Limited User account cannot log on due to error: "could not connect to the system event notification service"

Question

In the test cases, step S12, I executed CreateLogousers.cmd which created a number of user accounts, including the limited user account "Logo User 1".

 

When trying to log on with this limited user account I get the error message "Windows could not connect to the System Event Notification Service service".  Please consult your system administrator.

 

I am the system administrator ; but, what the heck do I do to fix this?  I checked newsgroups & the web, but came up short.

 

Running Windows Vista Ultimate 64-bit (Release version)

Answer 1

Try rebooting and do it again.

 

I had a similar problem where I created a user on a machine that had never had another user created, it took a long time to switch then it failed with that error. I rebooted and the error disappeared. Apparently when you first create the user a lot of work happens under the hood (creating directories, etc).

 

 

Answer 2

That was it.

 

Such an odd error too.  I tried creating new limited users manually, and the same error occurred.

 

I ended up calling Microsoft for support and after checking permissions on the System Event Notification Service (SNES), we just tried rebooting. 

 

I hope this helps someone else out there save a few hours of wondering.

 

Tim

 

Answer 3

It appears that the Application event log is generating a warning for Event ID 1530 regarding the User Profile Service.  The details indicate that:

 

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-1664202422-207725521-1799532761-1139_Classes:

Process 1008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1664202422-207725521-1799532761-1139_CLASSES

 

 

 

While I can't tell for sure, it may be that the Switch User functionality is challenged in a domain environment and isn't releasing the registry for the next user or that some other application is holding on to something in the registry the other user needs.  Does your application event log show anything?

Answer 4

Yes, I got that one and also this one:

 

The COM+ Event System could not remove the EventSystem.EventSubscription object {3C4FB634-3FF8-482C-8692-6737AED11CA6}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.

Answer 5

I am getting the same error, but reboot does not help.

Answer 6

I have been experiencing the same problem since 3/28/2007.  I have traced it to the installation of Windows Update 905866 Update for Windows Mail Junk E-mail Filter March 2007.  Every time that update installs, I cannot log in to my standard user account in Vista.  Once I use System Restore to a date prior to 905866 (in the admin account), everything works fine again.  I am in the process of e-mailing this info back to Microsoft Support for Microsoft Updates. 

I set my machine to "Download and notify me" of updates instead of "Download and install" updates for now.  However, the update still comes up and still breaks the standard user account.

Answer 7

Rebooting the machine did help me, thanks!

Answer 8

Interesting about WUpdate... 

I've had this same problem happen on two Vista computers: a Dell Inspiron 1501 laptop (Vista Enterprise) and custom-built my workstation (Vista Ultimate).  I'm able to login using my administrator account, but non-admin accounts cannot log in.  Restarting does not help.

"Windows could not connect to the System Event Notification Service service.  This problem prevents limited users from logging on to the system.  As an administrative user, you can review the System Event Log for details about why the service didn't respond."

In the AppLog, I see: "The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event" and "The winlogon notification subscriber <UmRdpService> was unavailable to handle a notification event"

Answer 9

I've been seeing this error off and on for months, ever since first installing Vista Enterprise Edition RTM.  Since we have many other things to do, it's been ignored because a reboot typically fixed it, but I can see it becoming a big-time problem.  Microsoft needs a KB article about this -- it's just unacceptable to run into a problem where a user cannot login to the system.  I read one case online where someone bought Vista, installed it, and created a limited user account -- and then couldn't log in.  Unacceptable.  I'm going to open a ticket and see where it goes.

Answer 10

This is a random bug that hasn't been fixed, my take. Let me know how the ticket goes, I think it's a good idea that you pursue it.

Answer 11

After spending several hours and many searches, I have traced the problem down to windows defender as had this person http://www.tabletquestions.com/windows-vista/64809-event-1530-user-profile-service.html.

Answer 12

Dave.........

 

I get the same error message as you -- Event ID 1530 -- registry leak, and I don't believe it has anything to do with user accounts.  I'm the Admin and only user on my system and this Event ID 1530 nukes several of my Vista functions.  Reboot doesn't help.  No other significant errors or warnings are in the Event Viewer.  A mystery!

 

EW

 

Answer 13

Well, actually, I've stopped seeing this error, and I asked Microsoft about it and they didn't have much information about it, either.  So until it is reported by more people and becomes a bigger issue, I don't see a concrete resolution any time soon.

Answer 14

yea, I never notice the error again once I rebooted and it only happened when I created a user account and then directly tried to switch users to it.

Answer 15

Well, this problem hasn't gone away. I'm the only user on this Vista machine and while a reboot helps, the Event Viewer warning eventually returns. I agree that it may be a problem with Windows Defender because I was having problems with Defender after installing McAfee Virus Scan Plus 2007, such as Defender not starting after rebooting or showing in the System Tray even after it was set to always show. Maybe McAfee has nothing to do with the problem? I'm at a loss and am on the third reinstall of Vista. I've been staying on top of updates and trying to stick with common programs that are Vista Certified but I can't get Vista to remain stable on a machine running an Intel Core 2 Duo T7200 and 2gigs of PC5300 ram.

Answer 16

I have this error everytime I restart or reboot.

If I disable Windows Defender, the problem is gone.

Someone mentioned upgrading from RC2 to RTM may be the cause.

The process ID is Windows Defender

 

 

 

Answer 17

Same here.  Disabling Windows Defender did the trick, I had just performed a system restore for a separate issue.  I saw the same event IDs 1530.  KB turns up nothing useful on the original notification area icon about "System Event Notification Service" or Event ID 1530.

I've copied the XML of the event IDs from 1530 for Windows Defender.

Log Name:      Application
Source:        Microsoft-Windows-User Profiles Service
Date:          6/14/2007 11:44:59 AM
Event ID:      1530
Task Category: None
Level:         Warning
Keywords:      Classic
User:          SYSTEM
Computer:      Baikonur
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. 

 DETAIL -
 1 user registry handles leaked from \Registry\User\S-1-5-21-1954605790-1907687979-3155662631-1000_Classes:
Process 840 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1954605790-1907687979-3155662631-1000_CLASSES

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
    <EventID Qualifiers="32768">1530</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2007-06-14T08:44:59.000Z" />
    <EventRecordID>5743</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Baikonur</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData Name="EVENT_HIVE_LEAK">
    <Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-1954605790-1907687979-3155662631-1000_Classes:
Process 840 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1954605790-1907687979-3155662631-1000_CLASSES
</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Microsoft-Windows-User Profiles Service
Date:          6/14/2007 11:44:55 AM
Event ID:      1530
Task Category: None
Level:         Warning
Keywords:      Classic
User:          SYSTEM
Computer:      Baikonur
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. 

 DETAIL -
 1 user registry handles leaked from \Registry\User\S-1-5-21-1954605790-1907687979-3155662631-1000:
Process 840 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1954605790-1907687979-3155662631-1000

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" EventSourceName="profsvc" />
    <EventID Qualifiers="32768">1530</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2007-06-14T08:44:55.000Z" />
    <EventRecordID>5742</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Baikonur</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData Name="EVENT_HIVE_LEAK">
    <Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-1954605790-1907687979-3155662631-1000:
Process 840 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1954605790-1907687979-3155662631-1000
</Data>
  </EventData>
</Event>

Answer 18

I discovered I just should not log in right away after booting...  If I just turn on the PC and let it set at the login screen untill the Hard Drive light stays off, no error...   Log in too fast, this, and other errors will pop up sometimes...  Yet another reason to hibernate instead of shutting down all the time...   (I only shutdown about once a week unless an install/patch requires it...)

 

John

Answer 19

I formatted Vista and reinstalled it, this time I did not import any user setting and redid everything the long way.

I still have that stupid error.

 

I also seen this one:

The COM+ Event System could not remove the EventSystem.EventSubscription object {3C4FB634-3FF8-482C-8692-6737AED11CA6}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.

 

Answer 20

got this today, shut down took longer than usual too.

 

 

The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.

Answer 21

I have this error in my event viewer 20 times a day. I also have a brand new HP m8020n media center PC. I have had this problem from day one. Already had to send it in to be repaired . When I got it back they just said that I had some corrupted software and re-installed Windows Vista Home Premium. It just starts up as soon as I get back on my PC. I have the recovery discs and have reinstalled Vista at least 4 times with techs and did 3 or 4 system restores. After three days I bought a 2 year extended warranty because HP kept asking what I was doing to the PC. The only difference between our errors is mine usually says That I had 16 or more registry files leak. I also get alot of error #5038 :Code Integrity determined the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. So I have been doing alot of research on this. These are just some of the problems, but I am trying to narrow it down and I think that this is it. I would open a new folder and then 5 minutes later I would go back and the file would be empty or just gone. So after getting over 1100 errors in three days, right after I got it back from HP I have gotten so mad they dont believe me and they do not want to replace the PC. So I have to prove to them that it isnt something I did. Anyway my media player was in my recycle bin yesterday so I took it out and put it back, got up for a minute , came back and the media player was just playing away. So really wierd things have been happening. So I went through every file ,folder, application and really wierd things would be in my documents like: an Intel DH file I never started so I opened it. It was a registry file. Alot of files I was trying to open wouldnt let me without telling them what I wanted to open it with: notepad and most of these I couldnt even read. They must be the corrupted ones. The words were all over the page and didnt make any sense. Just all jumbled with alot of ##*%%^@@@. Then I when I did read the folder from intel it was like a report  that it was talking to me and giving me error reports. The report was <?xml version=" 1.0" encoding="utf-16"?>  <alerts>  <CHKSUM>483899</CHKSUM> <action> none <severity> warning <MSG> you have not checked for software updates within 60 days or more. Your intel(R)Viiv(TM) software may be out of date. It is recommended that you check for updates now. Would you like to check for software updates now?<MSG> <title> update reminder<link>\NMS\ccu.htm?cmd_line=agentupdatemenu<link>  it goes on for a few pages and at the end it says that Intel  cannot play the media player then it says "A hard drive reported that it might fail. Go to the start menu and open the Intel matrix storage console. Identify which hard drive is reporting the problem and replace it. Then <A hard drive problem occurred> <If another hard drive fails, the data on this PC may no longer be protected. Go to the start menu and open the Intel Matrix storage console. Identify which hard drive failed and refer to the help file to determine how to restore data protection><A hard drive is not accessible><a criticle hard drive problem occurred><alert>    Now I never got any message from anyone and if I did I would have no idea what to do. My registry says that it has only 2% of it filled. I might be wrong but I tjhink that my software program is completely corrupted. All my files and folders are in my rergistry and my regisrty is in my files. I dont know HP  just wanted me to do another disc recovery. Thats a few too many for a brand new PC. But I guess the PC thought so too, because it said the system couldnt handle the system recovery disk. I will fight them till the end, they now want me to mail it back to them, I said not anymore I need a replacement. They said someone wouldget back to me with-in 24 hours. Its been 4 days and I call regularly at least 3 to 4 times a day to remind them . I know they are trying to blow me off. I looked on the HP site and they changed my warranty status to a temporary 60 day limited support. They have a fight on  their hands . So I dont know if it has anything to do with your problems but if you cant find files or folders you knew were there a minute ago or you thought they were. Maybe your software is corrupt too. Maybe not I have hundreds and handreds of horrible errors all over the PC. I was trying to look up another one when I ran across yours. I have tons of security audit failures. But if I run a system diagnostics test it says Im fine. If you can help me I would love some answers. Good luck

Answer 22

We have a new Dell Optiplex 745 running Vista Business, just installed, and apparently running fine at a remote site.  On the second day after installation, the branch office manager called to report that the user could not log on, and received the error message, "Windows could not connect to the System Event Notification Service." 

 

After connecting with Remote Desktop, I found that the error log contained dozens of errors from Automatic Updates, showing that updates had failed to install.  Also, a large number of messages reflected that updates were not appropriate for this system!?!?!  Of course that raises the question - why were they downloaded?  AU is supposed to be smarter than that.  These errors all occurred early on the morning of the second day after installation at the branch office.

 

So far, I have found a number of reports online of other users with this problem, but nothing to indicate a solution.

 

Any advice or assistance would be appreciated.

 

Joe Dance

University of South Carolina

 

Answer 23

This problem surfaced on another Vista computer this morning, two days after the previously reported problem.  In this case, the user has admin rights, and reported that he was still able to log on and do some work, despite the error message: "Windows could not connect to the system event notification service."  He was instructed to log off and reboot. 

 

Sure wish someone at Microsoft would look into this isse and develop a solution.

 

 

 

Answer 24

 

I've seen this error again -- and this time the User Profile Service was logging entries that indicate that a user's registry hive could not be unloaded (which other users in this forum have identified as well).  This particular machine is used as a remote machine and many users log into it from time to time.  Sometimes they don't actually log off; they just disconnect the remote desktop session.  I think this leaves a lot of registry hives open.  A reboot fixes it for me.  I'm still investigating a root cause......

Answer 25

Thanks for the feedback, but my users are local, logging on and off at the console, generally just one per machine, and  occasionally the office manager will log on with an admin account to perform some necessary task.  We do not use fast-user switching, remote assistance, etc.  I am the only one who ever connects via Remote Desktop, and that is rare.  I ensure that everyone else is logged off before I connect. 

Besides, these are new, fast, dual-core machines, with 2GB of RAM.  They should be able to handle anything we might do!  Something is definitely out of whack!  We have reports of files disappearing, of Automatic Updates not working, of SENS failing, of Windows Defender sometimes making a difference. 

There was a known issue with Windows 2000 and XP, for which a KB article (910341) was published, including a corrective procedure.  That KB article focused on problems between SENS and Micorosft Update or WSUS websites.  However, it bore a strong resemblance to the current round of problems.  It required a bit of registry hacking, but there is no corresponding article for Vista.

Answer 26

Have  a new VISTA Laptop Sony VAIO.

Just started getting the errors listed here, after 2 months of no such error.

So, could be that MS update,

or Windows Defender, which does sometimes conflict with McAfee, YES I have

McAfee that could be a clue. Its a very busy little beast.

 

When I hibernate, and wakeup, I cannot usually access my wireless network.  This started a few weeks ago, and

is intermittent.  It may be related to how many IE sessions I had open. But the purpose of leaving the sessions

open was that I wanted to retain my usage status to certain URLs and resume work there after some hours,

So closing them and/or rebooting is a Catch-22. But the error logs suggest too much memory is being used

and I suspect it is related to the overall problems I have and reported here.

 

Anyway, I has noticed that when WIN told me it could not find a wireless network to connect to or similar messages

I tried Switching User. BTW I am the Admin and the only user. Often on the new user session, I COULD access the wireless netowrk after a few tries, for IE and winMAIL to my ISP. Then I would switch back to my main (Admin) account, and Voila, it was ALSO able to find the network. Voila! A Nice workaround, right?

 

WELL< to come full circle, I cannot do that workaround any more, because of the NEW errors (widely reported

here and elsewhere) about "could not connect to the system event notification service"  "user profile errors" etc.

 

Microsoft? McAfee?  WHERE ARE YOU?  I see hundreds of reports on variations of this issue over the last

several months, and NO useful concise remedial solutions.

 

Answer 27

We are getting the message on our desktops in our labs as well as our student laptops.  After runnng Vista for 2 months in our computer labs without issue, this problem has suddenly raised its ugly head.  Our public users login as limited users and are now getting blocked from logging in.  Often a reboot will fix it for that day, but the public users don't neccessarily realize that they should try this, plus it is a real hassle  - you know how long it takes Vista to come back up, if a prof is trying to teach a classs this is a real problem.  We also have instances where despite rebooting a limited user can just not log in!  How do we get Microsoft to address this issue?

 

We are leaning towards Windows Defender or Windows Updates as the cause.

 

Help!

 

Answer 28

I  also have a computer lab with 9 new Dell Optiplex 745 running Vista Business and am getting this error message as well.  Rebooting corrected all of them but one. Need help soon!!!

 

Answer 29

Please check the Event Logs and Update History to determine when your systems last installed Windows Updates or other Microsoft Updates, and when the problems started. 

Also, if you see a bunch of Event Log entries reporting failed updates, that would also be interesting.  That happened on at least one of my systems just hours before the user discovered that she could not log on.   After a  couple of reboots, the updates installed successfully, but the user still could not log on, for another day or so  - and then one day she could, but we do not know what caused the problem, we do not whether it is fully resolved, or will resurface, we do not know why she can log again, and I'm unsure of the system's reliability.  Meantime, another user in the same remote office developed the same problem; unfortunately, I have not had the opportunity to examine his system in detail yet. 

I will be interested to see what you find.

Answer 30

I get this error EVERYTIME I reboot my machine. As long as I don't reboot, I can log in and out without any problems. It interferes with normal operation of my Outlook 2007 (hangs) and interferes with Anti-virus startup. It takes about 10+ min for the error to show, after which everything operates as normal.

I've maybe been getting this since April or so. I installed Vista in February.

I only have 2 local admin users created.

 

Answer 31

Well, I have this issue on about 300 computers in the school i work with. I regret strongly moving to a product as poor as vista at this stage! ;0 When i see someone working for microsoft calling this "a random Bug" and yet its annoying so many people, i see that the company isnt serious about this OS at all ;0 Come on Microsoft, how much are we asking of you exactly to allow a simple user to logon without CONSTANT errors.. pathetic. Fix the problem please for all of us with it out there... There is a reason that people say not to touch microsoft products until SP1... Vista is it!

Answer 32

This is not a solution but we have done the following - first we "disabled" windows defender service about three weeks ago.  The problem went away and users were able to log in until two days ago when the error began appearing again.  Today we disabled the System Event Notification Service, now our limited users can log in again.  This is only a work around.  I work at a college, these are classroom PCs.  This has been very frustrating and is disrupting our classes.

Answer 33

I did some investigation with a debugger when the problem occurred again on my computer.

And here is what I found so far:

 

1. Although Vista no longer supports Winlogon Notification Packages, there is still a similar mechanism in place used internally by Windows components (see HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components).

It is quite different though - instead of loading each component as an in-process DLL, the new mechanism uses RPC to communicate with the registered components, and each of them runs as a separate service.

What's interesting, the System Event Notification Service, which is the official replacement for now-unsupported Winlogon notification packages depends on this mechanism (see HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\Sens).

 

2. When a logon event occurs (this can be a logon, logoff, lock, unlock, etc.) Winlogon calls each of these 'components' (by binding to a predefined RPC endpoint, the endpoint name seems to be derived from the service SID of each service that is registered for the logon notifications).

There seems to be a timeout if the registered service does not respond quick enough - about a couple of minutes.

 

3. If some service fails to respond to the logon event, it may cause the logon to fail.

However, it seems that if the user is a local administrator, the logon does not fail (although it may be slow due to the timeouts).

 

4. It seems that the service which causes the most problems is the TrustedInstaller service.

This service is used to install Windows components, including Windows updates (.MSU files).

It is not used for the installation of 'normal' Windows Installer (.MSI) packages.

What I found is that sometimes, after installation of an update the TrustedInstaller service stops responding to the Winlogon notifications, causing the problem.

The Windows Defender service is not the cause of the problem.

However, when Windows Defender in enabled, most updates installed by Windows Update are the Windows Defender definition updates.

 

5. The workaround is to kill the TrustedInstaller.exe service using Task Manager (it cannot be stopped otherwise).

Of course, you should not do that while an update is being installed.

The TrustedInstaller service will be automatically restarted when needed (for example, when you use Windows Update).

Answer 34

This is exciting news!  Good work!  I always suspected that the problem was something of this sort.  Now if we can only get Microsoft to fix it...

Again, thank-you so very much for the terrific insight!

Joe Dance
University of South Carolina

Answer 35

Hey guys,

 

I recently built a PC, and installed Vista due to Vista-only games and DX10, and after installing CA Internet Security Suite 2007 (for Vista), and due to the software locking up AOL and all Vista/Internet related services (like the DHCP client, ReadyBoost, SecuROM loader, etc.) I uninstalled it.  Now I am getting that annoying System Event Notification Service stuff.  I killed the TrustedInstaller program from running, and it starts back up when I log in (admin), so I set the Affinity to neither, Proc 1 or 2.  None of my Standard accounts can loggin now (like before).  Is this all you did to get yours running? 

 

 

 

Thanks,

Matt

 

PC:

Athlon X2 4400+ (Oc'ed to 3.5GHz)

2GB OCZ Gold RAM DDR2 800MHz (forgot timings)

GeForce 8500GT 256MB (I know, sad...)

 

Answer 36

 

MattPerry,

 

Please open the Event Viewer, then select Windows Logs/Application.
Then, look carefully for events with the source 'Winlogon' and ID 6003 (these are Information events).
If you find any (and you really should), open the details of the event and post them here.

 

The details should say something like this:
   The winlogon notification subscriber <name> was unavailable to handle a critical notification event.

 

The <name> will be replaced with the name of the service that was preventing the logon from completing normally.

In my case, it was the TrustedInstaller service which has stopped responding, after installing the recent updates.
Thus, terminating the TrustedInstaller service solved the issue, and it did not reappear so far.
(note that the TrustedInstaller service will be restarted in about 2 minutes - this is normal).

 

It is possible that in your case some another service that is registered for Winlogon notifications has stopped responding.
Thus, it is important that you look in the Event Log for the name of the service.

Answer 37

Hi,

I, too, am getting the problem, but with umrdpservice as well as trustedinstaller winlogon errors.  When i try to start/stop both services via Task Manager (obviously logged in a domain admin otherwise i wouldn't be able to login thanks to the problem!) i get access denied.  How do i kill them?  And what do you think about killing this umrdpservice? Will it start again?

 

Thanks

 

Answer 38

You can restart the umrdpservice from the command prompt window (if you have UAC on, be sure to launch the command prompt as an administrator):

net stop umrdpservice

net start umrdpservice

TrustedInstaller cannot be stopped with a 'net stop' command - that's why the only way to restart it is to forcibly terminate it.

Also, it seems that different people are reporting slightly different symptoms.

As it is not only the TrustedInstaller service that seems to be affected, it is possible that there is not just one bug, or, alternatively, the problem is somewhere deeper.

Answer 39

Did you ever get any information from Microsoft?  I am having a similar problem.   This seems to be a chronic issue.  What is MS doing about it?  I am at a point that I must re-install Vista Biz -- this is unacceptable.

 

Best.

 

Answer 40

It might be a coincidence (i suspect so) but as soon as we had our KMS up to 25 clients and up and running, the problem seems (fingers crossed) to have resolved itself...weird.

 

Answer 41

FYI: I had the same problem after installing the last (2/12/08) 40 Meg of updates to Vista Ultimate 32 bit version.

I also run Zonelabs Zonealarm. I've noticed that even when I've turned Zonealarm, or McAfee for that matter, off they still affect browsing etc. Anyway, installed the updates, had the problem, logged in as Admin, did a system restore to the restore point just before the updates, all was well. Here's the kicker - -

 

Today, Zonelabs comes out with an update to make Zonealarm compatable with Vista SP1. So I install it. Then I re-install the Vista updates from 2/12 that were giving me the problem. They didn't give me the problem this time.

 

So, I have to say that the original issue wasn't due to the updates, but to Zonealarm. By the way, many people have a habit of blaming Microsoft for things, but after 20 + years in the I.T. business I have to say in all fairness that problems are usually caused by third party software not playing well with Microsoft's OS's not the other way around.

 

Try uninstalling, or updating, any firewall suites, etc. that you run, and then try the updates. Also, if possible, have an image of your hard drive just in case.

 

Hope this helps.

 

Answer 42

I have the same problem, but I uninstall my antivirus and firewall. I don't know what to do with TrustedInstaller service. I can change "Start" =dword:00000004 in HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller, but it does not help. I can delete HKLM\SYSTEM\CurrentControlSet\Services, but then I get an error in upgrade centre windows: WindowsUpdate_80070424 WindowsUpdate_dt000.

iquazee wrote:

5. The workaround is to kill the TrustedInstaller.exe service using Task Manager (it cannot be stopped otherwise). Of course, you should not do that while an update is being installed. The TrustedInstaller service will be automatically restarted when needed (for example, when you use Windows Update).

I can't kill the TrustedInstaller.exe service, because when I login it already stopped (I can see it in Task Manager->Services, but it stopped and has no ID process).
Can someone help me to resolve the problem?

Answer 43

 

I have a dual-boot setup, windows xp pro sp2 32-bit, and windows vista ultimate sp1 32-bit. Single Hard drive. Only on the vista side am I having the issue. I am a local computer only with a DSL connection, and have not once added a new user account on either OS.

 

In Vista I am not able to connect to the internet, my sidebar don't load and my AVG hardly loads at all, my system event viewer is totally unavailable and there are several other symptoms, which I can not recall.

 

In the end what has been done by most people to resolve said issue.

Answer 44

i am trying to get the aplication securerdp to work on vista working around the winlogon  notification without sucess. till know i only could rundll32 wtsfilter.dll,TSEventStartup at policie logon script (TSEventLogon doesn't work) - i want to maintain restriction filter before login credential's via terminal logon/reconnect - Can you help me on a solution to this?

Answer 45

I don't know if this is "the" fix for this issue, but it was for us.  We tried all the fixes mentioned in this forum as well as others.  I was trying to manually configure TCPIP just to get on the internet with the troubled machine as a last ditch effort and got some other errors about Winsock.  Did a "netsh winsock reset", rebooted and all the problems went away.  Somehow a messed up winsock causes all sorts of problems that would appear to be unrelated.

We had "System Event Notification Service" hung on starting and DHCP hung on starting.

 

Hope this helps someone out there.

 

Dave

Answer 46

Thanks Dave, your tip really saved my day.

I ran "netsh winsock reset' did a reboot and all errors were gone!

 

Robert

 

Answer 47

In my case, I observed that a "Microsoft ISATAP Adapter" appeared under the system's Device Manager's Network Adapter category.  It came with an exclamation mark next to the adapter.

I removed it, perform "netsh winsock reset" and reboot my system.  The problem went away for good!

Jacob

Answer 48

Additional note for Vista: 

 

I had to use the "Run As Administrator" trick for NETSH to work.  (Just like the Mac ad said I would...)

 

Login to Vista as Administrator

Start (or the circular window thingy)

Programs

Accessories

right click on Command Prompt, and choose "Run As Administrator"

confirm with "Continue"

 

c:\NETSH  opens NETSH prompt, then...

netsh>winsock reset

 

It will tell you to reboot, and it's not kidding.

 

Answer 49

Iquazee,

I too had the following similar event (recurring repeatedly):

Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          12/27/2008 12:43:05
Event ID:      6000
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      ns1.dawkco.com
Description:
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.

Thanks to your posting, I found a SessionEnv registry key under:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components

I was then able to determine (eventually) that SessionEnv is the key name of the Terminal Services Configuration service:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SessionEnv

(Also see:  C:\Windows\System32\SessEnv.dll)

In my case, the Terminal Services Configuration service was Stopped and set for Manual (Demand) Startup Type.  I set it to Automatic startup and started it.

Although I was not experiencing any of the horrible problems described by so many other people in this thread, I will be glad to be rid of this nuisance log event.

Thanks,

Dave

BTW, I'm running:
Dell 4600, P4 2.8GHz
4 GB RAM
Seagate 500 GB Hard Disc
VisionTek ATI Radeon X1050 AGP 8X 256MB graphics
Windows Server 2008 SP1 (Standard).

Answer 50

Some added info for Vista Premium users. . . I found netsh in the C:\windows\system32 directory then typed winsock reset , then was prompted to initiate a re-boot.  However this has not corrected the System event Notification Service problem.  Those of you not familiar with 'dos', typing the command
cd c:\windows\system32 at the command prompt, will get you to the correct directory to type the winsock reset command.

Answer 51

I have got
the same problem. I am looking for a resolution through the network, not successful yet.
Please inform me if you found any way helpful.

Answer 52

Did you ever find a solution to this error?  I'm experiencing the same issue on my laptop.

Answer 53

I opened a command prompt (run as administrator by right clicking it) and typed " netsh winsock reset " and then rebooted...then everything was fine

Answer 54

Is MSFT a really a victim to unfair criticism? Certainly, it happens to everyone. But MSFT is not a victim and they, as the manufacturers of this product have a responsibility to produce a product that is functional AND provide product service for it's problems. It's called "Responsibility". How many of us are using Zonelabs? I doubt many. My software is, per Windows Vista's and MSFT’s compatibility check services, all up to date with any and all needed patches, updates, etc. It runs worse now than it did before. I had this problem as soon as I got my computer. Look at the huge numbers of Vista users who are having these same problems. Logic tells us something is amiss with Vista. Those things happen. What is really unsettling quietness from our friends at MSFT is very unsettling.

 

One cannot simply dismiss this and say, “It’s third party software problems, that’s not MSFT’s fault.” Even if that were true, they changed their OS to the point where most major software companies have had to spend a lot of time and capital to get their software to work with this OS at no benefit to them, and to us, we can’t even log into our user profiles.

Vista is the problem and they should do the right thing and take responsibility for this and other Vista problems AND take care of their customers. Their arrogance is deafening. Some companies when they pretty much have a monopoly still are customer oriented. MSFT has not, and is not. Remember Millennium? Thank heaven I stuck with '98 until XP came out. I would still be with XP but had no choice when I purchased my computer.

I, like many others, am seriously considering a switch to MAC, it has always been the issue of all that I have invested in Windows software (but solutions are growing for that!). MAC’s do not have these kind of problems. They are much safer from viruses, spyware, etc. Think about Vista’s basic functions. We are all talking about being able to login to our user profiles. It doesn’t get more basic than that. This most basic of functions in the op. system doesn’t work and Redmond has no response and we are all out here fishing around, hoping and praying we can find an answer so we can use our computers. Unbelievable you would have to admit. Another basic function, is running the system as an Administrator. How ridiculous is it that as an Administrator you have to give yourself permission twice to do a function as an Administrator. I am going to tell myself yes the first time, and then ask myself and my other half is going to say “No, you can’t do that!” What in the world were they thinking? Or were they? I know it sounds like I'm dumping a lot here, but I am simply asking us all to use our grey matter and “think” how amazingly unfair and I believe illegal it is for MSFT to put out a faulty product and not support it! Again, we are talking about the most basic function of the system and we get no help from MSFT unless we pony up the big $$$. MSFT is not being unfairly blamed. We are being unfairly put in a position of wasting precious time and resources. After 119 user login failures from 07/08 to the present and all the hours lost researching this and the hours lost not being able to access my data from my user profile this is a very serious matter they MSFT is not taking seriously and that is really criminal. (Data is from the Administrative Events log.)

Sorry MSFT fans. I've always been one but with the opening of the baseball season it’s really temping to donate my computer (or the Vista software) to be used for the first pitch!

Answer 55

For CaseyB412 I've been seeing this error off and on for months, ever since first installing Vista Enterprise Edition RTM.  Since we have many other things to do, it's been ignored because a reboot typically fixed it, but I can see it becoming a big-time problem.  Microsoft needs a KB article about this -- it's just unacceptable to run into a problem where a user cannot login to the system.  I read one case online where someone bought Vista, installed it, and created a limited user account -- and then couldn't log in.  Unacceptable.  I'm going to open a ticket and see where it goes.

For CaseyB412 How do we send in our complaints/problems like this to MSFT so they know it is still a problem? Have you heard anything back? Have you discovered THE solution?I've had this problem ever since I bought a new computer with vista. I even did a reinstall (a big pain) and that did not help. Since 07/08 this has happened to us 119 times! You can see my post I made today seeking help at:
http://social.technet.microsoft.com/Forums/en-US/itprovistaapps/thread/47b5cb3e-5719-4c67-b02c-2b3c16a9c16a">http://social.technet.microsoft.com/Forums/en-US/itprovistaapps/thread/47b5cb3e-5719-4c67-b02c-2b3c16a9c16a</a><br/><br/>

Thanks for any help you can give. I've seen a wide range of different answers and looking around but the problems vary with User Profiles. It looks like you (and the rest here) are dealing with the same thing. Overall, it seems like vista has a big problem with something so basic as user logins and they provide so little help it's absolutely amazing (one way to put it). Thanks!

Tom

Answer 56

Thanks for the suggestion.

"Netsh winsock reset" fixed my problem also.

Answer 57

I get the same warning "could not connect to the system event notification service"
Internet did not run and avg did not for full.
The Vista firewall dont start.
The update was wrong.
dhps was 'starting' but not starts.
I cold not read event logs.

I did a system recover to i day its functioned before.
And voila I can now go Internet again and i think every thing else is allright.

Answer 58

Dear All, I have the same problem. And running netsh >> winsock reset solve the problem instantly.

Thanks guys.

Answer 59

I was having the problem on a Windows XP Home, HP Mini (Netbook). I believe this issue was caused by malware. I'm unaware of the duration of this problem, but after scanning with malwarebytes and removing the dreadful: "iealsysguard" malware this problem occured.

Running netsh winsock reset in the command prompt seemed to do the trick, thank you.

Answer 60

Dear all
Running netsh winsock reset in the command prompt  did help solve the problem as it writes to the registery files.
Read this article
http://www.techmalaya.com/2009/01/26/fix-could-not-connect-to-the-system-event-notification-service-error-windows-vista/