Solved

Server 2008 Roaming Profiles not working

Posted on 2009-07-14
13
9,284 Views
Last Modified: 2012-05-24
Experts,

Would somebody be able to point me in the right direction?  I've recently migrated (still in the process of actually) from a SBS 2003 environment to a 2008 one, with separate DC / Exchange / File Servers.  *one heck of a upgrade*

Unfortunately, with the Serv2k8 setup, I'm having some problems getting Roaming profiles to work as they should.

I've followed:  http://technet.microsoft.com/en-us/library/cc757013(WS.10).aspx  to a T.  As I did when I was in the 2003 enviornment - when everything was working.

My permissions match that technet article exactly, but whenever an end user tries to log in, they're given an error that their roaming profile cannot be located, so the machines creates a local profile for them - to be deleted on logoff.

As a side note, I have the user's home directory mapped to a share on the exact same server with the same folder permissions, and those work like a champ.  However, I think the reason that those are working, where the profiles fail - is that when I create a user in AD it creates the home folder at the same time, where as profiles aren't created until the user actually logs in.  So, from Domain Admin permissions to make the home folder - to user permissions trying to make the profile folder...

Either or, I'm at a stump right now.  And as I mentioned before, these are the exact same permissions I had on the SBS 2003 box where roaming profiles were in fact working.

Any ideas that can be thrown into the mix would be greatly appreciated.

**On that server the user share is:   \\server\users    While the profile share is \\server\profiles$
0
Comment
Question by:usslindstrom
13 Comments
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 166 total points
ID: 24859563
Are you using only servername in the UNC-path? If so, add DNS-suffix.
Avoid pre-creating the individual user folders as they will be created during the logon/logoff process.
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 24864669
Thanks for the idea.

Unfortunately, adding the DNS suffix also gives the same result, and errors out on finding/creating the roaming profile folder.

Right now, I've left the roaming profiles folder empty, (haven't copied anything over to it) - trying to get it so they get created by the machine, and not me.  That way - the user itself would become owner of the object and have full rights over their own profile.

But . . . . . .     I haven't been able to get that far.  :(
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 24864722
Ah - on a side note.

Just for testing purposes - I put "Everyone" on both the share level access and NTFS access with full permissions - and the profiles still couldn't be created.

My first inclination would have been point to DNS - but that's not the case at all.  DNS works fine, and I can resolve the fileshare via NETBIOS name and FQDN, both resolve to the same correct address.  (Also, keep in mind that the users home directory is shared from the same machine and those are working like a champ)

To test write level permissions, I hit up the root folder and am able to write to it and create folders.

Also, just for testing purposes, I tried out a solution of having roaming profiles dumped within the user's home share (fileserver\users\%username%\profile).   - But doing that also gives the same error, even if I pre-create the folder and give that particular user ownership of it.




Any more ideas that can be thrown into the mix would be greatly appreciated.
0
 
LVL 1

Expert Comment

by:amdaxiom
ID: 24883186
Is the new SBS 2008 server a brand new active directory domain or were you able to join it to your existing 2003 domain?

Is your old 2003 server with the roaming profiles still available?

It sounds to me like the clients may have been joined to a new domain and no longer have access to the old server.  If that is true you may want to move a computer back to the old server as a test, redirect the roaming profile locally on the computer, then join it to the new domain with the redirected profiles and see if that works.
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 24884674
Thnx for the comment.

Actually, the original was a SBS 2003 box.  I moved all the FSMO roles over to the new DC (2k8), and demoted the SBS box.

Once I made sure the 2k8 had everything (dns, dhcp, AD PDC, etc) I dropped the sbs box completely.

And so far so good - except these profiles.  :(
0
 
LVL 1

Expert Comment

by:amdaxiom
ID: 24884708
Okay, that makes things easier.  Did you try to login with your old server up?  I think my main concern is that in order for profiles to move the original source has to be available.  If you removed your old server before logging into any clients your clients will not be able to find their old profiles and transfer them to the new server.  So try turning your old server on and logging in with clients (if you haven't tried that).  If you have then let me know.
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 
LVL 5

Author Comment

by:usslindstrom
ID: 24884928
-At this point in the game, I'm not worried about grabbing the previous profiles.  I've got the folder redirection working for the users' "My Documents."

So basically, all users would be starting a new profile when they log in.  Or at least that's what's supposed to be happening here.  :P
0
 
LVL 1

Accepted Solution

by:
amdaxiom earned 168 total points
ID: 24888597
So you've already deleted everyone's local profiles in the User Profiles tool and you're still getting this error?  What if a user logs into a computer that they've never logged into before?  The error is "roaming profile cannot be located"  meaning the profile cannot be found on the old server.  Not "Roaming profile cannot be created" which would be a permissions issue (which is where you are thinking the issue is).

If you completely wipe the profile off the local computer I'd be surprised if you were still receiving that error.  If you turn off the old server, then you will of course receive that error because the roaming profile is on the old server still.  A new roaming profile is not created during the login process.  It's created when the user logs out.  But during the login process the old roaming profile is looked for and that is what the error message is indicating.  Delete all local profile information and the user on the next login will not look for their roaming profile and, will create a new local profile, and when they log out their profile will be uploaded to their new roaming profile location.
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 24904515
Yeah - unfortunately, the error still comes up after wiping any local profiles.

Just for testing, I also made a test account in AD..  And logged in for the first time on that account.

The exact error is:

"Windows cannot locate your roaming profile (read only) and is attempting to log you on with your local profile.  Possible causes of this error include network problems or insufficient security rights.  If this problem persists, contact your network administrator."

I really do think it's the later part of the problem of not having rights to create the folder on the server itself.  Which, in itself is very strange, because one of my testing phases was to give everyone full control of both the share level and NTFS level of the folder.

--------------------

I can't thank you enough for helping me through this issue.  Anything else you can help me throw into the fix-it fire, I really appreciate it.
0
 

Assisted Solution

by:Wheelsup
Wheelsup earned 166 total points
ID: 24904891
I presume the client PC's are XP? If so the recommended fix for roaming profiles for XP clients is:  http://support.microsoft.com/defau [...] -US;831651

I had a similar issue way back and this sorted it out, but I've not had it yet with Vista machines. I'm not entirely sure, but the problem appeared to be logins were too quick and needed a logon delay.

If the clients are wireless, try this: http://support.microsoft.com/kb/873485/en-us

0
 
LVL 5

Author Comment

by:usslindstrom
ID: 24948862
Sorry for the late response.  Work's been hectic on and off - hard to stay focused at some points.

The clients all range from XP, SP1-SP3 - to Vista - to even Win7.  All computers have the error when logging in, and the roaming profile is not created.  Also, I've got the group policy forcing the system to wait for the network prior to continue processi\ng.

One singular note of thought, which shouldn't be an issue at all.  Is that I have the file server (hosting the user / profile shares) as a virtualized machine now, under virtual server 2k5.  ~could there be something in the configuration that dis-allows connections for roaming directories in a Virtual Enviornment?          This is really doubtful - since I do have the users "My Documents" etc redirected to the same virtual server, which are working fine.

Thanks for everyone's help so far - any other addons I can throw into the mix are always appreciated...
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 24959827
THANK YOU EVERYONE FOR YOUR HELP!  I figured out the dilemma.

It would appear in my haste of running over the migration, that I mistakingly had the group policy set where the file server was located:

Prevent Roaming Profile changes from propagating to the server  -  I had it as enabled.

Change it back to "Not Configured" and viola.  Extremely devistating in my conquest of roaming profiles here.  lol



I really appreciate everyone's time on this issue.  You guys had me thinking about every possible solution - and stripping apart the GPO line by line.  Wouldn't have found it without you guys.  :)
0
 
LVL 5

Author Closing Comment

by:usslindstrom
ID: 31603558
Very much appreciated everybody!  :)
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now