John Robbins' Blog

The Case of the Access Denied

After coming back from vacation, I powered on my laptop, named BERLIN, and it took an inordinate amount of time to login. After much disk grinding, the desktop finally loaded and it wasn't my normal desktop, but a temporary desktop and Vista reported that my profile couldn't be loaded. After a very heavy sigh, I looked at the Event log and the error was "Windows cannot load the locally stored profile. Possible causes of this error included insufficient security rights or a corrupt local profile. DETAIL – The process cannot access the file because it is being used by another process."

Guessing that this error was possibly because of a corrupt file or a bad hard disk, I initiated a check disk on the reboot. No errors were reported and when I logged in again, my user account loaded correctly. Poking around nothing seemed to be remiss. All the group policies had run, I could access my servers and the internet. Now my sigh was one of relief.

Needing to copy over a few files from my desktop machine to BERLIN, I popped over to PowerShell and initiated the copy and immediately got an access denied. Switching over to BERLIN, I verified the share was there and my account had read and write access. Back on my desktop machine, I tried a NET VIEW BERLIN command and got the access denied again. Double checking with Explorer, I could see BERLIN, but accessing it always gave me an access denied error. As I was logged into both machines with the same domain account, I thought that was very strange.

Logging into my server with the domain administrator account, I ran a NET VIEW BERLIN and could see all the shares on the machine. Additionally, I could copy files to and from BERLIN just fine. Wondering if the problem was on BERLIN, I checked if I could see and access shares from it. Of course, that worked.

Figuring this might have been something with the user profile problem, I rebooted BERLIN. After it restarted, I didn't log in but tried to access the shares from my desktop machine. Again, it was access denied. After logging in with my normal user account, I started poking around on BERLIN.

Since Mark Russinovich's excellent Process Monitor shows everything happening on the machine, I fired it up and turned off all filters. From my desktop machine, I attempted to access the shares. Digging through the Process Monitor log, I didn't see anything related to my shares or the network. It was like the traffic never made it into the machine.

Now I started suspecting that the problem was on my desktop machine so I rebooted it. After logging in again, I sadly verified that the access denied was still there. Looking at the event log on my desktop, I saw the following:

That's one surreal error message. Clicking on the Event Log Online Help link took me to a page that discussed deleting the unused computer account in Active Directory. Given that nearly every single event log error you look up looks like the following, I was just happy to have a real page, even if the information it reported was worthless!

Leaving the Event Viewer open, I ran another NET VIEW BERLIN and saw the same Event 4 show up. I could run PING BERLIN and that worked, but everything reported access denied when attempting to get to the shares. I tried to use Remote Access to the machine and that reported access denied as well. Running Process Monitor on my desktop machine didn't turn up anything interesting either.

Sitting there completely out of ideas on how to proceed, I was tapping my foot furiously. Feeling something hit the top of my foot, I looked under my desk and it was my cat batting at the movement. That's when I realized she was laying on top of the network hub my laptop plugs into. Chasing her off so it didn't overheat, I found the solution to the access denied: she'd managed to unplug the network cable. Plugging that in, I had complete access to the laptop again.

Without the wired connection, I was using the wireless connection, which defaults to not allowing shares to be accessed my non administrators. The failure to load my user profile was a red herring.

Cased closed with the moral: always check the obvious first!

On Jun 25 2008 10:51 PMBy jrobbins With 2 Comments

Comments (2)

  1. Ah yes, Ye Olde Access is Denied. Wouldn't it be great if Win32 had an API for discovering WHICH access was denied? Another fun task is finding the true cause of LoadLibrary failing with error code 2.

    Always remember the law of cabling, "A cable has TWO ends."

Leave a Comment

Archives

Tags