Resources For IT Professionals
Post an article
Wikis - Page Details
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  Microsoft Windows User Profiles Service Event 1530

Microsoft Windows User Profiles Service Event 1530

Microsoft Windows User Profiles Service Event 1530

This topic describes event 1530 from the User Profile Service.
 

Table of Contents


Applies to: Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8, Windows Server 2012

Event Details

Product

Microsoft Windows Operating System

ID

1530

Source

Microsoft-Windows-User Profiles Service;
User Profile Service

Version

6.1

Symbolic Name

EVENT_HIVE_LEAK

Message

The Windows operating system detected that your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

Included in the following details are five examples of the type of information that can appear in this event message:

1 user registry handles leaked from \Registry\User\S-1-5-21-3112862306-
1016156048-4130204762-1000: Process 932 (\Device\HarddiskVolume1\
Windows\System32\svchost.exe) has opened key \REGISTRY\USER\
S-1-5-21-3112862306-1016156048-4130204762-1000

1 user registry handles leaked from \Registry\User\S-1-5-21-4211544788-
2274021965-2216582883-1001_Classes: Process 3568 (\Device\HarddiskVolume3
\Windows\System32\WUDFHost.exe) has opened key \REGISTRY\USER\
S-1-5-21-4211544788-2274021965-2216582883-1001_CLASSES

5 user registry handles leaked from \Registry\User\S-1-5-21-4211544788-
2274021965-2216582883-1001: Process 1880 (\Device\HarddiskVolume3\
Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe) has opened
key \REGISTRY\USER\S-1-5-21-4211544788-2274021965-2216582883-1001
Process 1880 (\Device\HarddiskVolume3\Program Files (x86)\Norton AntiVirus\
Engine\18.1.0.37\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-
4211544788-2274021965-2216582883-1001 Process 1880 (\Device\HarddiskVolume3\
Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe) has opened key
\REGISTRY\USER\S-1-5-21-4211544788-2274021965-2216582883-1001 Process
1880 (\Device\HarddiskVolume3\Program Files (x86)\Norton AntiVirus\Engine
\18.1.0.37\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4211544788-
2274021965-2216582883-1001 Process 1880 (\Device\HarddiskVolume3\Program Files
(x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe) has opened key \REGISTRY\
USER\S-1-5-21-4211544788-2274021965-2216582883-1001

1 user registry handles leaked from \Registry\User\S-1-5-21-4211544788-2274021965-
2216582883-1001: Process 2492 (\Device\HarddiskVolume3\Windows\System32\
msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4211544788-2274021965-
2216582883-1001\Software\Microsoft\Windows\CurrentVersion\Explorer

Cause

This event can be caused by apps that do not release their Registry keys before shutting down. This most often occurs when an app runs in the background and does not release its Registry keys when a user signs off, in which case Windows forces the Registry to unload. There is no impact to users, though in rare cases recent configuration changes in the app might not be saved.

Resolution

No user action is required - this is an acceptable condition.

Related Information

 
, , , , , , , , , , , [Edit tags]
Leave a Comment
  • Please add 7 and 8 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 15 Oct 2012 5:46 PM

    Daniel Yurman edited Revision 22. Comment: This issue caused Windows 7 home premium to fail to load the user profile. It produced a .bak profile in the registry.

  • 9 Oct 2012 7:50 AM

    Jason Gerend_MSFT edited Revision 19. Comment: Thanks for your feedback – we understand that this event is causing confusion (and frustration!). For now, hopefully this article (and our rewritten Cause section) helps; we’re also investigating what we can do to improve this event in the future.

  • 11 Jul 2012 4:43 PM

    Jason Gerend_MSFT edited Revision 12. Comment: Added tags to support Event Viewer hookup for Windows 7

  • 11 Jul 2012 4:20 PM

    Jason Gerend_MSFT edited Revision 8. Comment: Updated to reduce confusion over resolutuion

  • 8 May 2012 5:54 PM

    Ed Price - MSFT edited Revision 2. Comment: Font style, tags

  • 7 May 2012 6:22 AM

    Fernando Lugão Veltem edited Revision 1. Comment: added TOC and tags

Page 1 of 1 (6 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Posted by
    on 7 May 2012 6:22 AM

    Fernando Lugão Veltem edited Revision 1. Comment: added TOC and tags

  • Posted by
    on 8 May 2012 5:54 PM

    Ed Price - MSFT edited Revision 2. Comment: Font style, tags

  • Posted by
    on 10 May 2012 10:54 PM

    re: "Event ID 1530 is logged as a Warning event. The application that is listed in the event

    detail is leaving the registry handle open, and it should be investigated."

    What do you mean by "should be investigated."?  Invetigate, how?

    Thank you.

  • Posted by
    on 11 Jul 2012 4:20 PM

    Jason Gerend_MSFT edited Revision 8. Comment: Updated to reduce confusion over resolutuion

  • Posted by
    on 11 Jul 2012 4:43 PM

    Jason Gerend_MSFT edited Revision 12. Comment: Added tags to support Event Viewer hookup for Windows 7

  • Posted by
    on 18 Aug 2012 4:30 PM

    If this is a "NORMAL" condition then why the hell is it a warning in the logs,  there's already enough crap in there without tracking down normal ***.

  • Posted by
    on 9 Sep 2012 8:41 AM

    Like others here I'm chasing down non existent proplems; and that's us imagine how many don't get this far......

  • Posted by
    on 16 Sep 2012 1:01 AM

    The 3 remarks above me are very sarcastic,I was gonna leave 1 myself but looks like you 3 covered all the bases!

  • Posted by
    on 23 Sep 2012 2:37 AM

    Thanks...No user action required-this is a normal condition..this is all I needed to read to put my mind at ease...

  • Posted by
    on 6 Oct 2012 2:20 PM

    A warning that is a normal action...did  I read that correctly?

  • Posted by
    on 9 Oct 2012 7:50 AM

    Jason Gerend_MSFT edited Revision 19. Comment: Thanks for your feedback – we understand that this event is causing confusion (and frustration!). For now, hopefully this article (and our rewritten Cause section) helps; we’re also investigating what we can do to improve this event in the future.

  • Posted by
    on 9 Oct 2012 7:51 AM

    Thanks for your feedback – we understand that this event is causing confusion (and frustration!). For now, hopefully this article (and our rewritten Cause section) helps; we’re also investigating what we can do to improve this event in the future.

  • Posted by
    on 15 Oct 2012 5:46 PM

    Daniel Yurman edited Revision 22. Comment: This issue caused Windows 7 home premium to fail to load the user profile. It produced a .bak profile in the registry.

  • Posted by
    on 15 Oct 2012 6:20 PM

    This error also caused the user profile to fail to load.  The error message refers to registry handle leaks.

  • Posted by
    on 16 Oct 2012 1:42 PM

    Yes, indeed, users are unable to log in when this event occurs, because the user profile fails to load.

Page 1 of 2 (19 items) 12