This question has been asked before, but so far I can't find an answer.
In a Remote Desktop environment with 4 servers (2008 R2) with a Session host and a NLB cluster, one of these servers is experiencing the problem that when a user logs off, not always the roaming profile is completely removed.
The folder path that stays is C:\Users\[user]\AppData\Roaming\Microsoft\SystemCertificates\My
When this happens, event 1533 is logged:
"Windows cannot delete the profile directory C:\Users\[user]. This error may be caused by files in this directory being used by another program.
DETAIL - The directory is not empty."
Using 'Handle.exe' I found that the holding process is 'Print Spooler'. When this service is restarted, the folder can be deleted.
An event that might have a direct relation to this is 1530 during logon:
"Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\[user SID]:
Process 11324 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\[user SID]\Software\Microsoft\SystemCertificates\SmartCardRoot"
Currently several GPO's settings are in effect:
Computer Configuration/Administrative Templates/System/User Profiles "Delete cached copies of roaming profiles" = Enabled
Computer Configuration/Administrative Templates/System/User Profiles "Do not detect slow network connections" = Enabled
Computer Configuration/Administrative Templates/System/Group Policy "Allow asynchronous user Group Policy processing when logging on through Terminal Services" = Enabled
Computer Configuration/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Profiles "Set path for Remote Desktop Services Roaming User Profile" = Enabled and specified
These servers are virtual on 2 ESXi hosts, I know of the problem with the Shared Folders feature in the VMWare Tools, this software is installed in Typical mode as instructed.
All servers have the same set of printer drivers installed: HP universal v5.3, Kyocera universal 5.3.1025 and Kyocera Classic universal 2.42.909.0, all in Shared Isolation mode.
Does anyone have any further ideas?
