Windows 10: User Profile Service Event ID 1534 warnings - gHacks Tech News

Windows 10: User Profile Service Event ID 1534 warnings

Windows 10 administrators who check the event log of systems running Windows 10 version 1809 may notice a huge number of User Profile Service, event ID 1534, warnings.

Event Load and unload warnings are displayed separately in the Event log under the Event ID 1534. The events trigger for most activities that require admin profile access, e.g. launching an elevated command prompt window on the PC.

The loading warning reads: The warning descriptions read: Profile notification of event Load for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.

The unloading warning reads: Profile notification of event Unload for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.

event log error user profile service

You can open the Event Viewer in the following way:

  • Activate the Start menu.
  • Type Event Viewer.
  • Select the result to load it on the PC.
  • Switch to Event Viewer (local) > Windows Logs > Application.

You may need to sort by Event ID or level to see the errors. I replicated the issue on two PCs running Windows 10 version 1809 and found hundreds of warning log entries on each machine; Günter Born confirmed the issue on his (German) blog as well. The issue affects Microsoft accounts and local accounts.

Microsoft acknowledged the issue on its Technet community forum. A company representative stated that the issue that caused the entries to appear should not affect usage. The suggested solution, to change the value of ProfileImagePath to the "actual profile folder name" in the key "that ends in .bak", was of no use, however, at least on the systems that I tried to apply it on.

One user who commented on the thread stated that the issue was related to tiledatasvc. The user stated that tiledatasvc was removed from version 1809 and that it appears that some components were left behind that trigger the warnings.

Another user suggested the following solution for the issue:

  1. Activate the start menu.
  2. Type regedit.exe and load the Registry Editor.
  3. Confirm the UAC prompt.
  4. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileNotification
    1. If a TDL key exists, right-click on it and select Export to back it up.
    2. Right-click on TDL and select Permissions from the context menu.
    3. Select Administrators under "Group or user names".
    4. Check "Full Control" under "Permissions for Administrators".
    5. Click on ok.
    6. Delete the entire TLD key afterward.
  5. Go to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\ProfileNotification
    1. Repeat the TLD exporting, permission adding, and deleting process described under 4.
  6. Restart the PC.

The User Profile Service are no longer triggered after the deletion. Several users confirmed that the fix works; I tried it on a PC with the issue and it worked on that PC as well.

It is unclear if there are side-effects. If you notice any, restore the backed up Registry keys again to resolve the issue.

Now You: Do you run Windows 10 version 1809?

Summary
Windows 10: User Profile Service Event ID 1534 warnings
Article Name
Windows 10: User Profile Service Event ID 1534 warnings
Description
Windows 10 administrators who check the event log of systems running Windows 10 version 1809 may notice a huge number of User Profile Service, event ID 1534, warnings.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Harro Glööckler said on December 29, 2018 at 11:42 am
    Reply

    You forgot to add one needs to take ownership of both TDL keys and allow full control. Without that, it’s not possible to delete anything.

    It can be done manually or via RegOwnershipEx.

    How to do it manually:
    1. right click on TDL key
    2. Permissions…
    3. tick Allow Full Control for Users group
    4. Advanced
    5. click Change
    6. type users and click Check Names
    7. OK
    8 .OK
    9 .OK again
    10. repeat everything for second TDL key

    Now you’re able to delete those keys.

    1. Martin Brinkmann said on December 29, 2018 at 5:20 pm
      Reply

      Thank you, added!

    2. Razumovich said on December 30, 2018 at 12:56 am
      Reply

      “It can be done manually or via RegOwnershipEx”

      …or you could simply open the registry editor with TrustedInstaller privileges (I have in mind the ExecTI tool) and then to directly delete the TLD key, i.e. without needing to first change permissions and take ownership (my guess is you know this, sorry; adding it for general knowledge mostly)
      https://winaero.com/comment.php?comment.news.1843
      (attentively:))

  2. Dave said on December 29, 2018 at 5:43 pm
    Reply

    My PC running windows 10 home (with zero modifications) is still on 1803.

    In Microsoftese “Check for Updates” = IWannaBaBetaTester!

    I never touch that button, you shouldn’t either.

    1. Peterc said on December 29, 2018 at 8:00 pm
      Reply

      I “home-administer” my dad’s Windows 10 non-LTSB/LTSC Enterprise laptop, set to the maximum six-month delay for mandatory edition upgrades, and he’s still on 1803 as well. (The default mandatory-upgrade policy was left in place by the administrators at his work.)

      I also never click the “I wanna be a beta tester” button.

      Instead, I run Belarc Advisor to check for missing security updates, and I use WSUS Offline Update to download and install “security-only” updates.

      It seems to be working okay, so far … to the extent Windows 10 can be said to be working “okay.” ;-)

      Returning to the topic at hand, it’s hard enough for infrequent, non-professional troubleshooters to find what they are looking for in Windows’ event logs without adding a whole bunch of useless chaff like this.

      1. Anonymous said on December 30, 2018 at 3:13 am
        Reply

        The demand for LTSB/C and Enterprise is so high some online stores are now selling single copies through a loophole which MS will probably soon close. Microsoft even tries to discourage businesses from using it. https://blogs.technet.microsoft.com/ukplatforms/2018/06/11/say-no-to-long-term-servicing-channel-ltsc/

        Windows Update is a scam by Microsoft. It’s not about quality for Microsoft, it’s about “Windows as a service” and eventually subscription fees. They want you to think that Windows requires constant service from Microsoft in which you become a beta tester, but the reality is you are better off upgrading only for critical security updates and major version updates.

      2. ilev said on December 30, 2018 at 10:58 am
        Reply

        ALL the reasons given against LTSB/C are in fact reasons FOR installing LTSB/C .

  3. Richard Steven Hack said on December 29, 2018 at 9:53 pm
    Reply

    Windows is known for loading Event Viewer with spurious but scary “Error” notices that only mean half of Windows developers don’t communicate with the other half, resulting in Windows subsystems taking actions that appear to be errors to other Windows subsystems.

    Pathetic design decisions and OS bloat are the reason.

    I spent last night installing Windows 7 updates into a virtual machine (for hacking training purposes.) My big mistake was trying to run 700MB of updates all at once instead of small batches at a time. So of course a .NET update hung (.NET updates NEVER work properly), necessitating reversing out hundreds of megs of updates – and of course breaking Windows Update. After two hours of trying to fix Windows Update, it fixed itself for no known reason. I then finished updating 20 updates at a time – and doing all the .NET updates individually – until it was done.

    I am so happy no longer doing this nonsense for paying clients it isn’t funny. I’m also so deliriously happy that I run openSUSE Linux where this kind of update nonsense never happens.

  4. Rick said on December 30, 2018 at 6:10 am
    Reply

    No surprise that MS hasn’t fixed this through 18305 — and I would wager many versions to come.

    I’m still plagued by the ridiculous “DistributedCOM” warnings, and those have been percolating for years, with many mind-bending procedures out there that claim to put a stop to them (I just gave up after a while).

  5. VioletMoon said on December 30, 2018 at 8:23 pm
    Reply

    Disable Event Viewer via Group Policy?

    Not such a good idea, perhaps, if one needs to look at error logs all day–MS generates hundreds of error logs, from what I read, even when no errors are affecting the OS, so . . . .

    Delete registry keys . . . hmmmm.

    Catch 22.

    Leave it alone for now.

  6. dmacleo said on December 31, 2018 at 10:29 pm
    Reply

    and those on domain really screwed.
    luckily no real “issues” just (for me at least) event logging.
    not yet worth deploying gpo to edit/delete the keys as only 10 pc or so affected.

  7. Mauro said on January 19, 2019 at 6:08 am
    Reply

    This breaks search indexing.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.