Windows 10 Pro Join Domain, slow start menu, search, settings

bquinn2287

Honorable
Nov 19, 2013
8
0
10,510
I’m having an issues (slow start menu, search, settings menu items slow or don't respond, etc.) on a Windows 10 pro desktop after joining to our domain. Below is a recap of what I did and what I’m seeing. I’m hoping there’s some known issue and/or setting that will resolve this as an easy fix. Note that this is only happening on one computer, the other Windows 10 computer has been working fine for some time, and is only happening on some login accounts..

1. Received new Windows 10 pro desktop and created local ‘Admin’ administrator account.
2. Went to Settings->Accounts->Access Work Or School
3. Joined local on-premise domain ‘customcoils’, in this process it asks for the user to join the domain. Used the domain administrator user.
4. At this point everything is OK. Both local admin and domain administrator accounts are fine.
5. Added new domain account. Went to Settings->Accounts->Other People->Add a Work or School User to add the domain account of the person who will be using the computer. Added this user with Administrator privileges (also tried as standard user after issues described below but didn’t resolve).
6. After logging into the new user account, the start menu is slow (icons show down arrow and not the associated app), the start search bar is either not accessible (can’t type in it) or you can it just churns and doesn’t return anything. The settings menu is very slow or sometimes doesn’t allow access into items.
7. I tested with another domain user also and same issue. The local Admin and domain Administrator logins are still OK and do not have these issues.
8. Despite the issues, the network seems find since I can access and run networked programs, etc, so it seems to be isolated to issues describe in #6.
9. I have an existing Windows 10 pro machine and there are no issues with these accounts.

Additional Info:
--- Current Version: Interesting here. Under settings->system->about it lists the current version 1709, build 16299.665. However it has gone through a couple updates to version 1803 which appeared to be successful and update history shows that update. When I go into updates it attempts to re-update 1803.
--- Users are all local (not roaming)

Appreciate any help. Thank you.

Brian
 
Solution
I'd just start with the errors that are continuing the most and fix them one at a time.

C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache

Seems to be a pretty easy fix. For some reason the user profile is trying to access content on the administrator profile. So obviously that user profile wouldn't have proper rights.

Just logged into administrator profile and go to C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache folder and give it rights to domain users. Rebooted and logged in as the user, see if error goes away.

Then move onto next error on the list. Clean out all errors you can.
Hello bquinn2287

Although it's unlikely as the other apps and services in the local network are working fine, can you please check if the Primary DNS address is set to the local DNS server (or of the Domain Controller if it is the DNS server as well)?

You can also try removing the computer from the domain, and then re-joining it.

Please report back with the results for any further assistance.

Cheers!!
 

bquinn2287

Honorable
Nov 19, 2013
8
0
10,510
Thank you for the reply. Yes, the Primary DNS is set to the local DNS server (Domain Controller). Also, I went through deleting all domain users from the local machine, removing the domain and re-joining without resolution. Appreciate any further help.
Brian
 


Hello again

Can you please try flushing the arp and DNS cache as well, if not already done yet?

Cheers!! :)
 

bquinn2287

Honorable
Nov 19, 2013
8
0
10,510
Thanks again. I flushed both DNS and arp cache. I also dropped and re-joined domain. Issues same as before. Local Admin account and domain administrator account is OK. The 2 other domain accounts I tried have issue.
 
It could be a domain profile corruption. I would log into domain administrator profile then go into AD profiles on the local PC and remove all of them except the domain administrator, then sign back into the other two profiles as if it was the first time pulling the profile down from the server.

Even if you remove the PC from the domain, it does not delete the domain profiles. They are still cached locally. So fully delete the AD profiles and let Windows recreate them next time you log in.

Open up "Control Panel | System and Security | System"
In the dialog click on "Advanced system settings" (requires Admin rights)
The "System Properties" dialog will be displayed
Make sure you are in the "Advanced" register
In the "User Profiles" section click on "Settings"
The "User Profiles" dialog is displayed
Select the account. Hit Delete.
 

bquinn2287

Honorable
Nov 19, 2013
8
0
10,510
Frustrating. I deleted the 2 other domain accounts (kept the domain\administrator account) as per above. Re-logged in with one of the domain accounts and the problem still exists. Seems isolated to other domain accounts except the administrator account. Note that one of the domain accounts that has problems also has full domain administrator privileges.
 


And what about using a test account? Make a test AD account and sign into it. Does the problem still continue? Also have you tried to log into any of these domain profiles on a totally different PC? Still have same issues?

AD profile could be corrupted on the backend. Depending on your answers above, you may need to recreate the profiles.
 

bquinn2287

Honorable
Nov 19, 2013
8
0
10,510
Thanks for following up. I created a test domain account and signed into it. The problem still exists. I've also tried other domain logins and all have same issues. Only domain\administrator account is OK.

Another note: I noticed that when I log out of any domain account that has the issue, I get a screen saying trying to close application, and I have to "close anyway" to log out. The message is "Task Host is Stopping Background Task \Microsoft\Windows\Wininet\CacheTask"
 

bquinn2287

Honorable
Nov 19, 2013
8
0
10,510
I don't see specific login scripts that run for users locally or on domain and as far as I can see there is no GPO policies. Could this be something related to the wininite\CacheTask process that doesn't close when I log out of the domain users?
 


It could be possible but you'd think if you gave one of those domain profiles administrator rights... it wouldn't effect that profile, but it still does right?

What about giving that profile local administrator rights instead of domain administrator rights?
 

bquinn2287

Honorable
Nov 19, 2013
8
0
10,510
I believe I've done that but tried again and same issue. Not sure it helps but I cleared events then logged into domain\administrator (good account) and save event logs. Then clear events and logged into my domain account (with issues). The main differences were in the application events. I've posted both below. Sorry for the long message. The main difference was in the first few events in the bquinn log.

___________________________________________________________
____________________________________________________________

domain\bquinn Application Events Log:

Level Date and Time Source Event ID Task Category
Error 9/21/2018 2:22:52 PM ESENT 490 General "DllHost (344,R,0) WebCacheLocal: An attempt to open the file ""C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"" for read / write access failed with system error 5 (0x00000005): ""Access is denied. "". The open file operation will fail with error -1032 (0xfffffbf8)."
Error 9/21/2018 2:22:42 PM ESENT 490 General "DllHost (344,R,0) WebCacheLocal: An attempt to open the file ""C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"" for read / write access failed with system error 5 (0x00000005): ""Access is denied. "". The open file operation will fail with error -1032 (0xfffffbf8)."
Information 9/21/2018 2:22:32 PM ESENT 916 General DllHost (344,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
Error 9/21/2018 2:22:32 PM ESENT 454 Logging/Recovery DllHost (344,U,0) WebCacheLocal: Database recovery/restore failed with unexpected error -1907.
Error 9/21/2018 2:22:32 PM ESENT 494 Logging/Recovery "DllHost (344,U,0) WebCacheLocal: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the ""more information"" link at the bottom of this message."
Error 9/21/2018 2:22:32 PM ESENT 490 General "DllHost (344,R,0) WebCacheLocal: An attempt to open the file ""C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"" for read / write access failed with system error 5 (0x00000005): ""Access is denied. "". The open file operation will fail with error -1032 (0xfffffbf8)."
Error 9/21/2018 2:22:22 PM ESENT 490 General "DllHost (344,R,0) WebCacheLocal: An attempt to open the file ""C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"" for read / write access failed with system error 5 (0x00000005): ""Access is denied. "". The open file operation will fail with error -1032 (0xfffffbf8)."
Error 9/21/2018 2:22:12 PM ESENT 490 General "DllHost (344,R,0) WebCacheLocal: An attempt to open the file ""C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"" for read / write access failed with system error 5 (0x00000005): ""Access is denied. "". The open file operation will fail with error -1032 (0xfffffbf8)."
Information 9/21/2018 2:22:02 PM ESENT 916 General DllHost (344,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
Warning 9/21/2018 2:22:01 PM Group Policy Printers 4098 (2) The user '192.168.1.51' preference item in the 'Printers - Uninstall from Old Server {8441BD66-C336-4E68-8190-F0BD27156253}' Group Policy Object did not apply because it failed with error code '0x80070709 The printer name is invalid.' This error was suppressed.
Warning 9/21/2018 2:22:01 PM Group Policy Printers 4098 (2) The user '192.168.1.58' preference item in the 'Printers - Uninstall from Old Server {8441BD66-C336-4E68-8190-F0BD27156253}' Group Policy Object did not apply because it failed with error code '0x80070709 The printer name is invalid.' This error was suppressed.
Information 9/21/2018 2:22:00 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Received Post Shell Event 16

"
Information 9/21/2018 2:22:00 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Information 9/21/2018 2:22:00 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Logon: 16

"
Information 9/21/2018 2:22:00 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Log on event received User1

"
Information 9/21/2018 2:22:00 PM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
Information 9/21/2018 2:21:23 PM Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port.
Information 9/21/2018 2:21:22 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.

DETAIL -
19 user registry handles leaked from \Registry\User\S-1-5-21-928253612-4269237800-774330626-500:
Process 5864 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500
Process 5864 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500
Process 2628 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500
Process 936 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\System\GameConfigStore\Parents
Process 936 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\System\GameConfigStore
Process 3252 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Policies\Microsoft\Windows\CloudContent
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Windows\CurrentVersion\PushNotifications
Process 5788 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3252 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Windows\CurrentVersion\Privacy
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 3252 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Policies\Microsoft\Windows\DataCollection
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Internet Explorer\Main
Process 10172 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Windows NT\CurrentVersion\Fonts
Process 936 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\System\GameConfigStore\Children
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Internet Explorer\Security
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm
"
Information 9/21/2018 2:21:22 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Information 9/21/2018 2:21:22 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Logoff: 15

"
Information 9/21/2018 2:21:22 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Logoff: Test

"
Information 9/21/2018 2:21:19 PM ESENT 916 General DllHost (11856,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.


______________________________________________________________________________________
______________________________________________________________________________________

domain\administrator Application Events Log:

Level Date and Time Source Event ID Task Category
Information 9/21/2018 2:16:16 PM ESENT 916 General DllHost (11856,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
Warning 9/21/2018 2:16:04 PM Group Policy Printers 4098 (2) The user '192.168.1.51' preference item in the 'Printers - Uninstall from Old Server {8441BD66-C336-4E68-8190-F0BD27156253}' Group Policy Object did not apply because it failed with error code '0x80070709 The printer name is invalid.' This error was suppressed.
Warning 9/21/2018 2:16:04 PM Group Policy Printers 4098 (2) The user '192.168.1.58' preference item in the 'Printers - Uninstall from Old Server {8441BD66-C336-4E68-8190-F0BD27156253}' Group Policy Object did not apply because it failed with error code '0x80070709 The printer name is invalid.' This error was suppressed.
Information 9/21/2018 2:16:03 PM ESENT 916 General DllHost (6092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
Information 9/21/2018 2:16:02 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Received Post Shell Event 15

"
Information 9/21/2018 2:16:02 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Information 9/21/2018 2:16:02 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Logon: 15

"
Information 9/21/2018 2:16:02 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Log on event received User1

"
Information 9/21/2018 2:16:02 PM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
Information 9/21/2018 2:15:54 PM Windows Error Reporting 1001 None "Fault bucket 1491263399927148070, type 5
Event Name: StoreAgentInstallFailure1
Response: Not available
Cab Id: 0

Problem signature:
P1: Acquisition;RuntimeBroker
P2: 80070005
P3: 16299
P4: 665
P5: Windows.Desktop
P6: 8
P7:
P8:
P9:
P10:

Attached files:
\\?\C:\Windows\TEMP\FailureReportMetadata_31006.txt
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER879F.tmp.WERInternalMetadata.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER87DE.tmp.csv
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER87FF.tmp.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Acquisition;Runt_4de7cca7693538c32d97c24d5b06854bdd_00000000_1606a22d

Analysis symbol:
Rechecking for solution: 0
Report Id: 0f383516-4496-4303-855a-6fed6bf3e3ea
Report Status: 268435456
Hashed bucket: 74d6a900de13b6d394b208294332ee26"
Information 9/21/2018 2:15:48 PM Windows Error Reporting 1001 None "Fault bucket , type 0
Event Name: StoreAgentInstallFailure1
Response: Not available
Cab Id: 0

Problem signature:
P1: Acquisition;RuntimeBroker
P2: 80070005
P3: 16299
P4: 665
P5: Windows.Desktop
P6: 8
P7:
P8:
P9:
P10:

Attached files:
\\?\C:\Windows\TEMP\FailureReportMetadata_31006.txt
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER879F.tmp.WERInternalMetadata.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER87DE.tmp.csv
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER87FF.tmp.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_Acquisition;Runt_4de7cca7693538c32d97c24d5b06854bdd_00000000_cab_2536880d

Analysis symbol:
Rechecking for solution: 0
Report Id: 0f383516-4496-4303-855a-6fed6bf3e3ea
Report Status: 4
Hashed bucket: "
Information 9/21/2018 2:14:26 PM Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port.
Information 9/21/2018 2:14:25 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.

DETAIL -
17 user registry handles leaked from \Registry\User\S-1-5-21-2999364046-2488092179-3198658704-1004:
Process 472 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004
Process 936 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\System\GameConfigStore\Parents
Process 936 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\System\GameConfigStore
Process 3252 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Policies\Microsoft\Windows\CloudContent
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications
Process 5788 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3252 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Windows\CurrentVersion\Privacy
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 3252 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Policies\Microsoft\Windows\DataCollection
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Internet Explorer\Main
Process 4376 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Windows NT\CurrentVersion\Fonts
Process 936 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\System\GameConfigStore\Children
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Internet Explorer\Security
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm
"
Information 9/21/2018 2:14:25 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Information 9/21/2018 2:14:25 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Logoff: 11

"
Information 9/21/2018 2:14:25 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Logoff: Test

"
 
I'd just start with the errors that are continuing the most and fix them one at a time.

C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache

Seems to be a pretty easy fix. For some reason the user profile is trying to access content on the administrator profile. So obviously that user profile wouldn't have proper rights.

Just logged into administrator profile and go to C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache folder and give it rights to domain users. Rebooted and logged in as the user, see if error goes away.

Then move onto next error on the list. Clean out all errors you can.
 
Solution