During a review of the SharePoint 2010 farm health, I was seeing a lot of these errors in the event logs. The farm itself was still functional, but these errors were filling the event logs. The account is question was the same one that was used for the IIS website application pools. And while seemingly innocuous, it always bugs me to see these error events in the logs.  And as always with SharePoint and how MSCryptic the error handling is, there is always the possibility that things were not quite working right somewhere under the covers.

If you look in your event logs, you should see something similar to the following:

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 11/19/2013 10:05:07 AM
Event ID: 1511
Task Category: None
Level: Error
Keywords:
User: DOMAIN\AppPoolAccount
Computer: SharePoint.domain.com
Description:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

clip_image002

For some reason, my User Profiles on the Windows Server 2008 R2 is experiencing issues where the accounts cannot create local profiles but creates a Temporary user profile for the account used for the SharePoint website application pool.

clip_image004

While investigating the issue further, I also found that if I actually tried to log into the server using the service account ID I ended up locking up the server with a “Please wait for User Profile Service” message that was displayed indefinitely (Don’t try it unless you have someone around who can give the server a one-finger salute to perform a hard reboot). Research on the internet seemed to point to IP6 issues, but after trying all the suggested fixes I was still experiencing these issues.

Instead, this approach seemed to work well for me. The user profile now comes up as local in the User Profiles settings and the error have gone away for the time being.

If you are experiencing the problem:

  1. Open Services, stop and then disable IIS Admin Service so that the application pools do not lock the profiles.

clip_image005

  1. Open the Server Manager, Web Server, and right click on the Server. Select Stop.

clip_image006

  1. Now open a command window (Start-Run-> type “CMD” ) and in the window type the following:

net localgroup administrators DOMAIN\AppPoolAccount /add

runas /u:DOMAIN\AppPoolAccount /profile cmd

  1. After the second command, you will be prompted to enter the password of the DOMAIN\AppPoolAccount and when you hit enter it will launch a new window. In the window type the following to confirm the user profile directory

echo %userprofile%

  1. Launch the User Profiles dialog or check “C:\users” to verify that the directory for your application pool account ID has been created.

clip_image008

  1. Close the second command window, and in the original one type the following to remove the app pool account from the administrators group.  For whatever reason it only needed to be there to create the local profile and it’s not best practices or recommended that you leave the account as an admin on a production farm.

net localgroup administrators DOMAIN\AppPoolAccount /delete

  1. Exit the command window

  2. Start the Web Server

  3. Enable and then Start the IIS Admin Service.

If everything has gone well, you now have one less Error event showing up in your server’s event logs.  I did not need to perform a server reboot to get rid of the error, but mileage may vary depending on your own farm’s configuration and what else you may be using these service accounts for.