User hive is loaded by another process (Registry Lock)

[MattGinAZ]

anyone encountered this before?
Log Name:      Application
Source:        Microsoft-Windows-User Profiles Service
Date:          5/15/2020 3:12:45 PM
Event ID:      1552
Task Category: None
Level:         Error
Keywords:     
User:          SYSTEM
Computer:      Matt-Desktop
Description:
User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe, PID: 3548, ProfSvc PID: 2456.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89b1e9f0-5aff-44a6-9b44-0a07a7ce5845}" />
    <EventID>1552</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2020-05-15T22:12:45.302586800Z" />
    <EventRecordID>9038</EventRecordID>
    <Correlation />
    <Execution ProcessID="2456" ThreadID="2724" />
    <Channel>Application</Channel>
    <Computer>Matt-Desktop</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="InterferingImageName">C:\Program Files\AVAST Software\Avast\AvastSvc.exe</Data>
    <Data Name="InterferingPID">3548</Data>
    <Data Name="ProfsvcPID">2456</Data>
  </EventData>
</Event>

[Peppino]

Hi!
Yes, today I saw it for the first time (I don't remember to have seen it in the past times)...
I updated to Win20H2 few weeks ago.

Bye

P.S.: in my case the error is on file C:\Program Files\Avast Software\Avast\aswToolsSvc.exe

[Peppino]

Searching around for a solution, I found at this link https://community.spiceworks.com/topic/2231257-event-1552-user-profile-service
user saying "Have you installed any Backup software that locks the user's registry and runs while they are trying to log in?"...
Actually this error fired at 10:42 and I started a System backup at 10:33/10:36 (AOMEI Backup) so... It could be... I'm not sure but who knows...

Bye!

P.S.: it's interesting the link that user put on his message... lots of possible causes.

[Peppino]

Hi!
About 10 months passed away and Windows 10 Event ID 1552 related to aswToolsSvc.exe is back again.
I discovered (in my own case at least) that my Backup software is not the culprit; I noticed this event is
fired everytime I start/reboot the system and I spend some time (it seems from some secs to... very long time!) before entering the password to
access to Window 10. It's just like User Profile Service (ProfSvc) starts as soon as I press ENTER after writing my password thus accessing to the system
and, when I don't do it ASAP, aswToolsSvc.exe starts before, loads the user's hive while system is still in the lock screen... And when ProfSvc tries to
load the same hive... NO WAY: it's 1552 event.
I was wondering if there's any method to make ProfSvc start before aswToolsSvc (BootStart maybe?) or a way to delay aswToolsSvc (on demand?) and if it's correct that aswToolsSvc loads the
hive before ProfSvc.
(Or a way to delay aswToolsSvc - on demand?)

Thanks a lot for your time!

[Peppino]

Ok, I think I made some sort of a workaround...

1) I set "Avast! Tools" service as Demand Start
2) In  Local Group Policies editor > User configuration > Windows settings > Script > Logon (I hope I translated 'em fine) I added StartAvastToolsService.bat.nlk
3) StartAvastToolsService.bat contains the command NET START "Avast! Tools" (I put the link 'cause in the link I could specify to start it with Admin privileges)

No matter how much time I spend on the lock screen, when I enter the password and access the system, no more 1552 events. And Avast GUI works fine (if you stop
"Avast! Tools" service it won't).

Thanks for your time. Ciao!

[hseldon]

How big of an issue is this error? I have two PCs and see this error on one of them, but regedit still allows me to make changes to HKEY_CURRENT_USER and I do not appear to have any other issues due to this error.
While the workaround from Peppino would work if you were logging in to the administrator account, it wouldn't work for logging in to a standard user (non-admin) account as the script at Local Group Policies Editor\ User Configuration\Windows Settings\Script\Logon runs under Local User privilege ie the same privilege as the logged on user, and to start a service needs admin approval. Using a shortcut and specifying it to start with admin privileges doesn't work either as that just tells Windows to open the UAC popup to ask the standard user for the admin account password but it didn't popup when I logged in as a standard user so the "avast! Tools" service didn't start.
There is another script at Local Group Policies\Computer Configuration\Windows Settings\Scripts\Startup which does run under admin account privileges but that runs the script at startup instead of at logon so the "avast! Tools" will still run before the User Profile Service can start so the error is still produced.
There is an option when making the script to use Powershell and I tried to pass the Powershell script my username and password from the .bat file but I couldn't work out how to do this.
I then set up a new task using Task Scheduler as administrator, set the task to use SYSTEM account,highest privileges, logon any user, set 30 second delay but the error still occurred and I didn't want to set a longer delay.
Setting the "avast! Tools" service to Automatic (Delayed Start) instead of Automatic might have fixed the error but the service won't allow this, giving an Error 87:The parameter is incorrect.
I realise you can start avast after all the services have started (in the avast free antivirus settings go to Settings>Troubleshooting) but it does state this leaves avast unprotected during startup. This does appear to fix the error.

[Peppino]

Interesting solution, thanks. I must apologize because I assumed that everyone uses the administrator account like I do.