Login script error
I have a 2003 Server with AD and a few login scripts.
Some uses map a drive to another server (across the country) that is not in the same domain but connected through a hardware VPN connection.
I created a user on the foreign server with full access to a network share so in my login script, I enter the following.
NET USE L: /DELETE
net use L: \\foreignserver\\common password /user:domain\username
The L drive shows up but when a user clicks on the drive, they are prompted with a username and password box to login. If they use the exact credentials passed along in script, it maps the drive and works.
Secondly, If I open a DOS prompt and type in the commands verbatim from the script, it also works so I know the syntax in the script is correct but just can't figure out why it won't automatically just map the drive without user intervention.
Thanks,
Jim
Some uses map a drive to another server (across the country) that is not in the same domain but connected through a hardware VPN connection.
I created a user on the foreign server with full access to a network share so in my login script, I enter the following.
NET USE L: /DELETE
net use L: \\foreignserver\\common password /user:domain\username
The L drive shows up but when a user clicks on the drive, they are prompted with a username and password box to login. If they use the exact credentials passed along in script, it maps the drive and works.
Secondly, If I open a DOS prompt and type in the commands verbatim from the script, it also works so I know the syntax in the script is correct but just can't figure out why it won't automatically just map the drive without user intervention.
Thanks,
Jim
MSE-dwells
How did you deploy the logon script ... through Group Policy? If so, where did you link the policy?
ASKER
I didn't use Group Policy. I just entered logon script batch filename in users AD profile.
It maps all other network shares fine. Just the ones outside the domain don't work.
It maps all other network shares fine. Just the ones outside the domain don't work.
Hello,
It's a problem of syncronization. If you wait until L: is disconnected and then continues with net use L: \\server\shared ....
it will work.
For solve this you can do:
wait some seconds in a loop and test connection, when dropped, continue. for example
:up
if not exist \\server\shared\test.txt goto ok
wait 3 (you can use any little sleep program)
goto up
:ok
net use l: \\server\shared\.....
HTH
It's a problem of syncronization. If you wait until L: is disconnected and then continues with net use L: \\server\shared ....
it will work.
For solve this you can do:
wait some seconds in a loop and test connection, when dropped, continue. for example
:up
if not exist \\server\shared\test.txt goto ok
wait 3 (you can use any little sleep program)
goto up
:ok
net use l: \\server\shared\.....
HTH
jordibartrina - I'm not following, the 'net use' statement won't return control to the script until such time as it either succeeded or failed ... so what is it we're waiting for?
That could be a problem with the password. Avoid any of these characters in a password that you're using in a batch script:
% ^ " & | < > ( )
% ^ " & | < > ( )
ASKER
The password is very simple, short and basic, and works fine when typed in manually.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It seems like we need to interact with the logon script, I'd suggest that you add "cmd" to the script on the line before the mapping, logon, restore the window and have a look around ... try -
net use
... to see what's already mapped
net use l: \\server\share password /u:domain\user
... to see if it maps for you from within the logon script
etc ...
net use
... to see what's already mapped
net use l: \\server\share password /u:domain\user
... to see if it maps for you from within the logon script
etc ...
jordibartrina - ahhh, you're not saying the script proceeds too quickly -- you're saying that the Desktop is rendered prior to the script's completion due to policy ... mmm, seems possible but I wouldn't have expected the problem to occur so often (though I suppose the bandwidth may be limited causing the slowness). Fair enough -- however, if I am now understanding you correctly, I believe the registry key and value to control that is -
HKEY_CURRENT_USER\Software
value: RunLogonScriptSync (REG_DWORD
0 = Don't wait for the logon script to complete before loading the desktop.
1 = Wait for the logon script to complete before loading the desktop.
---
jciancia - are you able to determine if the script has finished executing? (you should be able to see the minimized command prompt around the Start button)
If it does appear to be a race condition, set the registry value key/value above to 1 and retry ...
HKEY_CURRENT_USER\Software
value: RunLogonScriptSync (REG_DWORD
0 = Don't wait for the logon script to complete before loading the desktop.
1 = Wait for the logon script to complete before loading the desktop.
---
jciancia - are you able to determine if the script has finished executing? (you should be able to see the minimized command prompt around the Start button)
If it does appear to be a race condition, set the registry value key/value above to 1 and retry ...
ASKER
Are you saying that this registry value needs to be on each workstation?
The script does finish executing.
I assume this is a manually created key as I don't see it in the workstation registry?
You are also saying to set this to "1" to make sure the script completes, yes?
The script does finish executing.
I assume this is a manually created key as I don't see it in the workstation registry?
You are also saying to set this to "1" to make sure the script completes, yes?
Correct on both counts re: the registry.
I would still suggest that you first modify the script per my earlier suggestion ...
I would still suggest that you first modify the script per my earlier suggestion ...
Hello again,
MSE-dwells: Yes, in low bandwidth or big bandwidth but very loaded, the logon scripts fails on my sites, and we found this solution.
jciancia: you can force with group policy for all your users/machines (or you can define OUs for this purpose) this key to enable (1), i will try with a policy asigned to a site. If I'm distant of the server, my group policy assigns 0 to me, if I'm in the subnet of the server, group policy can assign 1 to me and speed up my connections.
MSE-dwells: Yes, in low bandwidth or big bandwidth but very loaded, the logon scripts fails on my sites, and we found this solution.
jciancia: you can force with group policy for all your users/machines (or you can define OUs for this purpose) this key to enable (1), i will try with a policy asigned to a site. If I'm distant of the server, my group policy assigns 0 to me, if I'm in the subnet of the server, group policy can assign 1 to me and speed up my connections.
why not just assign share permissions on the common share to an AD group.....then put the users in the group and take username and password out of the login script?
ASKER
Because it is in a seperate domain and AD
Hi, this may be off track, but if you're re-prompted for the Resouce credentials when connecting to a mapped drive, is it possible that you have cached credentials to that Resource?
Click Start --> Control Panel --> Users --> Advanced --> Manage Passwords
and see if some saved credentials are there for that resource. If so, delete them.
Regards,
Rob.
Click Start --> Control Panel --> Users --> Advanced --> Manage Passwords
and see if some saved credentials are there for that resource. If so, delete them.
Regards,
Rob.
ASKER
Actually, ever since I made the change to the registry to make sure the login scripts finished before the desktop opened, it's been working.
I also used the /DELETE option to the front of the script to remove all mapped drives before remapping.
eg.
net use j: /DELETE
net use k: /DELETE
net use j: \\server\share
net use k: \\server\share2
Not sure which really fixed it but since it's working, I don't plan on messing with it now.
This issue is closed.
I also used the /DELETE option to the front of the script to remove all mapped drives before remapping.
eg.
net use j: /DELETE
net use k: /DELETE
net use j: \\server\share
net use k: \\server\share2
Not sure which really fixed it but since it's working, I don't plan on messing with it now.
This issue is closed.
Which registry setting panned out for you?
ASKER
HKEY_CURRENT_USER\Software
value: RunLogonScriptSync (REG_DWORD
0 = Don't wait for the logon script to complete before loading the desktop.
1 = Wait for the logon script to complete before loading the desktop.
Used VALUE 1
value: RunLogonScriptSync (REG_DWORD
0 = Don't wait for the logon script to complete before loading the desktop.
1 = Wait for the logon script to complete before loading the desktop.
Used VALUE 1
C'est la vie ... that's as I thought and not a problem ... but it leaves me confused as to why you awarded points based on the wrong registry key?