Is your Windows 2000 slow to shutdown and seems to hang for a really long time before is restarts? I had noticed on several machines that after i installed the routine windows security updates, it took forever for my machine to shutdown when i was running as a user with administrator privileges. It would hang for several minutes on the "Saving your settings..." dialog box.
Update: (see comments below)Windows Service Pack 4 has been released and fixes this problem. It is strongly recommended that you install the service pack rather than using this old hack.
Time for some testing. I wiped a hardrive on a laptop and reinstalled windows 2000. Everything was fine. Then one by one i installed the critical updates and tested them out. As soon as i installed the 329170: Security Update (Windows 2000) update, that's when the problem of long startup and shutdown times returned. Once i uninstalled this update, everything was working fine again. I downloaded and installed all the other updates.
To determine if you have the same problem as i did, do the following:
- On the taskbar at the bottom of your screen, click Start.
- Point to Settings, and then click Control Panel > Administrative Tools > Event Viewer.
- Click on Application Log.
Look for an Error whose Source column is Userenv and Event column is 1000 - If you see this row, double-click on it to display the following dialog box:
How to Uninstall the Q329170 Hotfix
- Click Start, point to Settings, and then click Control Panel.
- Double-click Add/Remove Programs.
- Select
Remove Windows 2000 Hotfix (Pre-SP4) Q329170. - Click Change/Remove to uninstall.
But Don't I Need this Update?
If your Windows 2000 or Windows XP systems are configured to use SMB Signing, (which is disabled by default) then you should keep this patch until Microsoft releases a fix for this bug. More details can be found at microsoft's web site
offline files
After reading the info. on the hotfix, it occurred to me to do some digging about SMB, where it's used, and find out if we can remove some of the causes the environment I'm supporting.
OFFLINE FILES. If you can - disable that. In my case, it had the same benefit as removing the hotfix. (In Win2K - that option is configurable in the "Folder options")
host files
If you still have problems, one thing I've done to speed up access to servers and whatnot is to add the server to the host file. In Win2K it's in "C:\WINNT\system32\drivers\etc". Modify it by adding serverIP ServerName. This has sped up shutdown on several machines for non-admins. Particulary across WANs.
# For example:
#
#102.54.94.97 rhino.acme.com
127.0.0.1 localhost
10.1.1.10 SERVER1
vnc service
I had the same problem and uninstalled the hotfix and it did nothing. I finally figured out it was a VNC service I was running, once I set the service to Manual I had no more problem.
net stop spooler
Running the command "net stop spooler" worked for me. No slow down on saving your settings. What am I missing by stopping net spooler?
Stopping the Spooler
If you stop the spooler service you and any user on that server will NOT be able to print.
Zippo
user profile
Uninstalling the hotfix didn't work for me either, but this did:
Start > Run > gpedit.msc
Local Computer Policy,
Computer Configuration
Administrative Templates
System
Logon
You'll see "Maximum retries to unload and update user profile." Enable this, and change the number to 5. This is how many seconds you want it to spend trying to do this.
I used 2 - I figure if it can't get it right the 2nd attempt, it's probably going to result in the Event 1000 anyway, so why wait?
I'd recommend putting more thought into this if you actually *are* using roaming profiles.
About the "unload.." solution !
BRAVO ! :)
streaky
Gahh, never do this - it only hides a problem you have..
gpedit.msc
Editing the policy in gpedit.msc and removing the hotfix, both helped for me. Shutting down in 12 seconds now.
Steps for doing both:
close out everything, save your work.. machine will have to reboot at end.
click start
click run
type in ---> gpedit.msc
click ok
(click plus) expand computer configuration folder
(click plus) expland administrative templates folder
(click plus) expand System folder
click Login folder
Then on right side.. right-click
"Maximum retries to unload and update user profile" -- towards bottom of list
choose properties
click Enabled
for max retries specify 5
click apply
click ok
close group policy window
click start -> settings -> control panel
click add/remove programs
REMOVE Q329170 pre-sp4 Hotfix
when you select remove.. during the process, it will warn you saying that a whole bunch of programs on your system may end up not working after it's removed... ignore. click yes to proceed.
this will force machine to reboot.
done.
Can not remove Q329170 hotfix
I got the Windows cannot unload User Registry file error in my Event Viewer, but I could not uninstall Q329170 hotfix. When I went to my control panel, add/remove programs, I couldn't find this pre-sp4 security patch. Is there another way to remove it?
Thanks for your help,
Jean
same evend id as shown above
Already running SP4 and enabled local group policy "Only allow local user profiles". But the system still downloads roaming user profiles. W2K server in NT4 domain. Enabled the gp "maximum retries.." and set to 0 as a workaround. Any ideas what will actually fix it?
Thanks,
Andy
A BIG THANKS!!!!
I have been putting up with this problem for a few months now since installing Win2000, and couldn't find an answer to the problem from the M/S "knowledge base".
After finding this page last night and following your instructions to the letter, I'm pleased to report that my computer shuts down in about 3 seconds rather than the 3 minutes it required before!
A couple of weeks ago I had a bunch of software to install and uninstall each of which required restarting the computer at least once. I nearly went beserk waiting for all of the interminable shut downs!!!!!
Thanks so much for sharing this information!
you rock
You rock!!! I was making an image for my company and the PC would just hang during the shutdown process.... "Saving your settings..." That was almost too much to bear...then I found your site and heaven opened its gates.....
Thanks again!!!
realvnc
I found to fix the problem required to uninstall VNC server service. Stopping the service made the problem disappear instantly. Uninstalling TightVNC and using RealVNC instead fixed the problem. Worked on both SP3 and SP4.
Using RealVNC vs. TightVNC
Which version of VNC were you using. The older version of TightVNC had this problem (1.28), but has been fixed as of 1.29.
Frank
local user profiles
Fixing the Windows 2000 "Slow Shutdown" problem
===============================================
1. Start -> Run -> gpedit.msc
2. Computer -> Administrative Templates -> System -> Logon
3. Only allow local user profiles -> Enabled
yeah!
this was the correct solution for this problem on my win2k prof. machine. thanks a lot!
terminal server
Using roaming profiles in a Terminal Server environment, you will sometimes get this problem also. You can choose to manually unload a registry hive if it didn't unload properly. Obviously if you have a terminal server with 30 users on it and you can't reboot the TS, then this is your best option.
Go to command line and type 'getsid \\servername username \\servername username'
this compares the sids of 2 users or the sid of 1 user on 2 domain controllers.
You then use regedt32 and go to HKEY_USERS and look for the SID in question. Generally, it is easy to spot because there is an orphaned class. ie: there are usually 2 entries for each user.
S-1-5-21-1708537768-1383384898-842925246-13178
S-1-5-21-1708537768-1383384898-842925246-13178_Classes
When the hive didn't unload properly, you will see only the second entry. Click on that entry. Now go to the 'Registry'->'Unload Hive' and it fixes your problem. No need to reboot to get the hive onloaded.
freeware app
I have written a freeware service that handles properly (roaming profile reconcile, etc) this problem regarless of which of the dozens of reason (e.g. Microsoft patches, Symantec AV, etc) that cause this for you. This is especially true because many people are affected my multiple problem at the same time. Fixing all but one means the problem does not go away. Worse you can't tell if you are making progress.
The service deals with userenv/1000 where the message indicates that the profile is not unloading and the error is "Access is denied". To accomplish this the service monitors for logged off users that still have hives loaded. When that happens the service determines which applications have handles opened to the hives and releases them. After this the system finishes unloading the profile.
If you are interested contact me at arobincaron@hotmail.com for more details.
thanks robin
A big thanks to Robin who posted below, on Sept 24. Her little app is a nice work around and also helps pin-point the actual cause of your** issue. ** An important note that should be repeated again and again, there are multiple causes to this issue. Robin's app will help narrow down the cause your particular USERENV issue.
Another helpfull tool for me was the userenv.log
http://support.microsoft.com/default.aspx?kbid=221833
For me, the spoolsv.exe was keeping a handle open on the registry. This only occurred for workstations that have a local printer, not workstations that used network printers. If the user printed to the local printer, the USERENV error occurred, if not they could logout without delay. The issue only started after installing the following MS updates 823980, 822925, 819696, 823559, 330994, 816093, 329077.
A post just above notes 823980 and as their culprit. I'll need to check if that works for me as well.
profiles
Are you having other kind of issues at the same time. For example NTFS permissions on profiles modified. We are having some problems with profiles and seems to be related with your issue. In some computers there are profiles that get different NTFS permissions (and not all the profiles in one computer). The group users is added to the NTFS permissions.
Printer Driver
Hello all. This thing was driving me crazy too. It occurred when shutting down after printing to my Epson printer (an oldie Sylus 440,parellel port). Stopping the spooler prior to shutting down prevented the long pause at "Saving your settings". Finally I uninstalled the print driver supplied by Epson and allowed Win 2k to install it's Microsoft driver for my printer and all's well! What a relief!
Finding UPHClean / Robin Caron
Hi,
I'm the latest in the seemingly long line of victims of this glitch (or these glitches).
I sent a message to arobincaron@hotmail.com and it bounced. Maybe she got sick of all the mail.
So is there a way to find UPHClean and / or Robin? Perhaps there's new news on this issue that I've yet to uncover?
Thanks.
Randall Schulz
UPHClean is now a web download from microsoft.com
You can now download UPHClean right from microsoft.com. The URL is:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
No need to email to get a copy.
Found this page in a google s
Found this page in a google search after having the same problem with shutdown, but I don't have Windows 2000 Hotfix Q329170 installed.
Setting the timeout in group policies and installing UPHClean fixed it though.
Thanks.
Trouble shutting down
Hello everyone after reading some of the comments posted here, i thought maybe someone has been through the same problem as me...
Im using windows Xp home edition and whenever I want to shutdown I get this message:
Critikal error. cannot unload this service.
and then it would start the end program pop-up window:
ending program: Konoha the return...
in this exact spelling, if there is someone how has experienced this problem
pls share it with us.
Konohax - konoha the return
I got the same problem as you too, but luckily i got it under control. I hope, cause I have no idea where Konoha the Return originally comes from.
The main problem with Konohax is they copies themselves as folders titles program icons and attaches themselves to every other devices that got connected to the original infected system. In short, its a chained self-attaching-duplicating program that will eats away your RAM (a lot). Not to mention small unclickable dots will appear at your desktop.This system error will trouble network users as they are connected to each other so the best way to remove these is to quarantine all infected system from any connection in safe mode and deleteing all available Konoha programs (ALL OF THEM, IF EVEN ONE GET'S LEFT BEHIND, IT WILL SELF-COPY THEMSELVES AGAIN)
well, too much experience talk. Lets just get to work on killing the so-called-immortal Konoha so it wont return to your system again without reformatting your system.
~~~~STEPS~~~~
1.Quarantine the infected system (networks, wireless, bluetooth disable them all for now)
2.Open C:\WINDOWS\system32\"computer name"
example: pc name = Pluto
open C:\WINDOWS\system32\Pluto
there should be grey icon adressing itself as System.exe with a grey Konoha caption underneath, delete that annoying thing. FIY, all Konohax icon will preview as a grey Windows icon. (If you dont run Windows in safe mode you'll have to disable those Konoha programs from running with Windows Task manager, if you know exactly what files are causing the problem then I say Horray!You're smart!)
*For users who didn't use much of the plug and play option then you're quite done here.
*We're not quite done yet, now prepare to do the most important task of all.
3.Surely you got plug and play devices right? Memory cards, usb traveller disk etc. Well, these devices, is the most potential carrier for Konohax. They copy, store and duplicates to another device they got connected to.
The solution:
(a)For people who think their files in those folders are important. (Be patient as you do this...)
- delete all existing Konohax icons from f:\folders\subfolders\subfolders\etc., be sure to double check all folders and subfolders throughly, that Grey Windows icon should not be anywhere in the device (even though there are suppossed to be only 1 Konohax on every level, you will never be too sure right?)
- done? I hope you did check them again, any leftovers wil just duplicates and you'll have to them again.
- Now copy those files to an uninfected system\devices because we need to reformat this device.
- Reformat that device by right-clicking and clicking format
(b)For people who think their files in those folders are unimportant or just lazy to do the advanced step. Geez, what are you waiting for? Just reformat those devices, those Konohax won't came back after a disk refomat's.
4.Empty Recycle Bin (use anti-virus programs to shred those files so they wont reappear)
CONGRAGULATIONS! NOW YOU'RE FREE FROM KONOHA GRASP!
Tips:
1.Make sure every new hardware connected to your system doesn't have Konoha in them. Or Konohax will come back, and you'll have to do all of the above steps again.
Faster Windows Shutdown
Here a nice fix that i want to share with you.
open regedit
Go to the first icon (my computer or something else...)
do CTRL + F (search)
search for: waittokill
You'll find all items with waittokillapp time and waittokillservice time.
You can set these ones to: 3000
You will see that you're server will go faster down, because you give the server less time to shutdown the applications and services.
Mostely the server is waiting and is doing nothing.
You can fix that with 3000 in stead of 6000 - 600000 (exchange)
This works for EVERY windows machine (2000/xp/2003/sbs and the rest ;) )
good luck!
Greetings
stubborn virus
hello everyone,
I have this unbelievably stubborn virus which i can't remove. I have tried running AVG anti virus which didn't work also Kaspersky internet security but it's still there. Could anyone who knows this or experienced it give me some advise pleeeease......
Modify it by adding
Modify it by adding serverIP ServerName. This has sped up shutdown on several machines for non-admins. Particulary across WANs.
# For example:
#
#102.54.94.97 rhino.acme.com
127.0.0.1 localhost
10.1.1.10 SERVER1
regards,
Verstärker