When that was deleted from User accounts Password Management, the errors disappeared and Folder Redirection finally happened for this user.
In my case, a Win XP workstation logged events 4091 from source Lsa Srv as well as event 1053 from source User Env.
When the Windows XP Firewall was disabled and the computer was removed and re-joined to the domain this event stopped.
Users Accounts, click on the Advanced tab and then on Manage Passwords.
This event only occurred when a specific user logged in on a specific XP SP2 machine, together with Event ID 1030 from source Userenv.
The User configuration policy was unable to be applied.
We received this event along with event 12 in the application log.If another user logged in on that same machine, no errors appeared and all policies were applied.It turned out that there was a stored password on the machine when this specific user was logged in.Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
In regedit HKLM\System\Current Control Set\Services\Tcpip\Parameters\Interface\ the Dhcp Name Server had two entries, one correct and one an external IP address which ping -a came back as the 40961 code. Windows XP SP2 was getting application Event IDs 4226, 40961, 40960 for one end user only.
See ME939820 for a hotfix applicable to Microsoft Windows Server 2003.