In said:
I have about 30 machines out of 2500+ that have had the users
local profile corrupted because w2k was unable to save the
registry because two registry handles leaked.
How can I find out what services where hung after the fact. This
happened on friday when the users logged out so on monday we
walked into a maelstrom. I need to avoid this in the future. I
have uphclean, however we can't replicate the problem.
From the UPHClean Readme (v1.5.5.21) (excerpt)
=====================================
By default UPHClean takes action to allow profiles to unload. You
can
choose to have UPHClean only report what processes it finds
preventing profiles from unloading. To do this, install UPHClean
and use the registry editor to set:
HKLM\System\CurrentControlSet\Services\UPHClean\Parameters
\REPORT_ONLY to 1.
You can also have UPHClean log the call stack that is responsible
for the profile hive handle. This is necessary to find out what
software is responsible for the hive handle in processes used for
many purposes (e.g. svchost.exe, dllhost.exe, winmgmt.exe). To
enable call stack logging use the registry editor to set:
HKLM\System\CurrentControlSet\Services\UPHClean\Parameters
\CALLSTACK_LOG to 1.
Logging the call stack is computationally and memory intensive.
You should use this option to collect information and then turn it
off. To get more accurate call stack logging it may be necessary
to get symbols installed on the computer. You can read about
getting symbols at:
http://www.microsoft.com/whdc/ddk/debugging/symbols.mspx
==========================
Have you tried any of those options?