Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Login.bat script will not run on Terminal Servers

Posted on 2006-11-03
11
446 Views
Last Modified: 2010-07-27
Hey everyone. We have an interesting situation that I am not figuring out here. We run 9 Windows 2003 servers on the domain. Servers 6, 7 and 8 are Terminal Servers (Runing Citrix). The Active Directory sets 2 things - mapping the Home Directory (H:) through the user profile and running the Login.bat script which creates a J: drive.

Up until the other day there have been no problems. Both drives map. Now, if I log into the server, the J: drive doesn't map. The H: drive maps fine.

There was some white papers where it talked about certain registry entries and services that needed to be installed and running. The servers look like they're correct. Yet if I log into 6, 7 or 8, it still does not map the J: drive.

The entry in the Login.bat file is:

Net use j: \\Domain location\files

We have altered the bat file to disconnect the drive and reconnect and even run with persistance, but the result does not change. J: will still not map.Since the tech info suggested a service not running, we decided to reboot the three machines. No change.

Any other thoughts on this? If I log onto any other machine (server or workstation) the drive maps. If I type in the unc, it will go to the location. If I manually map the drive, it will be there.
0
Comment
Question by:j_powers
  • 6
  • 5
11 Comments
 
LVL 5

Author Comment

by:j_powers
ID: 17867789
more information on this - We do have GPO set so the Citrix servers don't inherit the policies from the other machines. However, there is a policy to run %logonserver%\folder\login.bat.
0
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17868601
Try this:

Create a new login script called logtest.bat and place it in the %logonserver%\folder\ location

Add the following syntax to logtest.bat:

%logonserver%\folder\login.bat >> %logonserver%\folder\%username%Login.txt 2>&1

Next assign this script to a test terminal server user (generally one of the IT guys)

This will redirect all output from the original login script into a text file (including errors!) for evaluation.  Please post the results here.
0
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17868634
Also wondering what happens if you add:

Net use j: \\Domain location\files

to the first line of the usrlogon.cmd located in the c:\windows\system32 directory.  This script kicks off every time someone logs into the terminal server.  Let me know if this manages to map the drive.

Hope this helps
Crow
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 5

Author Comment

by:j_powers
ID: 17869367
The logtest.bat script does not come back with any errors.

I put the reference in the usrlogon.cmd file, and yes, it does kick off and map the J: drive, as well as any other drive in the script.

This is a perfect workaround, but not a long term issue. GPO should be controlling the file.
0
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17869398
Can you do the following at the command line:
gpresult > c:\gpresult.txt

Please post the results here
0
 
LVL 5

Author Comment

by:j_powers
ID: 17870110
I am guessing you are looking for this part of the txt file:

    Applied Group Policy Objects
    -----------------------------
        CTX Prod Policy
        Local Group Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

        CTX Prod Policy
            Filtering:  Denied (Security)

0
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17870544
Which policy delivers the login script (It appears they are both being filtered)
0
 
LVL 5

Author Comment

by:j_powers
ID: 17872596
The CTX Prod Policy is in the folder in question. It works like this:

Domain
(Local Group Policy)
 Citrix
 (Blocking Domain Policies)
     DEV
     (No Policies)
     PROD
     (CTX Prod Policy)

The way it's set up is the way it's suggested to set up in several docs.

0
 
LVL 9

Accepted Solution

by:
SamuraiCrow earned 300 total points
ID: 17875293
According to the GPResult snippet you gave me the CTX Prod policy is being filtered because of security.  What groups have the 'apply group policy' permission on this GPO?
0
 
LVL 5

Author Comment

by:j_powers
ID: 17914424
OK. Sorry on the wait. Other issues had to come first. NEWay - here is the security of the profile CTX Prod Policy:

Authenticated Users - Read(From Security Filtering)
Domain Admins - Edit Settings, delete, modify security
Enterprise Admins - Edit Settings, delete, modify security
Enterprise Domain Controllers - Read
System - Edit Settings, delete, modify security

Authenticated Users are the only ones that have the 'apply group policy' permission in this GPO

Here is the hierarchy:
Forest
-Domains
--Local Domain (Default Policies in place)
---Computers
----Servers (Server Policy)
-----Citrix (Block Inheritance)
------Prod (CTX Prod Policy)

0
 
LVL 5

Author Comment

by:j_powers
ID: 17915944
I redid the permissions following a tech sheet I found. Once I did that, GPO started working without problem - well, at least not THAT problem. I cleaned up the errant policies for the container and it is now functioning correctly.

Thanks.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Learn about cloud computing and its benefits for small business owners.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question