Solved

can't execute login script

Posted on 2004-04-30
7
245 Views
Last Modified: 2010-03-18
Hello,
 
I have a specific problem that I can't fix and would like to get some hints or advices.
 
 
We have a domain with 4 domain controllers. ( windows 200 servers )
about 40 stations ( windows 2000 pro and Windows XP pro )
 
 
For some obscur reason the login script that's supposed to be executed when a user logons won't start anymore most of the time.
 
Unfortunately I couldn't find any pattern:
On some stations the script starts for a user but won't start on another station for the same user. ( and it doesn't matter if it's a windows XP or 2000 pro box )
Also for a station, some user will be able to start the login script but some other won't on the same station.
 
 
It took me a little while to notice the issue and I suspect that it may be related to one of those things.
- I demoted one of the DC ( a 5th one ) a month ago
- I migrated from SBS 2000 to Windows 2000 domain 4 months ago
- We are using group policy to limit the users on some station settings
 
 
I checked the shares on each DCs and they all have \\<servername>\SYSVOL\domain.com\scripts with the right batch files in it .
For whatever reason on some station, when the login script file starts it doesn't always run from the same server ( one station could execute the script from SERVER1 and another station from SERVER2 )
I also managed one time to make a login script starts for a specific user on a specific station by changing the filename in the "user's active directory properties" -> "login script section" from a batch file name to another one, however it just worked for one user and hasn't work again for any other one.
I also enabled the login script option in the GPO to see if things would work but it didn't change anything.
 
 
Any ideas or at least hints ?
 
 
Thanks
0
Comment
Question by:ekriner
  • 3
  • 3
7 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 10960712
Hi,

I'd say DNS. We also had this problem on a 2003 network with Windows 2000 clients, where some clients got some mappings, some got no mappings and some got all mappings.

Our problem was that the DNS server weren't in sync. Try doing a ipconfig /flushdns on all servers to flush all dns entries. Force a DNS sync (if they are AD integrated, then an AD sync).

Could you please look at the DNS logging on all of your server to see if something's wrong there?? Maybe some sort of Event in the event viewer??

My first go is DNS, but we need to see why it doesn't work.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 10960718
One thing,

Did you demote the 5th server or did you just shut it down.. Maybe the domain still thinks it has 5 DC's...
0
 

Author Comment

by:ekriner
ID: 10961857
Hello,
 
Thanks for your help,
 
I flushed the DNS on servers and stations, forced and AD replication on all servers. Compared the DNS, they are identical. The DNS logs don't have any errors at all.
Unfortunately the stations are still not login right .
 
Do you have any other suggestions ?
 
 
Thanks
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 

Author Comment

by:ekriner
ID: 10963039
Hello,

One more thing, I demoted it using DCPROMO.

Ed
0
 
LVL 23

Expert Comment

by:rhandels
ID: 10967132
Do you see anything strange on the pc where you try to log in?? Does the login script for some people works half or does it sometimes work good all teh way and bad all the way..

Normally, if you set this option through GPO, then it should be working. Maybe there is something with the GPO's. I would go for 1 option if i where you. I'll try to fix the GPO option with you...

Where did you put the login script option in GPO. In the users Policies or pc's policies?? Do you have more policies, or just one (for this "test" it would try just 1 policy if i where you). Do you have OU's where you enabled the option "block policy inheritence".??

Demoting is the right thing to do, then the domain knows that one server "leaves" the domain...
0
 
LVL 1

Accepted Solution

by:
gootmundi earned 500 total points
ID: 10970480
Hi,

This does sound like a problem with your GPO's somewhere along the line. The way I generally troubleshoot this kind of problem is by:

1- Creating a new OU
2- Add a computer and a user into this OU (in your situation this should be a combination that is NOT currently working)
3- Ensure that you create explicit 'deny' entries on the security of both the computer and user on all the GPO's that would effect that OU, and make sure that you 'Block Inheritance' for GPOs in the new OU.
4- If everything works fine after doing this, apply the group policies 1 by 1 until the logon scripts stop working.

Hope it helps.
0
 

Author Comment

by:ekriner
ID: 10983037
Hello gootmundi,
 
Thanks for that advice.

I did what you suggested me to do ( move a user and station to another OU ) and things worked out. I am still in the process of enabling policy by policy and test things out. Give me another day for me to figure out what policy could be the issue and I'll let you know what I came up with .
 
Thanks again !
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Microsoft AD for Secure LDAP 3 52
Group Policy Issue Filtering Streaming Video 7 67
restore DAG configuration 1 35
How often can a passive RFID be polled? 10 92
FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now