Immediate Log Off After Log In

I am having the most frustrating problem because it appears to be random and inconsistent.

We have a Windows 2003 R2 server. There are 100 or so user accounts. A few weeks ago, one of the users logged in to a client computer running Windows XP (all our clients are still running XP) and immediately it logged her off. She tried repeatedly and it just kept logging her off. Sometimes it would get to displaying the desktop and then log off and other times it would just go through the log on dialogs and then start the log off dialogs right away. I didn't really have time to dig into it right then and she didn't urgently need to use the computer so I said I would fix it the next day. However, the next day when I went to replicate the problem so I could gather clues to fix it, her account would log in fine. I chalked it up to something being updated in Windows Update on the server or client and didn't give it further thought.

Then early this week, this same user had been logged in for most of the day. She logged out, and I asked her to log back in to check something for me and it started doing the immediate log off thing again. We tried her account on 18 computers and all but two of them booted her out immediately. The computer doesn't restart, it just bounces back to the ctrl-alt-del screen. As we were trying to figure out what was going on, which ones of the 18 computers she could log into changed. For a few minutes she'd be able to log into computers 1 and 2, then they would stop working for her and computers 7 and 12 might. This also affected another user that day. However, the next day both accounts worked fine again. I was hoping maybe it was just their accounts and I could recreate them but wanted to test out other users first to see if it happened with anyone else. Today, I had one user (not either one of the first two it happened to) report it. I'm guessing tomorrow his account will work fine.

Sometimes a dll error flashes briefly and when I managed to take a photo of it (gotta love smart phones with those build-in cameras) it is related to our anti-virus client. I am guessing since it doesn't appear every time that it only happens because the computer has already initialized the log off sequence and the error is a notification that the dll can't load because the computer is logging off.

Info about how these accounts are configured. They are set with roaming profiles and have group policies applied. This seems to have started after creating the group policies, but I can't be totally sure as we are a school and no one has used their accounts for months until this week and I created and applied the policies over this summer. The policies really don't do much aside from deploying the printers, locking the desktop and some other Windows cosmetic things like color schemes, and specifying what desktop to load for the group. Of the three users this has happened to, two of them use one policy and the third uses a different policy. So far I do not have any reports of it happening to users who only use the default policy or the faculty policy.

Solutions I've explored so far:

Virus - this just doesn't feel like the problem because of how random and inconsistent it is.

Missing usrinit.exe and other files missing from \System32\ - those files aren't missing from the clients in question and wouldn't explain why a client will not work for a while and then be fine later with no fixes applied

Corrupt user profiles on the server - I've deleted the server copy of the profiles, I did NOT however delete the local copies though I would suspect that if it were the local copies again the clients wouldn't just suddenly start to work with no fixes applied

I don't have any way to connect these vague clues to even search for and answer via Google. Someone please give me an idea of where to look, what is going on, and what to do about it.
1 answer Last reply
More about immediate
  1. One more piece of the puzzle fell into place yesterday as I investigated two more users with the same problem. I THINK it might be related to us using LimitLogin to limit the concurrent connections for users. It seems like sometimes when users log out the LimitLogin client and log off script are not clearing the connection information on the server side because in looking in the LimitLogin Tasks... for one of the users it still listed a session for him days after he had logged off. I knew he wasn't logged on any longer because others had used that computer since he had. Once I cleared this session in the LimitLogin on the server side he could logon.

    The other users it was a problem for did not have connection information in their LimitLogin Tasks..., however, I was able to login as them though they had reported hours earlier they weren't able to login. So, about all I can surmise from this is that for some reason (maybe improper logoff or shutdown?) is that SOMETIMES (doesn't happen every time or for every user) during logoff the session connection information does not get cleared from the LimitLogin server plug-in and then it refuses to allow further logins. The users are not actually logged in (others have even used the computer since the users that have problems) but the LimitLogin server thinks they are. It also appears that eventually the phantom LimitLogin session connections clear themselves. Yesterday, I had one user have the problem at 9 am and by 2:30 pm his session connection info in LimitLogin was clear and I could log in with his account. However, this clearing seems to be random because I had another user with the problem and when I checked his LimitLogin Tasks... it still showed his session info from the day before. It is frustrating that it doesn't at least give a message saying "You are limited to x concurrent connections and cannot be logged in at this time" rather than just popping the user back to the ctrl-alt-del screen. Then I would have known to look at LimitLogin as the source of the problem. It didn't even cross my mind that LimitLogin could be the problem, and I just happened to look at the users' session logs when I was exploring other options related to logon scripts.

    I've tried Googling this problem, but don't really know what to call it. I hope not using LimitLogin isn't my only option for a fix because we have problems with users logging onto a client in one room and not logging off and then logging in elsewhere. This is a security problem to some extent, but also causes computers to be locked by the user account when they go to screensaver and then others can't use them. Being a school, we need to have lots of people sharing the same computers and locked ones really cause a problem. Also, dealing with K-8 students in this matter necessitates it because they either don't understand the reason they have to log off or they understand just fine and do the pre-teen thing of "you want me to do this but I'm not going to" or thinking it is funny to cause headaches for the faculty/staff. They were already horrified to discover that over the summer I locked their wallpaper and disabled the Lock Computer button on the ctrl-alt-del screen while they are logged in.
Ask a new question

Read More

Windows Server 2003 Windows XP