应用“组策略本地用户和组”策略时,VM 无响应VM is unresponsive when applying Group Policy Local Users and Groups policy

本文提供了一些步骤,用于解决 Azure 虚拟机 (VM) 在启动过程中应用策略时加载屏幕不响应的问题。This article provides steps to resolve issues where the load screen doesn't respond when an Azure virtual machine (VM) applies a policy during startup.

症状Symptoms

使用启动诊断查看 VM 的屏幕截图时,屏幕在加载时会卡住并显示以下消息:“正在应用‘组策略本地用户和组’策略。”When you're using boot diagnostics to view a screenshot of the VM, the screen is stuck loading with the message: "Applying Group Policy Local Users and Groups policy."

显示正在应用和加载组策略本地用户的屏幕截图 (Windows Server 2012 R2)。

显示正在应用和加载组策略本地用户的屏幕截图 (Windows Server 2012)。

原因Cause

当策略尝试清除旧的用户配置文件时,会发生锁定冲突。There are conflicting locks when the policy attempts to clean up old user profiles.

备注

这仅针对于 Windows Server 2012 和 Windows Server 2012 R2。This applies only to Windows Server 2012 and Windows Server 2012 R2.

下面是有问题的策略:Here's the problematic policy:

Computer Configuration\Policies\Administrative Templates\System/User Profiles\Delete user profiles older than a specified number of days on system restart

解决方法Resolution

过程概述Process overview

  1. 创建和访问修复 VMCreate and access a repair VM
  2. 禁用策略Disable the policy
  3. 启用串行控制台和内存转储收集Enable serial console and memory dump collection
  4. 重新生成 VMRebuild the VM

备注

如果遇到此启动错误时,来宾 OS 无法运行。If you encounter this boot error, the guest OS isn't operational. 必须在脱机模式下进行故障排除。You must troubleshoot in Offline mode.

步骤 1:创建和访问修复 VMStep 1: Create and access a repair VM

  1. 使用 VM 修复命令的步骤 1-3 来准备一个修复 VM。Use steps 1-3 of the VM repair commands to prepare a repair VM.
  2. 使用远程桌面连接来连接到修复 VM。Use Remote Desktop Connection to connect to the repair VM.

步骤 2:禁用策略Step 2: Disable the policy

  1. 在修复 VM 上,打开“注册表编辑器”。On the repair VM, open the Registry Editor.

  2. 找到“HKEY_LOCAL_MACHINE”项,然后从菜单中选择“文件” > “加载配置单元” 。Locate the key HKEY_LOCAL_MACHINE and select File > Load Hive from the menu.

    屏幕截图,显示了突出显示的 HKEY_LOCAL_MACHINE 和包含“加载配置单元”的菜单。

    • 可以使用加载配置单元从脱机系统加载注册表项。You can use Load Hive to load registry keys from an offline system. 在这种情况下,系统是附加到修复 VM 的受损磁盘。In this case, the system is the broken disk attached to the repair VM.
    • 系统范围内的设置存储在 HKEY_LOCAL_MACHINE 上,可以缩写为“HKLM”。System-wide settings are stored on HKEY_LOCAL_MACHINE and can be abbreviated as "HKLM."
  3. 在附加的磁盘中,转到 \windows\system32\config\SOFTWARE 文件并将其打开。In the attached disk, go to the \windows\system32\config\SOFTWARE file and open it.

    1. 当系统提示你输入名称时,请输入 BROKENSOFTWARE。When you're prompted for a name, enter BROKENSOFTWARE.
    2. 若要验证是否已加载 BROKENSOFTWARE,展开“HKEY_LOCAL_MACHINE”并查找已添加的 BROKENSOFTWARE 项。To verify that BROKENSOFTWARE was loaded, expand HKEY_LOCAL_MACHINE and look for the added BROKENSOFTWARE key.
  4. 转到 BROKENSOFTWARE,并检查加载的配置单元中是否有 CleanupProfile 项。Go to BROKENSOFTWARE and check if the CleanupProfile key exists in the loaded hive.

    1. 如果该项存在,说明已设置 CleanupProfile 策略。If the key exists, the CleanupProfile policy is set. 它的值表示以天为单位的保留策略。Its value represents the retention policy measured in days. 继续删除该项。Continue deleting the key.
    2. 如果该项不存在,说明未设置 CleanupProfile 策略。If the key doesn't exist, the CleanupProfile policy isn't set. 提交支持票证,包括位于附加的 OS 磁盘的 Windows 目录中的内存 .dmp 文件。Submit a support ticket, including the memory.dmp file located in the Windows directory of the attached OS disk.
  5. 使用以下命令删除 CleanupProfiles 项:Delete the CleanupProfiles key by using this command:

    reg delete "HKLM\BROKENSOFTWARE\Policies\Microsoft\Windows\System" /v CleanupProfiles /f
    
  6. 使用以下命令卸载 BROKENSOFTWARE 配置单元:Unload the BROKENSOFTWARE hive by using this command:

    reg unload HKLM\BROKENSOFTWARE
    

步骤 3:启用串行控制台和内存转储收集Step 3: Enable serial console and memory dump collection

若要启用内存转储收集和串行控制台,请运行以下脚本:To enable memory dump collection and the serial console, run this script:

  1. 打开提升的命令提示符会话。Open an elevated command prompt session. (以管理员身份运行。)(Run as administrator.)

  2. 运行以下命令启用串行控制台:Run these commands to enable the serial console:

    bcdedit /store <VOLUME LETTER WHERE THE BCD FOLDER IS>:\boot\bcd /ems {<BOOT LOADER IDENTIFIER>} ON
    
    bcdedit /store <VOLUME LETTER WHERE THE BCD FOLDER IS>:\boot\bcd /emssettings EMSPORT:1 EMSBAUDRATE:115200
    
  3. 验证 OS 磁盘上的可用空间是否至少等于 VM 的内存大小 (RAM)。Verify if the free space on the OS disk is at least equal to the VM's memory size (RAM).

    如果 OS 磁盘上的空间不足,请更改内存转储位置,并将其引用到具有足够可用空间的附加数据磁盘。If there isn't enough space on the OS disk, change the memory dump location and refer it to an attached data disk with enough free space. 若要更改位置,请将以下命令中的“%SystemRoot%”替换为数据磁盘的驱动器号(例如“F:”)。To change the location, replace "%SystemRoot%" with the drive letter (for example, "F:") of the data disk in the following commands.

    用于启用 OS 转储的建议配置Suggested configuration to enable OS dump

    加载损坏的 OS 磁盘:Load broken OS disk:

    REG LOAD HKLM\BROKENSYSTEM <VOLUME LETTER OF BROKEN OS DISK>:\windows\system32\config\SYSTEM
    

    在 ControlSet001 上启用:Enable on ControlSet001:

    REG ADD "HKLM\BROKENSYSTEM\ControlSet001\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 1 /f 
    REG ADD "HKLM\BROKENSYSTEM\ControlSet001\Control\CrashControl" /v DumpFile /t REG_EXPAND_SZ /d "%SystemRoot%\MEMORY.DMP" /f 
    REG ADD "HKLM\BROKENSYSTEM\ControlSet001\Control\CrashControl" /v NMICrashDump /t REG_DWORD /d 1 /f 
    

    在 ControlSet002 上启用:Enable on ControlSet002:

    REG ADD "HKLM\BROKENSYSTEM\ControlSet002\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 1 /f 
    REG ADD "HKLM\BROKENSYSTEM\ControlSet002\Control\CrashControl" /v DumpFile /t REG_EXPAND_SZ /d "%SystemRoot%\MEMORY.DMP" /f 
    REG ADD "HKLM\BROKENSYSTEM\ControlSet002\Control\CrashControl" /v NMICrashDump /t REG_DWORD /d 1 /f 
    

    卸载损坏的 OS 磁盘:Unload broken OS disk:

    REG UNLOAD HKLM\BROKENSYSTEM
    

步骤 4:重建 VMStep 4: Rebuild the VM

使用 VM 修复命令的步骤 5 重新装配 VM。Use step 5 of the VM repair commands to reassemble the VM.

如果问题得到解决,说明已在本地禁用策略。If the issue is fixed, the policy is now disabled locally. 对于永久性解决方案,请勿在 VM 上使用 CleanupProfiles 策略。For a permanent solution, don't use the CleanupProfiles policy on VMs. 使用其他方法执行配置文件清理。Use a different method to perform profile cleanups.

请勿使用此策略:Don't use this policy:

Machine\Admin Templates\System\User Profiles\Delete user profiles older than a specified number of days on system restart

后续步骤Next steps

如果在应用 Windows 更新时遇到问题,请参阅 VM 在应用 Windows 更新时无响应并收到“C01A001D”错误If you have issues when you apply Windows Update, see VM is unresponsive with "C01A001D" error when applying Windows Update.