Server 2008 Roaming Profiles not working

Posted on 2009-07-14
Last Modified: 2012-05-24

Would somebody be able to point me in the right direction?  I've recently migrated (still in the process of actually) from a SBS 2003 environment to a 2008 one, with separate DC / Exchange / File Servers.  *one heck of a upgrade*

Unfortunately, with the Serv2k8 setup, I'm having some problems getting Roaming profiles to work as they should.

I've followed:  to a T.  As I did when I was in the 2003 enviornment - when everything was working.

My permissions match that technet article exactly, but whenever an end user tries to log in, they're given an error that their roaming profile cannot be located, so the machines creates a local profile for them - to be deleted on logoff.

As a side note, I have the user's home directory mapped to a share on the exact same server with the same folder permissions, and those work like a champ.  However, I think the reason that those are working, where the profiles fail - is that when I create a user in AD it creates the home folder at the same time, where as profiles aren't created until the user actually logs in.  So, from Domain Admin permissions to make the home folder - to user permissions trying to make the profile folder...

Either or, I'm at a stump right now.  And as I mentioned before, these are the exact same permissions I had on the SBS 2003 box where roaming profiles were in fact working.

Any ideas that can be thrown into the mix would be greatly appreciated.

**On that server the user share is:   \\server\users    While the profile share is \\server\profiles$
Question by:usslindstrom
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 166 total points
ID: 24859563
Are you using only servername in the UNC-path? If so, add DNS-suffix.
Avoid pre-creating the individual user folders as they will be created during the logon/logoff process.

Author Comment

ID: 24864669
Thanks for the idea.

Unfortunately, adding the DNS suffix also gives the same result, and errors out on finding/creating the roaming profile folder.

Right now, I've left the roaming profiles folder empty, (haven't copied anything over to it) - trying to get it so they get created by the machine, and not me.  That way - the user itself would become owner of the object and have full rights over their own profile.

But . . . . . .     I haven't been able to get that far.  :(

Author Comment

ID: 24864722
Ah - on a side note.

Just for testing purposes - I put "Everyone" on both the share level access and NTFS access with full permissions - and the profiles still couldn't be created.

My first inclination would have been point to DNS - but that's not the case at all.  DNS works fine, and I can resolve the fileshare via NETBIOS name and FQDN, both resolve to the same correct address.  (Also, keep in mind that the users home directory is shared from the same machine and those are working like a champ)

To test write level permissions, I hit up the root folder and am able to write to it and create folders.

Also, just for testing purposes, I tried out a solution of having roaming profiles dumped within the user's home share (fileserver\users\%username%\profile).   - But doing that also gives the same error, even if I pre-create the folder and give that particular user ownership of it.

Any more ideas that can be thrown into the mix would be greatly appreciated.

Expert Comment

ID: 24883186
Is the new SBS 2008 server a brand new active directory domain or were you able to join it to your existing 2003 domain?

Is your old 2003 server with the roaming profiles still available?

It sounds to me like the clients may have been joined to a new domain and no longer have access to the old server.  If that is true you may want to move a computer back to the old server as a test, redirect the roaming profile locally on the computer, then join it to the new domain with the redirected profiles and see if that works.

Author Comment

ID: 24884674
Thnx for the comment.

Actually, the original was a SBS 2003 box.  I moved all the FSMO roles over to the new DC (2k8), and demoted the SBS box.

Once I made sure the 2k8 had everything (dns, dhcp, AD PDC, etc) I dropped the sbs box completely.

And so far so good - except these profiles.  :(

Expert Comment

ID: 24884708
Okay, that makes things easier.  Did you try to login with your old server up?  I think my main concern is that in order for profiles to move the original source has to be available.  If you removed your old server before logging into any clients your clients will not be able to find their old profiles and transfer them to the new server.  So try turning your old server on and logging in with clients (if you haven't tried that).  If you have then let me know.
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Author Comment

ID: 24884928
-At this point in the game, I'm not worried about grabbing the previous profiles.  I've got the folder redirection working for the users' "My Documents."

So basically, all users would be starting a new profile when they log in.  Or at least that's what's supposed to be happening here.  :P

Accepted Solution

amdaxiom earned 168 total points
ID: 24888597
So you've already deleted everyone's local profiles in the User Profiles tool and you're still getting this error?  What if a user logs into a computer that they've never logged into before?  The error is "roaming profile cannot be located"  meaning the profile cannot be found on the old server.  Not "Roaming profile cannot be created" which would be a permissions issue (which is where you are thinking the issue is).

If you completely wipe the profile off the local computer I'd be surprised if you were still receiving that error.  If you turn off the old server, then you will of course receive that error because the roaming profile is on the old server still.  A new roaming profile is not created during the login process.  It's created when the user logs out.  But during the login process the old roaming profile is looked for and that is what the error message is indicating.  Delete all local profile information and the user on the next login will not look for their roaming profile and, will create a new local profile, and when they log out their profile will be uploaded to their new roaming profile location.

Author Comment

ID: 24904515
Yeah - unfortunately, the error still comes up after wiping any local profiles.

Just for testing, I also made a test account in AD..  And logged in for the first time on that account.

The exact error is:

"Windows cannot locate your roaming profile (read only) and is attempting to log you on with your local profile.  Possible causes of this error include network problems or insufficient security rights.  If this problem persists, contact your network administrator."

I really do think it's the later part of the problem of not having rights to create the folder on the server itself.  Which, in itself is very strange, because one of my testing phases was to give everyone full control of both the share level and NTFS level of the folder.


I can't thank you enough for helping me through this issue.  Anything else you can help me throw into the fix-it fire, I really appreciate it.

Assisted Solution

Wheelsup earned 166 total points
ID: 24904891
I presume the client PC's are XP? If so the recommended fix for roaming profiles for XP clients is: [...] -US;831651

I had a similar issue way back and this sorted it out, but I've not had it yet with Vista machines. I'm not entirely sure, but the problem appeared to be logins were too quick and needed a logon delay.

If the clients are wireless, try this:


Author Comment

ID: 24948862
Sorry for the late response.  Work's been hectic on and off - hard to stay focused at some points.

The clients all range from XP, SP1-SP3 - to Vista - to even Win7.  All computers have the error when logging in, and the roaming profile is not created.  Also, I've got the group policy forcing the system to wait for the network prior to continue processi\ng.

One singular note of thought, which shouldn't be an issue at all.  Is that I have the file server (hosting the user / profile shares) as a virtualized machine now, under virtual server 2k5.  ~could there be something in the configuration that dis-allows connections for roaming directories in a Virtual Enviornment?          This is really doubtful - since I do have the users "My Documents" etc redirected to the same virtual server, which are working fine.

Thanks for everyone's help so far - any other addons I can throw into the mix are always appreciated...

Author Comment

ID: 24959827
THANK YOU EVERYONE FOR YOUR HELP!  I figured out the dilemma.

It would appear in my haste of running over the migration, that I mistakingly had the group policy set where the file server was located:

Prevent Roaming Profile changes from propagating to the server  -  I had it as enabled.

Change it back to "Not Configured" and viola.  Extremely devistating in my conquest of roaming profiles here.  lol

I really appreciate everyone's time on this issue.  You guys had me thinking about every possible solution - and stripping apart the GPO line by line.  Wouldn't have found it without you guys.  :)

Author Closing Comment

ID: 31603558
Very much appreciated everybody!  :)

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
sccm report 1 39
Undo a Print Server Setup 5 74
Windows IPv6 DHCP server 8 37
Remove LogMeIn from machines at user login 5 59
I have been working as System Administrators since 2003. I recently started working as a FreeLancer and was amazed to find out that very few people are taking full advantage of their Windows Server Machines. Microsoft Windows Server comes with so…
Normally after a failure of Domain Controller, when promoting new DC the DC is renamed, we will discuss the options in Dcpromo to re-create the DC with the same name. Scenario: You are a small IT shop with two Domain Controllers (Domain Contr…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now