1809 and found hundreds of warning log entries on each machine; Günter Born confirmed the issue on his (German) blog as well. The issue affects Microsoft accounts and local accounts.

Microsoft acknowledged the issue on its Technet community forum. A company representative stated that the issue that caused the entries to appear should not affect usage. The suggested solution, to change the value of ProfileImagePath to the "actual profile folder name" in the key "that ends in .bak", was of no use, however, at least on the systems that I tried to apply it on.

One user who commented on the thread stated that the issue was related to tiledatasvc. The user stated that tiledatasvc was removed from version 1809 and that it appears that some components were left behind that trigger the warnings.

Another user suggested the following solution for the issue:

  1. Activate the start menu.
  2. Type regedit.exe and load the Registry Editor.
  3. Confirm the UAC prompt.
  4. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileNotification
    1. If a TDL key exists, right-click on it and select Export to back it up.
    2. Right-click on TDL and select Permissions from the context menu.
    3. Select Administrators under "Group or user names".
    4. Check "Full Control" under "Permissions for Administrators".
    5. Click on ok.
    6. Delete the entire TLD key afterward.
  5. Go to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\ProfileNotification
    1. Repeat the TLD exporting, permission adding, and deleting process described under 4.
  6. Restart the PC.

The User Profile Service are no longer triggered after the deletion. Several users confirmed that the fix works; I tried it on a PC with the issue and it worked on that PC as well.

It is unclear if there are side-effects. If you notice any, restore the backed up Registry keys again to resolve the issue.

Now You: Do you run Windows 10 version 1809?

Windows 10: User Profile Service Event ID 1534 warnings
Article Name
Windows 10: User Profile Service Event ID 1534 warnings
Windows 10 administrators who check the event log of systems running Windows 10 version 1809 may notice a huge number of User Profile Service, event ID 1534, warnings.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Malcolm E. Welch Sr. said on October 9, 2020 at 1:06 am

    Great solution when you can log into your account! I situation is that I can only log into a temporary account. I tells me that singing out might fix it, it doesn’t. Then I get a prompt that changing my password might fix it, it didn’t! That lead me here via Bing search. I didn’t have TDL but found the error “Profile notification of event Load for component {2c86c843-77ae-4284-9722-27d65366543c} failed, error code is See Tracelogging for error details.” Found the above number in “Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileNotification\SettingProfileHandler” and tried to delete it, I can’t nor can I make any kind of changes.HELP!!!!

  2. Anonymous said on July 6, 2019 at 4:00 pm

    This did the trick but I started to have this error after deleting them.

    Event 2, Kernel-eventTracing
    Session “dfa2c640-651d-488d-a479-2fd7a7ca6e29” failed to start with the following error: 0xC0000022

  3. Anonymous said on May 10, 2019 at 1:04 am

    I was experiencing lag across the board, making videos fullscreen in chrome, explorer, windows programs, etc. this fix seems to have fixed that. thank you so much. Follow Harro’s comment to take ownership of the key and you should be fine.

  4. Anonymous said on May 8, 2019 at 5:33 am

    access is denied when try to give administrators full control

    1. said on July 2, 2019 at 9:48 am

      Right click on TLD and select Permissions. Click the Advanced button. At the top of the Advanced Security Settings window you will see Owner: . Click the word “Change” to change Owner to your user.

      1. niki said on January 11, 2020 at 4:59 pm

        Thank you

  5. chocolate said on May 4, 2019 at 5:44 am


  6. paulobraveheart said on March 20, 2019 at 3:06 pm

    microsoft sucks..dam tdl.

  7. RickyO said on February 28, 2019 at 6:05 pm

    For some reason, I cannot edit nor delete the TDLs in either hive…..
    I am the only administrator (besides the default ‘Administrator’ on the workstation, and the default Admin is disabled).
    Only thing I have changed was installing the latest WordPad++. I have since uninstalled it and did a RegEdit to remove traces. (All went fine until the last two entries which wouldn’t allow deletion due to not seeing me as an Administrator.

    Running Win10 Pro, V.1809, OS Build 17763.316

    Any thoughts?

    1. Anonymous said on April 10, 2019 at 11:37 am

      Change the owner of the key with your name. Now change the users permissions to full control. This will now enable you to delete the key.

  8. Mauro said on January 19, 2019 at 6:08 am

    This breaks search indexing.

  9. dmacleo said on December 31, 2018 at 10:29 pm

    and those on domain really screwed.
    luckily no real “issues” just (for me at least) event logging.
    not yet worth deploying gpo to edit/delete the keys as only 10 pc or so affected.

  10. VioletMoon said on December 30, 2018 at 8:23 pm

    Disable Event Viewer via Group Policy?

    Not such a good idea, perhaps, if one needs to look at error logs all day–MS generates hundreds of error logs, from what I read, even when no errors are affecting the OS, so . . . .

    Delete registry keys . . . hmmmm.

    Catch 22.

    Leave it alone for now.

  11. Rick said on December 30, 2018 at 6:10 am

    No surprise that MS hasn’t fixed this through 18305 — and I would wager many versions to come.

    I’m still plagued by the ridiculous “DistributedCOM” warnings, and those have been percolating for years, with many mind-bending procedures out there that claim to put a stop to them (I just gave up after a while).

  12. Richard Steven Hack said on December 29, 2018 at 9:53 pm

    Windows is known for loading Event Viewer with spurious but scary “Error” notices that only mean half of Windows developers don’t communicate with the other half, resulting in Windows subsystems taking actions that appear to be errors to other Windows subsystems.

    Pathetic design decisions and OS bloat are the reason.

    I spent last night installing Windows 7 updates into a virtual machine (for hacking training purposes.) My big mistake was trying to run 700MB of updates all at once instead of small batches at a time. So of course a .NET update hung (.NET updates NEVER work properly), necessitating reversing out hundreds of megs of updates – and of course breaking Windows Update. After two hours of trying to fix Windows Update, it fixed itself for no known reason. I then finished updating 20 updates at a time – and doing all the .NET updates individually – until it was done.

    I am so happy no longer doing this nonsense for paying clients it isn’t funny. I’m also so deliriously happy that I run openSUSE Linux where this kind of update nonsense never happens.

  13. Dave said on December 29, 2018 at 5:43 pm

    My PC running windows 10 home (with zero modifications) is still on 1803.

    In Microsoftese “Check for Updates” = IWannaBaBetaTester!

    I never touch that button, you shouldn’t either.

    1. Peterc said on December 29, 2018 at 8:00 pm

      I “home-administer” my dad’s Windows 10 non-LTSB/LTSC Enterprise laptop, set to the maximum six-month delay for mandatory edition upgrades, and he’s still on 1803 as well. (The default mandatory-upgrade policy was left in place by the administrators at his work.)

      I also never click the “I wanna be a beta tester” button.

      Instead, I run Belarc Advisor to check for missing security updates, and I use WSUS Offline Update to download and install “security-only” updates.

      It seems to be working okay, so far … to the extent Windows 10 can be said to be working “okay.” ;-)

      Returning to the topic at hand, it’s hard enough for infrequent, non-professional troubleshooters to find what they are looking for in Windows’ event logs without adding a whole bunch of useless chaff like this.

      1. Anonymous said on December 30, 2018 at 3:13 am

        The demand for LTSB/C and Enterprise is so high some online stores are now selling single copies through a loophole which MS will probably soon close. Microsoft even tries to discourage businesses from using it.

        Windows Update is a scam by Microsoft. It’s not about quality for Microsoft, it’s about “Windows as a service” and eventually subscription fees. They want you to think that Windows requires constant service from Microsoft in which you become a beta tester, but the reality is you are better off upgrading only for critical security updates and major version updates.

      2. ilev said on December 30, 2018 at 10:58 am

        ALL the reasons given against LTSB/C are in fact reasons FOR installing LTSB/C .

  14. Harro Glööckler said on December 29, 2018 at 11:42 am

    You forgot to add one needs to take ownership of both TDL keys and allow full control. Without that, it’s not possible to delete anything.

    It can be done manually or via RegOwnershipEx.

    How to do it manually:
    1. right click on TDL key
    2. Permissions…
    3. tick Allow Full Control for Users group
    4. Advanced
    5. click Change
    6. type users and click Check Names
    7. OK
    8 .OK
    9 .OK again
    10. repeat everything for second TDL key

    Now you’re able to delete those keys.

    1. Razumovich said on December 30, 2018 at 12:56 am

      “It can be done manually or via RegOwnershipEx”

      …or you could simply open the registry editor with TrustedInstaller privileges (I have in mind the ExecTI tool) and then to directly delete the TLD key, i.e. without needing to first change permissions and take ownership (my guess is you know this, sorry; adding it for general knowledge mostly)

      1. Rich said on April 25, 2019 at 9:49 pm

        Why faff with that when opening regedit is easier?

      2. Rene Audet said on April 14, 2019 at 6:05 pm

        The winaero free software did the job very easily. Sent him a donation right after.

      3. DC Mike said on April 18, 2019 at 2:33 pm

        Didn’t do a damned thing for me

    2. Martin Brinkmann said on December 29, 2018 at 5:20 pm

      Thank you, added!

      1. Tey' said on May 22, 2019 at 4:40 am

        @Martin You’ve added how to change key permissions, but not how to change its ownership (which is required for changing the permissions).

      2. jcc said on May 3, 2019 at 9:42 pm

        Hello, thx very much, excellent solution, i had this problem as many peopole, but with this modification in registry, its ok, i ‘ve not this problem, and other problem also dont exist fro now….. i cant to say what there, but am sure that other problem does’nt exist for now….
        i’ll come back to say the evolution, because we dont know in some times the effects of this modification……
        Thx, and bye,
        nice day ,
        best regards

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.