• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 10554
  • Last Modified:

%clientname% environment variable not present at login script on windows server 2008 TS

Hi there,

I have a strange problem here on my new Windows server 2008 Standard with terminal services.
I have a script to add printers in association with the clientname (it works correctly on my 2k3 TS for over 2 years now)

But on my new 2k8 server, I can't get the %clientname% variable at logon.

I've made some testing by using a batch file with the command "Set"  in User Login script by GPO and then running the same command in the user Session :

here are the results :

Login script :


C:\Windows>set
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\rana02\AppData\Roaming
CLASSPATH=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
COMPUTERNAME=SAPP4
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=Z:
HOMEPATH=\
HOMESHARE=\\sficetu1\UGestion$\rana02
Image=\\sapp4\Profiles$\Users
ImageInstall=\\sapp4\Profiles$\UserInstall
LOCALAPPDATA=C:\Users\rana02\AppData\Local
LOGONSERVER=\\SDC2
NUMBER_OF_PROCESSORS=8
OS=Windows_NT
Path=\\UQAT.PRIV\SysVol\UQAT.PRIV\Policies\{2DB4072B-1FA1-4442-8365-B79B386F5DF2
}\User\Scripts\Logon;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\
Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSyst
em\;C:\Program Files\SAS\SharedFiles(32)\Formats;C:\Program Files (x86)\Druide\A
ntidote;C:\PROGRA~2\Druide\Antidote
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
ProgramFiles(x86)=C:\Program Files (x86)
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
SEE_MASK_NOZONECHECKS=1
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\rana02\AppData\Local\Temp
TKPATHX8664=C:\Program Files\SAS\SharedFiles\ICU
TMP=C:\Users\rana02\AppData\Local\Temp
USERDNSDOMAIN=UQAT.PRIV
USERDOMAIN=UQAT
USERNAME=rana02
USERPROFILE=C:\Users\rana02
windir=C:\Windows

C:\Windows>pause
Appuyez sur une touche pour continuer...


Batch file manually executed in the user Session :

C:\Windows>set
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\rana02\AppData\Roaming
CLASSPATH=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
CLIENTNAME=RNDEP
CommonProgramFiles=C:\Program Files\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
COMPUTERNAME=SAPP4
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=Z:
HOMEPATH=\
HOMESHARE=\\sficetu1\UGestion$\rana02
Image=\\sapp4\Profiles$\Users
ImageInstall=\\sapp4\Profiles$\UserInstall
LOCALAPPDATA=C:\Users\rana02\AppData\Local
LOGONSERVER=\\SDC2
NUMBER_OF_PROCESSORS=8
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32
\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program F
iles\SAS\SharedFiles(32)\Formats;C:\Program Files (x86)\Druide\Antidote;C:\PROGR
A~2\Druide\Antidote
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
ProgramFiles(x86)=C:\Program Files (x86)
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=RDP-Tcp#0
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\rana02\AppData\Local\Temp\2
TKPATHX8664=C:\Program Files\SAS\SharedFiles\ICU
TMP=C:\Users\rana02\AppData\Local\Temp\2
USERDNSDOMAIN=UQAT.PRIV
USERDOMAIN=UQAT
USERNAME=rana02
USERPROFILE=C:\Users\rana02
windir=C:\Windows

C:\Windows>pause
Appuyez sur une touche pour continuer...

as you can see, the %clientname% returns my computer name (RNDEP) only when it is executed in the user session but not on the User login script by gpo.

If I run manually the vbs script to add printer into my session on the TS, the printers are mapped without problems.


Spec :
Windows Server 2008 Standard SP1
all MS updates
2 hotfix :
http://support.microsoft.com/kb/955555/en-us
http://support.microsoft.com/kb/949528/en-us

imprimante.vbs script to add my printers :
DIM Ordinateur, Imprimante, ImprimanteWin   
Dim fso, MyFile   
Dim Input   
dim arrInput   
dim Debut, fin, AjoutImprimante, Defaut, User, Utilisateur   
Const ForReading = 1   
  
Dim X   
set X = createobject("WSCRIPT.Network")   
dim U   
U=x.UserName   
  
wscript.sleep(2000)   
  
'Création des références d'objets   
Set WshNet = WScript.CreateObject("WScript.Network")   
Set net = WScript.CreateObject("WScript.Network")   
Set WshNetwork = CreateObject("WScript.Network")   
Set WshShell = WScript.CreateObject("WScript.Shell")   
Set WshSysObj = WshShell.Environment("PROCESS")   
  
Set fso = CreateObject("Scripting.FileSystemObject")   
  
 
  
strComputer = "."  
Set objWMIService = GetObject("winmgmts:" _   
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")    
Set colComputer = objWMIService.ExecQuery _   
    ("Select * from Win32_ComputerSystem")   
For Each objComputer in colComputer   
    User= objComputer.UserName   
Next  
  
set net=nothing   
  
  
Imprimante= ""  
ImprimanteWin="aucune"  
  
  
on error resume next   
  
' Identification des imprimantes selon le POSTE de travail    
Set tsInputFile = fso.OpenTextFile("\\UQAT.PRIV\SysVol\UQAT.PRIV\Policies\{2DB4072B-1FA1-4442-8365-B79B386F5DF2}\User\Scripts\Logon\ImprimanteDefinitionNomOrdi.txt", ForReading, False)   
  
  
  
While Not tsInputFile.AtEndOfStream   
  
  strLine = tsInputFile.ReadLine   
  
  if not (strLine ="") and not (left(strLine,1)="'") then    
    arrInput = Split(strLine, ":")   
    Debut = arrInput(0)   
    fin=arrInput(1)   
    AjoutImprimante=arrInput(2)   
    Defaut=arrInput(3)   
    if ((ucase(Ordinateur) >= ucase(Debut) and ucase (ordinateur)<=ucase(fin)) and len(ordinateur)=len(fin)) or ((ucase(Ordinateur) >= ucase(Debut) and ucase (ordinateur)<=ucase(fin)) and len(ordinateur)=len(debut))  then   
     ' A  : ajouter l'imprimante   
     ' D  : définir l'imprimante par défaut   
     ' AD : On ajoute l'imprimante et elle devient l'imprimante par défaut   
       if (ucase(Defaut) = "A") then   
          WshNetwork.AddWindowsPrinterConnection AjoutImprimante   
       end if   
       if (ucase(Defaut) = "D") then   
          WshNetwork.SetDefaultPrinter AjoutImprimante   
       end if   
       if (ucase(Defaut) = "AD") then   
          WshNetwork.AddWindowsPrinterConnection AjoutImprimante   
          WshNetwork.SetDefaultPrinter AjoutImprimante   
       end if   
  
     end if   
  end if   
  
Wend   
  
tsInputFile.Close   
  
WScript.Quit

Open in new window

0
Ge3oR
Asked:
Ge3oR
  • 3
  • 2
1 Solution
 
meugenCommented:
The CLIENTNAME variable is set only when you are on a secondary connection. If it is null, you are connected to the primary RDP connection (ie - what used to be the Console session).

Win2K8 RDP has changed...

If "admin" is logged on to the physical console, and someone uses RDP to connect and logs on with the "admin" account, the first session is closed and the second takes effect. CLIENTNAME is not set.

If no user is connected to the physical console, and you log on using any account, a secondary connection is created and CLIENTNAME is set. If another user makes an RDP connection and logs in with the same account name, it REPLACES THE ORIGINAL CONNECTION!

If more than two users are connected, the third UNIQUE connection attempt will fail as before, but will give the connecting user an opportunity to disconnect one of the active sessions. That session will continue to run. W2K8 supports 2 active admin connections and (unlimited??) disconnected connections.

Thus - if CLIENTNAME is not set, you're connecting to a session that was already active on the physical console. Try logging off of all sessions, or using different credentials to connect, and CLIENTNAME will be set as you expect.
0
 
Ge3oRAuthor Commented:
First of all, I'm testing my Terminal Server with some domain accounts that are not member of the Administrators group with remote desktop. This said, an user that is not member of the admin group or set in the GPO to Allow logon locally, can't log on console or with mstsc /admin on the terminal servers.

If I open a session with mstsc /admin with the local administrator or a domain admin, when I open a command prompt and type "set", I have the environment variable %clientname% set to RNDEP which is the computer from where I'm making a connection to the server.

This variable set properly with any account I'm logging. But it is not set fast enough that I can use it in my login script.

This is not the problem of isconnected sessions retain the original variable
http://support.microsoft.com/kb/281981/en-us

Benoit
0
 
Ge3oRAuthor Commented:
finally, I have contacted Microsoft. And here is the result :
"I am providing you a copy of our scope agreement for your issue: 2k8 system fail to resolve %clientname% in logon script on terminal server with loopback enabled in replace mode."

to resolve this issue, they asked me to change one setting in the GPO :
Run logon scripts synchronously
Setting Path: User Configuration/Administrative Templates/System/Scripts

It's not a KB article and it will not be one they said.
0
Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

 
littlehogarthCommented:
Ge3oR, did changing that setting work for you? I have the same issue and still get %clientname% instead of the clientname. Tried enabling that policy and all that happens is it takes a lot longer for explorer to show, leaving user sitting staring at blank screen. When I run the script after windows is loaded I get the clientname as desired.
0
 
Ge3oRAuthor Commented:
Hi littlehogarth,

yes this worked, but the login was too long for me with this option.

Finaly I have remembered that we can execute script or .exe after logon :
User Configuration/Administrative Templates/System/Logon/Run these programs at user logon
and put there the path to your login script on the Sysvol share
after this, at login script, there was a message if I wanted to execute this script.
(open file - security warning)
to bypass this, you have to add the domain shares in the intranet zone of internet explorer
To do this, go in Internet Explorer, Internet Options, Security tab, select Local Intranet, click on Sites, click on Advanced, then add file://*.contoso.com for exemple. (put your domain and not contoso.com!)

I hope this will help you ! :)
0
 
littlehogarthCommented:
A little lag in when Windows starts and when it runs. May be that I am testing it on a slow virtual server. It works though, which is great. Thanks.
I will probably split the script and have half run as logon and the printer assignment part run as above.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now