I believe I've done that but tried again and same issue. Not sure it helps but I cleared events then logged into domain\administrator (good account) and save event logs. Then clear events and logged into my domain account (with issues). The main differences were in the application events. I've posted both below. Sorry for the long message. The main difference was in the first few events in the bquinn log.
___________________________________________________________
____________________________________________________________
domain\bquinn Application Events Log:
Level Date and Time Source Event ID Task Category
Error 9/21/2018 2:22:52 PM ESENT 490 General "DllHost (344,R,0) WebCacheLocal: An attempt to open the file ""C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"" for read / write access failed with system error 5 (0x00000005): ""Access is denied. "". The open file operation will fail with error -1032 (0xfffffbf8)."
Error 9/21/2018 2:22:42 PM ESENT 490 General "DllHost (344,R,0) WebCacheLocal: An attempt to open the file ""C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"" for read / write access failed with system error 5 (0x00000005): ""Access is denied. "". The open file operation will fail with error -1032 (0xfffffbf8)."
Information 9/21/2018 2:22:32 PM ESENT 916 General DllHost (344,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
Error 9/21/2018 2:22:32 PM ESENT 454 Logging/Recovery DllHost (344,U,0) WebCacheLocal: Database recovery/restore failed with unexpected error -1907.
Error 9/21/2018 2:22:32 PM ESENT 494 Logging/Recovery "DllHost (344,U,0) WebCacheLocal: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the ""more information"" link at the bottom of this message."
Error 9/21/2018 2:22:32 PM ESENT 490 General "DllHost (344,R,0) WebCacheLocal: An attempt to open the file ""C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"" for read / write access failed with system error 5 (0x00000005): ""Access is denied. "". The open file operation will fail with error -1032 (0xfffffbf8)."
Error 9/21/2018 2:22:22 PM ESENT 490 General "DllHost (344,R,0) WebCacheLocal: An attempt to open the file ""C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"" for read / write access failed with system error 5 (0x00000005): ""Access is denied. "". The open file operation will fail with error -1032 (0xfffffbf8)."
Error 9/21/2018 2:22:12 PM ESENT 490 General "DllHost (344,R,0) WebCacheLocal: An attempt to open the file ""C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"" for read / write access failed with system error 5 (0x00000005): ""Access is denied. "". The open file operation will fail with error -1032 (0xfffffbf8)."
Information 9/21/2018 2:22:02 PM ESENT 916 General DllHost (344,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
Warning 9/21/2018 2:22:01 PM Group Policy Printers 4098 (2) The user '192.168.1.51' preference item in the 'Printers - Uninstall from Old Server {8441BD66-C336-4E68-8190-F0BD27156253}' Group Policy Object did not apply because it failed with error code '0x80070709 The printer name is invalid.' This error was suppressed.
Warning 9/21/2018 2:22:01 PM Group Policy Printers 4098 (2) The user '192.168.1.58' preference item in the 'Printers - Uninstall from Old Server {8441BD66-C336-4E68-8190-F0BD27156253}' Group Policy Object did not apply because it failed with error code '0x80070709 The printer name is invalid.' This error was suppressed.
Information 9/21/2018 2:22:00 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Received Post Shell Event 16
"
Information 9/21/2018 2:22:00 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Information 9/21/2018 2:22:00 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Logon: 16
"
Information 9/21/2018 2:22:00 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Log on event received User1
"
Information 9/21/2018 2:22:00 PM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
Information 9/21/2018 2:21:23 PM Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port.
Information 9/21/2018 2:21:22 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
DETAIL -
19 user registry handles leaked from \Registry\User\S-1-5-21-928253612-4269237800-774330626-500:
Process 5864 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500
Process 5864 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500
Process 2628 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500
Process 936 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\System\GameConfigStore\Parents
Process 936 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\System\GameConfigStore
Process 3252 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Policies\Microsoft\Windows\CloudContent
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Windows\CurrentVersion\PushNotifications
Process 5788 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3252 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Windows\CurrentVersion\Privacy
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 3252 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Policies\Microsoft\Windows\DataCollection
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Internet Explorer\Main
Process 10172 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Windows NT\CurrentVersion\Fonts
Process 936 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\System\GameConfigStore\Children
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Internet Explorer\Security
Process 11732 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-928253612-4269237800-774330626-500\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm
"
Information 9/21/2018 2:21:22 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Information 9/21/2018 2:21:22 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Logoff: 15
"
Information 9/21/2018 2:21:22 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Logoff: Test
"
Information 9/21/2018 2:21:19 PM ESENT 916 General DllHost (11856,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
______________________________________________________________________________________
______________________________________________________________________________________
domain\administrator Application Events Log:
Level Date and Time Source Event ID Task Category
Information 9/21/2018 2:16:16 PM ESENT 916 General DllHost (11856,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
Warning 9/21/2018 2:16:04 PM Group Policy Printers 4098 (2) The user '192.168.1.51' preference item in the 'Printers - Uninstall from Old Server {8441BD66-C336-4E68-8190-F0BD27156253}' Group Policy Object did not apply because it failed with error code '0x80070709 The printer name is invalid.' This error was suppressed.
Warning 9/21/2018 2:16:04 PM Group Policy Printers 4098 (2) The user '192.168.1.58' preference item in the 'Printers - Uninstall from Old Server {8441BD66-C336-4E68-8190-F0BD27156253}' Group Policy Object did not apply because it failed with error code '0x80070709 The printer name is invalid.' This error was suppressed.
Information 9/21/2018 2:16:03 PM ESENT 916 General DllHost (6092,G,0) The beta feature EseDiskFlushConsistency is enabled in ESENT due to the beta site mode settings 0x800000.
Information 9/21/2018 2:16:02 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Received Post Shell Event 15
"
Information 9/21/2018 2:16:02 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Information 9/21/2018 2:16:02 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Logon: 15
"
Information 9/21/2018 2:16:02 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Log on event received User1
"
Information 9/21/2018 2:16:02 PM Microsoft-Windows-Winlogon 6003 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a critical notification event.
Information 9/21/2018 2:15:54 PM Windows Error Reporting 1001 None "Fault bucket 1491263399927148070, type 5
Event Name: StoreAgentInstallFailure1
Response: Not available
Cab Id: 0
Problem signature:
P1: Acquisition;RuntimeBroker
P2: 80070005
P3: 16299
P4: 665
P5: Windows.Desktop
P6: 8
P7:
P8:
P9:
P10:
Attached files:
\\?\C:\Windows\TEMP\FailureReportMetadata_31006.txt
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER879F.tmp.WERInternalMetadata.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER87DE.tmp.csv
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER87FF.tmp.txt
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Acquisition;Runt_4de7cca7693538c32d97c24d5b06854bdd_00000000_1606a22d
Analysis symbol:
Rechecking for solution: 0
Report Id: 0f383516-4496-4303-855a-6fed6bf3e3ea
Report Status: 268435456
Hashed bucket: 74d6a900de13b6d394b208294332ee26"
Information 9/21/2018 2:15:48 PM Windows Error Reporting 1001 None "Fault bucket , type 0
Event Name: StoreAgentInstallFailure1
Response: Not available
Cab Id: 0
Problem signature:
P1: Acquisition;RuntimeBroker
P2: 80070005
P3: 16299
P4: 665
P5: Windows.Desktop
P6: 8
P7:
P8:
P9:
P10:
Attached files:
\\?\C:\Windows\TEMP\FailureReportMetadata_31006.txt
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER879F.tmp.WERInternalMetadata.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER87DE.tmp.csv
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER87FF.tmp.txt
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_Acquisition;Runt_4de7cca7693538c32d97c24d5b06854bdd_00000000_cab_2536880d
Analysis symbol:
Rechecking for solution: 0
Report Id: 0f383516-4496-4303-855a-6fed6bf3e3ea
Report Status: 4
Hashed bucket: "
Information 9/21/2018 2:14:26 PM Desktop Window Manager 9027 None The Desktop Window Manager has registered the session port.
Information 9/21/2018 2:14:25 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. No user action is required.
DETAIL -
17 user registry handles leaked from \Registry\User\S-1-5-21-2999364046-2488092179-3198658704-1004:
Process 472 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004
Process 936 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\System\GameConfigStore\Parents
Process 936 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\System\GameConfigStore
Process 3252 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Policies\Microsoft\Windows\CloudContent
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications
Process 5788 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3252 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Windows\CurrentVersion\Privacy
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 3252 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Policies\Microsoft\Windows\DataCollection
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Internet Explorer\Main
Process 4376 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Windows NT\CurrentVersion\Fonts
Process 936 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\System\GameConfigStore\Children
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Internet Explorer\Security
Process 9316 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2999364046-2488092179-3198658704-1004\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm
"
Information 9/21/2018 2:14:25 PM Microsoft-Windows-Winlogon 6000 None The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Information 9/21/2018 2:14:25 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Logoff: 11
"
Information 9/21/2018 2:14:25 PM igfxCUIService1.0.0.0 0 None "The description for Event ID 0 from source igfxCUIService1.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Logoff: Test
"