Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 8303
  • Last Modified:

Windows 2008 Terminal Server Mandatory profile error

I have implemented the mandatory profiles in W2K8 TS using , the following group policies .
Computer config > Admin template > Windows Components > terminal Services > terminal Server > profiles
" Set Path for TS roaming User profile  & Use mandatory profile on the terminal Server "
If I login using an Administrator account everyting works fine . ( Profile loads from the defined path & get removed when logoff)
But if I login using a normal user account , it through the following error ,
"group policy client service failed to login access is denied" and logoff from the system

The following events are logged in App event ,
Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          26/04/2009 3:39:46 PM
Event ID:      6004
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      Abraham.rhac.nsw.edu.au
Description:
The winlogon notification subscriber <GPClient> failed a critical notification event.
Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          26/04/2009 3:39:50 PM
Event ID:      6001
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      Abraham.rhac.nsw.edu.au
Description:
The winlogon notification subscriber <Sens> failed a notification event.

Need help !!
0
thecavalry
Asked:
thecavalry
1 Solution
 
JamesBond-007Commented:
I have had a similar problem and I believe I have a solution.  Windows 2008 is cranky if you don't create the mandatory profile based on a local profile using the System Properties>User Profiles>Copy procedure.

I will spare you the details of what I did wrong (using Explorer to copy a local profile, rename NTUSER.DAT to NTUSER.MAN, set folder permissions, etc.).  Using this approach, I would consistently get the Group policy client service failed to login. Access denied for every user login attempt except the one whose profile I used as the basis for creating the mandatory profile.

Follow these steps to create a mandatory profile on Windows 2008 Terminal Server:

1.  Create a test account (e.g. TestUser) that has permissions to login to the TS.  Do not set a path for a TS profile (e.g. \\TermSrvr01\TSProfiles\Mandatory\Inspection)
2.   Log in to the TS as TestUser.  This will create a local profile under C:\Users\TestUser
3.   Modify the desktop icons, background, etc. like you want for the mandatory profile.  Log out.
4.   Log in to the TS as Administrator
5.   Open System Properties (Windows + Break keys);
6.   Click on the Advanced System Settings link. Click on the Advanced tab.
7.   Under User Profiles, click the Settings button.
8.   From the profile list, highlight the local profile for TestUser.  Click the CopyTo button.
9.   Under Copy Profile to, type the path to a non-existent folder that will contain the mandatory profile.  You must append .V2 to the folder name.  In my example:  \\TermSrvr01\TSProfiles\Mandatory\Inspection.V2
10. Under Permitted to use, click the Change button.
11. Click "Objects Types" button and check the Group checkbox.
12. Under Enter the object name, enter a security group that TestUser is a member. Click OK.
13. Click OK to start the copy (the folder with .V2 extension will be created).
14. Browse to the mandatory profile folder; rename NTUSER.DAT to NTUSER.MAN.
15. Done.
16. Important note!  When assigning the TS profile path to user accounts DO NOT include the .V2 extension on the folder path.  In my example: \\TermSrvr01\TSProfiles\Mandatory\Inspection



0
 
bfliamCommented:
You ripper!  This worked.  I've been struggling this issue for months.  2008 does get cranky very easy!
Thanks
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now