Win2K Problem Switching Users

[Dave-H]

Sorry if this has been covered before, but I can't find anything directly relevant to the problem I'm having.

I am using Windows 2000 SP4, and have until recently been using it for a long time with just a single user profile.

Recently I decided to keep an unused profile as a sort of backup which I could use for testing and diagnostic purposes.

I now have a profile called "Admin" (the test profile) and a profile called "Dave" (my normal profile).

They are both members of the Administrators' Group.

The Admin profile was originally a straight copy of the Dave profile, but has now become slightly different of course.

There is no software or hardware that is installed on one profile and not the other.

My problem happens if I try to switch profiles more than once.

If I log on to either at startup, all is fine.

If I log off and log on again to the same profile, all is fine.

If I log off and log on to the other profile, all is fine.

However, if I then try to log off, or restart, the desktop disappears, but insted of giving me back the logon screen, I just get left with a blank desktop with the mouse cursor, and that's it!

No matter how long I leave it it never goes any further, and I have to do a forced hardware reboot.

This often results in a forced disk check, but is otherwise then OK.

Basically, the problem is that I can only log off and on again once.

If I try to log off a second time, the system hangs.

Anyone come across this one?

I do have a lot of what I perceived to be un-necessary services disabled.

Have I disabled one too many?

Edited April 1, 2009 by Dave-H

[GrofLuigi]

Tried pressing Ctrl-Alt-Del?

GL

[cluberti]

Do you have uphclean installed on that box? If not, you should install it as it's a wonderful troubleshooting tool (logs errors to the event logs).

[Dave-H]

Thanks guys.

When the system "logs off" to a blank desktop, the keyboard is still "live" but no keystrokes actually do anything, including CTRL>Alt>Delete. All I can do is press the reset button on the crate.

I do have UPHClean installed, as without it the system would take ages to shutdown anyway (hangs for several minutes on "Saving Your Settings"). That's been the case for a long time.

In fact the problem started quite some years ago after I installed one of Microsoft's "Critical Updates".

When I queried it with them, installing UPHClean was their answer!

I remember thinking at the time that actually fixing the problem might have been a better idea than just installing something to hide it..............

Anyway, I will try disabling the UPHClean service just in case it's causing the logoff problem.

It is still puzzling me as to why I can log off and on again once, but not twice!

Cheers, Dave.

[cluberti]

Well, you can always try to take a complete memory dump of the system.

[Dave-H]

Well, you can always try to take a complete memory dump of the system.

Thanks cluberti.

I've looked at the article, and I can certainly give it a try.

I assume that I need to do the "Memory Dump of the Entire System" option.

The others seem to rely on knowing what's actually crashing or hanging, and I don't know that of course!

Just a couple of clarifications.

How important is it to move my paging file to the same drive where the OS is installed?

I have Windows 2000 installed on drive D: (dual boot with Windows 98SE on C:).

Drive D: is only a 4GB partition, and although it only has the "WINNT" folder on it (the "Program Files" and "Documents and Settings" folders have been moved elsewhere) there is only about 1GB free.

This is nowhere near enough for a paging file of the recommended size (I have 4GB of RAM fitted).

The paging file is at the moment a 4GB file (the largest possible as I'm using FAT32) on another drive (E:).

Also, the "Complete Memory Dump" option isn't there in my System Properties' "Startup and Recovery" options.

All I have is "Small Memory Dump" and "Kernel Memory Dump".

I looked at the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" registry key, and the "CrashDumpEnabled" option was present, but set to 0.

I have set it to 1 and rebooted, but the "Complete Memory Dump" option hasn't appeared.

Thirdly, I see that you have to press a key combination to instigate the memory dump.

Is it not very likely that once the system has hung, this won't actually do anything?

Sorry to ask so many questions!

BTW, I have tried disabling UPHClean, and it made no difference to the problem.

Just in case it's relevant, the processes that it's having to forcibly unload are "svchost.exe" and "MsMpEng.exe".

The latter is part of Windows Defender.

[cluberti]

How important is it to move my paging file to the same drive where the OS is installed?

I have Windows 2000 installed on drive D: (dual boot with Windows 98SE on C:).

Drive D: is only a 4GB partition, and although it only has the "WINNT" folder on it (the "Program Files" and "Documents and Settings" folders have been moved elsewhere) there is only about 1GB free.

This is nowhere near enough for a paging file of the recommended size (I have 4GB of RAM fitted).

The paging file is at the moment a 4GB file (the largest possible as I'm using FAT32) on another drive (E:).

It is *utterly* important. When the box is crashed, the only volume Windows still has access to is the partition holding the WINNT folder. So if the paging file isn't on that partition, you will not get a .dmp file. The mistake you made is the mistake I see almost everyone make - a paging file with 4GB of RAM really isn't entirely necessary until you have problems, and at which point you'll be in trouble if you didn't size your volume/partitions appropriately to hold a paging file on the Windows volume/partition in the case of an emergency or a need for a crash dump.

Also, the "Complete Memory Dump" option isn't there in my System Properties' "Startup and Recovery" options.

All I have is "Small Memory Dump" and "Kernel Memory Dump".

I looked at the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" registry key, and the "CrashDumpEnabled" option was present, but set to 0.

I have set it to 1 and rebooted, but the "Complete Memory Dump" option hasn't appeared.

Anything more than 3GB of RAM in a machine and it will not appear, this is normal. Set the value to 1 and reboot, and it will be set even though it won't show in the GUI.

Thirdly, I see that you have to press a key combination to instigate the memory dump.

Is it not very likely that once the system has hung, this won't actually do anything?

If your machine is still servicing interrupts, pressing down and holding the right CTRL key while tapping the scroll lock key twice causes an interrupt down the PS/2 keyboard, which in turn the kernel will trap and dump the box. That's why a PS/2 keyboard is necessary (USB devices don't cause interrupts like this).

[Dave-H]

It is *utterly* important. When the box is crashed, the only volume Windows still has access to is the partition holding the WINNT folder. So if the paging file isn't on that partition, you will not get a .dmp file. The mistake you made is the mistake I see almost everyone make - a paging file with 4GB of RAM really isn't entirely necessary until you have problems, and at which point you'll be in trouble if you didn't size your volume/partitions appropriately to hold a paging file on the Windows volume/partition in the case of an emergency or a need for a crash dump.

OK, thanks and understood.

I don't want to get into resizing my disk partitions just to do a test, but I'll make as big a page file as I can on drive D: and see it that works OK. Does it have to be the only page file, or can it still be split over more than one drive, as the system allows? I could leave my 4GB swap file on E: as it is, and just make an extra 512MB file perhaps on D:, which there is space for.

Anything more than 3GB of RAM in a machine and it will not appear, this is normal. Set the value to 1 and reboot, and it will be set even though it won't show in the GUI.

Thanks, that explains it!

If your machine is still servicing interrupts, pressing down and holding the right CTRL key while tapping the scroll lock key twice causes an interrupt down the PS/2 keyboard, which in turn the kernel will trap and dump the box. That's why a PS/2 keyboard is necessary (USB devices don't cause interrupts like this).

That's good. My mouse is USB, but my keyboard is PS/2.

[cluberti]

I don't want to get into resizing my disk partitions just to do a test, but I'll make as big a page file as I can on drive D: and see it that works OK. Does it have to be the only page file, or can it still be split over more than one drive, as the system allows? I could leave my 4GB swap file on E: as it is, and just make an extra 512MB file perhaps on D:, which there is space for.

I guess I didn't make myself clear - a complete memory dump is going to dump the *complete* contents of memory to disk. Meaning, if you have 3GB of your 4GB of RAM committed in any way, the resulting .dmp file will be 3GB (and you'll need 3GB + ~64K of pagefile to hold it), and it has to be on the partition with the \WINNT folder. Otherwise, the paging file will be corrupt.

You could also use a null-modem cable connected to a serial port attached to another machine running windbg, and .dump it over the serial port. That would probably only take about 3 or 4 days to complete .

[Dave-H]

Ah, understood!

I don't think that much more than a quarter of my memory is in use if I don't have anything extra running, that's if the Task Manager can be believed, but that is still too much to fit on my drive D: as it is at the moment.

It's something I will have to consider the implications of for the future, but I think for the moment I'll look around for other causes without having to do a diagnostic memory dump.

Thanks for all the suggestions and information anyway.

Incidentally, I just checked my registry settings again, and "CrashDumpEnabled" has set itself back to 0 again!

I didn't do that, and I'm sure that I left it set at 1.

Would that have been because the system is clever enough to know that it couldn't implement the dump because there isn't enough disk space available? I'd be very impressed if that was the case!

Edited April 3, 2009 by Dave-H