Yep, been there done that MANY times.
But it's version-specific, and I should have pointed that out. YOu need to
be at 3.1.0.7 or above.
When you log on, the contents of NTUSER.DAT (which I call your PROFILE) are
loaded into the HKEY_CURRENT_USER registry key. So TSM backs that up as
part of registry backup. That's why you can do "dsmc regrest user curuser"
on the 3.1 and 3.7 clients to get your profile back. (NOw I realize that
multiple people can be logged on at once, and I'm no windows guru so I don't
know exactly how it determines who is "current", but this does work...)
At 3.1.0.6 and below, when ADSM backed up the registry via the scheduler,
since the scheduler runs under the SYSTEM account, it did not get a back up
of the CURRENT USER key for anyone else who was logged on, and it couldn't
back up their NTUSER.DAT because it's locked. Since our NT WOrkstations
backup via the scheduler during the day, that means we missed backing up the
profiles. We proved it when we were unable to restore some profiles when a
machine died, reported it as a problem, worked with level 2, and found that
we had to put a DSMC REGBACK USER CURUSER in our STARTUP group to make sure
everybody got their own profile backed up while running under their own id.
That workaround is actually documented somewhere, but I don't remember
where.
Now at 3.1.0.7, magically the client acquired the ability to backup the
profiles of everyone who is logged on when the scheduler runs the registry
backup. It was never announced, I found it by accident when I was testing
bare metal restores for Win2K and digging around in adsm.sys. So I
contacted Andy Raiback, who contacted a developer for me and verified that
it's so. You can prove it to yourself by digging around in adsm.sys.
If using the 3.7.2 client, look at:
C:\adsm.sys\Registry\*machine_name*\Users
Match up the timestamps of the files to the time your scheduled backup ran;
you will see there is a directory for each id, and each id that was logged
on at the time of the backup will have a file with a name like:
S-1-5-21-1417001333-436374069-854245398-1000
This is the logical equivalent of NTUSER.DAT. To restore it requires an
extra step, though, and that is probably what caused your problem. When
doing a bare metal restore, you restore the files, then the registry. Then
you reboot. Then you log on under that user's account. Since you don't
have a restored copy of NTUSER.DAT, you will see the default profile. Run
this: dsmc regrest user curuser, which reloads the profile stuff from
adsm.sys into the registry. Then you reboot again, and on the way down it
will write the profile out to NTUSER.DAT again, and you are back in
business. When you come back up, you have your restored/customized profile.
(When you log on, if your NTUSER.DAT file is missing, WIndows creates you a
new one with the default profile. If your NTUSER.DAT is OK, it uses it.)
If using the 4.1.2 client, the names in adsm.sys have changed, and the
backed up user profile for each user is actually called NTUSER.DAT. And you
can't restore individual registry keys. So after you do the bare-metal
restore of files & registry as ADMINISTRATOR, you drag that person's
NTUSER.DAT from the adsm.sys directory back to where it is supposed to be,
before that account logs on again.
There are several things that can go wrong with profiles during a bare-metal
restore. I have some trouble-shooting instructions as part of my bare-metal
restore procedures. I loaded a copy of them to the scripts depot at
www.coderelief.com if you want to pursue this further.
That's probably a lot more than you wanted to know! Most people never run
into this because they are backing up servers, where only administrators log
on and they use the default profile, anyway.
************************************************************************
Wanda Prather
The Johns Hopkins Applied Physics Lab
443-778-8769
[EMAIL PROTECTED]
"Intelligence has much less practical application than you'd think" -
Scott Adams/Dilbert
************************************************************************
-----Original Message-----
From: Rushforth, Tim [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 18, 2001 5:07 PM
To: [EMAIL PROTECTED]
Subject: Re: HELP! Logged off, BUT ntuser.dat still "in use by another
pro cess" ???!
We have seen cases where no service account is using the id, the user is not
logged in, but the ntuser.dat still show up in use. A reboot of the box
seems to fix this. Seems to be a bug in NT.
Wanda - are you sure that you can fully recover if you don't have a copy of
the ntuser.dat. We did a restore test once where we had been exluding the
ntuser.dat for one of our service accounts (NAV for Exchange). We did have
a full backup of everything else (including the registry). NAV did not
start, and the ntuser.dat files were missing from the profile directories.
When we copied the ntuser.dat from the original box, all worked fine.
Tim Rushforth
City of Winnipeg
-----Original Message-----
From: Prather, Wanda [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 18, 2001 3:29 PM
To: [EMAIL PROTECTED]
Subject: Re: HELP! Logged off, BUT ntuser.dat still "in use by another
pro cess" ???!
Services.
Each service runs under a logon id.
The default for most NT services is to use the SYSTEM id.
But sometimes services are set up with another id, espeically if the serivce
needs network or domain authority to access files. Go into Services, and
look at the PROPERTIES of each. You will see the logon id.
If any of the services runs under the user's id, then the user IS logged on,
and NTUSER.dat will still be in use!
BTW, while the ntuser.dat message is annoying, it isn't really a problem.
The logical contents of the NTUSER.DAT are backed up anyway as part of the
registry backup. You can restore the user customization if you have EITHER
a backup copy of NTUSER.dat, or a good copy of the registry. And you never
need to restore NTUSER.log.
-----Original Message-----
From: Keith Kwiatek [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 18, 2001 7:19 PM
To: [EMAIL PROTECTED]
Subject: HELP! Logged off, BUT ntuser.dat still "in use by another
process" ???!
Hello,
With respect to the ntuser.dat and ntuser.dat.log files, we have noticed
that our clients are getting: "the object is in use by another process"
entries in their log files. BUT they have logged off, and there are no other
users logged into the machine....
Any ideas what else could be locking ntuser.dat and ntuser.dat.log files?
thanks!
Keith
