About UPHClean v2.0 events 1630, 1631 and 1632

UPHClean v2.0 tries to assist when the security descriptor prevents access to a file or directory.  This often prevents the system from completing the profile reconciliation process.  This can happen because the inherited permissions are set incorrectly or possibly because the user sets to prevent administrative and/or system access.

UPHClean attempts to deal with that by changing the security descriptor.  This is done for access to file or directory access that result in access denied.  In the case where the file or directory is local it is likely that UPHClean will be able to change the security descriptor since it can use the take ownership right to do so.  In the remote case it is possible that UPHClean will fail to change the permissions.  So this correction UPHClean may not always succeed.

Here are relevant events that can occur:

  • Event 1630: Access to %1 was granted after updating the security descriptor of the file.

    • This event indicates that UPHClean changed the security descriptor for the file/directory named %1 and was successful.  Access permissions necessary to proceed with profile work were granted.  Access to the file or directory was successful.

  • Event  1631: Access to %1 failed after updating the security descriptor of the file.

    • This event indicates that UPHClean changed the security descriptor and was successful.  Even though UPHClean granted the access permissions necessary to perform the profile work the requested access was denied.  This can happen if the source of the access denied is not security descriptor permission related.  The interference could be coming from a background process (i.e. a virus scanner) or other unknown source.

  • Event 1632: Security descriptor for file %1 could not be updated.  Error %2 %3.

    • This event indicates that UPHClean failed in its attempt to change the security descriptor.  %2 is replaced with the text of the error and %3 is the error number.  Access to the file or directory failed.

Note that the name logged with the event may contain an unfamiliar drive letter.  This drive letter represents the roaming profile location.  It exists only during the profile reconciliation process.

These events are logged so that you can know that UPHClean took these actions.  This is critical if auditing. 

If the user profile is reconciling properly you can ignore these.  If the profile is not reconciling properly and you are logging events 1631 or 1632 you should review the security descriptor hierarchy to insure that the permissions are as intended and allow system/administrative access.

Comments (7)
  1. Anonymous says:

    Anyone find a fix for this yet?  I am also getting the same type of errors but here is the odd problem.  I have two identical servers.  UPHClean works fine on one but on the other one I am getting the 1630, 1631, and 1632 errors.  So this issue must stem from the operating system and not the actual UPHClean program because I have uninstalled and installed it four different times.

    If anyone has an answer, please let me know.


  2. Anonymous says:

    Is it planed for make it configurable?

    Don’t want the Log’s filled and it’ll be good if one can supress theese eventID’s…

    Regards – Frank

  3. Anonymous says:

    We have some 2003 server 64bit R2 with Presentationserver 4.5.

    After intalling UPHCLEAN we also have very, very much 1632 errors.

    The roamed profiles all working fine, with no problems.

    Where can i disable the 1632 information logs because in dont need??

    Is there a docu to UPHCLEAN registrysettings??

  4. Anonymous says:

    The attributes on the file ntuser.pol causes UPHC to generate event 1631 because it cannot update the security descriptor of the file.  If you monitor "C:Documents and Setttings" with filemon, you will see that ntuser.pol is renamed to prf*.tmp during the profile synchronization process.

  5. Anonymous says:

    I have a 2003 server 64 R2 running as a terminal server. I am getting tons of the 1631 errors, but it seems like the users’ home directories are actually mapping fine. Are there security settings I need to change? I get no 1630 or 1632 errors.

  6. Anonymous says:

    I am getting this issue with the ntuser.pol renamed to prf*.tmp during user logins.

    Is this something I should be concerned about ?

  7. Anonymous says:

    I have the same error as well on a TS Server and the deletion of cached roaming profile is activated.

Comments are closed.

Skip to main content