Solved

Folder Redirection Works Sometimes

Posted on 2003-12-08
17
2,873 Views
Last Modified: 2012-05-04
When users logon to the domain their my documents and desktop are redirected as set by group policy. Redirection is to a local file server by \\servername\share\users docs, and not by mapped drives. If a user logs onto a workstation for the first time the redirection works 20% of the time. The user must log off and on the workstation several times before the redirection works. The user never has a problem again as long as that local profile on that machine is not deleted. If the local profile is deleted, then we experience the same problem. The only thing I can think of is that the policy is not getting pushed down from the DC over the WAN, and this is causing files to not be redirected. Any ideas or troubleshooting tips are greatly appreciated.
0
Comment
Question by:masterface
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 6
17 Comments
 
LVL 10

Expert Comment

by:BloodRed
ID: 9907480
GPO processing over a WAN can be slow, have you tried forcing a policy update after logon??

secedit /refreshpolicy in Win2K
gpupdate in WinXP

What speed is the WAN link between the clients and the DC?
0
 

Author Comment

by:masterface
ID: 9907594
Right now I have 2 T1 lines running from my campus to the DC at the district office. We are going to get an additional T1 line this month. There is a great deal of traffic over those 2 T1 lines mostly Http traffic, but I have a packetter partioning the http band with to 900 to 1.5 mbs non burstable. The students do not have access to the run command to force a policy update. Do you know of another way I could force the policy update while the user is logged on?
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9907757
It sounds like creating a site and putting a DC/GC at your campus would be the best approach, not sure how easy that would be for you though.  You could enable Telnet and run the command remotely, but that doesn't seem like a very effecient answer.  
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:masterface
ID: 9907962
I have a Back up DC here, but I don't think it is being used to get group policies. I am going to try and telnet to see if I can force the policy update.
0
 

Author Comment

by:masterface
ID: 9908000
Do you know what type of traffic or port the Group policy uses. I could set aside bandwith just for that traffic type.
0
 

Author Comment

by:masterface
ID: 9908011
correction bandwidth
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9908052
Hmm.  That's strange then, all DCs in AD hold a copy of the directory and the group policy objects.  The systems at that site should be authenticating to the local DC and processing GP from it.  You may want to remotely manage a PC that's having this problem and check it's event log to see if there are any errors or warnings.
0
 

Author Comment

by:masterface
ID: 9908179
I telneted in and ran gpupdate and now the event viewer shows

Folder rediredtion event Flags = 0x10

In the next event

"Folder redirection policy application has been delayed until the next logon because the group policy logon optimization is in effect."

0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9908679
Check this article, it seems to describe the problem you're having:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;305293
0
 

Author Comment

by:masterface
ID: 9913368
Thank you, it does discribe the problem I am having.The only part that throws me off is...

 "Fast Logon Optimization is always off during logon under the following conditions:
When a user first logs on to a computer."

20 % of the time we get the problem when the user first logs on to a computer.

I am going to change the logon optimization and test it out.
0
 

Author Comment

by:masterface
ID: 9914748
I changed the logon optimization but still the same problem.
I did find this.................

From userenv log found in WINDOWS\Debug\UserMode

USERENV(280.180) 10:31:08:410 ConnectToNameSpace:: CreateAndCopyNameSpace failed. Error=0x80041002.
USERENV(280.180) 10:31:08:410 GetWbemServices: ConnectToNameSpace failed with 0x0
USERENV(280.180) 10:31:09:211 ProcessGPOs: SetPreviousFgPolicyRefreshInfo failed.
USERENV(280.180) 10:31:09:211 ProcessGPOs: SetNextFgPolicyRefreshInfo failed.
USERENV(280.218) 10:31:10:252 PolicyChangedThread: UpdateUser failed with 1008.

By the way, how can I tell what DC we are getting the GP from. We have a DC local, but I think it is trying to get GP from the District Office DC.
0
 
LVL 10

Accepted Solution

by:
BloodRed earned 500 total points
ID: 9914941
Run the "set" command and look for the "LOGONSERVER=\\SERVERNAME" line, that's the DC that you authenticated with.  That *should* be the DC GP is applied from as well, but you can run "gpresult" and look for the "Group Policy was applied from:" lines under Computer Settings and User Settings to be sure.  
0
 

Author Comment

by:masterface
ID: 9916153
Well this is interesting.
LOGONSERVER=\\SMMS-DC this is at another school site.
and
 Group Policy was applied from:      CSHS-DC.mvusd.k12.ca.us
 Group Policy slow link threshold:   500 kbps

GP is from the server here
0
 

Author Comment

by:masterface
ID: 9920652
I took a look at other computers on campus and they are all using different DCs for logon and GP. No computer is using the local DC for logon and only one was using the local DC for GP. How can I fix this?
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9925104
How are your sites setup?  Subnets?  If setup properly, clients should authenticate to a DC in their site.  We're actually having issues with this at the moment at work, we're reworking our site configuration to get this working more efficiently.  
0
 

Author Comment

by:masterface
ID: 9926047
I have 16 subnets/Vlans at my site; district wide there must be over a hundred. My site is 10.23.0.0 255.255.255.0. All switches in the IDFs are run with fiber to the core switch in the MDF. The District office is 10.1.0.0. 255.255.255.0, other schools follow the same 10.X.0.0 255.255.255.0. All of my servers, switches and router are on 10.23.1.X. My router has IP helper-address running to forward broadcasts to the DHCP server, and occasionally I have it forward PXE broadcasts to my Altiris server for initial deployment. I just don’t know why clients would cross the WAN to the District Office, and then cross another WAN to another school and use their DC.
0
 

Expert Comment

by:Jared_Brown
ID: 37655301
This may be what you meant above but it was not clear to me so I am going to clarify something.  When BloodRed mentioned sites and subnets he was talking about sites as they are configured in Active Directory using Active Directory Sites and Services.  If that is what you meant you can ignore this part, if however you were not aware of the need to do this it would explain your problem.  In Active Directory Sites and Services you create site, and subnet objects which describe your physical network.  You create a site, add the domain controller you want that site to use for authentication to the site, then you create subnet objects to represent the physical subnets located in that site (or which you want to have use that server for authentication) and add those subnets to the site.  Once this is done the clients with IP addresses within the subnets assigned to a site will use the domain controller(s) in that site.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Resolve DNS query failed errors for Exchange
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question