Windows 7 Logon with Immediate Logoff (2008 AD Domain)

Ok -

Hoping someone can help out with this. I had a perfectly running Windows Server 2008 with 5 laptops, 8 Windows 7 Domain Users. Only problem was the the Server 2008 Enterprise was an upgrade from 2003, which left a lot of artifacts on the server. Since this was a home install, I figured good time to wipe the server and have a 'clean' 2008 *R2* install. I had several backups on an external 1TB drive so I was set. Also good opportunity to learn more about the new Windows Backup from a recovery standpoint.

Ran install from DVD, wiped drive, resetup the entire server.... GREAT! Only had a few accounts/groups, so reset them up manually, then restored all my GPOs, users/shared files and folders and profiles (\\SERVERNAME\PROFILES$)... Again, so far GREAT.

Now to the clients - Several Windows 7 laptops... not so great - all had each of the users' roaming profiles loaded so thought I could just login and everything would be working, no? I mean I had the same server name, IP, file structure, etc., etc. NO! Had to rejoin all the PCs to the Domain - Ok, no biggy for 8 PCs.

So onto the current problem... On any laptop, any domain user, Windows 7 logs in (Preparing Desktop...), then immediately logs out - back to the user/password screen... any Laptop, any User - same deal. If I create a new user profile, i.e. blow away both the <<username>> and <<username.V2>> folders on the server and let the OS recreate, everything is fine. Well, I don't want to blow away 8 profiles, wiping out all user and application settings for PCs that ran just fine before the exercise.

Interesting, the laptops will start absolutely perfect in "Safe Mode with Networking". I get all the settings, GPOs applied, folders redirect and all is happy. Just can't log in "Normal" on any machine for any user. Also tried MSCONFIG - disabled *EVERYTHING* - still logon... immediate logoff! The only thing that gets a Domain user logged in is choosing any flavor of Safe Mode from the F8 menu. So I can get to the registry, just can't figure out what the heck is different.

I am and advanced tech, so this may take some feedback from [more] advanced techs to fix. I tried the USERINIT, and other stuff with no luck - again a newly created profile will work just fine, safe mode, safe with networking... work just fine... just cannot process a normal logon. Any help with where a possible log might be to get a clue would be good also.

Thanks guys/gals!

P.S. did try disabling all GPOs (not many of those anyway, just the standard set you'd expect.

An ideal place to try Process Monitor and it's logging feature.
The log can become huge - so be careful!

First run it normally to see if it logs anything of note in the short time between logon and logoff.
If that doesn't work we'll have to find the instructions to have it run on boot.

It's free here: Process Monitor

Update: I think this issue may have something to do with the Aero Theme. It is the one common denominator I can think of across both computers and accounts. Pre-exercise, all Laptops and Users had some type of Theme (Nature, Characters, etc.) loaded. The reason I suspect this is because when I delete the Administrator and Administrator.V2 folders from the server, and then the C:\Users\Administrator folder from a laptop, the newly created profile (copied from the domain's Default User.V2 folder) loads without any Aero features - i.e. a 'classic' Windows XP looking Start Menu and windows. Further, if I right-click the desktop, and choose 'Theme', I can see all the Aero Themes, but they appear in Gray Scale - therefore, unavailble as choices. So I think if I can find the appropriate registry keys that control Theme and get it switched back to just a standard (or no) wallpaper, I might be able to get the logon process to complete.

Perhaps I can alter the registry key such that ProcMon.EXE is the shell rather than EXPLORER.EXE? This way, Explorer doesn't load (thereby bypassing the 'Theme') and ProcMon somehow tells me all else is OK. I guess if I get a Desktop in this test, I'm getting closer!

different scenario, but same problem

Hi - did you find a definitive solution to this problem?
I have a different scenario, but the same behaviour.


I have a domain account (with roaming profile) that I use exclusively for remote desktop to servers (both 2003 R2 and 2008 R2, mix of physical and virtual). The profile location has both of the expected folders: <username> and <username.v2>
This arrangement has been working fine across multiple servers for many months.


Yesterday I needed to rebuild an exisiting server (2008 R2). I removed it from the domain before proceeding.
After rebuild (same name, same static IP, etc) and joining the domain, I now have a problem very similar to yours - and only on this 'new' server.


When I remote to this particular server, the logon commences (Preparing Desktop...), then immediately logs out - back to the user/password screen.

A different domain account, without roaming profile, works fine.
And the "C:\Users\<username>" folder structure for the misbehaving account has been created.
I have tried using the Advanced System Properties to delete the roaming account, which it does, but on next logon attempt, the behaviour is the same.

Any help MUCH appreciated.

Well, I can't remember exactly what I did to solve it, but I eventually did. However, since that time, I've learned alot about Windows 7 vs. XP and roaming profiles on a domain with both 2003 and 08 servers. In most cases, the immediate logon/logoff issues are a result of a problem with the user profile. And in many of those cases, I've been able to overcome it using a few tricks. I would suggest trying these in order...

1. If you can afford losing the local profile on the machine (i.e. not concerned about settings or, they're roamed up to a server anyway), take ownership of and delete the user named folder under C:\Users\ or C:\Documents and Settings\

2. If you do #1, which is considered a manual delete of the profile, you MUST also then log into that machine as another admin user, run regedit, and delete the associated profile from HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList. You will see a list of SID's, just check through them and look for the user name referenced under 'CentralProfile' or 'ProfileImagePath'. Select that SID and delete the entire key.

3. Most times, combos of 1 & 2 have worked. When I log back in, a new profile is either created or copied down from the server.

Are you also using folder redirection with your user profile? It would help to know the exact client and server Windows versions.

The post previous to mine helped me solve my problem.

I had a Win7 x64 box that decided it didn't want to allow the existing domain accounts, that had previously worked and had a user folder on the machine, to log on anymore. I was still able to to log on as local admin which was how I was able to fix the issue relatively easily.

Deleting the user folder and the appropriate SID from the Profile list in the Registry did the trick. Only deleting the User folder is not enough.

Thanks.