One of environment got compromised with crypto and users were getting error while login “The User Profile Service service failed the logon“. With the help of security team most of the data was recovered. However below two issues were reported.

Issue 1: Administrator was able to login with systemprofile. However does not have administrative privileges.

Administrator getting systemprofile

Administrator getting systemprofile

Issue 2: Users were unable to login with the error “The User Profile Service service failed the logon. User profile cannot be loaded.”

User profile cannot be loaded

User profile cannot be loaded

Resolution
At the registry location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppReadiness\S-1-5-21-2190373721-3391099269-3354396124-500

Registry key "ART:UserFirstLogon" had the value of 0x80070005 causing the issue for the administrator account . 

Replace the value and set it as 0.
  1. Due to compromised situation, Default profile was corrupt hence replaced the Default folder from the working machine.
  2. Renamed the profile of Administrator to old.
  3. Deleted the profile GUID of Administrator after taking backup of registry.
  4. Logged off and login back .Issue fixed.

Special Thanks to Sandesh Dubey