Windows is being forced to cleanup after an application has left a registry handle open instead of closing it. That is BAD and that is why the entry is labeled a WARNING rather than "informational". Eventually, the user profile will corrupt and that will cause a real mess. I get these EVERY TIME I boot/reboot. Event Viewer is littered with them just as XP event viewer was until the UPHC tool was brought out so I don't see how these were considered so bad in XP that Microsoft finally had to bring out the UPHC tool to fix the problem but they are hunky-dory in Vista, Win 7 and Win 8. Seems to me maybe Microsoft needs to introduce UPHC for these OSes also.
Even Microsoft states that:
"Note Event ID 1530 is logged as a Warning event. The application that is listed in the event detail is leaving the registry handle open and should be investigated."
But from the threads I have read investigating the application is not easy. Someone tried to investigate lsass.exe as the application leaving registry handles open:
"On this computer I have regular Event 1530 reports referring to lsass.exe. Investigating using Process Monitor I find references to the Registry key HKLM\SAM\SAM\DOMAINS\etc where the task is "Desired Access Read and the Result is Name not found.
The computer is a Workstation and HKLM\SAM\SAM has no Domain entries. How do you backtrack to find what causes whatever it is to look for Domain entries on a Workstation?"
Once UPHC was installed on XP Pro, all 1530 warning events disappeared from Event Viewer. SUPPOSEDLY, starting with Vista, Microsoft improved things so that UPHC was not needed. Uhuh, yeah...so why then do I get all these warnings and no way to fix the problem since this is Win 8 rather than XP? Why does Microsoft label this a WARNING rather than a chatty informational entry? Why am I warned about eventual profile corruption (among other things) if these events are "nothing"? They were NOT nothing on XP until we got UPHC. If they are nothing on Vista, Win 7 and Win 8 then Microsoft has been extremely remiss in not fixing the Event 1530 so it is no longer a warning.
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
San Jose, CA
You really don't read what I post, do you.
Nothing changed since XP - apps can and do exit with open registry handles. In XP, you needed to install a 3rd party app to clean those up. Since Vista, Windows does this for you. The 3rd party app didn't long a warning when it did it. Vista and newer Windows does.
This isn't a big deal. Everything is working as it should.
My place : »www.schettino.us
For what its worth, I understand what you are saying. Microsoft now has its own process in place to perform the functions that UPHClean did under Windows XP.
That is all fine and good, as the end user does not have to go figure out how to get that 3rd party app, and install it. Windows now does it.
But, I guess what still bugs me, and I think Mele20 as well, is that the processes that are not closing down properly are Microsoft's own processes. In her case, she has many references to lsass.exe , and in my case, as well as sekim 's, the process is svchost.exe . You would think out of all the applications, the OS would be coded to not cause this problem!
I think that is why we're getting frustrated with this. If the app was some third party to begin with (like a Virus Scanner for example), while it would probably still be a frustration to see the warnings, we could put the blame on said application. But, that's not the case, as the processes that are showing up in these warnings are part of the OS, which was written by Microsoft.
What gets me is that in my case, it appears that something is trying to uninstall every time. Sure, I can see that showing up once or twice, but on every boot? What is Windows trying to remove every time I reboot? Not to mention, in my case specifically, this is an issue with Windows 8. On the exact same hardware (sans the hard drive), when I'm running Windows 7, I get a "clean" log on every boot; meaning, if I clear the logs and then reboot, once the system is up, I will have zero critical events, zero error events, and zero warnings. Just a lot of informational and security events. So I know that there was no issues with the shutdown or startup of my system. Life is good.
I get that the new functionally of Windows Vista, 7 and 8 is doing its job, and that's all find and great. However, it just seems like bad coding on Microsoft's part. If they cannot do this right, how can they expect other software developers to do it right either.
Note: Kill Cancer to Reply via e-mail