The User Profile Service failed the logon. User profile cannot be loaded.

Situation: The user can’t login his Windows 7 computer with this message: The User Profile Service failed the logon. User profile cannot be loaded.

Troubleshooting: 1. Restart the computer and then try it.

2. Fix the user account profile

  1. Click Start, type regedit in the Search box, and then press ENTER.

2) In Registry Editor, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

3) In the navigation pane, locate the folder that begins with S-1-5 (SID key) followed by a long number.

4) Click each S-1-5 folder, locate the ProfileImagePath entry in the details pane, and then double-click to make sure that this is the user account profile that has the error. Click each S-1-5 folder, locate the ProfileImagePath entry in the details pane, and then double-click to make sure that this is the user account profile that has the error. •If you have two folders starting with S-1-5 followed by some long numbers and one of them ended with .bak, you have to rename the .bak folder. To do this, follow these steps: a) Right-click the folder without .bak, and then click Rename. Type .ba, and then press ENTER. Right-click the folder without .bak, and then click Rename. Type .ba, and then press ENTER.   b) Right-click the folder that is named .bak, and then click Rename. Remove .bak at the end of the folder name, and then press ENTER. Right-click the folder that is named .bak, and then click Rename. Remove .bak at the end of the folder name, and then press ENTER.   c) Right-click the folder that is named .ba, and then click Rename. Change the .ba to .bak at the end of the folder name, and then press ENTER. Right-click the folder that is named .ba, and then click Rename. Change the .ba to .bak at the end of the folder name, and then press ENTER. •If you have only one folder starting with S-1-5 that is followed by long numbers and ends with .bak. Right-click the folder, and then click Rename. Remove .bak at the end of the folder name, and then press ENTER.

5) Click the folder without .bak in the details pane, double-click RefCount, type 0, and then click OK. Click the folder without .bak in the details pane, double-click RefCount, type 0, and then click OK.

6) Click the folder without .bak, in the details pane, double-click State, type 0, and then click OK. Click the folder without .bak, in the details pane, double-click State, type 0, and then click OK.

7) Close Registry Editor.

8) Restart the computer.

9) Log on again with your account.

3. Create a new account and copy the data from the old account to the new account.

4. Delete the profile by using the Computer Properties dialog box. To do this, follow these steps: 1)Click Start, right-click Computer, and then click Properties.

2) Click Change settings. Click Change settings.

3) In the System Properties dialog box, click the Advanced tab. In the System Properties dialog box, click the Advanced tab.

4)In the User Profiles area, click Settings.

5) In the User Profiles dialog box, select the profile that you want to delete, click Delete, and then click OK.

6)Click Start, type regedit in the Search box, and then press ENTER. 

7) Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

8) Right-click the SID that you want to remove, and then click Delete. 

9) Log on to the computer and create a new profile.

Please view the step by step video:

iOS Accounts needs permission to access resources

Situation: When setup iPhone to use Office 365 email with MFA enabled, you may receive this message:

iOS Accounts

You can’t access this application

iOS Accounts needs permission to access resources in your organization that only and admin can grant. Please ask an admin to grant permission to this app before you can use it.

Resolutions: 1. The best way to access Microsoft Office 365 email is using Outlook app. You can download it from Apple store.

2. If you want to use both business email and personal email in the Apple mail app, you may download Microsoft Authentication app.

3. Or set it up using Configure manually option. You will see this option after you enter domain account password. You have two options: Login admin or configure manually. When using Configure Manually, you enter all information manually including server: outlook.office365.com.

4. Enable user access to Enterprise apps. From your Office 365 Admin portal, go to Admin Centers > Azure AD > Users and Groups > User Settings then make sure “Users can consent to apps accessing company data on their behalf” is enabled. And

5. admin_consent

You will then be redirected to an Microsoft login page where the user should enter a password. On the bottom from that page you have the option to send the URL to a user. Instruct the user to send that URL to one Office 365 administrator. The URL should look like the following:

3g.) Once you get the URL, open a browser (and login into the Office Admin Center with an global admin account). Now you need to modify the URL you got.

3h.) Change the section “prompt=login” to “prompt=admin_consent”

3i.) remove the “login_hint=blocks@contoso.onmicrosoft.com&” section

3j.) now copy the modified URL and past it into the browser you have open

3k.) You will now be prompted to accept that.

3l.) Once done the browser try to redirect you to the iOS device, however on your PC this will fail, but the needed action is performed.

6. Users or groups may be assigned access to the Read&Write application

•Navigate to Azure Admin Settings -> Azure Active Directory -> Enterprise Applications -> All Applications -> Read&Write.

•Select Users and Groups -> Add User/Group.

7. A Global Administrator must give consent on behalf of users

  • Using an administrator account, use this consent link to sign-in to Office 365. 
  • You will be prompted to consent for the read permissions that the Read&Write application needs
  • After consenting, you’ll be directed to the Read&Write login page https://www.login.texthelp.com. Please allow a short period of time for the Read&Write Application to be added to your catalog.

After completing these steps, non-admin users should be able to access Read&Write for Windows!

WSUS client has a problem to install Windows update

Situation: 1. A WSUS server within your network may have been decommissioned.

2. A WSUS client has a problem to sync with the WSUS Server.

3. WSUS has a problem to push updates to a WSUS client.

Resolution: Remove the registry entries on WSUS client and reset the Windows Update to defaults. Please refer to this how to:

How to remove a computer from WSUS

SEP: [APPLICATION] has changed since the last time you used it

Situation: The client has SEP in his Windows 10 machine. He keep receive this essage:

[APPLICATION] has changed since the last time you used it

Troubleshooting: upgrade SEP latest version may fix the problem.

or Work around:

1. Open SEP client GUI
2. Choose [Change Settings] 
3. Click [Configure Settings] for Network and Host Exploit Mitigation.
4. In [Firewall] tab, enable [Enable network application monitoring] once then push OK.
5. Click [Configure Settings] for Network and Host Exploit Mitigation again.
6. disable [Enable network application monitoring] then push OK.
7. Close SEP client GUI.

Can’t print when using WiFi

Situation: The client has two WiFi networks in his home. Randomly, he has a problem to print.

Cause: The two WiFi routers make two different networks. When the computers and printers are in the different network, he can’t print.

Resolution:

The resolution is keep only one wifi network and we may have these options.

  1. Get rid of D-link router and use ARRIS only
  2. Get rid of ARRIS and use D-link only.
  3. Combine ARRIS and D-link into one WiFi.
  4. Or setup the WiFi using different passwords so that printer always connects to one wifi.

Symantec Endpoint Protection block accessing network

Situation: the cline has Windows 10 computer with SEP. He can’t access the network shared drives. If he uninstalls the SEP, he can access those network drives.

Cause: The SEP firewall may block network traffic that the network application requires to function properly

Resolution: 1. re-configure SEP firewall.

2. Disable the SEP firewall.

3. Create allow rule on SEP.