Windows cannot log you on because your profile cannot be loaded – Indexing Service (cidaemon.exe) locks files in roaming profiles.

Users started complaining about occasionally having problems logging-on on Windows 2003 Terminal Server via Remote Desktop client.

A quick check in Event Viewer Application logs revealed following errors:

Source: Userenv
Even ID: 1509
Type: Error
Description:
Windows cannot copy file \\server2\tms\profile_path\user\Favorites\File.url. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.
DETAIL – Access is denied.

Source: Userenv
Even ID: 1500
Type: Error
Description:
Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.
DETAIL – Access is denied.

Interestingly, all or most of the offending files were Internet Explorer Favourites, or Temporary Internet Files. File permissions check didn’t indicate any permissions issue, however it wasn’t possible to delete any of these files – they appeared to be locked. Process Explorer revealed that files are locked by cidaemon.exe process.

cidaemon.exe is Windows Indexing Service component. It is supposed to release all its file locks as soon as other process tries to access the file, but for reasons better known to Microsoft is often not doing this. There is not much use of Indexing Service on Windows 2003 (especially Terminal Server) so we disabled it completely which immediately fixed the problem.

There are two ways to disable Indexing Service:

  • Windows Explorer > Search > Change preferences > Without Indexing Service > No, do not enable Indexing Service > OK
    Disable Indexing Service
  • Start > Run > services.msc
    Stop Indexing Service and set Startup type to Disabled
    Disable Indexing Service