Comments (3)

  1. ka says:

    When EventID 1530 shows on Windows Server 2008 R2 –

    Process 6352 (DeviceHarddiskVolume2WindowsSystem32inetsrvw3wp.exe) has opened key REGISTRYUSERS-1-5-21-1206157109-414143516-1849977318-38596

    Would this cause IIS site to crash?  Thanks.

  2. Shamik says:

    Event ID: 1530 is a warning message which says that if an application is using a specific registry hive, it might start failing as the User Profiles Service will unload the registry hive. This might result in a "service unavailable" error. Whether it leads to crash or not is something that needs to be determined. Ideally should not crash a process.  

    When the policy is enabled, Windows does not forcefully unload the registry and "waits" until all other processes complete their use of the user registry before it unloads it.

  3. Shamik says:

    Event ID: 1530 is a warning message that says it cannot unload a registry hive as it is in use. If unloading the hive failed then there is a second attempt to unload the hive and if DisableForceUnload is set to 0 (or net set) then the hive is forcefully unloaded. This does not mean that the process which is using a hive will crash. It can lead to application failures such as "Service Unavailable". Where a process crashes because of forceful unload of a registry hive needs to be investigated. Ideally it should not.