Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Folder Redirection Works Sometimes

Posted on 2003-12-08
17
Medium Priority
?
2,880 Views
Last Modified: 2012-05-04
When users logon to the domain their my documents and desktop are redirected as set by group policy. Redirection is to a local file server by \\servername\share\users docs, and not by mapped drives. If a user logs onto a workstation for the first time the redirection works 20% of the time. The user must log off and on the workstation several times before the redirection works. The user never has a problem again as long as that local profile on that machine is not deleted. If the local profile is deleted, then we experience the same problem. The only thing I can think of is that the policy is not getting pushed down from the DC over the WAN, and this is causing files to not be redirected. Any ideas or troubleshooting tips are greatly appreciated.
0
Comment
Question by:masterface
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 6
17 Comments
 
LVL 10

Expert Comment

by:BloodRed
ID: 9907480
GPO processing over a WAN can be slow, have you tried forcing a policy update after logon??

secedit /refreshpolicy in Win2K
gpupdate in WinXP

What speed is the WAN link between the clients and the DC?
0
 

Author Comment

by:masterface
ID: 9907594
Right now I have 2 T1 lines running from my campus to the DC at the district office. We are going to get an additional T1 line this month. There is a great deal of traffic over those 2 T1 lines mostly Http traffic, but I have a packetter partioning the http band with to 900 to 1.5 mbs non burstable. The students do not have access to the run command to force a policy update. Do you know of another way I could force the policy update while the user is logged on?
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9907757
It sounds like creating a site and putting a DC/GC at your campus would be the best approach, not sure how easy that would be for you though.  You could enable Telnet and run the command remotely, but that doesn't seem like a very effecient answer.  
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:masterface
ID: 9907962
I have a Back up DC here, but I don't think it is being used to get group policies. I am going to try and telnet to see if I can force the policy update.
0
 

Author Comment

by:masterface
ID: 9908000
Do you know what type of traffic or port the Group policy uses. I could set aside bandwith just for that traffic type.
0
 

Author Comment

by:masterface
ID: 9908011
correction bandwidth
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9908052
Hmm.  That's strange then, all DCs in AD hold a copy of the directory and the group policy objects.  The systems at that site should be authenticating to the local DC and processing GP from it.  You may want to remotely manage a PC that's having this problem and check it's event log to see if there are any errors or warnings.
0
 

Author Comment

by:masterface
ID: 9908179
I telneted in and ran gpupdate and now the event viewer shows

Folder rediredtion event Flags = 0x10

In the next event

"Folder redirection policy application has been delayed until the next logon because the group policy logon optimization is in effect."

0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9908679
Check this article, it seems to describe the problem you're having:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;305293
0
 

Author Comment

by:masterface
ID: 9913368
Thank you, it does discribe the problem I am having.The only part that throws me off is...

 "Fast Logon Optimization is always off during logon under the following conditions:
When a user first logs on to a computer."

20 % of the time we get the problem when the user first logs on to a computer.

I am going to change the logon optimization and test it out.
0
 

Author Comment

by:masterface
ID: 9914748
I changed the logon optimization but still the same problem.
I did find this.................

From userenv log found in WINDOWS\Debug\UserMode

USERENV(280.180) 10:31:08:410 ConnectToNameSpace:: CreateAndCopyNameSpace failed. Error=0x80041002.
USERENV(280.180) 10:31:08:410 GetWbemServices: ConnectToNameSpace failed with 0x0
USERENV(280.180) 10:31:09:211 ProcessGPOs: SetPreviousFgPolicyRefreshInfo failed.
USERENV(280.180) 10:31:09:211 ProcessGPOs: SetNextFgPolicyRefreshInfo failed.
USERENV(280.218) 10:31:10:252 PolicyChangedThread: UpdateUser failed with 1008.

By the way, how can I tell what DC we are getting the GP from. We have a DC local, but I think it is trying to get GP from the District Office DC.
0
 
LVL 10

Accepted Solution

by:
BloodRed earned 2000 total points
ID: 9914941
Run the "set" command and look for the "LOGONSERVER=\\SERVERNAME" line, that's the DC that you authenticated with.  That *should* be the DC GP is applied from as well, but you can run "gpresult" and look for the "Group Policy was applied from:" lines under Computer Settings and User Settings to be sure.  
0
 

Author Comment

by:masterface
ID: 9916153
Well this is interesting.
LOGONSERVER=\\SMMS-DC this is at another school site.
and
 Group Policy was applied from:      CSHS-DC.mvusd.k12.ca.us
 Group Policy slow link threshold:   500 kbps

GP is from the server here
0
 

Author Comment

by:masterface
ID: 9920652
I took a look at other computers on campus and they are all using different DCs for logon and GP. No computer is using the local DC for logon and only one was using the local DC for GP. How can I fix this?
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9925104
How are your sites setup?  Subnets?  If setup properly, clients should authenticate to a DC in their site.  We're actually having issues with this at the moment at work, we're reworking our site configuration to get this working more efficiently.  
0
 

Author Comment

by:masterface
ID: 9926047
I have 16 subnets/Vlans at my site; district wide there must be over a hundred. My site is 10.23.0.0 255.255.255.0. All switches in the IDFs are run with fiber to the core switch in the MDF. The District office is 10.1.0.0. 255.255.255.0, other schools follow the same 10.X.0.0 255.255.255.0. All of my servers, switches and router are on 10.23.1.X. My router has IP helper-address running to forward broadcasts to the DHCP server, and occasionally I have it forward PXE broadcasts to my Altiris server for initial deployment. I just don’t know why clients would cross the WAN to the District Office, and then cross another WAN to another school and use their DC.
0
 

Expert Comment

by:Jared_Brown
ID: 37655301
This may be what you meant above but it was not clear to me so I am going to clarify something.  When BloodRed mentioned sites and subnets he was talking about sites as they are configured in Active Directory using Active Directory Sites and Services.  If that is what you meant you can ignore this part, if however you were not aware of the need to do this it would explain your problem.  In Active Directory Sites and Services you create site, and subnet objects which describe your physical network.  You create a site, add the domain controller you want that site to use for authentication to the site, then you create subnet objects to represent the physical subnets located in that site (or which you want to have use that server for authentication) and add those subnets to the site.  Once this is done the clients with IP addresses within the subnets assigned to a site will use the domain controller(s) in that site.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question